Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ninoseki/fanger
An npm package to defang and refang IoC
https://github.com/ninoseki/fanger
indicators-of-compromise
Last synced: 3 months ago
JSON representation
An npm package to defang and refang IoC
- Host: GitHub
- URL: https://github.com/ninoseki/fanger
- Owner: ninoseki
- License: mit
- Created: 2019-06-29T23:49:15.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2023-05-06T04:28:37.000Z (over 1 year ago)
- Last Synced: 2024-10-10T18:09:22.129Z (3 months ago)
- Topics: indicators-of-compromise
- Language: TypeScript
- Homepage:
- Size: 1.31 MB
- Stars: 9
- Watchers: 2
- Forks: 3
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# fanger
[](https://badge.fury.io/js/fanger)
[](https://www.codefactor.io/repository/github/ninoseki/fanger)
[](https://coveralls.io/github/ninoseki/fanger?branch=master)
fanger is an npm package for defang and refang IoC.
## What are defang and refang
Defang means to change a part of IoC to make inaccessible or unclickable. (e.g. `example.com` => `example[.]com`)
Refang means to revert a defanged IoC to the original one. (e.g. `example[.]com` => `example.com`)
## Installation
```bash
npm install fanger -g
```
## Usage
### As a CLI
```bash
$ echo "example.com" | defang
example[.]com
$ echo "[email protected]" | defang
test@example[.]com
$ echo "https://example.com" | defang
hxxps://example[.]com
```
```bash
$ echo "example[.]com" | refang
example.com
$ echo "test@example[.]com" | refang
[email protected]
$ echo "hxxps://example[.]com" | refang
https://example.com
```
#### As a library
```typescript
import { defang, refang } from "fanger";
const text = "example.com";
console.log(defang(text));
// example[.]com
const defangedText = "example[.]com";
console.log(refang(defangedText));
// example.com
```
## Supported defang/refang techniques
### Defang
The following defang techniques are supported.
#### IPv4
- `1.1.1.1` => `1[.]1.1.1`
The first dot of an IPv4 will be replaced with `[.]`.
#### Domain
- `example.com` => `example[.]com`
- `test.com.example.com` => `test[.]com.example[.]com`
A dot before a label which is registered as a TLD will be replaced with `[.]`.
#### HTTP scheme
- `http` => `hxxp`
- `https` => `hxxps`
### Supported refang techniques
The following refang techniques are supported.
| Techniques | Defanged | Refanged |
|------------------|----------------------------------------|---------------------------------|
| Remove spaces | `1.1.1 . 1` | `1.1.1.1` |
| `[.]` => `.` | `1.1.1[.]1` | `1.1.1.1` |
| `(.)` => `.` | `1.1.1(.)1` | `1.1.1.1` |
| `{.}` => `.` | `1.1.1{.}1` | `1.1.1.1` |
| `\.` => `.` | `example\.com` | `example.com` |
| `[/]` => `/` | `http://example.com[/]path` | `http://example.com/path` |
| `[:]` => `:` | `http[:]//example.com` | `http://example.com` |
| `[://]` => `://` | `http[://]example.com` | `http://example.com` |
| `hxxp` => `http` | `hxxps://google.com` | `https://google.com` |
| `[at]` => `@` | `test[at]example.com` | `[email protected]` |
| `[@]` => `@` | `test[@]example.com` | `[email protected]` |
| `(@)` => `@` | `test(@)example.com` | `[email protected]` |
| `[dot]` => `.` | `test@example[dot]com` | `[email protected]` |
| `(dot)` => `.` | `test@example(dot)com` | `[email protected]` |
| `{dot}` => `.` | `test@example{dot}com` | `[email protected]` |
| Partial | `1.1.1[.1` | `1.1.1.1` |
| Any combination | `hxxps[:]//test\.example[.)com[/]path` | `https://test.example.com/path` |