Extract IOCs from text.
Project description
ioc-hunter
IOC Hunter finds indicators of compromise (IOC). The IOCHunter class can extract IOCs from text. The IOCTyper class can determine the IOC type of a string that you pass in.
The IOCs that are recognized by both of these classes are:
- ssdeep
- sha256
- sha1
- md5
- ipv4_public
- ipv4_private
- ipv6_public
- ipv6_private
- filename
- domain
- url
IOC Parser
The IOCParse class uses one method to parse all IOCs in the list above from text. There is an option
to defang the IOCs that are passed back as well as an option to provide a whitelist regex.
This will also return IOCs labeled as unknown when text is found to be suspicious, but doesn't
quite match any of the IOC types.
from ioc_hunter import IOCHunter
text = "Your text goes here"
whitelist = r".*internaldomain\.com.*"
hunter = IOCHunter()
iocs = hunter.parse_iocs(text, defang=False, whitelist_regex=whitlist)
IOC Typer
The IOCTyper class takes in text and determines if that text matches any of the IOC types.
If it does not match any, it will return unkown.
from ioc_hunter import IOCTyper
suspected_ioc = "mydomain.com"
typer = IOCTyper()
ioc_type = typer.type_ioc(suspected_ioc)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for IOC_Hunter-1.0.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a314a63bffebed60dd30735725a31ef61a72b96b0b643eec61dfd0621c95ab01 |
|
| MD5 | cd79fecf5d76d4ca1b62e328bbcb5fac |
|
| BLAKE2b-256 | 15911a1ad4a63a07ffa05ad44c17a1b3fad728ecdc650e25953f79f3a67e2e89 |
