Malice NSRL Plugin - This takes the 5.5 GB NSRL minimal set and converts it into a 77.4 MB bloom filter with an Estimate False Positive Rate of 0.001
This repository contains a Dockerfile of the NSRL lookup malice plugin malice/nsrl.
- Install Docker.
- Download trusted build from public DockerHub:
docker pull malice/nsrl
docker run --rm malice/nsrl:md5 lookup MD5
docker run --rm malice/nsrl:sha1 lookup SHA1
Usage: nsrl [OPTIONS] COMMAND [arg...]
Malice nsrl Plugin
Version: v0.1.0, BuildTime: 20161119
Author:
blacktop - <https://github.com/blacktop>
Options:
--verbose, -V verbose output
--post, -p POST results to Malice webhook [$MALICE_ENDPOINT]
--proxy, -x proxy settings for Malice webhook endpoint [$MALICE_PROXY]
--table, -t output as Markdown table
--timeout value malice plugin timeout (in seconds) (default: 10) [$MALICE_TIMEOUT]
--elasitcsearch value elasitcsearch address for Malice to store results [$MALICE_ELASTICSEARCH]
--help, -h show help
--version, -v print the version
Commands:
web Create a NSRL lookup web service
build Build bloomfilter from NSRL database
lookup Query NSRL for hash
help Shows a list of commands or help for one command
Run 'nsrl COMMAND --help' for more information on a command.{
"nsrl": {
"found": true,
"hash": "5A272B7441328E09704B6D7EABDBD51B8858FDE4"
}
}- Found ✅
- To write results to ElasticSearch
- To create a nsrl lookup micro-service
- To post results to a webhook
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue
See CHANGELOG.md
See all contributors on GitHub.
Please update the CHANGELOG.md and submit a Pull Request on GitHub.
MIT Copyright (c) 2016-2018 blacktop