Extract IOCs from text.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for swimlane from gravatar.com swimlane

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Swimlane
  • Requires: Python >=3.6
Classifiers

Project description

ioc-hunter

IOC Hunter finds indicators of compromise (IOC). The IOCHunter class can extract IOCs from text. The IOCTyper class can determine the IOC type of a string that you pass in.

The IOCs that are recognized by both of these classes are:

  • ssdeep
  • sha256
  • sha1
  • md5
  • email
  • ipv4_public
  • ipv4_private
  • ipv6_public
  • ipv6_private
  • filename
  • domain
  • url

IOC Parser

The IOCParse class uses one method to parse all IOCs in the list above from text. There is an option to defang the IOCs that are passed back as well as an option to provide a whitelist regex. This will also return IOCs labeled as unknown when text is found to be suspicious, but doesn't quite match any of the IOC types.

from ioc_hunter import IOCHunter

text = "Your text goes here"
whitelist = r".*internaldomain\.com.*"
hunter = IOCHunter()
iocs = hunter.parse_iocs(text, defang=False, whitelist_regex=whitlist)

IOC Typer

The IOCTyper class takes in text and determines if that text matches any of the IOC types. If it does not match any, it will return unkown.

from ioc_hunter import IOCTyper

suspected_ioc = "mydomain.com"
typer = IOCTyper()
ioc_type = typer.type_ioc(suspected_ioc)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for swimlane from gravatar.com swimlane

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Swimlane
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.0

1.1.2

1.1.1

1.1.0

1.0.1

This version

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

IOC Hunter-1.0.0.tar.gz (13.6 kB view details)

Uploaded Source

Built Distribution

IOC_Hunter-1.0.0-py3-none-any.whl (13.7 kB view details)

Uploaded Python 3

File details

Details for the file IOC Hunter-1.0.0.tar.gz.

File metadata

  • Download URL: IOC Hunter-1.0.0.tar.gz
  • Upload date:
  • Size: 13.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.4.2 requests/2.23.0 setuptools/50.3.2 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.8.10

File hashes

Hashes for IOC Hunter-1.0.0.tar.gz
Algorithm Hash digest
SHA256 ea44668254692162ce0bdcb29061ee3d816e5421aac8205637a5939c4fff5f0d
MD5 210f75771612c24cbad21fc239eb804a
BLAKE2b-256 f70cc207b50ca06edf0d61400af132b0333a09aef770be795992a678b40a1b0b

See more details on using hashes here.

File details

Details for the file IOC_Hunter-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: IOC_Hunter-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 13.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.4.2 requests/2.23.0 setuptools/50.3.2 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.8.10

File hashes

Hashes for IOC_Hunter-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a314a63bffebed60dd30735725a31ef61a72b96b0b643eec61dfd0621c95ab01
MD5 cd79fecf5d76d4ca1b62e328bbcb5fac
BLAKE2b-256 15911a1ad4a63a07ffa05ad44c17a1b3fad728ecdc650e25953f79f3a67e2e89

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page