iocextract
iocextract copied to clipboard
InQuest
Defanged Indicator of Compromise (IOC) Extractor.
Pretty much the title, discovered this in a downstream project, https://github.com/s0md3v/Photon, commented on it there as well. Thought I'd leave the comment here too, the rest of the defang RE...
Hey, just letting you know that in PyPi your package is listed as BSD. This is likely due to your configuration in setup.py classifiers. Cheers!
As in title; e.g. `'hxxps://example.com'` is refanged as `'http://example.com'`
Hi, Thanks for the wonderful script. This is a simplest way to fix #37 I hope this fix is OK to be merged. Cheers, PY
If I run `iocextract.py --input info.txt` it will correctly print indicators to what seems to be standard out, however `iocextract.py --input info.txt | less` simply gives the the "you've got...
If I have a URL with a port - e.g. 1.1.1.1:449 I'm seeing a URL getting extracted in the format of: http://1.1.1.1:449. Is that desired behavior?
Currently, it seems like iocextract extracts only the first URL found in a base64 encoded string. For example for the following string (original): ```'https://google.com https://amazon.com https://microsoft.com http://google.com http://amazon.com http://microsoft.com'``` the...
Looking at how I might use something like this to pull indicators directly from malware binaries. Wondering if something like this could essentially run `strings` and extract ioc. Would also...
Issue seems to be around this defangged format: `firstname[.]lastname[@]domainname[.]org` When refanged, seeing the following: `[email protected]` For some reason, the username format of first.last is getting chopped off to just last.
