Skip to content
This repository was archived by the owner on Mar 5, 2026. It is now read-only.

malice-plugins/nsrl

BranchesTags

Repository files navigation

NSRL logo

malice-nsrl

Circle CI License Docker Stars Docker Pulls Docker Image

Malice NSRL Plugin - This takes the 5.5 GB NSRL minimal set and converts it into a 77.4 MB bloom filter with an Estimate False Positive Rate of 0.001

This repository contains a Dockerfile of the NSRL lookup malice plugin malice/nsrl.

Dependencies

Image Tags

REPOSITORY TAG SIZE malice/nsrl latest 117MB malice/nsrl 0.1.0 117MB malice/nsrl sha1 117MB malice/nsrl md5 117MB

NOTE:

  • tags latest and 0.1.0 are the same as sha1
  • tag sha1 can query by sha1 hash
  • tag md5 can query by md5 hash

Installation

  1. Install Docker.
  2. Download trusted build from public DockerHub: docker pull malice/nsrl

Usage

docker run --rm malice/nsrl --help Usage: nsrl [OPTIONS] COMMAND [arg...] Malice nsrl Plugin Version: v0.1.0, BuildTime: 20161119 Author: blacktop - <https://github.com/blacktop> Options: --verbose, -V verbose output --help, -h show help --version, -v print the version Commands: web Create a NSRL lookup web service build Build bloomfilter from NSRL database lookup Query NSRL for hash help Shows a list of commands or help for one command Run 'nsrl COMMAND --help' for more information on a command.

Lookup By Hash md5|sha1

docker run --rm malice/nsrl:md5 lookup 829e4805b0e12b383ee09abdc9e2dc3c docker run --rm malice/nsrl:sha1 lookup 5a272b7441328e09704b6d7eabdbd51b8858fde4 
NAME: nsrl lookup - Query NSRL for hash USAGE: nsrl lookup [command options] SHA1 to query NSRL with OPTIONS: --elasticsearch value elasticsearch url for Malice to store results [$MALICE_ELASTICSEARCH_URL] --post, -p POST results to Malice webhook [$MALICE_ENDPOINT] --proxy, -x proxy settings for Malice webhook endpoint [$MALICE_PROXY] --timeout value malice plugin timeout (in seconds) (default: 10) [$MALICE_TIMEOUT] --table, -t output as Markdown table

Sample Output

JSON

{ "nsrl": { "found": true, "hash": "5A272B7441328E09704B6D7EABDBD51B8858FDE4" } }

Markdown

NSRL Database

  • Found ✅

Documentation

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2015 blacktop

About

Malice NSRL Plugin

Topics

docker whitelist binary md5 sha1 nsrl malice

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

4 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages