Torq’s Utils utilities perform common helper operations such as fuzzy string comparison, near-match searching over lists, and domain enrichment through Whois and DNS resolution.
Fuzzy Compare Strings Ratio
Performs a fuzzy comparison between two strings and returns a similarity ratio score.
Input
First string
MyName
Second string
MyNameIs
Output
{
"ratio_score": 66
}Fuzzy Search Over an Array of Strings
Performs a fuzzy search of a given string over an array of strings and returns similarity scores. By default, it returns the top match.
Input
Array
["joe@company.com","chris@company.com","murray@company.com"]
Value
name@company.com
Output
{
"count": 1,
"matches": [
{
"Match": "joe@company.com",
"Score": 81
}
]
}Get Whois Record
Runs a Whois query on the given input and returns the domain registration record.
Input
torq.io
Output
{
"domain": {
"id": "xxxxxxxxx-DONUTS",
"domain": "torq.io",
"punycode": "torq.io",
"name": "torq",
"extension": "io",
"whois_server": "whois.xxxxx.com/"
// ...
}
}Resolve DNS
Performs a forward DNS lookup and returns canonical name and DNS records (A/AAAA, MX, NS, TXT, SRV).
Input
torq.io
Output
{
"cname": "torq.io.",
"dmarcTxt": [
"v=DMARC1;p=reject;adkim=r;aspf=r;rua=mailto:rua@torq.io"
],
"foundHost": true,
"host": "torq.io",
"ips": [
"141.xxx.xxx.20",
"141.xxx.xxx.21"
],
"mx": [
{ "Host": "aspmx.l.google.com.", "Preference": 1 },
{ "Host": "alt1.aspmx.l.google.com.", "Preference": 5 },
{ "Host": "alt2.aspmx.l.google.com.", "Preference": 5 },
{ "Host": "alt4.aspmx.l.google.com.", "Preference": 10 },
{ "Host": "alt3.aspmx.l.google.com.", "Preference": 10 }
],
"ns": [
"ns-cloud-e1.googledomains.com.",
"ns-cloud-e2.googledomains.com.",
"ns-cloud-e3.googledomains.com.",
"ns-cloud-e4.googledomains.com."
],
"srv": [],
"txt": ["x"]
}Reset Password for a User in LDAP Server
Resets an LDAP user’s password in the specified LDAP directory.
Input
{
"ldap_server": "ldap.company.com",
"user_dn": "uid=jdoe,ou=users,dc=company,dc=com",
"new_password": "TempP@ssw0rd123"
}Output
{
"success": true,
"message": "Password reset successfully"
}Scan QR Code in Image
Scans an image for a QR code and returns the decoded value.
Input
Image file: qr_code.png
Output
{
"decoded_value": "otpauth://totp/Torq:alice@company.com?secret=ABC123&issuer=Torq"
}Resolve DNS from IP
Performs a reverse DNS lookup and returns the hostname(s) associated with an IP address.
Input
141.XXX.XXX.20
Output
{
"ip": "141.XXX.XXX.20",
"hostnames": [
"service-prod.company.net"
],
"foundHost": true}Check IPv4 in CIDR
Checks whether an IPv4 address falls within a given CIDR range.
Input
{
"ip": "10.0.5.12",
"cidr": "10.0.0.0/16"
}Output
{
"in_cidr": true
}Use case: Scan QR Code in Image
Automatically detect and extract QR code content from image attachments added to cases. This workflow helps security teams identify hidden URLs embedded in images, commonly used in phishing attacks, and enrich cases with relevant observables and context.
This workflow runs as a nested workflow within the full workflow template available in Torq.
Define workflow parameters: Configure the workflow to receive:
A list of case image attachments (including file name, hash, and file URL).
The Torq Case ID to update with findings.
Scan image attachments for QR codes:
Use a loop to iterate over all image attachments associated with the case.
For each image, run the Scan QR Code in Image utility to analyze the image content and determine whether a QR code is present.
Continue with the next steps: If QR codes are found, extract any embedded URLs, deduplicate them, add new URLs as case observables, and record the results in case comments/notes. You can then trigger additional enrichment or response actions (e.g., URL reputation checks, sandboxing, containment).