Metadata-Version: 2.1
Name: ioc-hunter
Version: 1.0.1
Summary: Extract IOCs from text.
Home-page: https://github.com/swimlane/ioc-hunter
Author: Swimlane
Author-email: info@swimlane.com
License: UNKNOWN
Project-URL: Bug Tracker, https://github.com/swimlane/ioc-hunter/issues
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.6
Description-Content-Type: text/markdown
License-File: LICENSE

# ioc-hunter

IOC Hunter finds indicators of compromise (IOC). The parse_iocs function can extract IOCs from text.  
The type_ioc function can determine the IOC type of a string that you pass in.

The IOCs that are recognized are:

- ssdeep
- sha256
- sha1
- md5
- email
- ipv4_public
- ipv4_private
- ipv6_public
- ipv6_private
- filename
- domain
- url

## Parse IOCs
The parse_iocs function parses IOCs in the list above from text. There is an option
to defang the IOCs that are passed back as well as an option to provide a whitelist regex.
This will also return IOCs labeled as ``unknown`` when text is found to be suspicious, but doesn't
match any of the IOC types.

    from ioc_hunter import parse_iocs

    text = "Your text goes here"
    whitelist = r".*internaldomain\.com.*"
    iocs = parse_iocs(text, defang=False, whitelist_regex=whitlist)

## Type IOC

The type_ioc function takes in text and determines if that text matches any of the IOC types.
If it does not match any, it will return ``unkown``.


    from ioc_hunter import type_ioc
    
    suspected_ioc = "mydomain.com"
    ioc_type = type_ioc(suspected_ioc)

