Threat-Intel on Clean Techhttp://www.lineon.fr/tags/threat-intel/Recent content in Threat-Intel on Clean TechHugoenWed, 01 Apr 2026 00:00:00 +0000Building a Threat Intel CLI Tool in Rusthttp://www.lineon.fr/posts/rust-cli-threat-intel/Wed, 01 Apr 2026 00:00:00 +0000http://www.lineon.fr/posts/rust-cli-threat-intel/<p>Python is the default language for security tooling, but Rust offers compelling advantages for CLI tools that need to be fast, distributable as a single binary, and safe by default. Here&rsquo;s how I built a threat intelligence lookup tool in Rust.</p> <h2 id="the-goal">The goal</h2> <p>A single binary that:</p> <ul> <li>Accepts an IP, domain, or hash as input</li> <li>Queries VirusTotal, AbuseIPDB, and Shodan in parallel</li> <li>Outputs a unified JSON report</li> </ul> <h2 id="project-setup">Project setup</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">cargo init threat-lookup </span></span><span class="line"><span class="cl"><span class="nb">cd</span> threat-lookup </span></span><span class="line"><span class="cl">cargo add reqwest --features json,rustls-tls </span></span><span class="line"><span class="cl">cargo add tokio --features full </span></span><span class="line"><span class="cl">cargo add serde --features derive </span></span><span class="line"><span class="cl">cargo add serde_json </span></span><span class="line"><span class="cl">cargo add clap --features derive </span></span></code></pre></div><h2 id="cli-argument-parsing-with-clap">CLI argument parsing with Clap</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-rust" data-lang="rust"><span class="line"><span class="cl"><span class="k">use</span><span class="w"> </span><span class="n">clap</span>::<span class="n">Parser</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="cp">#[derive(Parser, Debug)]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="cp">#[command(name = </span><span class="s">&#34;threat-lookup&#34;</span><span class="cp">)]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="cp">#[command(about = </span><span class="s">&#34;Query threat intel APIs for IOCs&#34;</span><span class="cp">)]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="k">struct</span> <span class="nc">Args</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sd">/// The indicator to look up (IP, domain, or hash) </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">indicator</span>: <span class="nb">String</span><span class="p">,</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sd">/// Output format </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="cp">#[arg(short, long, default_value = </span><span class="s">&#34;json&#34;</span><span class="cp">)]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">format</span>: <span class="nb">String</span><span class="p">,</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sd">/// Verbose output </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="cp">#[arg(short, long)]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">verbose</span>: <span class="kt">bool</span><span class="p">,</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="p">}</span><span class="w"> </span></span></span></code></pre></div><h2 id="parallel-api-queries-with-tokio">Parallel API queries with Tokio</h2> <p>The key advantage of Rust here is safe, zero-cost concurrency. All three API calls happen simultaneously:</p>