{"id":13722549,"url":"https://github.com/sroberts/cacador","last_synced_at":"2026-04-29T02:17:54.747Z","repository":{"id":146848162,"uuid":"50754264","full_name":"sroberts/cacador","owner":"sroberts","description":"Indicator Extractor","archived":false,"fork":false,"pushed_at":"2018-07-14T12:35:05.000Z","size":46,"stargazers_count":130,"open_issues_count":15,"forks_count":23,"subscribers_count":12,"default_branch":"master","last_synced_at":"2024-04-16T03:47:17.104Z","etag":null,"topics":["dfir","golang","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sroberts.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-01-31T01:53:42.000Z","updated_at":"2024-02-12T05:46:11.000Z","dependencies_parsed_at":"2024-01-13T12:33:01.532Z","dependency_job_id":null,"html_url":"https://github.com/sroberts/cacador","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sroberts%2Fcacador","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sroberts%2Fcacador/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sroberts%2Fcacador/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sroberts%2Fcacador/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sroberts","download_url":"https://codeload.github.com/sroberts/cacador/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252905582,"owners_count":21822826,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dfir","golang","security"],"created_at":"2024-08-03T01:01:30.145Z","updated_at":"2026-04-29T02:17:54.670Z","avatar_url":"https://github.com/sroberts.png","language":"Go","funding_links":[],"categories":["Data Parsing"],"sub_categories":[],"readme":"# cacador\n\n[![CircleCI](https://circleci.com/gh/sroberts/cacador.svg?style=svg)](https://circleci.com/gh/sroberts/cacador)\n[![Go Report Card](https://goreportcard.com/badge/github.com/sroberts/cacador)](https://goreportcard.com/report/github.com/sroberts/cacador)\n\nCacador (Portugese for hunter) is tool for extracting common [indicators of compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise) from a block of text.\n\n## The Short Way: Downloading Cacador\n\nThe easiest way to get cacador is to [download the latest release for your platform](https://github.com/sroberts/cacador/releases). Good? Great.\n\n## The Long Way: Compiling Cacador\n\n-   Install golang\n-   `go get github.com/sroberts/cacador`\n-   Compile with `go build`\n\n## Running\n\nRun with `./cacador`. It accepts text from stdin and writes a JSON blob of IOCs to stdout. For example `cat text.txt | ./cacador | import` where text is some IOC rich text and import pushes your new IOCs into your threat management system.\n\nCacador does recognize two command line flags:\n\n-   `-comment=\"Foo\"` which makes it possible to leave a note as metadata.\n-   `-tags=\"Foo, bar, baz\"` which adds tags.\n\n## Generating a new release\n\n-   Install [goreleaser](https://github.com/goreleaser/goreleaser) via `go get github.com/goreleaser/goreleaser`.\n-   Push your branch to GitHub.\n-   Tag it via `git tag -a v1.0.3 -m \"Release 1.0.3 - Minor bugfix edition.\"`\n-   Push the tag to GitHub via `git push origin v1.0.3`\n-   Ensure you have a `GITHUB_TOKEN` env var set.\n-   Run `goreleaser`.\n\n## Why?\n\nOther tools for doing indicator extraction are pretty awesome (like [armbues/ioc_parser](https://github.com/armbues/ioc_parser) or [sroberts/jager](https://github.com/sroberts/jager)), but what's nice about cacador is you can compile it and put it in your path and use it for Unix style workflows with [pipes and things](http://www.december.com/unix/tutor/pipesfilters.html). Also it's super fast and was a good excuse to learn [Go](http://golang.org).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsroberts%2Fcacador","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsroberts%2Fcacador","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsroberts%2Fcacador/lists"}