It would be useful to highlight filenames ending in various document type extensions, as well as dlls, exes, sys files, etc.
Highlighting file names or paths would definitely be useful. But it’s been hard to develop a regular expression that can reliably distinguish file names from surrounding text since file names can be so flexible. A permissive regular expression highlights a lot of strings that aren’t really files, and a restrictive regular expression misses a lot of files. We’d love to hear any suggestions on implementation, but so far the success rate for parsing file names has just been too low to include the functionality.
How about just including filenames that have common image, document or executable extensions (.gif, .jpg, .bmp, .txt, .text, .pdf, .xls, .xlsx, .doc, .docx, .exe, .dll, .sys, .scr, .bat) and using whitespace as beginning & ending delimiters? I agree it’s not going to catch all instances, or the whole filename in many cases, but I think it will be quite useful anyway. You could even include a feature to turn it off, if some find it objectionable.
From: Stephen Brannon [mailto:email@example.com]
Sent: Tuesday, November 27, 2012 12:01 PM
Cc: McCash John-GKJN37
Subject: Re: [IOCextractor] Feature Request/Suggestion add document filename IOC type (#5)
Reply to this email directly or view it on GitHubhttps://github.com/stephenbrannon/IOCextractor/issues/5#issuecomment-10769016.