Skip to main content

Extracts indicators of compromise (IOCs), including domain names, IPv4 addresses, email addresses, and hashes, from text.

Project description

extract_iocs is a Python module that extracts indicators of compromise (IOCs), including domain names, IPv4 addresses, email addresses, and hashes, from text. It uses some huge and ugly regexes, has special handling to identify domain names with a relatively low false-positive rate, and does some magic to try to extract IOCs across line breaks.

This script was inspired by and initially based on Stephen Brannon’s IOCextractor (https://github.com/stephenbrannon/IOCextractor), but turned into a complete rewrite. extract_iocs provides no GUI and does not support any kind of analyst workflow. It is intended to be used for triage or automation purposes where a relatively high FP rate (as well as the occational false negative) are acceptable.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
extract_iocs-2.0.1.tar.gz (8.2 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page