GDIOCSpider: The New Open-Source Python Tool for GDrive Incident Response
GDIOCSpider is an open-source, configurable, Python Incident Response (IR) and Security Research tool specifically catered around IOC extraction and identification in GDrives with poor data context. Taken as an end-to-end application, this tool crawls through a provided GDrive, extracts IOCs from all files processed, and outputs found results into a CSV file for research, analysis, and identification.
This tool comes complete with the standalone IOCFlagger package, which can be used in isolation to type IOCs purely from their value, if a GDrive crawler is not your needed use-case but IOC enrichment and extraction is.
The tool supports a variety of file types, as well as ioc types. It’s relatively simple, clean, efficient, and fast.
Supported IOC Types
In the current version of IOCTyper, the following IOC Types are supported:
- IPv4
- IPv6
- SHA512
- SHA256
- SHA1
- MD5
- Registry Key
- User Agent
- Domain
- File Name
- File Path
- Keyword
Supported File Types
The current version of the GDIOCSpider accommodates all the following file types:
- Text File
- CSV File
- PDF File
- JSON File
- Google Slides
- Google Docs
- Python Script
- Google Sheets
Explanation of Settings
settings.py Is complete with an explanation of all the configuration settings and their default. The goal of this tool is to offer the flexibility for you to accomplish your needs in the way you see fit.
config.json Is what you actually modify to change how the code will run, settings.py serves as documentation.
Install
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
