Tool to extract indicators of compromise from security reports in PDF format
Python
Latest commit b73270a Jun 29, 2016 @armbues Fixing whitelist loading
Permalink
Failed to load latest commit information.
bin Setuptools/Pypi Jun 22, 2016
iocp Fixing whitelist loading Jun 28, 2016
.gitignore Updated .gitignore Jun 22, 2016
LICENSE.txt Setuptools/Pypi Jun 22, 2016
MANIFEST.in Setuptools/Pypi Jun 22, 2016
README.md Update README.md Jun 23, 2016
__init__.py Added __init__.py Jul 8, 2015
requirements.txt Setuptools/Pypi Jun 22, 2016
setup.cfg Setuptools/Pypi Jun 22, 2016
setup.py Fixing whitelist loading Jun 28, 2016

README.md

ioc-parser

IOC Parser is a tool to extract indicators of compromise from security reports in PDF format. A good collection of APT related reports with many IOCs can be found here: APTNotes.

Usage

iocp [-h] [-p INI] [-i FORMAT] [-o FORMAT] [-d] [-l LIB] FILE

  • FILE File/directory path to report(s)
  • -p INI Pattern file
  • -i FORMAT Input format (pdf/txt/html)
  • -o FORMAT Output format (csv/json/yara)
  • -d Deduplicate matches
  • -l LIB Parsing library

Installation

pip install ioc_parser

Requirements

One of the following PDF parsing libraries:

For HTML parsing support:

For HTTP(S) support: