https://github.com/dcso/iocee

A small tool to automatically extract possible IOCs from streams of text data. Useful in conjunction with our bloom tool to identify IOCs.
https://github.com/dcso/iocee

Last synced: 6 months ago
JSON representation

A small tool to automatically extract possible IOCs from streams of text data. Useful in conjunction with our bloom tool to identify IOCs.

• Host: GitHub
• URL: https://github.com/dcso/iocee
• Owner: DCSO
• License: other
• Created: 2017-06-07T11:57:07.000Z (almost 8 years ago)
• Default Branch: master
• Last Pushed: 2017-06-27T13:55:39.000Z (almost 8 years ago)
• Last Synced: 2024-06-20T16:44:28.928Z (12 months ago)
• Language: Go
• Size: 12.7 KB
• Stars: 3
• Watchers: 5
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# IOCee

### Extract potential IOCs from unstructured text

[![GoDoc](https://godoc.org/github.com/DCSO/iocee?status.svg)](http://godoc.org/github.com/DCSO/iocee)

[![Build Status](https://travis-ci.org/DCSO/iocee.svg?branch=master)](https://travis-ci.org/DCSO/iocee)

IOCee is a simple tool that reads a stream of text from standard input and searches for potential IOC values in it. When it encounters a value that could be an IOC (e.g. a domain name, IP address, URL or hash) it generates all potential variations of it and prints each of them on a separate line. The output data can then be used with other tools such as `bloom`, which expect one value per line.

# Usage

To extract IOCs from a file:

    cat filename.txt | iocee

To interactively extract IOCs (useful for testing):

    iocee --interactive

# Installation & Usage

To install the command line tool:

    make install

To run the tests:

    make test