ioc-tool v1.2.6

Diventry IOC Tool

Introduction

The Diventry IOC Tool is a free tool that allows users to leverage certain compromise indication information consolidated by Diventry from its partners. It enables users to list, download, upload IOCs, and deploy lists on various equipment such as Linux.

Installation

To install the Diventry IOC Tool, run the following command:

npm install -g ioc-tool

Listing

To retrieve the list of public IOC lists stored at Diventry, use the following command:

ioc-tool list

You can use the "Share Token" to download or apply a specific list.

Download

To download a list, you need to retrieve the Share Token of the desired list. Use the following command to download the list and display it in the stdout:

ioc-tool download <Share token>

If you want to save the list to a file, use the -f option followed by the file path:

ioc-tool download -f ./mylist.txt <Share token>

This command will store the list in the mylist.txt file.

Applying a List to Linux IP Filtering

Before applying a list to Linux IP filtering, ensure that PM2 and the ipset tool are installed on your system by running the following commands:

apt install ipset
npm i -g pm2

After selecting your list, obtain the Share Token. Then, install PM2 using the following command:

ioc-tool ipset pm2 <Share Token>

This command will handle the system-specific command, and once confirmed, you can execute it. For Tor network integration, the command will be:

pm2 start -f [..]/ioc-tool/bin/index.js --name diventry-ioc-tool --cwd [..]/ioc-tool -- ipset stream tor

The Tor list will be automatically updated on the firewall. You can confirm this by checking the iptables integration using the following commands:

iptables -L -vn
ipset list

To stop filtering a list, use the following command:

ioc-tool ipset stop <Share Token>

Make sure to remove the PM2 process as well:

pm2 delete diventry-ioc-tool

Transmitting IOC

Transmitting IOCs to Diventry requires a validated access to the IOC providers sections, as it is currently in closed beta. If you wish to use the IOC provider tool, please contact us at http://www.diventry.com.

Before sending information, you need to format your file correctly. The file should follow the format below, where tags are optional:

54.26.98.67 nothing,but,4,tags
8.9.64.2 some,tags

Next, transmit the file using the following command:

API_KEY=yourAPIkey ioc-tool tx ip plaintext ./yourFile

You can also transmit a single IOC IP with tags:

API_KEY=yourAPIkey ioc-tool tx ip single 2.3.1.0 some,tags

Getting Help

The program includes built-in help. To view general help, run the following command:

ioc-tool -h

To get help for a specific subcommand, use the following syntax:

ioc-tool info -h

Feel free to reach out if you have any further questions or need assistance!