Skip to content


Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Build Status Documentation Status License


stoQ is a automation framework that helps to simplify the mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition between different data sources, databases, decoders/encoders, and numerous other tasks using enriched and consistent data structures. stoQ was designed to be enterprise ready and scalable, while also being lean enough for individual security researchers.


If you're interested in learning more about stoQ, to include how to develop your own plugins, checkout the full documentation.

This git repository contains publicly available plugins that have been created for use with stoQ. The core stoQ repository can be found here.


Details on how to install these plugins can be found here.

Plugin List

Below is a listing of all public stoQ plugins, a description, and their respective plugin class.

Plugin Name Description Plugin Type
acce Scan payloads using ACCE Worker
azure_blob Save results and archive payloads with Azure Blob Storage Archiver, Connector
b64decode Decode base64 encoded payloads Worker
decompress Extract content from a multitude of archive formats Worker
dirmon Monitor a directory for newly created files for processing Provider
entropy Calculate shannon entropy of a payload Worker
es-search Saves results to ElasticSearch Connector
exif Processes a payload using ExifTool Worker
falcon-sandbox Scan payloads using Falcon Sandbox Worker
filedir Ingest a file or directory for processing Provider, Connector, Archiver
gcs Read and write data to Google Cloud Storage Archiver, Connector
hash Hash content Worker
hash_ssdeep Generate a ssdeep hash of payloads Worker
iocextract Regex routines to extract and normalize IOC's from a payload Worker
javaclass Decodes and extracts information from Java Class files Worker
jinja Decorate results using a template Connector, Decorator
kafka-queue Publish and consume messages from a Kafka server Archiver, Connector, Provider
lief Parse and abstract PE, ELF and MachO files using LIEF Worker
mimetype Determine mimetype of a payload Worker
mongodb Save results and archive payloads to/from mongodb Archiver, Connector
mraptor Port of mraptor3 from oletools Worker
ole Carve OLE streams within Microsoft Office Documents Worker
opswat Scan payloads using OPSWAT MetaDefender Worker
pecarve Carve portable executable files from a data stream Worker
peinfo Gather relevant information about an executable using pefile Worker
pubsub Interact with Google Cloud Pub/Sub Archiver, Connector, Provider
redis-queue Interact with Redis server Archiver, Connector, Provider
rtf Extract objects from RTF payloads Worker
s3 Read and write data to Amazon S3 buckets Archiver, Connector
sentinel Save results to Azure Sentinel Connector
smtp SMTP Parser Worker Worker
stdout Sends results to STDOUT Connector
swfcarve Carve and decompress SWF files from payloads Worker
symhash Calculate symbol table hashes of a Mach-O executable file Worker
tika Upload content to a Tika server for automated text extraction Worker
tnef TNEF File Extractor Worker
trid Identify file types from their TrID signature Worker
vtmis-filefeed Process VTMIS File Feed Provider, Worker
vtmis-search Search VTMIS for sha1 hash of a payload or from results of iocextract plugin Worker, Dispatcher
xdpcarve Carve and decode streams from XDP documents Worker
xordecode Decode XOR encoded payloads Worker
xorsearch Scan a payload using xorsearch Worker
xyz Extract Zip file metadata Worker
yara Process a payload using yara Worker, Dispatcher