Skip to main content

Python package to defang and fang indicators of compromise from text.

Project description

IOC Fanger

PyPi PyPI - Downloads Travis CI Codecov live demo

Python package to fang and defang indicators of compromise in text.

import ioc_fanger

ioc_fanger.defang("example.com http://bad.com/phishing.php")  # example[.]com hXXp://bad[.]com/phishing[.]php
ioc_fanger.fang("example[.]com hXXp://bad[.]com/phishing[.]php")  # example.com http://bad.com/phishing.php

Defanging - converting indicators of compromise from the normal form (which can become links) to a form which cannot accidentally become a link:

example.com => example[.]com

Fanging - converting indicators of compromise from a defanged form to the normal, original form:

example[.]com => example.com

What can it fang?

Just about everything. Check out the tests to see some examples of what this package can handle.

Installation

The recommended means of installation is using pip:

pip install ioc_fanger

Alternatively, you can install ioc_fanger as follows:

git clone https://github.com/ioc-fang/ioc_fanger.git && cd ioc_fanger;
python setup.py install --user;

Usage

Via Python

Use ioc_fanger as follows:

import ioc_fanger

ioc_fanger.defang("example.com http://bad.com/phishing.php")  # example[.]com hXXp://bad[.]com/phishing[.]php
ioc_fanger.fang("example[.]com hXXp://bad[.]com/phishing[.]php")  # example.com http://bad.com/phishing.php

Via Command Line

Once the package is installed, there will be two commands available in the command line:

  • fang
  • defang

After each command, provide the text you would like to fang/defang:

fang "example[.]com"  # example.com
defang "example.com"  # example[.]com

Feedback

If you have any ideas to improve this package, please raise an issue!

Other Helpful Projects

If you are working with observables (a.k.a. indicators of compromise), you may find the https://github.com/fhightower/ioc-finder project helpful. It is a project designed to parse indicators of compromise from text (it uses grammars rather than regexes).

Credits

This package was created with Cookiecutter and the fhightower/python-project-template project template.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for ioc-fanger, version 3.1.4
Filename, size File type Python version Upload date Hashes
Filename, size ioc_fanger-3.1.4-py2.py3-none-any.whl (7.7 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size ioc_fanger-3.1.4.tar.gz (11.1 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page