Skip to content
/ nsrlfilter Public

Startup script for handling multiple whitelists/blacklists for nsrllookup daemons

3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

marcurdy/nsrlfilter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 
nsrlfilter.py
nsrlfilter.py
 
 

Repository files navigation

nsrlfilter

Wrapper to nsrlsearch for handling multiple whitelists/blacklists

Running a list of samples against NSRL list to find matches and subsequent filtering out of those is simple with nsrllookup -u and -k.
If you have additional lists to use as whitelists and/or blacklists running on other ports, you need a better client to consistently handle access. Since DFIR is all about Python, let's do it.

#This was mostly an effort in learning how to run nsrllookup and handling stdin as a pipe to running nsrllookup.

On your nsrl server, run each list on a different port with nsrlsrv.

#Edit the WHITE and BLACK arrays below to map nsrlsvr ports to the lists it houses
# White #1: NSRL = /usr/local/share/nsrlsvr/hashes.txt
# White #2: Redline = /home/sansforensics/Downloads/nsrl/m-whitelist-1.0.txt
# Black #1: VirusShare.com list
# Black #2: Other_blacklist?

Example:

NSRLHOST= "your nsrlsrv"
# Enable additional ports if additional whitelists exist
WHITE = [9120, 9121]
# Enable blacklist ports if any exist
BLACK = [9122, 9123]

About

Startup script for handling multiple whitelists/blacklists for nsrllookup daemons

Resources

Readme
Activity

Stars

3 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages