mirror of https://github.com/adulau/dcu-tools.git synced 2024-05-20 07:12:10 +00:00

dcu-tools are tools used for fetching and analyzing (private) Microsoft Digital Crimes Unit feeds

Go to file

Alexandre Dulaunoy ef1fc32d4b add: [new] dcu-fetch-ng.py is a Python script to fetch blobs published by DCU Python 3 and updates to work with the latest Azure Python SDK		2018-12-12 17:25:07 +01:00
bin	add: [new] dcu-fetch-ng.py is a Python script to fetch blobs published by DCU	2018-12-12 17:25:07 +01:00
README.md	--date option added	2013-02-07 17:15:21 +01:00

README.md

dcu-tools

dcu-tools are tools used for fetching and analyzing (private) Microsoft Digital Crimes Unit feeds

Usage

    Usage: dcu-fetch.py [options] dcu feed blob fetcher

    Options:
      -h, --help            show this help message and exit
      -d, --debug           output debug message on stderr
      -a ACCOUNT_NAME, --account_name=ACCOUNT_NAME
                            Microsoft Azure account name
      -k ACCOUNT_KEY, --account_key=ACCOUNT_KEY
                            Microsoft Azure key to access DCU container
      -c, --clear           Delete blobs and containers after fetching
      -e, --header          Remove field header in the output (default is
                            displayed)
      -f OUTPUT_FORMAT, --format=OUTPUT_FORMAT
                            output txt, json (default is txt)
      -t DATE, --date=DATE  date in format YYYY-MM-DD to limit the query (default
                            is all)

Dumping sink-hole addresses

python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r .TargetIp

Dumping some specific values and cleaning the container/blobs

python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r '.SourceIpAsnNr+" "+.SourceIp +" "+ .Botnet'

Dumping the JSON object for a specific ASN

python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r 'if .SourceIpAsnNr == "AS12345" then . else "" end'