| Name | iocsearcher JSON |
| Version |
2.3.0
JSON |
| download |
| home_page | |
| Summary | A library and command line tool for extracting indicators of compromise (IOCs) from security reports in PDF, HTML, or text formats. |
| upload_time | 2024-03-04 09:40:25 |
| maintainer | |
| docs_url | None |
| author | MaliciaLab |
| requires_python | |
| license | MIT License Copyright (c) 2023 MaliciaLab Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| keywords |
ioc
indicator of compromise
cyber observable
security
threat reports
pdf
html
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# iocsearcher
_iocsearcher_ is a Python library and command-line tool to extract
indicators of compromise (IOCs),
also known as cyber observables,
from HTML, PDF, and text files.
It can identify both defanged
(e.g., URL hx<area>xp://<area>example[DOT]com) and
unmodified IOCs (e.g., URL ht<area>tp://<area>example.com).
## Installation
~~~ sh
pip install iocsearcher
~~~
## Supported IOCs
_iocsearcher_ can extract the following IOC types:
- URLs (url)
- Domain names (fqdn)
- IP addresses (ip4, ip6)
- IP subnets (ip4Net)
- Hashes (md5, sha1, sha256)
- Email addresses (email)
- Phone numbers (phoneNumber)
- Copyright strings (copyright)
- CVE vulnerability identifiers (cve)
- Tor v3 addresses (onionAddress)
- Social network handles (facebookHandle, githubHandle, instagramHandle,
linkedinHandle, pinterestHandle, telegramHandle, twitterHandle, whatsappHandle,
youtubeHandle, youtubeChannel)
- Advertisement/analytics identifiers (googleAdsense, googleAnalytics, googleTagManager)
- Blockchain addresses (bitcoin, bitcoincash, cardano, dashcoin, dogecoin, ethereum, litecoin, monero, ripple, tezos, tronix, zcash)
- Payment addresses (webmoney)
- Chinese Internet Content Provider licenses (icp)
- Bank account numbers (iban)
- Trademarks (trademark)
- Universal unique identifiers (uuid)
- Android package name (packageName)
- Spanish NIF identifiers (nif)
## Command Line Usage
To find IOCs in a given file just provide the _-f (--file)_ option.
By default, found IOCs are printed to stdout,
defanged IOCs are rearmed, and
IOCs are deduplicated so they only appear once.
~~~ sh
iocsearcher -f file.pdf
iocsearcher -f page.html
iocsearcher -f input.txt
~~~
You can use the _-o (--output)_ option to place IOCs to a file instead
of stdout:
~~~ sh
iocsearcher -f file.pdf -o iocs.txt
~~~
By default all regexp are applied to the input.
If you are only interested in some specific IOC types,
it is more efficient to specify those using
the _-t (--target)_ option, which can be applied multiple times:
~~~ sh
iocsearcher -f file.pdf -t url -t email
~~~
You can also search for IOCs in all files in a directory using
the _-d (--dir)_ option.
IOCs extracted from each file will be placed in their own .iocs file.
You can also place all IOCs founds across the input files
in the same output file by also adding the _-o (--output)_ option:
~~~ sh
iocsearcher -d directoryWithFiles -o all.iocs
~~~
In HTML files, only the readable text is examined
(i.e., think of the text shown by Firefox's Reader View).
If you want to scan the whole HTML content you can use the
_-r (--raw)_ option:
~~~ sh
iocsearcher -f page.html -r
~~~
If you have a file that you want to interpret as text avoiding
filetype detection, you can use the _-F (--forcetext)_ option:
~~~ sh
iocsearcher -f input.txt -F
~~~
You can store the text extracted from a PDF/HTML file using the
_-T (--text)_ option, which will produce a .text file for each input file:
~~~ sh
iocsearcher -f file.pdf -T
~~~
By default IOCs are deduplicated, you can instead output the offset of
each IOC without deduplication by using the _-v (--verbose)_ option:
~~~ sh
iocsearcher -f file.pdf -v
~~~
You can also produce a ranking of IOCs by number of appearances
(without deduplication) by using the _-C (--count)_ option:
~~~ sh
iocsearcher -f file.pdf -C -o rank.iocs
~~~
## Library Usage
You can also use _iocsearcher_ as a library by creating a
_Searcher_ object and then invoking the functions
_search_data_ to identify rearmed and deduplicated IOCs and
_search_raw_ to identify all matches, their offsets, and the defanged string.
The _Searcher_ object needs to be created only once to parse the regexps.
Then, it can be reused to find IOCs in multiple input strings.
~~~ sh
python3
>>> import iocsearcher
>>> from iocsearcher.searcher import Searcher
>>> test = 'Find this email contact[AT]example[dot]com'
>>> searcher = Searcher()
>>> searcher.search_data(test)
{('email', 'contact@example.com'), ('fqdn', 'example.com')}
>>> searcher.search_data(test, targets={'email'})
{('email', 'contact@example.com')}
>>> searcher.search_raw(test)
[('email', 'contact@example.com', 16, 'contact[AT]example[dot]com'), ('fqdn', 'example.com', 27, 'example[dot]com')]
~~~
You can also open a document without needing to provide its type,
get its text, and then use a _Searcher_ object to search for IOCs in the text.
For example, if you have a file called _file.pdf_ you can do:
~~~ sh
python3
>>> import iocsearcher
>>> from iocsearcher.document import open_document
>>> from iocsearcher.searcher import Searcher
>>> doc = open_document("file.pdf")
>>> text,_ = doc.get_text() if doc is not None else ""
>>> searcher = Searcher()
>>> searcher.search_data(text)
~~~
If the file is not a PDF, HTML, or text document,
_open_document_ throws a warning and returns None
## Defang and Rearm
Many security reports defang (i.e., remove the teeth from) malicious
indicators, especially network indicators such as URLs, domains,
IP addresses, and email addresses.
This practice helps to prevent users from inadvertently clicking on a
malicious indicator and start a network connection to it.
Defanged indicators do not follow the indicator specification and thus
require relaxed regular expressions to detect them.
_iocsearcher_ supports some popular defang operations
and rearms the IOCs by default so that deduplication works even if the
same IOC has been defanged in different ways.
However, it is not possible to support all defang operations,
as every analyst can come up with their own.
If you think _iocsearcher_ is missing support for some popular
defang operation, let us know by providing pointers to reports that use them.
## Customizing the Regular Expressions
_iocsearcher_ reads its regular expressions from an INI configuration file.
If you want to modify a regexp, add a regexp,
change the IOC type associated to a regexp, or disable validation
for an existing regexp, you can create a copy of the
[patterns.ini](https://github.com/malicialab/iocsearcher/blob/main/iocsearcher/data/patterns.ini)
file in the GitHub repo,
edit your copy, and pass it as input to _iocsearcher_
using the _-P (--patterns)_ option:
~~~ sh
iocsearcher -f file.pdf -P mypatterns.ini
~~~
Note that if you add a new regexp, the output will be the outermost group
if a group exists, and the whole match if the regexp has no groups.
## Related Tools
There exist multiple other open-source IOC extraction tools
and we developed iocsearcher to improve on those.
In our [FGCS journal paper](https://arxiv.org/abs/2208.00042)
we propose a novel evaluation methodology for IOC extraction tools and
apply it to compare _iocsearcher_ with the following tools:
- [Jager](https://github.com/sroberts/jager) (Python)
- [IOC-parser](https://github.com/armbues/ioc_parser) (Python)
- [Cacador](https://github.com/sroberts/cacador) (Go)
- [CyObstract](https://github.com/cmu-sei/cyobstract) (Python)
- [IOC Finder](https://github.com/fhightower/ioc-finder) (Python)
- [IOC Extract](https://github.com/InQuest/python-iocextract) (Python)
- [IOC-Extractor](https://github.com/ninoseki/ioc-extractor) (Python)
We believe the results show _iocsearcher_ performs generally best,
but that is up to you to judge.
We encourage you to read our paper if you have questions about how
_iocsearcher_ compares with the above tools and to try
the above tools if _iocsearcher_ does not meet your goals.
## Filtering
Technically speaking, _iocsearcher_ is an indicator extraction tool,
i.e., it extracts indicators regardless if they are benign or malicious.
Currently, _iocsearcher_,
similar to most other tools mentioned above,
does not differentiate malicious indicators (i.e., IOCs) from benign indicators.
For example, it will extract all URLs in the given input,
regardless if they are malicious or benign.
Filtering of benign indicators is typically application-specific,
so we prefer to keep it as a separate step.
Such filtering is oftentimes performed with blocklists or through
Natural Language Processing (NLP) techniques.
## License
_iocsearcher_ is released under the MIT license
This repository includes Base58 decoding code from the
[monero-python](https://github.com/monero-ecosystem/monero-python/) project.
That code is located in the iocsearcher/monero folder and it is
licensed under BSD 3-Clause.
## References
The design and evaluation of _iocsearcher_ and the comparison with prior
IOC extraction tools are detailed in our
[FGCS journal paper](https://arxiv.org/abs/2208.00042):
> Juan Caballero, Gibran Gomez, Srdjan Matic, Gustavo Sánchez,
Silvia Sebastián, and Arturo Villacañas.<br>
GoodFATR: A Platform for Automated Threat Report Collection and
IOC Extraction.<br>
In Future Generation Computer Systems, 2023.
# Contributors
The main developer and maintainer for _iocsearcher_ is Juan Caballero.
Other members of the MaliciaLab at the
[IMDEA Software Institute](http://software.imdea.org)
have contributed fixes and helped with testing:
Gibran Gomez, Silvia Sebastian, Srdjan Matic
Raw data
{
"_id": null,
"home_page": "",
"name": "iocsearcher",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "ioc,indicator of compromise,cyber observable,security,threat reports,pdf,html",
"author": "MaliciaLab",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/b3/b6/e8ae9596953c18a7c24753ac8ad2a34096e0f1fb5193441088f37cc6e206/iocsearcher-2.3.0.tar.gz",
"platform": null,
"description": "# iocsearcher\n\n_iocsearcher_ is a Python library and command-line tool to extract\nindicators of compromise (IOCs),\nalso known as cyber observables,\nfrom HTML, PDF, and text files.\nIt can identify both defanged\n(e.g., URL hx<area>xp://<area>example[DOT]com) and\nunmodified IOCs (e.g., URL ht<area>tp://<area>example.com).\n\n## Installation\n\n~~~ sh\npip install iocsearcher\n~~~\n\n## Supported IOCs\n\n_iocsearcher_ can extract the following IOC types:\n\n- URLs (url)\n- Domain names (fqdn)\n- IP addresses (ip4, ip6)\n- IP subnets (ip4Net)\n- Hashes (md5, sha1, sha256)\n- Email addresses (email)\n- Phone numbers (phoneNumber)\n- Copyright strings (copyright)\n- CVE vulnerability identifiers (cve)\n- Tor v3 addresses (onionAddress)\n- Social network handles (facebookHandle, githubHandle, instagramHandle,\nlinkedinHandle, pinterestHandle, telegramHandle, twitterHandle, whatsappHandle,\nyoutubeHandle, youtubeChannel)\n- Advertisement/analytics identifiers (googleAdsense, googleAnalytics, googleTagManager)\n- Blockchain addresses (bitcoin, bitcoincash, cardano, dashcoin, dogecoin, ethereum, litecoin, monero, ripple, tezos, tronix, zcash)\n- Payment addresses (webmoney)\n- Chinese Internet Content Provider licenses (icp)\n- Bank account numbers (iban)\n- Trademarks (trademark)\n- Universal unique identifiers (uuid)\n- Android package name (packageName)\n- Spanish NIF identifiers (nif)\n\n## Command Line Usage\n\nTo find IOCs in a given file just provide the _-f (--file)_ option.\nBy default, found IOCs are printed to stdout,\ndefanged IOCs are rearmed, and\nIOCs are deduplicated so they only appear once.\n\n~~~ sh\niocsearcher -f file.pdf\niocsearcher -f page.html\niocsearcher -f input.txt\n~~~\n\nYou can use the _-o (--output)_ option to place IOCs to a file instead\nof stdout:\n\n~~~ sh\niocsearcher -f file.pdf -o iocs.txt\n~~~\n\nBy default all regexp are applied to the input.\nIf you are only interested in some specific IOC types,\nit is more efficient to specify those using\nthe _-t (--target)_ option, which can be applied multiple times:\n\n~~~ sh\niocsearcher -f file.pdf -t url -t email\n~~~\n\nYou can also search for IOCs in all files in a directory using\nthe _-d (--dir)_ option.\nIOCs extracted from each file will be placed in their own .iocs file.\nYou can also place all IOCs founds across the input files\nin the same output file by also adding the _-o (--output)_ option:\n\n~~~ sh\niocsearcher -d directoryWithFiles -o all.iocs\n~~~\n\nIn HTML files, only the readable text is examined\n(i.e., think of the text shown by Firefox's Reader View).\nIf you want to scan the whole HTML content you can use the\n_-r (--raw)_ option:\n\n~~~ sh\niocsearcher -f page.html -r\n~~~\n\nIf you have a file that you want to interpret as text avoiding\nfiletype detection, you can use the _-F (--forcetext)_ option:\n\n~~~ sh\niocsearcher -f input.txt -F\n~~~\n\nYou can store the text extracted from a PDF/HTML file using the\n_-T (--text)_ option, which will produce a .text file for each input file:\n\n~~~ sh\niocsearcher -f file.pdf -T\n~~~\n\nBy default IOCs are deduplicated, you can instead output the offset of\neach IOC without deduplication by using the _-v (--verbose)_ option:\n\n~~~ sh\niocsearcher -f file.pdf -v\n~~~\n\nYou can also produce a ranking of IOCs by number of appearances\n(without deduplication) by using the _-C (--count)_ option:\n\n~~~ sh\niocsearcher -f file.pdf -C -o rank.iocs\n~~~\n\n## Library Usage\n\nYou can also use _iocsearcher_ as a library by creating a\n_Searcher_ object and then invoking the functions\n_search_data_ to identify rearmed and deduplicated IOCs and\n_search_raw_ to identify all matches, their offsets, and the defanged string.\nThe _Searcher_ object needs to be created only once to parse the regexps.\nThen, it can be reused to find IOCs in multiple input strings.\n\n~~~ sh\npython3\n>>> import iocsearcher\n>>> from iocsearcher.searcher import Searcher\n>>> test = 'Find this email contact[AT]example[dot]com'\n>>> searcher = Searcher()\n>>> searcher.search_data(test)\n{('email', 'contact@example.com'), ('fqdn', 'example.com')}\n>>> searcher.search_data(test, targets={'email'})\n{('email', 'contact@example.com')}\n>>> searcher.search_raw(test)\n[('email', 'contact@example.com', 16, 'contact[AT]example[dot]com'), ('fqdn', 'example.com', 27, 'example[dot]com')]\n~~~\n\nYou can also open a document without needing to provide its type,\nget its text, and then use a _Searcher_ object to search for IOCs in the text.\nFor example, if you have a file called _file.pdf_ you can do:\n\n~~~ sh\npython3\n>>> import iocsearcher\n>>> from iocsearcher.document import open_document\n>>> from iocsearcher.searcher import Searcher\n>>> doc = open_document(\"file.pdf\")\n>>> text,_ = doc.get_text() if doc is not None else \"\"\n>>> searcher = Searcher()\n>>> searcher.search_data(text)\n~~~\n\nIf the file is not a PDF, HTML, or text document,\n_open_document_ throws a warning and returns None\n\n## Defang and Rearm\n\nMany security reports defang (i.e., remove the teeth from) malicious\nindicators, especially network indicators such as URLs, domains,\nIP addresses, and email addresses.\nThis practice helps to prevent users from inadvertently clicking on a\nmalicious indicator and start a network connection to it.\nDefanged indicators do not follow the indicator specification and thus\nrequire relaxed regular expressions to detect them.\n\n_iocsearcher_ supports some popular defang operations\nand rearms the IOCs by default so that deduplication works even if the\nsame IOC has been defanged in different ways.\nHowever, it is not possible to support all defang operations,\nas every analyst can come up with their own.\nIf you think _iocsearcher_ is missing support for some popular\ndefang operation, let us know by providing pointers to reports that use them.\n\n## Customizing the Regular Expressions\n\n_iocsearcher_ reads its regular expressions from an INI configuration file.\nIf you want to modify a regexp, add a regexp,\nchange the IOC type associated to a regexp, or disable validation\nfor an existing regexp, you can create a copy of the\n[patterns.ini](https://github.com/malicialab/iocsearcher/blob/main/iocsearcher/data/patterns.ini)\nfile in the GitHub repo,\nedit your copy, and pass it as input to _iocsearcher_\nusing the _-P (--patterns)_ option:\n\n~~~ sh\niocsearcher -f file.pdf -P mypatterns.ini\n~~~\n\nNote that if you add a new regexp, the output will be the outermost group\nif a group exists, and the whole match if the regexp has no groups.\n\n## Related Tools\n\nThere exist multiple other open-source IOC extraction tools\nand we developed iocsearcher to improve on those.\nIn our [FGCS journal paper](https://arxiv.org/abs/2208.00042)\nwe propose a novel evaluation methodology for IOC extraction tools and\napply it to compare _iocsearcher_ with the following tools:\n\n- [Jager](https://github.com/sroberts/jager) (Python)\n- [IOC-parser](https://github.com/armbues/ioc_parser) (Python)\n- [Cacador](https://github.com/sroberts/cacador) (Go)\n- [CyObstract](https://github.com/cmu-sei/cyobstract) (Python)\n- [IOC Finder](https://github.com/fhightower/ioc-finder) (Python)\n- [IOC Extract](https://github.com/InQuest/python-iocextract) (Python)\n- [IOC-Extractor](https://github.com/ninoseki/ioc-extractor) (Python)\n\nWe believe the results show _iocsearcher_ performs generally best,\nbut that is up to you to judge.\nWe encourage you to read our paper if you have questions about how\n_iocsearcher_ compares with the above tools and to try\nthe above tools if _iocsearcher_ does not meet your goals.\n\n## Filtering\n\nTechnically speaking, _iocsearcher_ is an indicator extraction tool,\ni.e., it extracts indicators regardless if they are benign or malicious.\nCurrently, _iocsearcher_,\nsimilar to most other tools mentioned above,\ndoes not differentiate malicious indicators (i.e., IOCs) from benign indicators.\nFor example, it will extract all URLs in the given input,\nregardless if they are malicious or benign.\n\nFiltering of benign indicators is typically application-specific,\nso we prefer to keep it as a separate step.\nSuch filtering is oftentimes performed with blocklists or through\nNatural Language Processing (NLP) techniques.\n\n## License\n\n_iocsearcher_ is released under the MIT license\n\nThis repository includes Base58 decoding code from the\n[monero-python](https://github.com/monero-ecosystem/monero-python/) project.\nThat code is located in the iocsearcher/monero folder and it is\nlicensed under BSD 3-Clause.\n\n## References\n\nThe design and evaluation of _iocsearcher_ and the comparison with prior\nIOC extraction tools are detailed in our\n[FGCS journal paper](https://arxiv.org/abs/2208.00042):\n\n> Juan Caballero, Gibran Gomez, Srdjan Matic, Gustavo S\u00e1nchez,\nSilvia Sebasti\u00e1n, and Arturo Villaca\u00f1as.<br>\nGoodFATR: A Platform for Automated Threat Report Collection and\nIOC Extraction.<br>\nIn Future Generation Computer Systems, 2023.\n\n# Contributors\n\nThe main developer and maintainer for _iocsearcher_ is Juan Caballero.\nOther members of the MaliciaLab at the\n[IMDEA Software Institute](http://software.imdea.org)\nhave contributed fixes and helped with testing:\nGibran Gomez, Silvia Sebastian, Srdjan Matic\n\n",
"bugtrack_url": null,
"license": "MIT License Copyright (c) 2023 MaliciaLab Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ",
"summary": "A library and command line tool for extracting indicators of compromise (IOCs) from security reports in PDF, HTML, or text formats.",
"version": "2.3.0",
"project_urls": {
"Homepage": "https://github.com/malicialab/iocsearcher"
},
"split_keywords": [
"ioc",
"indicator of compromise",
"cyber observable",
"security",
"threat reports",
"pdf",
"html"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "7720e187d3915507d78474b5bb968f747b2033797513a0bb2ba914e545fb18a9",
"md5": "dd6afa79968160b42e370251d17e065e",
"sha256": "cc3d576378a0915054c2243c57f2efb1a85dbdab73a61be69520af46e6edc289"
},
"downloads": -1,
"filename": "iocsearcher-2.3.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "dd6afa79968160b42e370251d17e065e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 40822,
"upload_time": "2024-03-04T09:40:23",
"upload_time_iso_8601": "2024-03-04T09:40:23.558229Z",
"url": "https://files.pythonhosted.org/packages/77/20/e187d3915507d78474b5bb968f747b2033797513a0bb2ba914e545fb18a9/iocsearcher-2.3.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "b3b6e8ae9596953c18a7c24753ac8ad2a34096e0f1fb5193441088f37cc6e206",
"md5": "e502e20a617706262a3efb97434adca2",
"sha256": "c949535038686cd86254216bfa7530957d5ef65629b2018c5201572e73361cb4"
},
"downloads": -1,
"filename": "iocsearcher-2.3.0.tar.gz",
"has_sig": false,
"md5_digest": "e502e20a617706262a3efb97434adca2",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 41103,
"upload_time": "2024-03-04T09:40:25",
"upload_time_iso_8601": "2024-03-04T09:40:25.185924Z",
"url": "https://files.pythonhosted.org/packages/b3/b6/e8ae9596953c18a7c24753ac8ad2a34096e0f1fb5193441088f37cc6e206/iocsearcher-2.3.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-04 09:40:25",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "malicialab",
"github_project": "iocsearcher",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "iocsearcher"
}
