Static IOC extraction engine for binaries, text, and logs.
Project description
IOCX — Static IOC Extraction Engine
Official IOCX Project
This is the official IOCX engine for static IOC extraction and PE analysis.
- PyPI: https://pypi.org/project/iocx/
- GitHub: https://github.com/iocx-dev/iocx
- Organisation: https://github.com/iocx-dev
- Website: https://iocx.dev
IOCX is not an OSINT reputation checker, HTML report generator, or IP/domain scoring tool.
It is a static analysis engine focused on extracting Indicators of Compromise (IOCs) from binaries and text.
What IOCX does
IOCX is a fast, safe, deterministic engine for extracting Indicators of Compromise (IOCs) from binaries, text, and logs. It performs pure static analysis — no execution, no sandboxing, no risk.
Features
- Extracts IOCs from Windows PE files and raw text
- Detects URLs, domains, IPv4/IPv6, file paths, hashes, emails, Base64
- Crypto wallet detection (Ethereum, Bitcoin)
- Deterministic output suitable for automation
- Minimal dependencies and safe for enterprise environments
- CLI and Python API
Installation
pip install iocx
CLI Usage
iocx suspicious.exe
echo "Visit http://bad.example.com" | iocx -
Python API
from iocx.engine import Engine
engine = Engine()
results = engine.extract("suspicious.exe")
print(results)
Why IOCX?
- Static‑only design (never executes untrusted code)
- Binary‑aware IOC extraction
- Stable JSON schema
- High performance (~200 MB/s throughput)
- Ideal for DFIR, SOC automation, CI/CD, and threat‑intel pipelines
Project identity & naming
The name IOCX refers specifically to this project and its associated PyPI package and repositories under the iocx-dev organisation.
Third‑party tools must not:
- Use
iocxas their repository name - Present themselves as the IOCX engine
- Use the PyPI badge for this package in a way that implies authorship
- Imply official affiliation or endorsement without permission
Community tools that integrate with IOCX are encouraged to use names like:
iocx-<plugin-name>iocx-plugin-<feature>iocx-extension-<name>
Extensibility
IOCX includes a lightweight plugin system that allows you to add custom detectors, parsers, and transformation rules. Plugins can emit new IOC categories, override built-in behaviour, or integrate IOCX into larger analysis pipelines.
See the documentation for details on writing detectors and plugins.
License
MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iocx-0.5.0.tar.gz.
File metadata
- Download URL: iocx-0.5.0.tar.gz
- Upload date:
- Size: 27.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e3c276f881dd26735d0b549ad311bfa22ec28be07d3d1484d85ac2bb099cab72
|
|
| MD5 |
dae042ff71e4e9a1d3c8e34b6631a916
|
|
| BLAKE2b-256 |
d74d414d33af5f886729e56595a0f6218598e44f079072bbd97ee68649c3cf7c
|
File details
Details for the file iocx-0.5.0-py3-none-any.whl.
File metadata
- Download URL: iocx-0.5.0-py3-none-any.whl
- Upload date:
- Size: 27.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f3d81a979379ccfada5fcae1b93789049f87a58b2d057a559348dbd210cfb6ff
|
|
| MD5 |
b2432195879665c67ba9e2ddc2a37bf8
|
|
| BLAKE2b-256 |
4cce2792da0af6f253a7d4fe833e9a8c18f8250b49069231b93c443ffd6f3d84
|
