Automate hash scans

[bra1ncramp]

🗣 Description

Create extra file to automate the IOC Hash scans.

• This script currently is only valid for Debian and Fedora systems.
• Requires AWS_CREDENTIALS_FILE and AWS_REGION environmental variables to already be set.
• Assumes it will be run from ioc-scanner/extras
• Takes a file with a list of instance id's in separate lines
• Requires declaring the AWS_PROFILE as an argument
• Starts port forwarding on the local system. Then it verifies that netcat is installed in the instance and starts netcat listening on port 6666. It uploads the latest copy of ioc_scanner.py with the latest hashes to the instance. Then it executes ioc_scanner.py and directs the output to a local log file.

💭 Motivation and context

The current process requires manually uploading the ioc_scanner.py file to each instance one at a time. This is a laborious method and not scaleable.

🧪 Testing

This was tested using the default test blobs in ioc_scanner.py.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All relevant type-of-change labels have been added.
• I have read the CONTRIBUTING document.
• These code changes follow cisagov code standards.
• All new and existing tests pass.

[dav3r]

For the same reasons as discussed in #53, this PR will not require a version change to this repo, so I deleted the "Pre-merge" and "Post-merge" checklist sections in the PR description.

[dav3r]

Thanks for building out this script- it will be an excellent improvement from our current manual process.

Please take a look at my first round of suggestions.

[dav3r]

@bra1ncramp Just pinging on this PR so that it doesn't get forgotten. It's good stuff- we should try to get it across the finish line soon.

[jsf9k]

Here is a suggestion.

[jsf9k]

@bra1ncramp - Are you running pre-commit locally? It should have automatically caught the correction I made in commit 93e1b32.

[dav3r]

Here are a couple more small thangs to clean up.

[jsf9k]

@bra1ncramp - Are you running pre-commit locally? It should have automatically caught the correction I made in commit 93e1b32.

@bra1ncramp - Are you running pre-commit locally? It should have automatically caught the linting error you committed in e21a303.

[bra1ncramp]

@bra1ncramp - Are you running pre-commit locally? It should have automatically caught the correction I made in commit 93e1b32.

@bra1ncramp - Are you running pre-commit locally? It should have automatically caught the linting error you committed in e21a303.

What's the error? pre-commit isn't showing me any error.

I was running it wrong. I should have run pre-commit run --all-files instead of just pre-commit

[jsf9k]

@bra1ncramp - Are you running pre-commit locally? It should have automatically caught the correction I made in commit 93e1b32.

@bra1ncramp - Are you running pre-commit locally? It should have automatically caught the linting error you committed in e21a303.

What's the error? pre-commit isn't showing me any error.

I was running it wrong. I should have run pre-commit run --all-files instead of just pre-commit

You should run pre-commit install to install the git hook. Then pre-commit will check your changes before you are allowed to commit them. See the instructions here, for example.

[dav3r]

Looks solid - strong work! 💪 💼