search

keithjjones / hostintel

A modular Python application to collect intelligence for malicious hosts.
Other
262 stars 52 forks source link

distingushing VT types #6

Closed marcurdy closed 7 years ago

marcurdy commented 7 years ago

Can you add support for ssdeep and imphashes? VT specifically i've tried.

keithjjones commented 7 years ago

Thanks for bringing this up.

Is this for hosts? Or for files? I don't recall hosts having any type of hash. hostintel should fail on any type of hash. I think you might want to file this under the fileintel tool I wrote? Fileintel only supports MD5 and SHA hashes at the moment. I don't know the answer if I can add support or not to fileintel. Can you provide some samples or something for me to work towards? If so, you can file an issue on fileintel with what the functionality should look like. I will also happily look at pull requests. Since this is not functionality I personally need soon and I'm kind of swamped, this is something that might not get done quickly.

keithjjones commented 7 years ago

https://github.com/keithjjones/fileintel/ is the other tool.

marcurdy commented 7 years ago

Yes, fileintel. Outside of just mda5 and sha, I don't see much love out there in general, but it's a vast world.

I work with a friend of yours I believe. Josh Dalman.

Cheers.

On Thu, Oct 20, 2016 at 1:13 PM, keithjjones notifications@github.com wrote:

Thanks for bringing this up.

Is this for hosts? Or for files? I don't recall hosts having any type of hash. hostintel should fail on any type of hash. I think you might want to file this under the fileintel tool I wrote? Fileintel only supports MD5 and SHA hashes at the moment. I don't know the answer if I can add support or not to fileintel. Can you provide some samples or something for me to work towards? If so, you can file an issue on fileintel with what the functionality should look like. I will also happily look at pull requests. Since this is not functionality I personally need soon and I'm kind of swamped, this is something that might not get done quickly.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/keithjjones/hostintel/issues/6#issuecomment-255184573, or mute the thread https://github.com/notifications/unsubscribe-auth/AFfdRPvh6qrPz5niL0L_hXgQuMLwr-FUks5q1687gaJpZM4KcYFE .

keithjjones commented 7 years ago

Ok, if you want a feature added to fileintel, please put it on that project's issues. I'm going to close this issue since it doesn't apply to hostintel. Check out my suggestion above about how to help get this into fileintel if you would like to see that functionality.

Yes, Josh and I go way back!