lopes/iocfinder.py

## iocfinder.py
#!/bin/env python3

'''
Finds Indicators of Compromise (IoCs) in text files.
Usage:
    $ iocfinder.py file.txt
Based on:
    1. https://github.com/stephenbrannon/IOCextractor
    2. https://github.com/PaloAltoNetworks/ioc-parser
Todo:
    1. Allow whitelists
    2. Separate regexes from code
    3. Create more patterns, such as IPv6 and SHA{1,256}
    4. Perform more tests (multiline, another charset...)
    5. Make output more friendly
    6. Create help
    7. Allow commands - to find specific patterns, for instance
'''

from sys import argv
from re import compile, search, IGNORECASE

patterns = {
    'hash_md5': r'\b([a-f]|[0-9]){32}\b',
    'url': r'\b([a-z]{3,}://[\S]{3,})\b',
    'email': r'\b([a-z][_a-z0-9-.]+@[a-z0-9-]+\.[a-z]+)\b',
    'ipv4': r'\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b'
}

with open(argv[1], 'r') as f:
    for line in f:
        for pattern in patterns.values():
            p = compile(pattern, IGNORECASE)
            matches = search(p, line)
            if matches: print(matches)
	#!/bin/env python3

	'''
	Finds Indicators of Compromise (IoCs) in text files.
	Usage:
	$ iocfinder.py file.txt
	Based on:
	1. https://github.com/stephenbrannon/IOCextractor
	2. https://github.com/PaloAltoNetworks/ioc-parser
	Todo:
	1. Allow whitelists
	2. Separate regexes from code
	3. Create more patterns, such as IPv6 and SHA{1,256}
	4. Perform more tests (multiline, another charset...)
	5. Make output more friendly
	6. Create help
	7. Allow commands - to find specific patterns, for instance
	'''

	from sys import argv
	from re import compile, search, IGNORECASE

	patterns = {
	'hash_md5': r'\b([a-f]\|[0-9]){32}\b',
	'url': r'\b([a-z]{3,}://[\S]{3,})\b',
	'email': r'\b([a-z][_a-z0-9-.]+@[a-z0-9-]+\.[a-z]+)\b',
	'ipv4': r'\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b'
	}

	with open(argv[1], 'r') as f:
	for line in f:
	for pattern in patterns.values():
	p = compile(pattern, IGNORECASE)
	matches = search(p, line)
	if matches: print(matches)