Text analyzer package
Project description
🕵️ reStalker
IOC and Entities Extractor
A powerful Python library for extracting Indicators of Compromise (IOCs) and various entities from binary or text sources.
📋 Table of Contents
- 🚀 Quick Start
- 🎯 Detection Capabilities
- 📦 Installation
- 💻 Usage Examples
- 📖 Documentation
- 🤝 Contributing
- 🙏 Acknowledgements
🚀 Quick Start
import restalker
# Define which elements we desire (e.g., Tor URLs)
s = restalker.reStalker(tor=True, i2p=True)
elements = s.parse(input_text)
for element in elements:
print(f"[*] Darknet IOC found: {element}")
🎯 Detection Capabilities
reStalker can extract these entities from any binary or text source:
🔐 Credentials & Identity
- Base64 encoded data (
base64=True) - Username patterns (
username=True) - Password patterns (
password=True) - Phone numbers (
phone=True) - Email addresses (
email=True) - Personal names (
own_name=True) - PGP keys (
pgp=True)
🗺️ Location & Organization
- Location information (
location=True) - Organization names (
organization=True) - Keyphrases (
keyphrase=True) - Keywords (
keywords=["keyword1", "keyword2"])
📊 Analytics & Tracking
- Google Analytics tracking codes (
gatc=True)
💰 Digital Assets & Cryptocurrencies
- BTC (Bitcoin) wallet addresses (
btc_wallet=True) - ETH (Ethereum) wallet addresses (
eth_wallet=True) - XMR (Monero) wallet addresses (
xmr_wallet=True) - ZEC (Zcash) wallet addresses (
zec_wallet=True) - DASH wallet addresses (
dash_wallet=True) - DOT (Polkadot) wallet addresses (
dot_wallet=True) - XRP (Ripple) wallet addresses (
xrp_wallet=True) - BNB (Binance) wallet addresses (
bnb_wallet=True)
📱 Social Networks & Communication
- Twitter/X account handles (
twitter=True) - Telegram URLs (
telegram=True) - WhatsApp URLs (
whatsapp=True) - Discord URLs (
discord=True) - Skype URLs (
skype=True) - Tox ID identifiers (
tox=True) - Session ID identifiers (
session_id=True)
🔐 Cryptographic Hashes
- MD5 hash values (
md5=True) - SHA1 hash values (
sha1=True) - SHA256 hash values (
sha256=True)
💳 Financial Information
- BIN (Bank Identification Numbers) (
bin_number=True) - Credit Card numbers (
credit_card=True) - CCN (Credit Card Numbers - generic) (
ccn_number=True)
🌐 Dark Web & Alternative Networks
- Tor (.onion) URLs (
tor=True) - I2P URLs (
i2p=True) - Freenet URLs (
freenet=True) - ZeroNet URLs (
zeronet=True) - BitName URLs (
bitname=True) - IPFS URLs (
ipfs=True)
📋 Paste Sites & Code Sharing
- justpaste.it links (
paste=True) - pastebin.com links (
paste=True) - pasted.co links (
paste=True) - hastebin.com links (
paste=True) - snipt.org links (
paste=True) - gist.github.com links (
paste=True) - telegra.ph links (
paste=True) - ghostbin.com links (
paste=True)
📦 Installation
🚀 Quick Install
pip3 install restalker
📄 Requirements File
Production:
restalker<3
Development:
git+https://github.com/junquera/restalker.git#egg=restalker
💻 Usage Examples
Basic Usage
import restalker
# Create a reStalker instance with specific detection types
stalker = restalker.reStalker(tor=True, i2p=True, btc=True)
# Parse input text for IOCs
elements = stalker.parse(input_text)
# Process the results
for element in elements:
print(f"[*] IOC found: {element}")
Advanced Configuration
import restalker
# Enable multiple detection types
stalker = restalker.reStalker(
tor=True, # Tor .onion URLs
i2p=True, # I2P URLs
btc=True, # Bitcoin addresses
eth=True, # Ethereum addresses
email=True, # Email addresses
telegram=True, # Telegram URLs
base64=True # Base64 encoded data
)
# Process your data
with open('data.txt', 'r') as f:
content = f.read()
results = stalker.parse(content)
# Categorize results
for result in results:
print(f"Type: {result.type}, Value: {result.value}")
📖 Documentation
For comprehensive documentation, examples, and API reference, visit our documentation site.
🤝 Contributing
We welcome contributions! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.
🙏 Acknowledgements
Byron Labs is an active supporter of the reStalker development.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
restalker-2.0.9.tar.gz
(21.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
restalker-2.0.9-py3-none-any.whl
(21.4 kB
view details)
File details
Details for the file restalker-2.0.9.tar.gz.
File metadata
- Download URL: restalker-2.0.9.tar.gz
- Upload date:
- Size: 21.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.12.1 Linux/6.8.0-90-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
60e1b6275aad71e9d144cb6f76821a00099ff86314d63e5d8d6c70e9a10313cf
|
|
| MD5 |
790d903ba777c53f05ec6a897a977d47
|
|
| BLAKE2b-256 |
9a17a9686081a0f24bb8c330c6eb25651be946563afc36a576b8ebf2768e8ab1
|
File details
Details for the file restalker-2.0.9-py3-none-any.whl.
File metadata
- Download URL: restalker-2.0.9-py3-none-any.whl
- Upload date:
- Size: 21.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.12.1 Linux/6.8.0-90-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9a17dfd321d395f23fc0f0b2d6bc8cade7f3f914481e027569120e236c9e0406
|
|
| MD5 |
d67a745910a5114c298892acb76f193c
|
|
| BLAKE2b-256 |
6237398e3e9d624c49229601d27c33c0351a81b1274a3f4e7ec6f6d4d4f18020
|
