A Python library for identifying and classifying Indicators of Compromise (IOCs)

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for janwychowaniak from gravatar.com janwychowaniak

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

IOC Typing (a classifier)

CI codecov PyPI Python versions Docs License Ruff

A Python library for identifying and classifying various types of Indicators of Compromise (IOCs). IOCs are forensic artifacts that indicate potential security breaches, malware infections, or other malicious activities in a system or network.

Installation

From PyPI (stable release):

pip install ioc-typing

For development:

git clone https://github.com/janwychowaniak/ioc-typing.git
cd ioc-typing
pipx install hatch         # or: uv tool install hatch
hatch shell                # drop into a managed dev env
pipx install pre-commit && pre-commit install   # activate git hooks

Usage

Basic usage:

from ioc_typing import IOCClassifier

classifier = IOCClassifier()

classifier.classify("192.168.1.1")
# {'query': '192.168.1.1', 'determined': True, 'type_pri': 'ip', 'type_sec': 'v4'}

classifier.classify("evil.com")
# {'query': 'evil.com', 'determined': True, 'type_pri': 'domain', 'type_sec': None}

classifier.classify("44d88612fea8a8f36de82e1278abb02f")
# {'query': '44d88612fea8a8f36de82e1278abb02f', 'determined': True, 'type_pri': 'hash', 'type_sec': 'md5'}

Batch classification:

iocs = [
    "192.168.1.1",
    "https://pages.info/malware.exe",
    "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824",
    "not an IOC"
]

for ioc in iocs:
    ioc_type = classifier.classify(ioc)
    print(f"{ioc}: {ioc_type['type_pri']}")

See examples/ for runnable scripts that use the API directly.

Command-line usage

Installing the package also exposes an ioc-classify command:

ioc-classify iocs.txt                # TSV (default)
ioc-classify --format json iocs.txt  # JSON Lines
cat iocs.txt | ioc-classify          # read from stdin
ioc-classify iocs.txt | awk -F'\t' '$3 == "hash"'  # pipeline-friendly

Blank lines and lines starting with # are skipped, so the input file can be commented.

Features

  • Identifies multiple IOC types:
    • IP addresses (IPv4 and IPv6)
    • Domain names
    • URLs
    • File hashes (MD5, SHA1, SHA256)
    • as well as non-IOCs (e.g. random strings)
  • Fast and accurate classification using optimized regex patterns
  • Zero dependencies for core functionality
  • Comprehensive test suite ensuring reliability
  • Easy integration with existing security tools and SIEM systems

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for janwychowaniak from gravatar.com janwychowaniak

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.3.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ioc_typing-0.3.0.tar.gz (19.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ioc_typing-0.3.0-py3-none-any.whl (7.6 kB view details)

Uploaded Python 3

File details

Details for the file ioc_typing-0.3.0.tar.gz.

File metadata

  • Download URL: ioc_typing-0.3.0.tar.gz
  • Upload date:
  • Size: 19.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for ioc_typing-0.3.0.tar.gz
Algorithm Hash digest
SHA256 73b2996a0b8546c67ad0829b2114feccc7f069fbdc1767c84f64c70fedbe5bed
MD5 cad1d33e6c1d62677c75d43058cdebbc
BLAKE2b-256 4f8307397f6745b17451e8b2f008da2f15a13343ad1b124f83ec73e207ce726d

See more details on using hashes here.

Provenance

The following attestation bundles were made for ioc_typing-0.3.0.tar.gz:

Publisher: release.yml on janwychowaniak/ioc-typing

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ioc_typing-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: ioc_typing-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 7.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for ioc_typing-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d57417f0a253fe93a7ee78888a94ed1ab2d588501d3bbb3d970eda0af2164af8
MD5 79f0ca0d5cf45130cd6dd74db7888737
BLAKE2b-256 d1aae6c9168e6cdfc32a9f5cad14a66165719179b29063c472f6a0a4d056e28d

See more details on using hashes here.

Provenance

The following attestation bundles were made for ioc_typing-0.3.0-py3-none-any.whl:

Publisher: release.yml on janwychowaniak/ioc-typing

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page