-
Notifications
You must be signed in to change notification settings - Fork 0
/
readme.txt
125 lines (87 loc) · 3.51 KB
/
readme.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
/*
#-----------------------------------#
# #
# Copyright (C) 2016 Azril Rahim #
# azrilazam@gmail.com #
# #
# This code is under GNU Open Source#
# license. You are free to modified #
# it as long the where credits due #
#-----------------------------------#
*/
INTRODUCTION
-------------
The TIG application is command line interface (CLI) application
that is designed to produced a set of known malware associated
with a FQDN or an IP address.
TIG is able to accept a single FQDN per query. For multiple queries,
FQDNs inputs must be separated in comma (,). TIG also accept CSV
type format file as input to process multiple queries.
REQUIREMENT
-------------
TIG is a cross platform application that runs on MAC, WIN32/64, UNIX,
OS2 and LINUX. It is a C/C++ application that is coded entirely on
C++ Qt framework. For 64bit compatiblity, all compiliation for TIG
requires the following minimum specifications library to be installed
*Qt 5.4 (https://www.qt.io/download-open-source/)
*SQLite 3 (https://www.sqlite.org)
*GNU C Compiler GCC version 4 (http://www.gnu.org)
*SSH/SSL version 6 (http://www.openssh.com)
INSTALLATION
-------------
Compilation
-----------
1. Please ensure all the dependencies libraries specified in the
requirement sections are properly installed
2. Extract all the files in the desired working directory.
e.g: /home/user/project/TIG
3. VIRUS TOTAL access requires a special API KEY. You need to register to
qualified for it. Once obtained, the key need to insert in vtclient.cpp
under the class constructor.
4. The create a proper make file for compilation, you need to access
to the qmake command that comes with Qt framework. qmake command
must be issued inside the TIG work directory.
%> cd /home/user/project/TIG
%> /<qt install dir>/bin/qmake
5. After the qmake process is finish, you can called the make command
to complete the compilation
%> cd /home/user/project/TIG
%> make
6. After a successful compilation, a TIG file will be created.
To invoke TIG application:
%> cd /home/user/project/TIG
%> ./TIG
SQLITE 3 Database Installation
------------------------------
1. Copy the tig.db to /opt directory
2. Make sure chmod 777 the tig.db file
COMMAND LINE ARGUMENTS
----------------------
fqdn?=: <fqdn or several fqdn separated by comma>
if?=: <input of fqdn in csv file format>
of?=: <output to file of the results of queried fqdn>
update: force update
CONFIGURATION
-------------
1. Single FQDN query
%> ./TIG fqdn?=www.test.com
2. multiple FQDN queries (each fqdn is separated by comma ,)
%> ./TIG fqdn?=www.test.com,www.test2.com,..
3. Multiple FQDN queries via CSV file
%> ./TIG if?=csv.file.txt
4. Saving result to a file
%> ./TIG fqdn?=www.test.com,www.test2.com,.. of=?<targetfile>
5. Force update
TIG is equipped with auto update when verifying FQDN.
However its also allow force update. Only 1 single FQDN
can be forced in a call.
%> ./TIG fqdn=?www.test.com update
OUTPUT
-------
The output is in CSV format arrange in the following block.
QUERIED_FQDN:TOTAL_MALW_FOUND:TOTAL_MALW_FAMILY_FOUND:MALW_FAMILY1,MALW_FAMILY2,..
e.g
www.aol.com:200:38:sohad,kriptik,zeus...,
MAINTAINER
----------
* Azril Rahim (azril) azrilazam@gmail.com