Python package to defang and fang indicators of compromise from text.
Project description
IOC Fanger
Python package to fang and defang indicators of compromise in text.
import ioc_fanger
ioc_fanger.defang("example.com http://bad.com/phishing.php") # example[.]com hXXp://bad[.]com/phishing[.]php
ioc_fanger.fang("example[.]com hXXp://bad[.]com/phishing[.]php") # example.com http://bad.com/phishing.php
Defanging - converting indicators of compromise from the normal form (which can become links) to a form which cannot accidentally become a link:
example.com => example[.]com
Fanging - converting indicators of compromise from a defanged form to the normal, original form:
example[.]com => example.com
What can it fang?
Just about everything. Check out the tests to see some examples of what this package can handle.
Installation
The recommended means of installation is using pip:
pip install ioc_fanger
Alternatively, you can install ioc_fanger as follows:
git clone https://github.com/ioc-fang/ioc_fanger.git && cd ioc_fanger;
python setup.py install --user;
Usage
Via Python
Use ioc_fanger as follows:
import ioc_fanger
ioc_fanger.defang("example.com http://bad.com/phishing.php") # example[.]com hXXp://bad[.]com/phishing[.]php
ioc_fanger.fang("example[.]com hXXp://bad[.]com/phishing[.]php") # example.com http://bad.com/phishing.php
Via Command Line
Once you install the package, there will be two commands available in the command line:
fang
defang
After each command, provide the text you would like to fang/defang:
fang "example[.]com" # example.com
defang "example.com" # example[.]com
Development
👋 If you want to contribute to this project, test it locally, or just explore it - we have some helpful instructions below.
Prerequisites
If you want to test, lint, or explore a project, make sure you have docker and docker-compose installed (if you don't see: installing docker).
Then you can use the test, lint, and dev docker compose services listed below!
Test a Project 🧪
To test a project, run the following command from the root directory of the project:
docker-compose run --rm test
Typically, this command will run pytest on the project's test suite. To view the details of what this command does, take a look at the test
service in the project's docker-compose.yml
file.
Lint a Project 🧹
To lint a project, run the following command from the root directory of the project:
docker-compose run --rm lint
Typically, this command will run linters on the project's code with the goal of improving code quality and catching bugs before we release them (you can read more about the benefits of linting here). To view the details of what this command does, take a look at the lint
service in the project's docker-compose.yml
file.
Explore a Project 🔭
To explore a project, you can drop into a "dev" environment which is an IPython shell with the project and all its requirements loaded. To do this, run the following command from the root directory of the project:
docker-compose run --rm dev
To see what this command does, take a look at the dev
service in the project's docker-compose.yml
file.
Feedback
If you have any ideas to improve this package, please raise an issue!
Other Helpful Projects
If you are working with indicators of compromise (a.k.a. observables), you may find the ioc-finder project helpful. The ioc-finder project parses indicators of compromise from text (using grammars).
Credits
We created this package using Cookiecutter and the fhightower/python-project-template project template.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ioc_fanger-3.3.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 51d282a21db58d5b273e4c57d788ef3ccfd5521b0c46e712018cf8f3e33ba01f |
|
MD5 | 7d2baeca6b601b0751e4ac60c2cba99d |
|
BLAKE2b-256 | 47c95af34ec3bd18dcaa2c022c6c41bf9d3605a993828281b2539023686d2ba4 |