SteveClement / ioc_parser

Tool to extract indicators of compromise from security reports in PDF format

ioc-parser

IOC Parser is a tool to extract indicators of compromise from security reports in PDF format. A good collection of APT related reports with many IOCs can be found here: APTNotes.

Usage

iocp [-h] [-p INI] [-i FORMAT] [-o FORMAT] [-d] [-l LIB] FILE

FILE File/directory path to report(s)/Gmail account in double quotes ("username@gmail.com password")
-p INI Pattern file
-i FORMAT Input format (pdf/txt/docx/html/csv/xls/xlsx/gmail)
-o FORMAT Output format (csv/json/yara/netflow)
-d Deduplicate matches
-l LIB Parsing library

Installation

pip install ioc_parser

Dependencies

docx2txt

Requirements

One of the following PDF parsing libraries:

PyPDF2 - pip install pypdf2
pdfminer - pip install pdfminer

For HTML parsing support:

BeautifulSoup - pip install beautifulsoup4

For HTTP(S) support:

requests - pip install requests

For XLS/XLSX support:

xlrd - pip install xlrd

For Gmail support:

gmail

Merged changes from forks:

About

Tool to extract indicators of compromise from security reports in PDF format

Other

Languages

Language:Python 100.0%