Extract IOCs from text.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for swimlane from gravatar.com swimlane

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Swimlane
  • Requires: Python >=3.6
Classifiers

Project description

ioc-hunter

IOC Hunter finds indicators of compromise (IOC). The parse_iocs function can extract IOCs from text.
The type_ioc function can determine the IOC type of a string that you pass in.

The IOCs that are recognized are:

  • ssdeep
  • sha256
  • sha1
  • md5
  • email
  • ipv4_public
  • ipv4_private
  • ipv6_public
  • ipv6_private
  • filename
  • domain
  • url

Parse IOCs

The parse_iocs function parses IOCs in the list above from text. There is an option to defang the IOCs that are passed back as well as an option to provide a whitelist regex. This will also return IOCs labeled as unknown when text is found to be suspicious, but doesn't match any of the IOC types.

from ioc_hunter import parse_iocs

text = "Your text goes here"
whitelist = r".*internaldomain\.com.*"
iocs = parse_iocs(text, defang=False, whitelist_regex=whitlist)

Type IOC

The type_ioc function takes in text and determines if that text matches any of the IOC types. If it does not match any, it will return unkown.

from ioc_hunter import type_ioc

suspected_ioc = "mydomain.com"
ioc_type = type_ioc(suspected_ioc)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for swimlane from gravatar.com swimlane

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Swimlane
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.0

1.1.2

1.1.1

1.1.0

This version

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ioc-hunter-1.0.1.tar.gz (13.5 kB view details)

Uploaded Source

Built Distribution

ioc_hunter-1.0.1-py3-none-any.whl (13.6 kB view details)

Uploaded Python 3

File details

Details for the file ioc-hunter-1.0.1.tar.gz.

File metadata

  • Download URL: ioc-hunter-1.0.1.tar.gz
  • Upload date:
  • Size: 13.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.1 importlib_metadata/4.8.3 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.6.15

File hashes

Hashes for ioc-hunter-1.0.1.tar.gz
Algorithm Hash digest
SHA256 7c708703296d0b7927ccb184343492e33aa2201d5fa786b16e6b35e1451f40c7
MD5 0540303ea49ec497d32bb88c6d4c5492
BLAKE2b-256 e00f7977dac36164dc929c5ca26fda9af5b6407d35c902eca4d7f8dad6c6ac7d

See more details on using hashes here.

File details

Details for the file ioc_hunter-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: ioc_hunter-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 13.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.1 importlib_metadata/4.8.3 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.6.15

File hashes

Hashes for ioc_hunter-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 8fdebc81b70f2302188019d4d40b6fa6f00ba4e21c060df9543b1c5268f0ced7
MD5 004b45c1477b4d12e88c9aacf664f822
BLAKE2b-256 ae5f79a4e856dfa82f381e70722501222e7b1dcaa560f174d7ccffeaf05b16a0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page