IOC Scraper utilises IOCPARSER service to fetch IOCs from different vendor Blogs, PDFs, and CSV files. Parsing IOCs is time-consuming process, using current script one can automatically extract and aggregate IOCs easily.
IOC Scraper supports a variety of IOC types.
IOC TYPE | STATUS |
---|---|
ASN | Supported |
IPv4, IPv6 | Supported |
URL, Domain | Supported |
Supported | |
MD5, SHA1, SHA256, File Name | Supported |
MAC Address | Supported |
MITRE ATT&CK IDs | Supported |
YARA Rules | Supported |
git clone https://www.github.com/chaitanyakrishna/iocscraper.git
pip3 install -f requirements.txt
Usage
python IOC_Scraper.py -h
_
| / \ / | / | _ _ _ _ _ _
| | | | | | ___ \ / | ‘/ ` | ‘ \ / _ \ ‘| | | || | | ) | (| | | (| | |) | / |
|___/ ____| |_/ _|| __,| ./ _||
|_|
usage: IOC_Scraper.py [-h] [-u URL] [-uL FILE_CONTAINING_URLS] [-t TIMEOUT] [-th THREADNUMBER] -o OUTPUT
IOC_Scraper v1.0
Optional Arguments:
-h, –help show this help message and exit
-u URL, –url Single URL for Fetching IOCs
-uL FILE_CONTAINING_URLS, –url-list FILE_CONTAINING_URLS File Containing URL, One URL in One Line.
-t TIMEOUT, –timeout TIMEOUT HTTP Request Timeout. default=60
-th THREADNUMBER, –thread THREADNUMBER Parallel HTTP Request Number. default=100
Required Arguments:
-o OUTPUT, –output OUTPUT Output file name.
Sample command line arguments
python iocscraper.py -u “http://targeturl.com” -o report
python iocscraper.py -uL urls.txt -o report
Output
python IOC_Scraper.py -uL url_list.txt -o report
_ _
| / \ / | / | _ _ _ _ _ _
| | | | | | ___ \ / | ‘/ ` | ‘ \ / _ \ ‘| | | || | | ) | (| | | (| | |) | / |
|___/ ____| |_/ _|| __,| ./ _||
|_|
[Date: 20-01-2022] [Time: 23:03:09] [INFO] Initiating IOC Scraper …
[*] ProgressBar: 14/14 [Fethcing IOC from: thehackernews.com] [Errors: 0] … 0] … …
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Removing Duplicates …
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Fetched IOCs from the following domains
blog.aquasec.com
nationalcybersecurity.com
cofense.com
thehackernews.com
blog.sucuri.net
threats.amnpardaz.com
www.crowdstrike.com
www.bleepingcomputer.com
forensicitguy.github.io
marcusedmondson.com
rajhackingarticles.blogspot.com
research.checkpoint.com
www.reddit.com
www.zerofox.com
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Indicator of Compromise Stats
Domain : 52
URL : 26
IPv4 : 15
IPv6 : 0
ASN : 0
FILE_HASH_MD5 : 24
FILE_HASH_SHA1 : 16
FILE_HASH_SHA256 : 3
MITRE_ATTACK : 4
EMAIL : 3
CVE : 7
FILE_NAME : 59
YARA_RULE : 0
MAC_ADDRESS : 0
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Total IOCs: 209
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…