The SOC Toolkit plugin provides cybersecurity professionals and SOC analysts with tools for IP reputation analysis and defanging directly within their notes. It scans IPv4 and IPv6 addresses, including defanged variants, and queries VirusTotal and AbuseIPDB APIs for reputation data. Results are cached locally to reduce API calls and displayed in a customizable format. Users can defang IPs in notes via commands or right-click menus, preserving original formatting. The plugin supports both full and last-dot defanging and integrates with the command palette and context menus for quick access.
You must obtain a VirusTotal API key to enable IP reputation checks.
You must also obtain an AbuseIPDB API key for AbuseIPDB integration.
✨ New & Improved
IPv6 Defanging Improved:
- Only single colons (:) in IPv6 addresses are now defanged to [:].
- Double colons (::) are left untouched to avoid Markdown rendering issues and maintain readability.
Settings UI Polish:
- Section headings in the settings tab now use native Obsidian heading styles for a more consistent look.
- "Example output", "VirusTotal", and "AbuseIPDB" headings have been streamlined or removed for clarity.
Dependency & Build Improvements:
- Added obsidian and tslib as dev dependencies for better type support and build reliability.
- Cleaned up unnecessary debug logging for a tidier codebase.
🐛 Bug Fixes
- Fixed an issue where defanged IPv6 addresses like :: would render as broken Markdown links.
Upgrade recommended for all users, especially those working with IPv6 addresses or customising plugin output.