iocextract icon

iocextract

Extracts and refangs IOCs from arbitrary text

FreeOpen SourceGPL-2.0-onlyCLI API

Visit Website GitHub

Description

Python library and command-line tool that parses arbitrary text corpora and extracts indicators of compromise: IPv4/IPv6 addresses, URLs, domain names, email addresses, MD5/SHA hashes, and YARA rules. It also recovers defanged indicators (e.g. 127[.]0[.]0[.]1, hxxp://) by refanging them, returning clean structured IOCs from reports, emails, or pastes.

Inputs

Document / File Paste Site Content

Outputs

IOC (Indicator of Compromise)IP Address Hash (MD5/SHA)

Tags

IOC (Indicator of Compromise)

Tool Chain

Tools that can use this tool's outputs as inputs

iocextract

outputs

IP Address

inputs into

Nuclei TemplatesFree

Burp SuiteFreemium

Greenbone Community EditionFree

Qualys SSL LabsFreemium

FraudGuard.ioFreemium

abuse.ch SSL BlacklistFree

AFRINIC WhoisFree

Anomali ThreatStreamPaid

ANY.RUN Threat Intelligence LookupFreemium

APNIC WhoisFree

BGP.toolsFreemium

BinaryEdgeFreemium

CIRCL Passive DNSFree

Cloudflare RadarFree

TheHive Cortex AnalyzersFree

CrowdSec ConsoleFreemium

GreyNoise VisualizerFreemium

Hurricane Electric BGP ToolkitFree

Looking Glass Hurricane ElectricFree

Hunt.ioFreemium

InQuest LabsFreemium

DNSLyticsFreemium

DNSChecker MaliciousFree

MaltegoFreemium

SecurityTrailsFreemium

ZoomEyeFreemium

DomainToolsPaid

VirusTotalFreemium

Intelligence XFreemium

Hudson Rock CavalierFreemium

urlscan.ioFreemium

GreyNoiseFreemium

Metasploit FrameworkFree

MaxMind GeoIPPaid

IP2LocationFreemium

Can I Take Over XYZFree

TheHiveFreemium

AbuseIPDBFreemium

AlienVault OTXFree

PulsediveFreemium

Feodo TrackerFree

OpenPhishFreemium

MXToolboxFreemium

Cisco Talos IntelligenceFree

IBM X-Force ExchangeFreemium

OSV-ScannerFree

VulnersFreemium

VulnCheckFreemium

CVE DetailsFree

Packet Storm SecurityFree

Google Safe BrowsingFreemium

Malwarebytes LabsFree

Google EarthFree

Sentinel Hub EO BrowserFreemium

NASA WorldviewFree

Flightradar24Freemium

ADS-B ExchangeFreemium

FlightAwareFreemium

MarineTrafficFreemium

VesselFinderFreemium

OpenRailwayMapFree

Overpass TurboFree

ipapi.coFreemium

ipdata.coFreemium

ipinfo.ioFreemium

IPQualityScoreFreemium

Kaspersky Threat Intelligence PortalFreemium

Wireless Korea KISA WhoisFree

LACNIC WhoisFree

Mandiant AdvantagePaid

Microsoft Defender Threat IntelligenceFreemium

Mnemonic ARGUSFreemium

Mtr Network DiagnosticFree

OONI ExplorerFree

OSINT Combine BrowserFree

PassiveDNS by mnemonicFree

Pentest-Tools.comFreemium

Pulsedive ExploreFreemium

QiAnXin TIFreemium

Rapid7 Project SonarFree

RDAP LookupFree

Recorded FuturePaid

JA3 FingerprintFree

JARM Fingerprint HashFree

Pulsedive Threat BrowseFree

SecurityTrails Historical DNSFreemium

Silent PushPaid

Spamhaus IP ReputationFreemium

ThreatBookFreemium

ThreatConnectPaid

ThreatMinerFree

ThreatView.ioFree

Tor Project MetricsFree

Cisco Umbrella InvestigatePaid

ValidinFreemium

ViewDNS.infoFreemium

ARIN Whois-RWSFree

Farsight DNSDBPaid

Group-IB Threat IntelligencePaid

HackerTargetFreemium

JPNIC Whois GatewayFree

InternetDB by ShodanFree

Webroot BrightCloudPaid

CentralOpsFreemium

CrowdSec CTIFreemium

DriftnetFreemium

Elasticsearch CrawlerFree

Hunter.howFreemium

I Know What You DownloadFreemium

IPLocation.netFree

SynapsintFreemium

Threat Intelligence PlatformFreemium

WebScoutFreemium

CheckLeakedFreemium

OSINTLeakFreemium

OSINT FrameworkFree

Netlas.ioFreemium

Criminal IPFreemium

SEON Digital FootprintFreemium

FortiGuard Web Filter LookupFree

Team Cymru IP to ASNFree

IP to ASN DatabaseFree

Blocklist.deFree

FireHOL IP ListsFree

Project Honey PotFree

HoneyDBFreemium

MetaDefender CloudFreemium

abuse.ch HuntingFree

isMaliciousFreemium

Blacklist CheckerFreemium

Multi-RBL CheckFree

You Get SignalFree

ip2geo.devFreemium

OpenGraph IntelFree

DeHashed API ToolPaid

pygreynoiseFreemium

DFIR PlatformFreemium

DNSstuffFreemium

iocextract

outputs

Hash (MD5/SHA)

inputs into

abuse.ch SSL BlacklistFree

Anomali ThreatStreamPaid

ANY.RUN Threat Intelligence LookupFreemium

PolygonscanFreemium

TheHive Cortex AnalyzersFree

InQuest LabsFreemium

VirusTotalFreemium

Intelligence XFreemium

Blockchain.com ExplorerFree

EtherscanFreemium

ChainalysisPaid

TheHiveFreemium

AbuseIPDBFreemium

AlienVault OTXFree

PulsediveFreemium

MalwareBazaarFree

Feodo TrackerFree

OpenPhishFreemium

Cisco Talos IntelligenceFree

IBM X-Force ExchangeFreemium

Hybrid AnalysisFreemium

ANY.RUNFreemium

Joe SandboxFreemium

Hatching TriageFreemium

Intezer AnalyzeFreemium

Volatility 3Free

Mobile Verification ToolkitFree

Google Safe BrowsingFreemium

Malwarebytes LabsFree

BlockchairFreemium

BlockCypherFreemium

BscScanFreemium

Kaspersky Threat Intelligence PortalFreemium

KoodousFreemium

Mandiant AdvantagePaid

Microsoft Defender Threat IntelligenceFreemium

PolyswarmFreemium

Pulsedive ExploreFreemium

QiAnXin TIFreemium

Recorded FuturePaid

ThreatBookFreemium

ThreatConnectPaid

ThreatMinerFree

ThreatView.ioFree

MalwareBazaar BrowseFree

Imunify360 SandboxPaid

Group-IB Threat IntelligencePaid

EchoTrailFreemium

CheckLeakedFreemium

MetaDefender CloudFreemium

abuse.ch HuntingFree

isMaliciousFreemium

OpenGraph IntelFree

DFIR PlatformFreemium

UnpacMeFreemium

Reviews

0.0 (0 reviews)