Cacador is a tool for extracting common indicators of compromise from a block of text. The easiest way to get cacador is to download the latest release for your platform. Compiling Cacador: Install golang go get github.com/sroberts/cacador Compile with go build Running: Run with ./cacador. It accepts text from stdin and writes a JSON blob of IOCs to stdout. For example: cat text.txt | ./cacador | import where text is some IOC rich text and import pushes your new IOCs into your threat management system. Cacador does recognize two command line flags: - comment="Foo" which makes it possible to leave a note as metadata. - tags="Foo, bar, baz" which adds tags. Generating a new release: Install goreleaser via go get github.com/goreleaser/goreleaser. Push your branch to GitHub. Tag it via git tag -a v1.0.3 -m "Release 1.0.3 - Minor bugfix edition." Push the tag to GitHub via git push origin v1.0.3 Ensure you have a GITHUB_TOKEN env var set. Run goreleaser. Why? Other tools for doing indicator extraction are pretty awesome (like armbues/ioc_parser or sroberts/jager), but what's nice about cacador is you can use it to extract IOCs from text files.