IOC-Parser is a script that will extract the IOCs from a given (text-based) file and output it in .csv-format. Or - as a module - returns a list of instances with an IOC-value and an IOC-type.
- as a module:
pip install iocparser - as a stand-alone script:
git clone https://github.com/renzejongman/iocparser
./iocparser.py -s [source-file] -o [outputfile.csv]
from iocparser import IOCParser
textObj = IOCParser("text")
results = textObj.parse()
-
.IOC(kind, value)
Instances of this very simple class are generated by the IOCParser class.
kind= "IP", "uri", "md5", "sha1", "sha256", "CVE", "email" or "file"
value= The value of the IOCParser-class and returned as a list. -
.IOCParser(text)This class takes a text as input, extracts all the IOCs and returns them as a list of instances of the IOC-class.
text= the raw text (as a variable) to be parsed.
extensions: the file extensions needed to detect a filename (and not mistake them for URIs)tlds: the Top Level Domains (TLDs) needed to recognise URI`s (and not mistake them for files)
feel free to manipulate those files, but make sure there are no empty lines in either of them, or the script will break.