THE BEST THREAT INTELLIGENCE TOOLS FOR THE COMMAND LINE

By Josh Campbell from Cyborg Security

THE GREP FAMILY

One of the best threat intelligence tools that should be in every analyst’s repertoire is grep. Grep stands for “Global Regular Expressions Print.” Grep and all its variants which we will get to, is a tool that puts searching front and center.

  • fgrep — this is another version of grep that is more of a “shortcut” (in this case grep -F). In this case the F stands for “Fixed Grep.” The function of fgrep is that it does away with the regular expression functions of grep. Instead, it only searches for literal strings. While this might sound counter intuitive, the pay-off is that it is much, much, faster. This may not seem like a big deal searching files with only a few thousand lines… But when dealing with millions or billions of lines, it definitely shows its worth.
  • rgrep — rgrep is a tool that I find myself reaching for all the time. Like grep and egrep it can search files for strings and regular expressions. Unlike those tools, however, it can recursively search through directories and all the files in them. If you have ever had to search through git repos for specific information, rgrep is a time saver!

AWK IS YOUR FRIEND

Another of the best threat intelligence tools available is a little tool called awk. Awk is very valuable if you find yourself manipulating separated values. Whether it is comma, semicolon, space or any other type of delimiter, awk is your friend. Awk looks at a file line-by-line and can then parse each line into individual fields. This allows you to choose which columns you want to print. It also allows you to rearrange the order of them, or output them in a completely different format.

YOU SED IT!

Another of the best threat intelligence tools available for the command line is a little powerhouse called sed. The Stream Editor (or sed) is a tool that allows you to parse and manipulate text. In layman’s terms, this thing is a souped-up version of find-and-replace. As you have guessed, however, it is a lot more flexible!

NO STRINGS ATTACHED

What list about the best threat intelligence tools would be complete without strings?

CONCLUSION

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.