Tool to extract indicators of compromise from security reports in PDF format
Switch branches/tags
Nothing to show
Clone or download
Latest commit b877586 Jun 15, 2017
Permalink
Failed to load latest commit information.
bin Setuptools/Pypi Jun 22, 2016
iocp Fix whitelist_IP.ini Jun 12, 2017
.gitignore Updated .gitignore Jun 22, 2016
LICENSE.txt Setuptools/Pypi Jun 22, 2016
MANIFEST.in Setuptools/Pypi Jun 22, 2016
README.md Update README.md Jun 23, 2016
__init__.py Added __init__.py Jul 8, 2015
requirements.txt Setuptools/Pypi Jun 22, 2016
setup.cfg Setuptools/Pypi Jun 22, 2016
setup.py Fixing whitelist loading Jun 28, 2016

README.md

ioc-parser

IOC Parser is a tool to extract indicators of compromise from security reports in PDF format. A good collection of APT related reports with many IOCs can be found here: APTNotes.

Usage

iocp [-h] [-p INI] [-i FORMAT] [-o FORMAT] [-d] [-l LIB] FILE

  • FILE File/directory path to report(s)
  • -p INI Pattern file
  • -i FORMAT Input format (pdf/txt/html)
  • -o FORMAT Output format (csv/json/yara)
  • -d Deduplicate matches
  • -l LIB Parsing library

Installation

pip install ioc_parser

Requirements

One of the following PDF parsing libraries:

For HTML parsing support:

For HTTP(S) support: