Tool to extract indicators of compromise from security reports in PDF format
Python
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 2 commits ahead, 7 commits behind armbues:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
whitelists
.gitignore
LICENSE
README.md
__init__.py
iocp.py
output.py
patterns.ini
requirements.txt
whitelist.py

README.md

ioc-parser

IOC Parser is a tool to extract indicators of compromise from security reports in PDF format. A good collection of APT related reports with many IOCs can be found here: APTNotes.

Usage

iocp.py [-h] [-p INI] [-i FORMAT] [-o FORMAT] [-d] [-l LIB] FILE

  • FILE File/directory path to report(s)
  • -p INI Pattern file
  • -i FORMAT Input format (pdf/txt/html)
  • -o FORMAT Output format (csv/json/yara)
  • -d Deduplicate matches
  • -l LIB Parsing library

Requirements

One of the following PDF parsing libraries:

For HTML parsing support:

For HTTP(S) support: