Skip to main content

Extracts indicators of compromise (IOCs), including domain names, IPv4 addresses, email addresses, and hashes, from text.

Project description

extract_iocs is a Python module that extracts indicators of compromise (IOCs), including domain names, IPv4 addresses, email addresses, and hashes, from text. It uses some huge and ugly regexes, has special handling to identify domain names with a relatively low false-positive rate, and does some magic to try to extract IOCs across line breaks.

This script was inspired by and initially based on Stephen Brannon’s IOCextractor (https://github.com/stephenbrannon/IOCextractor), but turned into a complete rewrite. extract_iocs provides no GUI and does not support any kind of analyst workflow. It is intended to be used for triage or automation purposes where a relatively high FP rate (as well as the occational false negative) are acceptable.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

extract_iocs-2.0.1.tar.gz (8.2 kB view details)

Uploaded Source

File details

Details for the file extract_iocs-2.0.1.tar.gz.

File metadata

File hashes

Hashes for extract_iocs-2.0.1.tar.gz
Algorithm Hash digest
SHA256 e9225ac592224fe93478547f3c89f52c48470ad216eb7cdc9550fb0dcc896492
MD5 0ceb50b5969708313e932b5dc8960c66
BLAKE2b-256 88698abd209de0b721b49026b52e2899d69df6f573b87e2568d1f18c2015ae83

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page