1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
use clap::{ArgAction, Parser};
use env_logger::Env;
use stalkerware_indicators::errors::*;
use std::collections::HashSet;
use std::io;
use std::path::PathBuf;
#[derive(Debug, Parser)]
struct Args {
/// Path to `ioc.yaml` to lint
file: PathBuf,
/// Print parsed data as json
#[clap(long)]
dump_json: bool,
/// Verbose output
#[clap(short, action=ArgAction::Count)]
verbose: u8,
/// Quiet output
#[clap(short)]
quiet: bool,
}
fn main() -> Result<()> {
let args = Args::parse();
let log_level = match (args.quiet, args.verbose) {
(true, _) => "warn",
(_, 1) => "info",
(_, 2) => "info",
_ => "trace",
};
env_logger::init_from_env(Env::default().default_filter_or(log_level));
let rules = stalkerware_indicators::parse_from_file(args.file)?;
info!("Loadeded {} rules", rules.len());
if args.dump_json {
serde_json::to_writer_pretty(io::stdout(), &rules)?;
}
let packages = rules
.iter()
.flat_map(|r| r.packages.iter().cloned())
.collect::<HashSet<_>>();
info!("Stats: {} known packages", packages.len());
let domains = rules
.iter()
.flat_map(|r| r.websites.iter().chain(r.c2.domains.iter()).cloned())
.collect::<HashSet<_>>();
info!("Stats: {} known domains", domains.len());
let ips = rules
.iter()
.flat_map(|r| r.c2.ips.iter().cloned())
.collect::<HashSet<_>>();
info!("Stats: {} known ips", ips.len());
Ok(())
}
|
