Python package to defang and refang indicators of compromise from text.
Project description
Copyright (c) 2017, Floyd Hightower
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Description: # IOC Fanger
[](https://pypi.python.org/pypi/ioc_fanger)
[](https://travis-ci.org/ioc-fang/ioc_fanger)
[](https://codecov.io/gh/ioc-fang/ioc_fanger)
[](https://www.codacy.com/app/fhightower/ioc_fanger)
Python package to fang and defang [indicators of compromise](https://digitalguardian.com/blog/what-are-indicators-compromise) in text. You can test out this project here: [http://ioc-fanger.hightower.space](http://ioc-fanger.hightower.space).
**Defanging** - converting indicators of compromise from the normal form (which can become links) to a form which cannot accidentally become a link:
`example.com => example[.]com`
**Fanging** - converting indicators of compromise from a defanged form to the normal, original form:
`example[.]com => example.com`
**What can it fang?**
Just about everything. Check out the [tests](https://github.com/ioc-fang/ioc_fanger/blob/master/tests/test_ioc_fanger.py) to see some examples of what this package can handle.
## Installation
The recommended means of installation is using [pip](https://pypi.python.org/pypi/pip/):
`pip install ioc_fanger`
Alternatively, you can install ioc\_fanger as follows:
```shell
git clone https://github.com/ioc-fang/ioc_fanger.git && cd ioc_fanger;
python setup.py install --user;
```
## Usage
### Via Python
Use ioc\_fanger as follows:
```python
import ioc_fanger
ioc_fanger.defang("example.com http://bad.com/phishing.php") # example[.]com hXXp://bad[.]com/phishing[.]php
ioc_fanger.fang("example[.]com hXXp://bad[.]com/phishing[.]php") # example.com http://bad.com/phishing.php
```
### Via Command Line
Once the package is installed, there will be two commands available in the command line:
- `fang`
- `defang`
After each command, provide the text you would like to fang/defang:
``` {.sourceCode .shell}
fang "example[.]com" # example.com
```
``` {.sourceCode .shell}
defang "example.com" # example[.]com
```
## Adding More Fanging/Defanging Options
You can view the current fanging patterns [here](https://github.com/ioc-fang/ioc_fanger/blob/master/ioc_fanger/fang.json) and the defanging patterns [here](https://github.com/ioc-fang/ioc_fanger/blob/master/ioc_fanger/defang.json).
To add more fanging options, edit [fang.json](https://github.com/ioc-fang/ioc_fanger/blob/master/ioc_fanger/fang.json) and add an entry for the new pattern you would like to fang. The available keys for each entry are:
- `find` (required): This is the string pattern you would like to find
- `replace` (required): This is the string used to replace all instances to pattern specified by the `find` key
- `case_sensitive` (optional - boolean): If this is `true`, the pattern specified by the `find` key will be treated as case sensitive (it will only be replaced if the case is an exact match)
- `regex` (optional - boolean): If this is `true`, the pattern specified by the `find` key will be treated as a regex (it will not be escaped before use)
## Other Helpful Projects
If you are working with IOCs, you may find the [https://github.com/fhightower/ioc-finder](https://github.com/fhightower/ioc-finder) project helpful. It is a project designed to parse indicators of compromise from text (it uses grammars rather than regexes).
## Credits
This package was created with [Cookiecutter](https://github.com/audreyr/cookiecutter) and the [fhightower/python-project-template](https://gitlab.com/fhightower/python-project-template) project template.
Keywords: ioc_fanger
Platform: UNKNOWN
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Description: # IOC Fanger
[](https://pypi.python.org/pypi/ioc_fanger)
[](https://travis-ci.org/ioc-fang/ioc_fanger)
[](https://codecov.io/gh/ioc-fang/ioc_fanger)
[](https://www.codacy.com/app/fhightower/ioc_fanger)
Python package to fang and defang [indicators of compromise](https://digitalguardian.com/blog/what-are-indicators-compromise) in text. You can test out this project here: [http://ioc-fanger.hightower.space](http://ioc-fanger.hightower.space).
**Defanging** - converting indicators of compromise from the normal form (which can become links) to a form which cannot accidentally become a link:
`example.com => example[.]com`
**Fanging** - converting indicators of compromise from a defanged form to the normal, original form:
`example[.]com => example.com`
**What can it fang?**
Just about everything. Check out the [tests](https://github.com/ioc-fang/ioc_fanger/blob/master/tests/test_ioc_fanger.py) to see some examples of what this package can handle.
## Installation
The recommended means of installation is using [pip](https://pypi.python.org/pypi/pip/):
`pip install ioc_fanger`
Alternatively, you can install ioc\_fanger as follows:
```shell
git clone https://github.com/ioc-fang/ioc_fanger.git && cd ioc_fanger;
python setup.py install --user;
```
## Usage
### Via Python
Use ioc\_fanger as follows:
```python
import ioc_fanger
ioc_fanger.defang("example.com http://bad.com/phishing.php") # example[.]com hXXp://bad[.]com/phishing[.]php
ioc_fanger.fang("example[.]com hXXp://bad[.]com/phishing[.]php") # example.com http://bad.com/phishing.php
```
### Via Command Line
Once the package is installed, there will be two commands available in the command line:
- `fang`
- `defang`
After each command, provide the text you would like to fang/defang:
``` {.sourceCode .shell}
fang "example[.]com" # example.com
```
``` {.sourceCode .shell}
defang "example.com" # example[.]com
```
## Adding More Fanging/Defanging Options
You can view the current fanging patterns [here](https://github.com/ioc-fang/ioc_fanger/blob/master/ioc_fanger/fang.json) and the defanging patterns [here](https://github.com/ioc-fang/ioc_fanger/blob/master/ioc_fanger/defang.json).
To add more fanging options, edit [fang.json](https://github.com/ioc-fang/ioc_fanger/blob/master/ioc_fanger/fang.json) and add an entry for the new pattern you would like to fang. The available keys for each entry are:
- `find` (required): This is the string pattern you would like to find
- `replace` (required): This is the string used to replace all instances to pattern specified by the `find` key
- `case_sensitive` (optional - boolean): If this is `true`, the pattern specified by the `find` key will be treated as case sensitive (it will only be replaced if the case is an exact match)
- `regex` (optional - boolean): If this is `true`, the pattern specified by the `find` key will be treated as a regex (it will not be escaped before use)
## Other Helpful Projects
If you are working with IOCs, you may find the [https://github.com/fhightower/ioc-finder](https://github.com/fhightower/ioc-finder) project helpful. It is a project designed to parse indicators of compromise from text (it uses grammars rather than regexes).
## Credits
This package was created with [Cookiecutter](https://github.com/audreyr/cookiecutter) and the [fhightower/python-project-template](https://gitlab.com/fhightower/python-project-template) project template.
Keywords: ioc_fanger
Platform: UNKNOWN
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ioc_fanger-3.0.9.tar.gz
(6.4 kB
view hashes)
Built Distribution
Close
Hashes for ioc_fanger-3.0.9-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0470fceca4cc0df0a708e5b36469496d883f06fb89e50b6770df0662d8385904 |
|
| MD5 | dd67b6269f4bec3cca5a9bc7e30f4ce1 |
|
| BLAKE2b-256 | 58e895e1d8051af4687fd3560f9bc642bef5f1d206b176e9dd0eda166c4917e8 |
