ioc_parser
ioc_parser copied to clipboard
armbues
Tool to extract indicators of compromise from security reports in PDF format
The attached text file when passed through the program only parses one of the IP addresses, not both. In trying multiple IP addresses in a text file the program only...
Made changes that fixed an error due to the mixture of tabs with white spaces. But the biggest change involved making modifications for adding support for both Python2 and Python3....
File - https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf - Testing with pypdf2 > python iocp.py -i pdf -o csv -d -l **pypdf2** proofpoint-operation-transparent-tribe-threat-insight-en.pdf > > > proofpoint-operation-transparent-tribe-threat-insight-en.pdf 0 error File has not been decrypted -...
When parseing PDF's I keep getting this traceback error message: Traceback (most recent call last): File "/Users/user/Documents/ioc_parser/iocp.py", line 311, in parser.parse(args.PATH) File "/Users/user/Documents/ioc_parser/iocp.py", line 298, in parse self.handler.print_error(path, e) File...
1) Replaced with sys.modules https://docs.python.org/2/library/sys.html#sys.modules 2) Adding quoting for non-numeric data to prevent CSV reading issues when filenames contain spaces.
Added some ranges that are reserved per various RFCs (see https://en.wikipedia.org/wiki/Reserved_IP_addresses).
domains with -'s in the like www.malicious-site.com get split down to just 'site.com' which can result in benign sites being pulled as IOCs.
This commit fixes the following issues ` File "/home//.local/lib/python3.10/site-packages/iocp/Output.py", line 110: print "host 255.255.255.255" line 118: print " or host %s " % data["match"] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ SyntaxError: Missing parentheses in call...
