Home

Awesome

<p align="center"> <img src="http://stoq.punchcyber.com/i/stoq.png" width="300"><br /> </p>

Build Status Documentation Status License

Overview

stoQ is a automation framework that helps to simplify the mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition between different data sources, databases, decoders/encoders, and numerous other tasks using enriched and consistent data structures. stoQ was designed to be enterprise ready and scalable, while also being lean enough for individual security researchers.

Documentation

If you're interested in learning more about stoQ, to include how to develop your own plugins, checkout the full documentation.

This git repository contains publicly available plugins that have been created for use with stoQ. The core stoQ repository can be found here.

Installation

Details on how to install these plugins can be found here.

Plugin List

Below is a listing of all public stoQ plugins, a description, and their respective plugin class.

Plugin NameDescriptionPlugin Type
acceScan payloads using ACCEWorker
azure_blobSave results and archive payloads with Azure Blob StorageArchiver, Connector
b64decodeDecode base64 encoded payloadsWorker
decompressExtract content from a multitude of archive formatsWorker
dirmonMonitor a directory for newly created files for processingProvider
entropyCalculate shannon entropy of a payloadWorker
es-searchSaves results to ElasticSearchConnector
exifProcesses a payload using ExifToolWorker
falcon-sandboxScan payloads using Falcon SandboxWorker
filedirIngest a file or directory for processingProvider, Connector, Archiver
gcsRead and write data to Google Cloud StorageArchiver, Connector
hashHash contentWorker
hash_ssdeepGenerate a ssdeep hash of payloadsWorker
iocextractRegex routines to extract and normalize IOC's from a payloadWorker
javaclassDecodes and extracts information from Java Class filesWorker
jinjaDecorate results using a templateConnector, Decorator
kafka-queuePublish and consume messages from a Kafka serverArchiver, Connector, Provider
liefParse and abstract PE, ELF and MachO files using LIEFWorker
mimetypeDetermine mimetype of a payloadWorker
mongodbSave results and archive payloads to/from mongodbArchiver, Connector
mraptorPort of mraptor3 from oletoolsWorker
oleCarve OLE streams within Microsoft Office DocumentsWorker
opswatScan payloads using OPSWAT MetaDefenderWorker
pecarveCarve portable executable files from a data streamWorker
peinfoGather relevant information about an executable using pefileWorker
pubsubInteract with Google Cloud Pub/SubArchiver, Connector, Provider
redis-queueInteract with Redis serverArchiver, Connector, Provider
rtfExtract objects from RTF payloadsWorker
s3Read and write data to Amazon S3 bucketsArchiver, Connector
sentinelSave results to Azure SentinelConnector
smtpSMTP Parser WorkerWorker
stdoutSends results to STDOUTConnector
swfcarveCarve and decompress SWF files from payloadsWorker
symhashCalculate symbol table hashes of a Mach-O executable fileWorker
tikaUpload content to a Tika server for automated text extractionWorker
tnefTNEF File ExtractorWorker
tridIdentify file types from their TrID signatureWorker
vtmis-filefeedProcess VTMIS File FeedProvider, Worker
vtmis-searchSearch VTMIS for sha1 hash of a payload or from results of iocextract pluginWorker, Dispatcher
xdpcarveCarve and decode streams from XDP documentsWorker
xordecodeDecode XOR encoded payloadsWorker
xorsearchScan a payload using xorsearchWorker
xyzExtract Zip file metadataWorker
yaraProcess a payload using yaraWorker, Dispatcher