StoqScan¶
Overview¶
Basic scanning functions such as hash calculation and file type detection.
Examples¶
Calculate the md5 hash of a payload:
import stoq.scan
stoq.scan.get_md5("this is a payload")
Calculate the md5, sha1, sha256, and sha512 of a payload:
stoq.scan.get_hashes("this is a payload")
API¶
-
stoq.scan.
bytes_frequency
(payload, min_length=1, max_length=3, min_count=10)¶ Determine the frequency of bytes or series of bytes in a payload
Parameters: - payload (bytes) – Payload to be analyzed
- min_length (int) – Minimum length of continuous bytes
- max_length (int) – Maximum length of continuous bytes
- min_count (int) – Minimum count of instances of a specific byte or series of bytes
Returns: Bytes, count, percentage of frequency
Return type: tuple
-
stoq.scan.
compare_ssdeep
(payload1, payload2)¶ Compare binary payloads with ssdeep to determine
Parameters: - payload1 (bytes) – Binary content to compare
- payload2 (bytes) – Binary content to compare
Returns: Match score from 0 (no match) to 100
Type: int or None
-
stoq.scan.
get_hashes
(payload)¶ Calculate the md5, sha1, sha256, and sha512 of a payload
Parameters: payload – The payload to be hashed. Returns: All of the above hashes Return type: dict
-
stoq.scan.
get_magic
(payload, mime=True)¶ Attempt to identify the magic of a payload
Parameters: - payload (bytes) – Payload to be analyzed
- mime (bool) – Define whether the payload is of mime magic_type
Returns: Identified magic type, otherwise None
Return type: bytes
-
stoq.scan.
get_md5
(payload)¶ Generate md5 hash of a payload
Parameters: payload – The payload to be hashed. Returns: md5 hash Return type: str
-
stoq.scan.
get_sha1
(payload)¶ Generate sha1 hash of a payload
Parameters: payload – The payload to be hashed. Returns: sha1 hash Return type: str
-
stoq.scan.
get_sha256
(payload)¶ Generate sha256 hash of a payload
Parameters: payload – The payload to be hashed. Returns: sha256 hash Return type: str
-
stoq.scan.
get_sha512
(payload)¶ Generate sha512 hash of a payload
Parameters: payload – The payload to be hashed. Returns: sha512 hash Return type: str
-
stoq.scan.
get_ssdeep
(payload)¶ Generate ssdeep hash of a payload
Parameters: payload – The payload to be hashed. Returns: ssdeep hash Return type: str or None