iocextract v1.16.1

Changelog

Bug Fixes

• Includes a fix for IP addresses and URL extraction, removing schema in certain cases when using these methods interchangeably (#77)

New build info and documentation can be found here: https://pypi.org/project/iocextract/1.16.1/

Full Changelog: v1.16.0...v1.16.1

iocextract v1.16.0

Changelog

Features

• Allow extraction from a server/host containing a file with IOCs for the console application (#74)
  • (--remote_input, -ri): Extract IOCs from a remote data source
  • (--url, -url): URL to extract IOCs from
• New source now allowing for the extraction of telephone numbers (43f7921)

New build info and documentation can be found here: https://pypi.org/project/iocextract/1.16.0/

Full Changelog: v1.15.2...v1.16.0

iocextract v1.15.2

Changelog

Breaking Changes

• The project has been renamed from python-iocextract to iocextract. GitHub automatically handles redirects when renaming repositories, but if for some reason you run into any problems, feel free to open an issue.

Bug Fixes

• Fixed minor URL extraction bug when working with the default configuration (no parameters) (#68)

New build info and documentation can be found here: https://pypi.org/project/iocextract/1.15.2/

Full Changelog: v1.15.1...v1.15.2

iocextract v1.15.1

Changelog

Bug Fixes

• Refactored unit tests to now pass across most test cases (b3f9442)

Features

• Refactored documentation (including the README.md/rst on GitHub, readthedocs build configuration, etc.) (74948ca)
  • Visit the documentation here: https://inquest.readthedocs.io/projects/iocextract/en/latest/
• Now includes a GitHub workflow for an immediate status assessment for Python 3+ builds (74948ca)
• Generic JSON parsing and extracting for base64 encoded strings (#43) (058a66d)

New build info and documentation can be found here: https://pypi.org/project/iocextract/1.15.1/

Full Changelog: v1.14.1...v1.15.1

iocextract v1.14.1

Changelog

Bug Fixes

• Introduces a fix for extracting non-defanged URLs (#61)

Features

• Allows for recursive directory file (.txt) extraction via the CLI (#12)

New build info and documentation can be found here: https://pypi.org/project/iocextract/1.14.1/

Full Changelog: v1.14.0...v1.14.1

iocextract v1.14.0

Changelog

Bug Fixes

• Fixed issue where defanging automatically defaulted to the http/https protocol. Now allows the user to define this functionality (#32, #34)
• Added the ability to extract IP addresses (IPv4) with a 4th octet (i.e. 10.10.10.10.4444) (#31)
• Updated email regex to now extract emails addresses with a first + last name structure (i.e. first[.]last@domain[.]com) (#36)

Features

• Added easier argparse options to allow a simpler version of pre-existing options
• Minor improvements to IPv6 extraction

New build info and documentation can be found here: https://pypi.org/project/iocextract/1.14.0/

iocextract v1.13.8

Changelog

Bug Fixes

• Fixed stdout redirection on Unix-based platforms when piping IOCs to less (#37) by @presianbg (#48)
• Fixed https refanging accuracy when dealing with a defanged hxxp/hxxps schema (#49) by @dsfinn (#50)
• Improved regex for backtracking in the backslash regular expression set (#52) by @Synse (#56)
• Added a space delimiter when decoding base64 for URLs to allow improved parsing (#47)
• Improved control over end punctuations to allow modifiable restrictions when extracting URLs (#40)

New build info and documentation can be found here: https://pypi.org/project/iocextract/1.13.8/

iocextract v1.13.2

Changelog

Bug Fixes

• Fixed URL regex expression to remove whitespace and trailing characters when extracting unencoded URLs. (#53)
• Updated license for PyPi. (#51)

New build info and documentation can be found here: https://pypi.org/project/iocextract/1.13.2/

iocextract v1.13.1

• Fix a bug in base64 handling that caused an exception on some input.
• Add --extract-emails flag to the CLI.
• Update documentation.

iocextract v1.13.0

• NEW!: Overhaul YARA extraction, with support for imports, includes, comments, scopes, and more.
• Reduce false positives from URL extraction (#29 from @JayFields).