search

cybagard / nsrllookup

nsrllookup is a Web API built with Python and Flask. It exposes a route to lookup a single MD5 hash and returns "known" or "unkown".
MIT License
2 stars 1 forks source link
automation blueteam nist nsrl nsrllookup rds threat-hunting threat-intelligence

readme

nsrllookup

nsrllookup is a Web API built with Python and Flask. It exposes a route to lookup a single MD5 hash and returns "known" or "unkown".

Service main
Quality Codacy Badge
API Docker Pulls
Docker Cloud Build Status
SVR Docker Pulls
Docker Cloud Build Status

This docker service is based on nsrlsvr & nsrllookup-python by rjhansen.

How to use

Build your own version

You can use docker-compose.build.yml to build, test and run your own nsrllookup service.

  1. Build API and run tests

    docker-compose -f docker-compose.build.yml up --build api-test && 
docker-compose -f docker-compose.build.yml rm -fsv

  2. Prepare the environment. (do this before running any other services)

    docker-compose -f docker-compose.build.yml up svr-prepare && 
docker-compose -f docker-compose.build.yml rm -fsv

    Follow the container log.

  3. Run it!

    docker-compose -f docker-compose.build.yml up -d api

Use the official docker images (no need to build them)

  1. Prepare the environment. (do this before running any other services)

    docker-compose -f docker-compose.prod.yml up svr-prepare && 
docker-compose -f docker-compose.prod.yml rm -fsv

    Follow the container log.

  2. Run it!

    docker-compose -f docker-compose.prod.yml up -d api

  3. Wait for the services to become available.

    The nsrllookup-svr service takes some time to load the NSRL RDS hash set. The API service uses docker-compose-wait to wait for nsrllookup-svr to be fully up and running. It exposes port 5000 once finished.

API Route

Send your MD5 hash to http://<hostname>:5000/check/<hash_value>