hashlookup

command
v0.0.0-...-c496913 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2024 License: AGPL-3.0 Imports: 14 Imported by: 0

README

Hashlookup plugin

Plugin to query hashlookup services. For instance hashlookup.circl.lu

Sample command to use plugin:

curl 'https://localhost:443/api?uuid=auth-key&sql=FROM+hashlookup+WHERE+sha1=%27deac5aeda66017c25a9e21f36f5ee618d2ad9d3d%27'

Compile with:

go build -buildmode=plugin -ldflags="-w" -o hashlookup.so ./*.go

Or use the Makefile command: make plugins-local

Limitations

Does not support complex SQL queries and datetime range selection.

Access details

Source YAML definition's access fields:

  • url: hashlookup API endpoint, for example - https://hashlookup.circl.lu
  • apiKey: optional hashlookup API key

Definition file example

Replace API key with your own:

name: hashlookup
label: Hashlookup
icon: database

plugin: hashlookup
inGlobal: true
includeDatetime: false
supportsSQL: false

access:
    url: https://hashlookup.circl.lu
    apiKey: .

queryFields:
    - md5
    - sha1
    - sha256


relations:
  -
    from:
        id: SHA-1
        group: sha1
        search: sha1
        attributes: ["FileName", "FileSize", "source-url", "MD5", "SHA-512", "SHA-256", "SSDEEP", "TLSH", "insert-timestamp", "mimetype", "source", "hashlookup-parent-total", "snap-authority", "hashlookup:trust"]

    to:
        id: parent
        group: sha1
        search: sha1
        attributes: ["FileName", "FileSize", "source-url", "MD5", "SHA-512", "SHA-256", "SSDEEP", "TLSH", "insert-timestamp", "mimetype", "source", "hashlookup-parent-total", "snap-authority", "hashlookup:trust"]

    edge:
        label: ChildOf

  -
    from:
        id: SHA-1
        group: sha1
        search: sha1
        attributes: ["FileName", "FileSize", "source-url", "MD5", "SHA-512", "SHA-256", "SSDEEP", "TLSH", "insert-timestamp", "mimetype", "source", "hashlookup-parent-total", "snap-authority", "hashlookup:trust"]

    to:
        id: children
        group: sha1
        search: sha1
        attributes: ["FileName", "FileSize", "source-url", "MD5", "SHA-512", "SHA-256", "SSDEEP", "TLSH", "insert-timestamp", "mimetype", "source", "hashlookup-parent-total", "snap-authority", "hashlookup:trust"]

    edge:
        label: ParentOf

  -
    from:
        id: SHA-1
        group: sha1
        search: sha1
        attributes: ["FileName", "FileSize", "source-url", "SHA-512", "SHA-256", "SSDEEP", "TLSH", "insert-timestamp", "mimetype", "source", "hashlookup-parent-total", "snap-authority", "hashlookup:trust"]

    to:
        id: MD5
        group: md5
        search: md5
        attributes: ["FileName", "FileSize", "source-url", "SHA-512", "SHA-256", "SSDEEP", "TLSH", "insert-timestamp", "mimetype", "source", "hashlookup-parent-total", "snap-authority", "hashlookup:trust"]

  -
    from:
        id: SHA-1
        group: sha1
        search: sha1
        attributes: ["FileName", "FileSize", "source-url", "MD5", "SHA-512", "SSDEEP", "TLSH", "insert-timestamp", "mimetype", "source", "hashlookup-parent-total", "snap-authority", "hashlookup:trust"]

    to:
        id: SHA-256
        group: sha256
        search: sha256
        attributes: ["FileName", "FileSize", "source-url", "MD5", "SHA-512", "SSDEEP", "TLSH", "insert-timestamp", "mimetype", "source", "hashlookup-parent-total", "snap-authority", "hashlookup:trust"]

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.