-
Notifications
You must be signed in to change notification settings - Fork 0
azrilrahim/tig-fqdn-cli
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
/*
#-----------------------------------#
# #
# Copyright (C) 2016 Azril Rahim #
# azrilazam@gmail.com #
# #
# This code is under GNU Open Source#
# license. You are free to modified #
# it as long the where credits due #
#-----------------------------------#
*/
INTRODUCTION
-------------
The TIG application is command line interface (CLI) application
that is designed to produced a set of known malware associated
with a FQDN or an IP address.
TIG is able to accept a single FQDN per query. For multiple queries,
FQDNs inputs must be separated in comma (,). TIG also accept CSV
type format file as input to process multiple queries.
REQUIREMENT
-------------
TIG is a cross platform application that runs on MAC, WIN32/64, UNIX,
OS2 and LINUX. It is a C/C++ application that is coded entirely on
C++ Qt framework. For 64bit compatiblity, all compiliation for TIG
requires the following minimum specifications library to be installed
*Qt 5.4 (https://www.qt.io/download-open-source/)
*SQLite 3 (https://www.sqlite.org)
*GNU C Compiler GCC version 4 (http://www.gnu.org)
*SSH/SSL version 6 (http://www.openssh.com)
INSTALLATION
-------------
Compilation
-----------
1. Please ensure all the dependencies libraries specified in the
requirement sections are properly installed
2. Extract all the files in the desired working directory.
e.g: /home/user/project/TIG
3. VIRUS TOTAL access requires a special API KEY. You need to register to
qualified for it. Once obtained, the key need to insert in vtclient.cpp
under the class constructor.
4. The create a proper make file for compilation, you need to access
to the qmake command that comes with Qt framework. qmake command
must be issued inside the TIG work directory.
%> cd /home/user/project/TIG
%> /<qt install dir>/bin/qmake
5. After the qmake process is finish, you can called the make command
to complete the compilation
%> cd /home/user/project/TIG
%> make
6. After a successful compilation, a TIG file will be created.
To invoke TIG application:
%> cd /home/user/project/TIG
%> ./TIG
SQLITE 3 Database Installation
------------------------------
1. Copy the tig.db to /opt directory
2. Make sure chmod 777 the tig.db file
COMMAND LINE ARGUMENTS
----------------------
fqdn?=: <fqdn or several fqdn separated by comma>
if?=: <input of fqdn in csv file format>
of?=: <output to file of the results of queried fqdn>
update: force update
CONFIGURATION
-------------
1. Single FQDN query
%> ./TIG fqdn?=www.test.com
2. multiple FQDN queries (each fqdn is separated by comma ,)
%> ./TIG fqdn?=www.test.com,www.test2.com,..
3. Multiple FQDN queries via CSV file
%> ./TIG if?=csv.file.txt
4. Saving result to a file
%> ./TIG fqdn?=www.test.com,www.test2.com,.. of=?<targetfile>
5. Force update
TIG is equipped with auto update when verifying FQDN.
However its also allow force update. Only 1 single FQDN
can be forced in a call.
%> ./TIG fqdn=?www.test.com update
OUTPUT
-------
The output is in CSV format arrange in the following block.
QUERIED_FQDN:TOTAL_MALW_FOUND:TOTAL_MALW_FAMILY_FOUND:MALW_FAMILY1,MALW_FAMILY2,..
e.g
www.aol.com:200:38:sohad,kriptik,zeus...,
MAINTAINER
----------
* Azril Rahim (azril) azrilazam@gmail.com
About
Qt C++ TIG command line that accept single & mulitiple FQDN (both as cli input or CSV file) and produced related malware information in CSV format
Resources
Stars
Watchers
Forks
Releases
No releases published