sqhunter

LSE toolsLSE toolssqhunter (297)sqhunter (297)

Tool and Usage

Project details

License
MIT
Programming language
Python
Author
Adel Karimi
Latest release
No release found
Latest release date
Unknown

Project health

64
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Sqhunter is a security tool to find known and unknown threats within your network. The goal is to find possible adversaries within your network by doing specific queries. The tool uses data from osquery, Salt Open, and the Cymon API.

Background information

Important note: you need to run sqhunter on your salt-master server.

Usage and audience

sqhunter is commonly used for security monitoring, threat discovery, or threat hunting. Target users for this tool are security professionals and system administrators.

Features

  • Command line interface

Example usage and output

==============================================
__ __
_________ _/ /_ __ ______ / /____ _____
/ ___/ __ `/ __ \/ / / / __ \/ __/ _ \/ ___/
(__ ) /_/ / / / / /_/ / / / / /_/ __/ /
/____/\__, /_/ /_/\__,_/_/ /_/\__/\___/_/
/_/
threat hunter based on osquery and salt open
==============================================


[+] Alert - Host: 10.10.10.55

+ Process and network socket info:
- pid: 15003
- name: telnet
- cmdline: telnet 98.131.172.1 80
- local_address: 10.10.10.55
- local_port: 47722
- remote_address: 98.131.172.1
- remote_port: 80
- protocol: 6

+ Threat reports:
- title: Malware activity reported by IBM X-Force Exchange
date: 2015-09-21T09:04:10Z
details_url: https://exchange.xforce.ibmcloud.com/ip/98.131.172.1
tag: malware
- title: Malware reported by cleanmx-malware
date: 2015-02-24T15:26:00Z
details_url: http://www.virustotal.com/latest-report.html?resource=5bc647742434f743114d3397b2cf74b0
tag: malware

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + The source code of this software is available

Author and Maintainers

Sqhunter is under development by Adel Karimi.

Installation

Supported operating systems

Sqhunter is known to work on Linux.

Dependencies

Several dependencies are required to use sqhunter.

  • Python 2
  • cymon
  • netaddr
  • salt

sqhunter alternatives

Similar tools to sqhunter:

64

HELK

HELK is short for The Hunting ELK, containing Elasticsearch, Logstash, and Kibana. It has advanced analytic capabilities for threat hunting.

100

MISP

MISP is short for Malware Information Sharing Platform. It helps with sharing threat data which can be used by defenders and malware researchers.

64

rastrea2r

Rastrea2r is a threat hunting utility for indicators of compromise (IOC) and can be used by SOC analysts and incident responders. Learn how it works in this review.

All sqhunter alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a threat hunting tool.