IOC Parser
IOC Parser is a tool to extract indicators of compromise from security reports in PDF format. A good collection of APT related reports with many IOCs can be found here: APTNotes. Usage: iocp [-h] [-p INI] [-i FORMAT] [-o FORMAT] [-d] [-l LIB] FILE FILE: File/directory path to report(s) -p INI: Pattern file -i FORMAT: Input format (pdf/txt/html) -o FORMAT: Output format (csv/json/yara) -d: Deduplicate matches -l LIB: Parsing library Installation: pip install ioc_parser Requirements: One of the following PDF parsing libraries: - PyPDF2: pip install pypdf2 - pdfminer: pip install pdfminer For HTML parsing support: - BeautifulSoup: pip install beautifulsoup4 For HTTP(S) support: - requests: pip install requests
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Malware Patrol offers a range of threat intelligence solutions, including enterprise data feeds, DNS firewall, phishing threat intelligence, and small business protection.
Packet Storm is a global security resource providing around-the-clock information and tools to mitigate personal data and fiscal loss on a global scale.
A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.
A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
A project sharing malicious URLs used for malware distribution to help protect networks.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
A comprehensive Threat Intelligence Program Management Solution for managing the entire CTI lifecycle.
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.