Text analyzer package
Project description
🕵️ reStalker
IOC and Entities Extractor
A powerful Python library for extracting Indicators of Compromise (IOCs) and various entities from binary or text sources.
📋 Table of Contents
- 🚀 Quick Start
- 🎯 Detection Capabilities
- 📦 Installation
- 💻 Usage Examples
- 📖 Documentation
- 🤝 Contributing
- 🙏 Acknowledgements
🚀 Quick Start
import restalker
# Define which elements we desire (e.g., Tor URLs)
s = restalker.reStalker(tor=True, i2p=True)
elements = s.parse(input_text)
for element in elements:
print(f"[*] Darknet IOC found: {element}")
🎯 Detection Capabilities
reStalker can extract these entities from any binary or text source:
🔐 Credentials & Identity
- Base64 encoded data (
base64=True) - Username patterns (
username=True) - Password patterns (
password=True) - Phone numbers (
phone=True) - Email addresses (
email=True) - Personal names (
own_name=True) - PGP keys (
pgp=True)
🗺️ Location & Organization
- Location information (
location=True) - Organization names (
organization=True) - Keyphrases (
keyphrase=True) - Keywords (
keywords=["keyword1", "keyword2"])
📊 Analytics & Tracking
- Google Analytics tracking codes (
gatc=True)
💰 Digital Assets & Cryptocurrencies
- BTC (Bitcoin) wallet addresses (
btc_wallet=True) - ETH (Ethereum) wallet addresses (
eth_wallet=True) - XMR (Monero) wallet addresses (
xmr_wallet=True) - ZEC (Zcash) wallet addresses (
zec_wallet=True) - DASH wallet addresses (
dash_wallet=True) - DOT (Polkadot) wallet addresses (
dot_wallet=True) - XRP (Ripple) wallet addresses (
xrp_wallet=True) - BNB (Binance) wallet addresses (
bnb_wallet=True)
📱 Social Networks & Communication
- Twitter/X account handles (
twitter=True) - Telegram URLs (
telegram=True) - WhatsApp URLs (
whatsapp=True) - Discord URLs (
discord=True) - Skype URLs (
skype=True) - Tox ID identifiers (
tox=True) - Session ID identifiers (
session_id=True)
🔐 Cryptographic Hashes
- MD5 hash values (
md5=True) - SHA1 hash values (
sha1=True) - SHA256 hash values (
sha256=True)
💳 Financial Information
- BIN (Bank Identification Numbers) (
bin_number=True) - Credit Card numbers (
credit_card=True) - CCN (Credit Card Numbers - generic) (
ccn_number=True)
🌐 Dark Web & Alternative Networks
- Tor (.onion) URLs (
tor=True) - I2P URLs (
i2p=True) - Freenet URLs (
freenet=True) - ZeroNet URLs (
zeronet=True) - BitName URLs (
bitname=True) - IPFS URLs (
ipfs=True)
📋 Paste Sites & Code Sharing
- justpaste.it links (
paste=True) - pastebin.com links (
paste=True) - pasted.co links (
paste=True) - hastebin.com links (
paste=True) - snipt.org links (
paste=True) - gist.github.com links (
paste=True) - telegra.ph links (
paste=True) - ghostbin.com links (
paste=True)
📦 Installation
🚀 Quick Install
pip3 install restalker
📄 Requirements File
Production:
restalker<3
Development:
git+https://github.com/junquera/restalker.git#egg=restalker
💻 Usage Examples
Basic Usage
import restalker
# Create a reStalker instance with specific detection types
stalker = restalker.reStalker(tor=True, i2p=True, btc=True)
# Parse input text for IOCs
elements = stalker.parse(input_text)
# Process the results
for element in elements:
print(f"[*] IOC found: {element}")
Advanced Configuration
import restalker
# Enable multiple detection types
stalker = restalker.reStalker(
tor=True, # Tor .onion URLs
i2p=True, # I2P URLs
btc=True, # Bitcoin addresses
eth=True, # Ethereum addresses
email=True, # Email addresses
telegram=True, # Telegram URLs
base64=True # Base64 encoded data
)
# Process your data
with open('data.txt', 'r') as f:
content = f.read()
results = stalker.parse(content)
# Categorize results
for result in results:
print(f"Type: {result.type}, Value: {result.value}")
📖 Documentation
For comprehensive documentation, examples, and API reference, visit our documentation site.
🤝 Contributing
We welcome contributions! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.
🙏 Acknowledgements
Byron Labs is an active supporter of the reStalker development.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
restalker-2.0.8.tar.gz
(18.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
restalker-2.0.8-py3-none-any.whl
(19.0 kB
view details)
File details
Details for the file restalker-2.0.8.tar.gz.
File metadata
- Download URL: restalker-2.0.8.tar.gz
- Upload date:
- Size: 18.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.12.1 Linux/6.8.0-60-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
044ae2c0887cf2bdc88186a8f2d9ef1a52f3d52f7759699e60bf438f9776c9cc
|
|
| MD5 |
5e46d67ed6325c2ad8f4fe1a61933dcd
|
|
| BLAKE2b-256 |
ee7e40969456e27a4019969aba9f6dbcf9eebeb976bb1485a040846ce5fc0065
|
File details
Details for the file restalker-2.0.8-py3-none-any.whl.
File metadata
- Download URL: restalker-2.0.8-py3-none-any.whl
- Upload date:
- Size: 19.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.12.1 Linux/6.8.0-60-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
15940c2531aad0541c5702e56b39f64a2816fdefa05d5d055cd66cb30b31cd40
|
|
| MD5 |
faac46c5106e6007496e851ac5e5514c
|
|
| BLAKE2b-256 |
32ad73dec191a21cd0f60b2fc63ec777466d64e46a0a704f3a038adc163466de
|
