Skip to content
/ ioc_parser Public
forked from armbues/ioc_parser

Tool to extract indicators of compromise from security reports in PDF format

License

View license
2 stars 170 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SteveClement/ioc_parser

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

100 Commits
PyMISPWarningLists @ 1901e2e
PyMISPWarningLists @ 1901e2e
 
 
bin
bin
 
 
iocp
iocp
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE.txt
LICENSE.txt
 
 
MANIFEST.in
MANIFEST.in
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
requirements.txt
requirements.txt
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 

Repository files navigation

ioc-parser

IOC Parser is a tool to extract indicators of compromise from security reports in PDF format. A good collection of APT related reports with many IOCs can be found here: APTNotes.

Usage

iocp [-h] [-p INI] [-i FORMAT] [-o FORMAT] [-d] [-l LIB] FILE

  • FILE File/directory path to report(s)/Gmail account in double quotes ("username@gmail.com password")
  • -p INI Pattern file
  • -i FORMAT Input format (pdf/txt/docx/html/csv/xls/xlsx/gmail)
  • -o FORMAT Output format (csv/json/yara/netflow)
  • -d Deduplicate matches
  • -l LIB Parsing library

Installation

pip install ioc_parser

Dependencies

Requirements

One of the following PDF parsing libraries:

For HTML parsing support:

For HTTP(S) support:

For XLS/XLSX support:

  • xlrd - pip install xlrd

For Gmail support:

Merged changes from forks:

@buffer

@dadokkio

@LDO-CERT

About

Tool to extract indicators of compromise from security reports in PDF format

Resources

Readme

License

View license
Activity

Stars

2 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages

  • Python 100.0%