Kali Linux

IOC Scraper : A Fast And Reliable Service That Enables You To Extract IOCs

IOC Scraper utilises IOCPARSER service to fetch IOCs from different vendor Blogs, PDFs, and CSV files. Parsing IOCs is time-consuming process, using current script one can automatically extract and aggregate IOCs easily.

Features

  • Defanged IOCs : Supports extracting and defanging IOCs.
  • Whitelist IOCs : Supports custom whitlisting of IOCs.
  • Source Types : Supports variety of sources such as Blogs, PDFs, CSV, and much more.

Supported IOC Types

IOC Scraper supports a variety of IOC types.

IOC TYPESTATUS
ASNSupported
IPv4, IPv6Supported
URL, DomainSupported
EmailSupported
MD5, SHA1, SHA256, File NameSupported
MAC AddressSupported
MITRE ATT&CK IDsSupported
YARA RulesSupported

Installation

git clone https://www.github.com/chaitanyakrishna/iocscraper.git
pip3 install -f requirements.txt

Usage

python IOC_Scraper.py -h
_
| / \ / | / | _ _ _ _ _ _
| | | | | | ___ \ / | ‘/ ` | ‘ \ / _ \ ‘| | | || | | ) | (| | | (| | |) | / |
|___/ ____| |_/ _|| __,| ./ _||
|_|
usage: IOC_Scraper.py [-h] [-u URL] [-uL FILE_CONTAINING_URLS] [-t TIMEOUT] [-th THREADNUMBER] -o OUTPUT
IOC_Scraper v1.0
Optional Arguments:
-h, –help show this help message and exit
-u URL, –url Single URL for Fetching IOCs
-uL FILE_CONTAINING_URLS, –url-list FILE_CONTAINING_URLS File Containing URL, One URL in One Line.
-t TIMEOUT, –timeout TIMEOUT HTTP Request Timeout. default=60
-th THREADNUMBER, –thread THREADNUMBER Parallel HTTP Request Number. default=100
Required Arguments:
-o OUTPUT, –output OUTPUT Output file name.

Sample command line arguments

python iocscraper.py -u “http://targeturl.com” -o report
python iocscraper.py -uL urls.txt -o report

Output

python IOC_Scraper.py -uL url_list.txt -o report
_ _
| / \ / | / | _ _ _ _ _ _
| | | | | | ___ \ / | ‘/ ` | ‘ \ / _ \ ‘| | | || | | ) | (| | | (| | |) | / |
|___/ ____| |_/ _|| __,| ./ _||
|_|
[Date: 20-01-2022] [Time: 23:03:09] [INFO] Initiating IOC Scraper …
[*] ProgressBar: 14/14 [Fethcing IOC from: thehackernews.com] [Errors: 0] … 0] … …
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Removing Duplicates …
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Fetched IOCs from the following domains
blog.aquasec.com
nationalcybersecurity.com
cofense.com
thehackernews.com
blog.sucuri.net
threats.amnpardaz.com
www.crowdstrike.com
www.bleepingcomputer.com
forensicitguy.github.io
marcusedmondson.com
rajhackingarticles.blogspot.com
research.checkpoint.com
www.reddit.com
www.zerofox.com
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Indicator of Compromise Stats
Domain : 52
URL : 26
IPv4 : 15
IPv6 : 0
ASN : 0
FILE_HASH_MD5 : 24
FILE_HASH_SHA1 : 16
FILE_HASH_SHA256 : 3
MITRE_ATTACK : 4
EMAIL : 3
CVE : 7
FILE_NAME : 59
YARA_RULE : 0
MAC_ADDRESS : 0
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Total IOCs: 209

Download
R K

Leave a Comment
Share
Published by
R K
Tags: Extract IOCsFast And ReliableIOC Scraper
3 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago