Skip to main content

Extracts indicators of compromise (IOCs), including domain names, IPv4 addresses, email addresses, and hashes, from text.

Project description

extract_iocs is a Python module that extracts indicators of compromise (IOCs), including domain names, IPv4 addresses, email addresses, and hashes, from text. It uses some huge and ugly regexes, has special handling to identify domain names with a relatively low false-positive rate, and does some magic to try to extract IOCs across line breaks.

This script was inspired by and initially based on Stephen Brannon’s IOCextractor (https://github.com/stephenbrannon/IOCextractor), but turned into a complete rewrite. extract_iocs provides no GUI and does not support any kind of analyst workflow. It is intended to be used for triage or automation purposes where a relatively high FP rate (as well as the occational false negative) are acceptable.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

extract_iocs-2.0.0.tar.gz (8.2 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page