sqhunter is a Threat hunter based on osquery, Salt Open and Cymon API.
+ query open network sockets and check them against threat intelligence sources
+ issue ad-hoc or distributed queries using salt and osqueryi, without the need for osqueryd’s tls plugin
– Salt Open (salt-master, salt-minion)¹
– Python 2.7
– salt (you may need to install gcc, gcc-c++, python dev)
Use and Download:
git clone https://github.com/0x4D31/sqhunter && cd sqhunter
pip install -r requirements.txt
python sqhunter.py S -t '*'