Home > Digital Forensics > security tool > cacador - Indicator Extractor

cacador - Indicator Extractor

October 14, 2017 ,
Cacador (Portugese for hunter) is tool for extracting common indicators of compromise from a block of text.

The Short Way: Downloading Cacador

The easiest way to get cacador is to download the latest release for your platform. Good? Great.

The Long Way: Compiling Cacador

  • Install golang
  • go get github.com/sroberts/cacador
  • Compile with go build

Running

Run with ./cacador. It accepts text from stdin and writes a JSON blob of IOCs to stdout. For example cat text.txt | ./cacador | import where text is some IOC rich text and import pushes your new IOCs into your threat management system.
Cacador does recognize two command line flags:
  • -comment="Foo" which makes it possible to leave a note as metadata.
  • -tags="Foo, bar, baz" which adds tags.

Generating a new release

  • Install goreleaser via go get github.com/goreleaser/goreleaser.
  • Push your branch to GitHub.
  • Tag it via git tag -a v1.0.3 -m "Release 1.0.3 - Minor bugfix edition."
  • Push the tag to GitHub via git push origin v1.0.3
  • Ensure you have a GITHUB_TOKEN env var set.
  • Run goreleaser.

Post a Comment

Powered by Blogger.