Skip to content

alex27riva/soc-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
config
config
 
 
internal
internal
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dev-build.sh
dev-build.sh
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

soc-cli

soc-cli is a command-line tool designed for Security Operations Center (SOC) analysts to aid in IP analysis, IOC extraction, URL scanning, and more. Built with Go, this tool provides a variety of commands to simplify threat intelligence workflows.

Features

  • IP Analysis: Lookup IP addresses for threat intelligence, geo-location, AS info, and IP type.
  • IOC Extraction: Extract indicators of compromise such as URLs, IP addresses, email addresses, and file hashes from text files.
  • URL Analysis: Submit URLs for scanning and obtain threat intelligence.
  • Hash Calculation: Calculate SHA256 hashes of files for integrity checks.
  • Email Analysis: Analyze .eml files for attachments, links, and email authentication (SPF, DKIM, DMARC).
  • Defang/Fang: Defang or re-fang URLs and email addresses to safely share them in reports.

Installation

  1. Clone the repository:

    git clone https://github.com/yourusername/soc-cli.git
cd soc-cli

  2. Build the project:

    go build -o soc-cli

  3. Run the tool:

    ./soc-cli

Configuration

The tool reads API keys and other configuration settings from a config file located in ~/.config/soc-cli/config.yaml. On Windows the path is %USERPROFILE%/.config/soc-cli/config.yaml

Example structure:

api_keys:
  urlscan:
    api_key: your-urlscan-api-key

  ipinfo:
    api_key: your-ipinfo-api-key

Usage

The basic usage syntax is:

soc-cli [command] [options]

Commands

ip

Analyze an IP address for threat intelligence, geolocation, AS information, and IP type.

soc-cli ip <IPv4_address>

extract-ioc

Extract IOCs from a text file.

soc-cli extract-ioc <file_path>

urlscan

Submit a URL for scanning and analysis.

soc-cli urlscan <URL>

defang and fang

Defang or re-fang URLs and email addresses for safe sharing.

soc-cli defang <URL_or_email>
soc-cli fang <URL_or_email>

hash

Calculate the hash of a file.

soc-cli hash <file_path>

version

Show the current version of soc-cli tool.

soc-cli version

Examples

# Analyze an IP address
soc-cli ip 8.8.8.8

# Extract IOCs from a log file
soc-cli extract-ioc logs.txt

# Submit a URL for threat intelligence
soc-cli urlscan https://example.com

# Calculate the SHA256 hash of a file
soc-cli hash /path/to/file.txt

# Defang an email address for safe sharing
soc-cli defang user@example.com

# Show the current version
soc-cli version

Contributing

We welcome contributions! To get started:

  1. Fork the repository
  2. Create a new branch (git checkout -b feature/YourFeature)
  3. Make your changes
  4. Commit your changes (git commit -am 'Add YourFeature')
  5. Push to the branch (git push origin feature/YourFeature)
  6. Create a new Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

A cli tool for SOC analysts written in Golang

Topics

go cli security

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages