Static IOC extraction engine for binaries, text, and logs.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for malx-labs from gravatar.com malx-labs

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: MalX Labs
  • Tags ioc , threat-intel , malware-analysis , forensics , security
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

IOCX — Static IOC Extraction Engine

IOCX is a fast, safe, deterministic engine for extracting Indicators of Compromise (IOCs) from binaries, text, and logs. It performs pure static analysis — no execution, no sandboxing, no risk.

Features

  • Extracts IOCs from Windows PE files and raw text
  • Detects URLs, domains, IPv4/IPv6, file paths, hashes, emails, Base64
  • Crypto wallet detection (Ethereum, Bitcoin)
  • Deterministic output suitable for automation
  • Minimal dependencies and safe for enterprise environments
  • CLI and Python API

Installation

pip install iocx

CLI Usage

iocx suspicious.exe

echo "Visit http://bad.example.com" | iocx -

Python API

from iocx.engine import Engine

engine = Engine()
results = engine.extract("suspicious.exe")
print(results)

Why IOCX?

  • Static‑only design (never executes untrusted code)
  • Binary‑aware IOC extraction
  • Stable JSON schema
  • High performance (~200 MB/s throughput)
  • Ideal for DFIR, SOC automation, CI/CD, and threat‑intel pipelines

Extensibility

IOCX includes a lightweight plugin system that allows you to add custom detectors, parsers, and transformation rules. Plugins can emit new IOC categories, override built-in behaviour, or integrate IOCX into larger analysis pipelines.

See the documentation for details on writing detectors and plugins.

License

MIT License

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for malx-labs from gravatar.com malx-labs

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: MalX Labs
  • Tags ioc , threat-intel , malware-analysis , forensics , security
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

0.7.2

0.7.1

0.7.0

0.6.0

0.5.1

0.5.0

This version

0.4.0

0.3.0

0.2.0

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iocx-0.4.0.tar.gz (20.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iocx-0.4.0-py3-none-any.whl (22.9 kB view details)

Uploaded Python 3

File details

Details for the file iocx-0.4.0.tar.gz.

File metadata

  • Download URL: iocx-0.4.0.tar.gz
  • Upload date:
  • Size: 20.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for iocx-0.4.0.tar.gz
Algorithm Hash digest
SHA256 93fcf351a4f45c6b44cfc3fdb0a75b60118dbf5f9b1d3b7e5700cc88f0c24485
MD5 8369ad60b7206ed8cad41658e366d577
BLAKE2b-256 4d84cb0bc845027ffd97dabf65ad55304840c1b8905b535e14225a9baafc6c35

See more details on using hashes here.

File details

Details for the file iocx-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: iocx-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 22.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for iocx-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 76ad5763092726d18dd4cbd8c0301765a82a781fc2d5474e5f9da6125a24b040
MD5 8d93c943fabaf801ee34323accb1f07c
BLAKE2b-256 be120b17dafe3d9e70f29a97731a28ec325c52df21563178a2da00c2f245d4e6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page