Python package to defang and fang indicators of compromise from text.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fhightower from gravatar.com fhightower

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Floyd Hightower
  • Tags iocs , indicators of compromise , threat intelligence , malware , threat hunting , observables , fanging , defanging , fang , defang , refang
Classifiers
Report project as malware

Project description

IOC Fanger

PyPi Travis CI Codecov Codacy

Python package to fang and defang indicators of compromise in text. You can test out this project here: http://ioc-fanger.hightower.space.

Defanging - converting indicators of compromise from the normal form (which can become links) to a form which cannot accidentally become a link:

example.com => example[.]com

Fanging - converting indicators of compromise from a defanged form to the normal, original form:

example[.]com => example.com

What can it fang?

Just about everything. Check out the tests to see some examples of what this package can handle.

Installation

The recommended means of installation is using pip:

pip install ioc_fanger

Alternatively, you can install ioc_fanger as follows:

git clone https://github.com/ioc-fang/ioc_fanger.git && cd ioc_fanger;
python setup.py install --user;

Usage

Via Python

Use ioc_fanger as follows:

import ioc_fanger

ioc_fanger.defang("example.com http://bad.com/phishing.php")  # example[.]com hXXp://bad[.]com/phishing[.]php
ioc_fanger.fang("example[.]com hXXp://bad[.]com/phishing[.]php")  # example.com http://bad.com/phishing.php

Via Command Line

Once the package is installed, there will be two commands available in the command line:

  • fang
  • defang

After each command, provide the text you would like to fang/defang:

fang "example[.]com"  # example.com

defang "example.com"  # example[.]com

Adding More Fanging/Defanging Options

You can view the current fanging patterns here and the defanging patterns here.

To add more fanging options, edit fang.json and add an entry for the new pattern you would like to fang. The available keys for each entry are:

  • find (required): This is the string pattern you would like to find
  • replace (required): This is the string used to replace all instances to pattern specified by the find key
  • case_sensitive (optional - boolean): If this is true, the pattern specified by the find key will be treated as case sensitive (it will only be replaced if the case is an exact match)
  • regex (optional - boolean): If this is true, the pattern specified by the find key will be treated as a regex (it will not be escaped before use)

Other Helpful Projects

If you are working with IOCs, you may find the https://github.com/fhightower/ioc-finder project helpful. It is a project designed to parse indicators of compromise from text (it uses grammars rather than regexes).

Credits

This package was created with Cookiecutter and the fhightower/python-project-template project template.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fhightower from gravatar.com fhightower

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Floyd Hightower
  • Tags iocs , indicators of compromise , threat intelligence , malware , threat hunting , observables , fanging , defanging , fang , defang , refang
Classifiers

Release history Release notifications | RSS feed

4.2.1

4.2.0

4.1.0

4.0.0

3.4.1

3.4.0

3.3.0

3.2.3

3.2.2

3.2.1

3.2.0

3.1.4

3.1.3

3.1.2

This version

3.1.1

3.1.0

3.0.18

3.0.16

3.0.15

3.0.14

3.0.12

3.0.11

3.0.9

3.0.8

3.0.6

3.0.5

3.0.4

3.0.3

3.0.2

3.0.1

3.0.0

2.0.4

2.0.3

2.0.2

2.0.1

1.0.0

0.1.2

0.1.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ioc_fanger-3.1.1.tar.gz (10.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ioc_fanger-3.1.1-py2.py3-none-any.whl (7.9 kB view details)

Uploaded Python 2Python 3

File details

Details for the file ioc_fanger-3.1.1.tar.gz.

File metadata

  • Download URL: ioc_fanger-3.1.1.tar.gz
  • Upload date:
  • Size: 10.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.7.2

File hashes

Hashes for ioc_fanger-3.1.1.tar.gz
Algorithm Hash digest
SHA256 745c6ee935677916cd043c3d516ad0f5b6c6b9278456caa5755c3e7ecc905073
MD5 48d64e609747917cb79c3b5c9bfcf47c
BLAKE2b-256 58a424c87d082d272342a44a19212468b87a7a1fc60cf57e5b748a0ba41d8b0e

See more details on using hashes here.

File details

Details for the file ioc_fanger-3.1.1-py2.py3-none-any.whl.

File metadata

  • Download URL: ioc_fanger-3.1.1-py2.py3-none-any.whl
  • Upload date:
  • Size: 7.9 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.7.2

File hashes

Hashes for ioc_fanger-3.1.1-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 56b2ac4e2c20e4388402520e25833ccc3b9093acd9b2044c3e8022207ccb6622
MD5 61dce5c69242dd1628f52ed576fa1777
BLAKE2b-256 655a5d6ac4129996f5874f696a0431b5ed63185a8485152c4c244b766d07a8d2

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page