scrapes IOCs from plaintext
IOC-Parser is a script that will extract the IOCs from a given (text-based) file and output it in .csv-format. Or - as a module - returns a list of instances with an IOC-value and an IOC-type.
- as a module:
pip install iocparser
- as a stand-alone script:
git clone https://github.com/renzejongman/iocparser
./iocparser.py -s [source-file] -o [outputfile.csv]
Use in a custom script
from iocparser import IOCParser textObj = IOCParser("text") results = textObj.parse()
Instances of this very simple class are generated by the IOCParser class.
kind= "IP", "uri", "md5", "sha1", "sha256", "CVE", "email" or "file"
value= The value of the IOCParser-class and returned as a list.
.IOCParser(text)This class takes a text as input, extracts all the IOCs and returns them as a list of instances of the IOC-class.
text= the raw text (as a variable) to be parsed.
extensions: the file extensions needed to detect a filename (and not mistake them for URIs)
tlds: the Top Level Domains (TLDs) needed to recognise URI`s (and not mistake them for files)
feel free to manipulate those files, but make sure there are no empty lines in either of them, or the script will break.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash SHA256 hash help||File type||Python version||Upload date|
|iocparser-1.0.14-py3-none-any.whl (5.3 kB) Copy SHA256 hash SHA256||Wheel||py3||Jul 18, 2018|
|iocparser-1.0.14.tar.gz (4.9 kB) Copy SHA256 hash SHA256||Source||None||Jul 18, 2018|