Identify ip or version

[FANGOD]

I am very confused about how to distinguish between ip and version number. I tried a lot of regular expressions to correct verison, but it is not enough, it doesn't solve everything.

eg:

text = 'In BIG-IP versions 15.0.0 - 15.1.0.3, 14.1.0 - 14.1.2.5, 13.1.0 - 13.1.3.3, 12.1.0 - 12.1.5.1, and 11.6.1 - 11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as  the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. The bad ip is 1.0.5.8.'

version_regex = r"version[s]{0,1}[\s]*\d+\.\d+\.\d+\.\d+(\s*\w{0,10}\s*\d+\.\d+\.\d+\.\d+){0,2}|version[s]{0,1}\s*\w{0,20}\s*.{0,10}\s*\d+\.\d+\.\d+.\d+|(chrome|Mozilla|BIG-IP){1}[/\s]{0,5}\d+\.\d+\.\d+\.\d+|v[s]{0,2}\d+\.\d+\.\d+.\d+"

Of course we can easily distinguish them in intelligence, but the extraction can also be done more precisely.

I want to find a better way, such as nltk, or other simple applications of NLP.

Thanks~

[fhightower]

Thanks for reporting this - I've done something like this in the past, but haven't built it into ioc-finder yet so I'll see what I can do.

My focus right now is to improve the structure of this project to make it more maintainable, so I won't work on this right away, but will swing back to it once that work is done.