ioc-hunter


Nameioc-hunter JSON
Version 1.3.8 PyPI version JSON
download
home_pagehttps://github.com/swimlane/ioc-hunter
SummaryExtract IOCs from text.
upload_time2024-07-29 12:15:54
maintainerNone
docs_urlNone
authorSwimlane
requires_python>=3.7
licenseNone
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # ioc-hunter

IOC Hunter finds indicators of compromise (IOC). The parse_iocs function can extract IOCs from text.  
The type_ioc function can determine the IOC type of a string that you pass in.

The IOCs that are recognized are:

- ssdeep
- sha256
- sha1
- md5
- email
- ipv4_public
- ipv4_private
- ipv6_public
- ipv6_private
- filename
- domain
- url

## Parse IOCs
The parse_iocs function parses IOCs in the list above from text. There is an option
to defang the IOCs that are passed back as well as an option to provide a whitelist regex.
This will also return IOCs labeled as ``unknown`` when text is found to be suspicious, but doesn't
match any of the IOC types.

    from ioc_hunter import parse_iocs

    text = "Your text goes here"
    whitelist = r".*internaldomain\.com.*"
    iocs = parse_iocs(text, defang=False, whitelist_regex=whitlist)

```
parse_iocs

Params:
    text – A string to parse.
    defang – If True, defang any IOCs we can (see DEFANGABLE). If False, return IOCs in their fanged state.
    whitelist_regex – Any IOC matching this regex will be ignored
    iocs_to_parse – A list of IOC types to look for (see IOC_TYPES_SEARCH_ORDER for options)
    whitelist_domains – A list or CSV of domains to exclude from results. Excludes domains and URLs that match
    whitelist_ip_cidr_ranges – A list or CSV of CIDR ranges to exclude from results. Excludes IPs and URLs that match
Returns:
    A dictionary with the ioc type as the key and a list of iocs for each value.
```
## Type IOC

The type_ioc function takes in text and determines if that text matches any of the IOC types.
If it does not match any, it will return ``unkown``.


    from ioc_hunter import type_ioc
    
    suspected_ioc = "mydomain.com"
    ioc_type = type_ioc(suspected_ioc)

```
type_ioc

Params:
    ioc – The IOC to classify.
    types_to_find – A list of types you want to look for.
Returns:
    The type of the IOC as a string, (see IOC_TYPES_SEARCH_ORDER for options)
```

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/swimlane/ioc-hunter",
    "name": "ioc-hunter",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.7",
    "maintainer_email": null,
    "keywords": null,
    "author": "Swimlane",
    "author_email": "info@swimlane.com",
    "download_url": "https://files.pythonhosted.org/packages/51/b8/0e5dd8f5b474af52e1d0a1e26a7ed3537d52039ff54261801b0dadc36c2e/ioc-hunter-1.3.8.tar.gz",
    "platform": null,
    "description": "# ioc-hunter\n\nIOC Hunter finds indicators of compromise (IOC). The parse_iocs function can extract IOCs from text.  \nThe type_ioc function can determine the IOC type of a string that you pass in.\n\nThe IOCs that are recognized are:\n\n- ssdeep\n- sha256\n- sha1\n- md5\n- email\n- ipv4_public\n- ipv4_private\n- ipv6_public\n- ipv6_private\n- filename\n- domain\n- url\n\n## Parse IOCs\nThe parse_iocs function parses IOCs in the list above from text. There is an option\nto defang the IOCs that are passed back as well as an option to provide a whitelist regex.\nThis will also return IOCs labeled as ``unknown`` when text is found to be suspicious, but doesn't\nmatch any of the IOC types.\n\n    from ioc_hunter import parse_iocs\n\n    text = \"Your text goes here\"\n    whitelist = r\".*internaldomain\\.com.*\"\n    iocs = parse_iocs(text, defang=False, whitelist_regex=whitlist)\n\n```\nparse_iocs\n\nParams:\n    text \u2013 A string to parse.\n    defang \u2013 If True, defang any IOCs we can (see DEFANGABLE). If False, return IOCs in their fanged state.\n    whitelist_regex \u2013 Any IOC matching this regex will be ignored\n    iocs_to_parse \u2013 A list of IOC types to look for (see IOC_TYPES_SEARCH_ORDER for options)\n    whitelist_domains \u2013 A list or CSV of domains to exclude from results. Excludes domains and URLs that match\n    whitelist_ip_cidr_ranges \u2013 A list or CSV of CIDR ranges to exclude from results. Excludes IPs and URLs that match\nReturns:\n    A dictionary with the ioc type as the key and a list of iocs for each value.\n```\n## Type IOC\n\nThe type_ioc function takes in text and determines if that text matches any of the IOC types.\nIf it does not match any, it will return ``unkown``.\n\n\n    from ioc_hunter import type_ioc\n    \n    suspected_ioc = \"mydomain.com\"\n    ioc_type = type_ioc(suspected_ioc)\n\n```\ntype_ioc\n\nParams:\n    ioc \u2013 The IOC to classify.\n    types_to_find \u2013 A list of types you want to look for.\nReturns:\n    The type of the IOC as a string, (see IOC_TYPES_SEARCH_ORDER for options)\n```\n",
    "bugtrack_url": null,
    "license": null,
    "summary": "Extract IOCs from text.",
    "version": "1.3.8",
    "project_urls": {
        "Bug Tracker": "https://github.com/swimlane/ioc-hunter/issues",
        "Homepage": "https://github.com/swimlane/ioc-hunter"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "497b38b71cbc30e3bb8d9d02f900a452e176a5e3a0399d2a139ea8adf4f8b5ab",
                "md5": "fcf2443f22d381a70c8b67a04c26a557",
                "sha256": "b3f18ee6c167b889611a1b2f9450526c5d7637409af050271f33dc03ea9691a5"
            },
            "downloads": -1,
            "filename": "ioc_hunter-1.3.8-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "fcf2443f22d381a70c8b67a04c26a557",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.7",
            "size": 3589218,
            "upload_time": "2024-07-29T12:15:51",
            "upload_time_iso_8601": "2024-07-29T12:15:51.875188Z",
            "url": "https://files.pythonhosted.org/packages/49/7b/38b71cbc30e3bb8d9d02f900a452e176a5e3a0399d2a139ea8adf4f8b5ab/ioc_hunter-1.3.8-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "51b80e5dd8f5b474af52e1d0a1e26a7ed3537d52039ff54261801b0dadc36c2e",
                "md5": "c3459c2b341d05395e8ee83cc2a76cab",
                "sha256": "e6f907c96560cd45507cf6a97afd7c3f235c4bd99d8ccd4a2c99925a3506a974"
            },
            "downloads": -1,
            "filename": "ioc-hunter-1.3.8.tar.gz",
            "has_sig": false,
            "md5_digest": "c3459c2b341d05395e8ee83cc2a76cab",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.7",
            "size": 3591676,
            "upload_time": "2024-07-29T12:15:54",
            "upload_time_iso_8601": "2024-07-29T12:15:54.018648Z",
            "url": "https://files.pythonhosted.org/packages/51/b8/0e5dd8f5b474af52e1d0a1e26a7ed3537d52039ff54261801b0dadc36c2e/ioc-hunter-1.3.8.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-07-29 12:15:54",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "swimlane",
    "github_project": "ioc-hunter",
    "github_not_found": true,
    "lcname": "ioc-hunter"
}
Swimlane
Elapsed time: 0.31127s