Python package to defang and fang indicators of compromise from text.
Project description
IOC Fanger
Python package to fang and defang indicators of compromise in text. You can test out this project here: http://ioc-fanger.hightower.space.
Defanging - converting indicators of compromise from the normal form (which can become links) to a form which cannot accidentally become a link:
example.com => example[.]com
Fanging - converting indicators of compromise from a defanged form to the normal, original form:
example[.]com => example.com
What can it fang?
Just about everything. Check out the tests to see some examples of what this package can handle.
Installation
The recommended means of installation is using pip:
pip install ioc_fanger
Alternatively, you can install ioc_fanger as follows:
git clone https://github.com/ioc-fang/ioc_fanger.git && cd ioc_fanger;
python setup.py install --user;
Usage
Via Python
Use ioc_fanger as follows:
import ioc_fanger
ioc_fanger.defang("example.com http://bad.com/phishing.php") # example[.]com hXXp://bad[.]com/phishing[.]php
ioc_fanger.fang("example[.]com hXXp://bad[.]com/phishing[.]php") # example.com http://bad.com/phishing.php
Via Command Line
Once the package is installed, there will be two commands available in the command line:
fang
defang
After each command, provide the text you would like to fang/defang:
fang "example[.]com" # example.com
defang "example.com" # example[.]com
Adding More Fanging/Defanging Options
You can view the current fanging patterns here and the defanging patterns here.
To add more fanging options, edit fang.json and add an entry for the new pattern you would like to fang. The available keys for each entry are:
find
(required): This is the string pattern you would like to findreplace
(required): This is the string used to replace all instances to pattern specified by thefind
keycase_sensitive
(optional - boolean): If this istrue
, the pattern specified by thefind
key will be treated as case sensitive (it will only be replaced if the case is an exact match)regex
(optional - boolean): If this istrue
, the pattern specified by thefind
key will be treated as a regex (it will not be escaped before use)
Other Helpful Projects
If you are working with IOCs, you may find the https://github.com/fhightower/ioc-finder project helpful. It is a project designed to parse indicators of compromise from text (it uses grammars rather than regexes).
Credits
This package was created with Cookiecutter and the fhightower/python-project-template project template.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ioc_fanger-3.1.3-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 92968444de1c4274fc0569c7c5adbd164ac29c4eb2834a15a971eecb789d624c |
|
MD5 | 3436cd56ec498c65f0f5f9abb57b1931 |
|
BLAKE2b-256 | 7ffe3a9e1161572e8f427f75ba329a9e2a2b02e60a3487af7d9107b057da2e77 |