jager De-de-fang URLs and IP addresses

De-de-fang URLs and IP addresses

Open krmaxwell opened this issue 10 years ago • 4 comments

Look for (dot) and [dot] and the like, translate them to something useful.

Dec 03 '14 16:12 krmaxwell

Gah that's a great idea, we'll just have to build out the whole list.

Dec 03 '14 16:12 sroberts

Okay, so what are the most common things here?

192[.]168[.]1[.]1 (where there may be <3 of those, like only the separator for the last octet)
example dot com
mailme at example dot com
hxxp://example.com

The above could be mixed too.

Any others?

Apr 19 '15 00:04 krmaxwell

I think those are the core ones, the simpler way to fix them the better.

I'd also add (.) just to be safe.

Apr 19 '15 00:04 sroberts

python-iocextract will defang / refang URLs it extracts from content. could be worth a look for this https://github.com/InQuest/python-iocextract

Aug 22 '18 19:08 deadbits