IOC Scraper utilises IOCPARSER service to fetch IOCs from different vendor Blogs, PDFs, and CSV files. Parsing IOCs is time-consuming process, using current script one can automatically extract and aggregate IOCs easily.
IOC Scraper supports a variety of IOC types.
| IOC TYPE | STATUS |
|---|---|
| ASN | Supported |
| IPv4, IPv6 | Supported |
| URL, Domain | Supported |
| Supported | |
| MD5, SHA1, SHA256, File Name | Supported |
| MAC Address | Supported |
| MITRE ATT&CK IDs | Supported |
| YARA Rules | Supported |
git clone https://www.github.com/chaitanyakrishna/iocscraper.git
pip3 install -f requirements.txt
Usage
python IOC_Scraper.py -h
_
| / \ / | / | _ _ _ _ _ _
| | | | | | ___ \ / | ‘/ ` | ‘ \ / _ \ ‘| | | || | | ) | (| | | (| | |) | / |
|___/ ____| |_/ _|| __,| ./ _||
|_|
usage: IOC_Scraper.py [-h] [-u URL] [-uL FILE_CONTAINING_URLS] [-t TIMEOUT] [-th THREADNUMBER] -o OUTPUT
IOC_Scraper v1.0
Optional Arguments:
-h, –help show this help message and exit
-u URL, –url Single URL for Fetching IOCs
-uL FILE_CONTAINING_URLS, –url-list FILE_CONTAINING_URLS File Containing URL, One URL in One Line.
-t TIMEOUT, –timeout TIMEOUT HTTP Request Timeout. default=60
-th THREADNUMBER, –thread THREADNUMBER Parallel HTTP Request Number. default=100
Required Arguments:
-o OUTPUT, –output OUTPUT Output file name.
Sample command line arguments
python iocscraper.py -u “http://targeturl.com” -o report
python iocscraper.py -uL urls.txt -o report
Output
python IOC_Scraper.py -uL url_list.txt -o report
_ _
| / \ / | / | _ _ _ _ _ _
| | | | | | ___ \ / | ‘/ ` | ‘ \ / _ \ ‘| | | || | | ) | (| | | (| | |) | / |
|___/ ____| |_/ _|| __,| ./ _||
|_|
[Date: 20-01-2022] [Time: 23:03:09] [INFO] Initiating IOC Scraper …
[*] ProgressBar: 14/14 [Fethcing IOC from: thehackernews.com] [Errors: 0] … 0] … …
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Removing Duplicates …
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Fetched IOCs from the following domains
blog.aquasec.com
nationalcybersecurity.com
cofense.com
thehackernews.com
blog.sucuri.net
threats.amnpardaz.com
www.crowdstrike.com
www.bleepingcomputer.com
forensicitguy.github.io
marcusedmondson.com
rajhackingarticles.blogspot.com
research.checkpoint.com
www.reddit.com
www.zerofox.com
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Indicator of Compromise Stats
Domain : 52
URL : 26
IPv4 : 15
IPv6 : 0
ASN : 0
FILE_HASH_MD5 : 24
FILE_HASH_SHA1 : 16
FILE_HASH_SHA256 : 3
MITRE_ATTACK : 4
EMAIL : 3
CVE : 7
FILE_NAME : 59
YARA_RULE : 0
MAC_ADDRESS : 0
[Date: 20-01-2022] [Time: 23:03:13] [INFO] Total IOCs: 209
AutoExif is a powerful Bash script designed to streamline the process of editing image metadata…
SimpleImager V4.3, your go-to tool for streamlined system imaging and data acquisition. Designed to simplify…
MetaOSINT enables open source intelligence ("OSINT") practitioners to jumpstart their investigations by quickly identifying relevant,…
ThreatPinch Lookup creates informational tooltips when hovering oven an item of interest on any website.…
Myself and any other potential contributors to this website are NOT in any way affiliated…
The Mobile Evidence Acquisition Toolkit designed by BlackStone Discovery. Developed to enhance digital forensics, this…