Extract IOCs from text.
Project description
ioc-hunter
IOC Hunter finds indicators of compromise (IOC). The parse_iocs function can extract IOCs from text.
The type_ioc function can determine the IOC type of a string that you pass in.
The IOCs that are recognized are:
- ssdeep
- sha256
- sha1
- md5
- ipv4_public
- ipv4_private
- ipv6_public
- ipv6_private
- filename
- domain
- url
Parse IOCs
The parse_iocs function parses IOCs in the list above from text. There is an option
to defang the IOCs that are passed back as well as an option to provide a whitelist regex.
This will also return IOCs labeled as unknown
when text is found to be suspicious, but doesn't
match any of the IOC types.
from ioc_hunter import parse_iocs
text = "Your text goes here"
whitelist = r".*internaldomain\.com.*"
iocs = parse_iocs(text, defang=False, whitelist_regex=whitlist)
Type IOC
The type_ioc function takes in text and determines if that text matches any of the IOC types.
If it does not match any, it will return unkown
.
from ioc_hunter import type_ioc
suspected_ioc = "mydomain.com"
ioc_type = type_ioc(suspected_ioc)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ioc_hunter-1.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8fdebc81b70f2302188019d4d40b6fa6f00ba4e21c060df9543b1c5268f0ced7 |
|
MD5 | 004b45c1477b4d12e88c9aacf664f822 |
|
BLAKE2b-256 | ae5f79a4e856dfa82f381e70722501222e7b1dcaa560f174d7ccffeaf05b16a0 |