Metadata-Version: 2.4
Name: iocx
Version: 0.4.0
Summary: Static IOC extraction engine for binaries, text, and logs.
Author: MalX Labs
License: MIT
Project-URL: Homepage, https://iocx.dev
Project-URL: Repository, https://github.com/iocx-dev/iocx
Project-URL: Issues, https://github.com/iocx-dev/iocx/issues
Keywords: ioc,threat-intel,malware-analysis,forensics,security
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: pefile>=2024.8.26
Requires-Dist: python-magic>=0.4.27
Dynamic: license-file

# IOCX — Static IOC Extraction Engine

IOCX is a fast, safe, deterministic engine for extracting Indicators of Compromise (IOCs) from binaries, text, and logs.
It performs **pure static analysis** — no execution, no sandboxing, no risk.

## Features

- Extracts IOCs from Windows PE files and raw text
- Detects URLs, domains, IPv4/IPv6, file paths, hashes, emails, Base64
- Crypto wallet detection (Ethereum, Bitcoin)
- Deterministic output suitable for automation
- Minimal dependencies and safe for enterprise environments
- CLI and Python API

## Installation

```bash
pip install iocx
```

## CLI Usage

```bash
iocx suspicious.exe
```

```bash
echo "Visit http://bad.example.com" | iocx -
```

## Python API

```python
from iocx.engine import Engine

engine = Engine()
results = engine.extract("suspicious.exe")
print(results)
```

## Why IOCX?

- Static‑only design (never executes untrusted code)
- Binary‑aware IOC extraction
- Stable JSON schema
- High performance (~200 MB/s throughput)
- Ideal for DFIR, SOC automation, CI/CD, and threat‑intel pipelines

## Extensibility

IOCX includes a lightweight plugin system that allows you to add custom detectors, parsers, and transformation rules.
Plugins can emit new IOC categories, override built-in behaviour, or integrate IOCX into larger analysis pipelines.

See the documentation for details on writing detectors and plugins.

## License

MIT License
