iocextract
A library and command line interface for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora.
iocextract
A library and command line interface for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora.
Founder & Fractional CISO
Not sure if iocextract is right for your team?
Book a 60-minute strategy call with Nikoloz. You will get a clear roadmap to evaluate products and make a decision.
→Align tool selection with your actual business goals
→Right-sized for your stage (not enterprise bloat)
→Not 47 options, exactly 3 that fit your needs
→Stop researching, start deciding
→Questions that reveal if the tool actually works
→Most companies never ask these
→The costs vendors hide in contracts
→How to uncover real Total Cost of Ownerhship before signing
iocextract Description
iocextract Indicator of Compromise (IOC) extractor for some of the most commonly ingested artifacts. Overview The Problem Our Solution Example Use Case Installation Usage Library Command Line Interface Helpful Information FAQ More Details Custom Regex Related Projects Contributing Overview The iocextract package is a library and command line interface (CLI) for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It allows for you to extract encoded and "defanged" IOCs and optionally decode or refang them. The Problem It is common practice for malware analysts or endpoint software to "defang" IOCs such as URLs and IP addresses, in order to prevent accidental exposure to live malicious content. Being able to extract and aggregate these IOCs is often valuable for analysts. Unfortunately, existing "IOC extraction" tools often pass right by them, as they are not caught by standard regex. For example, the simple defanging technique of surrounding periods with brackets: 127[.]0[.]0[.]1 Existing tools that use a simple IP address regex will ignore this IOC entirely. Our Solution By combining specially crafted regex with some careful consideration of the problem, we can effectively extract these IOCs.
iocextract FAQ
Common questions about iocextract including features, pricing, alternatives, and user reviews.
iocextract is A library and command line interface for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora.. It is a Threat Management solution designed to help security teams with Indicator Of Compromise, IOC, Regex.
FEATURED
Fix-first AppSec powered by agentic remediation, covering SCA, SAST & secrets.
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
Fractional CISO services for B2B companies to build security programs
POPULAR
Real-time OSINT monitoring for leaked credentials, data, and infrastructure
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
AI security assurance platform for red-teaming, guardrails & compliance
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
TRENDING CATEGORIES
Stay Updated with Mandos Brief
Get strategic cybersecurity insights in your inbox