Skip to content

Kolano/stoq-plugins-public

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation


Build Status Documentation Status License

Overview

stoQ is a automation framework that helps to simplify the mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition between different data sources, databases, decoders/encoders, and numerous other tasks using enriched and consistent data structures. stoQ was designed to be enterprise ready and scalable, while also being lean enough for individual security researchers.

Documentation

If you're interested in learning more about stoQ, to include how to develop your own plugins, checkout the full documentation.

This git repository contains publicly available plugins that have been created for use with stoQ. The core stoQ repository can be found here.

Installation

Details on how to install these plugins can be found here.

Plugin List

Below is a listing of all public stoQ plugins, a description, and thier respective plugin class.

Plugin Name Description Plugin Type
decompress Extract content from a multitude of archive formats Worker
dirmon Monitor a directory for newly created files for processing Provider
entropy Calculate shannon entropy of a payload Worker
es-search Saves results to ElasticSearch Connector
exif Processes a payload using ExifTool Worker
falcon-sandbox Scan payloads using Falcon Sandbox Worker
filedir Ingest a file or directory for processing Provider, Connector, Archiver
gcs Read and write data to Google Cloud Storage Archiver, Connector
hash Hash content Worker
hash_ssdeep Generate a ssdeep hash of payloads Worker
iocextract Regex routines to extract and normalize IOC's from a payload Worker
javaclass Decodes and extracts information from Java Class files Worker
jinja Decorate results using a template Connector, Decorator
kafka-queue Publish and consume messages from a Kafka server Archiver, Connector, Provider
lief Parse and abstract PE, ELF and MachO files using LIEF Worker
mimetype Determine mimetype of a payload Worker
mongodb Save results and archive payloads to/from mongodb Archiver, Connector
mraptor Port of mraptor3 from oletools Worker
ole Carve OLE streams within Microsoft Office Documents Worker
opswat Scan payloads using OPSWAT MetaDefender Worker
pecarve Carve portable executable files from a data stream Worker
peinfo Gather relevant information about an executable using pefile Worker
pubsub Interact with Google Cloud Pub/Sub Archiver, Connector, Provider
redis-queue Interact with Redis server Archiver, Connector, Provider
rtf Extract objects from RTF payloads Worker
s3 Read and write data to Amazon S3 buckets Archiver, Connector
smtp SMTP Parser Worker Worker
stdout Sends results to STDOUT Connector
swfcarve Carve and decompress SWF files from payloads Worker
symhash Calculate symbol table hashes of a Mach-O executable file Worker
tika Upload content to a Tika server for automated text extraction Worker
tnef TNEF File Extractor Worker
trid Identify file types from their TrID signature Worker
vtmis-filefeed Process VTMIS File Feed Provider, Worker
vtmis-search Search VTMIS for sha1 hash of a payload or from results of iocextract plugin Worker, Dispatcher, Deep Dispatcher
xdpcarve Carve and decode streams from XDP documents Worker
xorsearch Scan a payload using xorsearch Worker
yara Process a payload using yara Worker, Dispatcher

Packages

No packages published

Languages

  • Python 64.9%
  • YARA 34.5%
  • Other 0.6%