2013-02-04 17:11:36 +00:00
|
|
|
dcu-tools
|
|
|
|
|
=========
|
|
|
|
|
|
2013-02-07 11:01:09 +00:00
|
|
|
dcu-tools are tools used for fetching and analyzing (private) Microsoft Digital Crimes Unit feeds
|
|
|
|
|
|
|
|
|
|
Usage
|
|
|
|
|
=====
|
|
|
|
|
|
|
|
|
|
Usage: dcu-fetch.py [options] dcu feed blob fetcher
|
|
|
|
|
|
|
|
|
|
Options:
|
|
|
|
|
-h, --help show this help message and exit
|
|
|
|
|
-d, --debug output debug message on stderr
|
|
|
|
|
-a ACCOUNT_NAME, --account_name=ACCOUNT_NAME
|
|
|
|
|
Microsoft Azure account name
|
|
|
|
|
-k ACCOUNT_KEY, --account_key=ACCOUNT_KEY
|
|
|
|
|
Microsoft Azure key to access DCU container
|
|
|
|
|
-c, --clear Delete blobs and containers after fetching
|
|
|
|
|
-e, --header Remove field header in the output (default is
|
|
|
|
|
displayed)
|
|
|
|
|
-f OUTPUT_FORMAT, --format=OUTPUT_FORMAT
|
|
|
|
|
output txt, json (default is txt)
|
2013-02-07 16:15:21 +00:00
|
|
|
-t DATE, --date=DATE date in format YYYY-MM-DD to limit the query (default
|
|
|
|
|
is all)
|
|
|
|
|
|
2013-02-07 11:01:09 +00:00
|
|
|
|
|
|
|
|
Dumping sink-hole addresses
|
|
|
|
|
---------------------------
|
|
|
|
|
|
|
|
|
|
python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r .TargetIp
|
|
|
|
|
|
2013-02-07 16:15:21 +00:00
|
|
|
Dumping some specific values and cleaning the container/blobs
|
2013-02-07 11:01:09 +00:00
|
|
|
----------------------------------------------------
|
|
|
|
|
|
|
|
|
|
python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r '.SourceIpAsnNr+" "+.SourceIp +" "+ .Botnet'
|
|
|
|
|
|
|
|
|
|
Dumping the JSON object for a specific ASN
|
|
|
|
|
------------------------------------------
|
|
|
|
|
|
|
|
|
|
python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r 'if .SourceIpAsnNr == "AS12345" then . else "" end'
|
