You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It'd be great to be able to provide a directory path to iocextract and have it iterate over all files, extracting IOC's from each as it goes.
for example, i have a directory of malicious SLK files and I want to quickly dump all the URLs. right now I have to use something like for i in ls; do iocextract --extract-urls --input $i; done
passing a dir to --input obviously throws an exception due to the arguments use to io:
File "iocextract.py", line 442, in <lambda>
parser.add_argument('--input', type=lambda x: io.open(x, 'r', encoding='utf-8', errors='ignore'),
IOError: [Errno 21] Is a directory: '/home/adam/research/malware/campaigns/slk-droppers'
Would you be okay with re-working --input to accept a file as input, stdin as an optional positional argument, and add a --dir argument for folders? I can put in a PR if so - or if you have any other suggestions for this use case, that'd be great :D
The text was updated successfully, but these errors were encountered:
Go for it. The cli is an afterthought on my end, I only use the library - so if there's anything you want to change to make it fit your workflow better, its fine with me.
One note - the --input flag used to use the argparse builtins for file handling, which supports - as stdin, but I had to change to the current lambda because argparse dies when fed binary input. This piece can be fragile moving between Python 2/3 too, because of the unicode/str/bytes differences.
Sounds good. thanks for the input too on potential argparse quirks - good to know ahead of time. I'll play around a bit so nothing breaks and throw in a PR
Personally I very much use the script instead of the library. I end up using little oneliners to act as my directory input currently... if adding the new input gives me too much trouble I might just close this and stick to shell scripting unless I see anyone else who also really wants this. If it's just really for myself I'll deal.
It'd be great to be able to provide a directory path to iocextract and have it iterate over all files, extracting IOC's from each as it goes.
for example, i have a directory of malicious SLK files and I want to quickly dump all the URLs. right now I have to use something like
for i in
ls; do iocextract --extract-urls --input $i; done
passing a dir to --input obviously throws an exception due to the arguments use to
io
:Would you be okay with re-working --input to accept a file as input, stdin as an optional positional argument, and add a
--dir
argument for folders? I can put in a PR if so - or if you have any other suggestions for this use case, that'd be great :DThe text was updated successfully, but these errors were encountered: