Skip to content
/ ioc-parser Public
forked from Xen0ph0n/ioc-parser

Tool to extract indicators of compromise from security reports in PDF format

License

MIT license
72 stars 170 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PaloAltoNetworks/ioc-parser

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
whitelists
whitelists
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ioc-parser.py
ioc-parser.py
 
 
output.py
output.py
 
 
patterns.ini
patterns.ini
 
 
whitelist.py
whitelist.py
 
 

Repository files navigation

ioc-parser

IOC Parser is a tool to extract indicators of compromise from security reports in PDF format. A good collection of APT related reports with many IOCs can be found here: APTNotes.

Usage

ioc-parser.py [-h] [-p INI] [-i FORMAT] [-o FORMAT] [-d] [-l LIB] FILE

  • FILE File/directory path to report(s)
  • -p INI Pattern file
  • -i FORMAT Input format (pdf/txt/html)
  • -o FORMAT Output format (csv/json/yara/autofocus)
  • -d Deduplicate matches
  • -l LIB Parsing library

Requirements

One of the following PDF parsing libraries:

For HTML parsing support:

For HTTP(S) support:

About

Tool to extract indicators of compromise from security reports in PDF format

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

72 stars

Watchers

27 watching

Forks

23 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%