Skip to content
/ indicator-parser Public

An IOC parser library written in Rust, made to handle multithreaded IOC management. Will be used in both apps and backend of Shuffle.

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Shuffle/indicator-parser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

Indicator-parser

An IOC parser library written in Rust, made to handle multithreaded IOC management. Will be used in both apps and backend of Shuffle.

TODO

  • Prototype it single threaded
  • Prototype multithreaded
  • Ensure it's FAST

Using it in Python

pip install indicator-parser
import indicator-parser

types = ["urls", "ipv4s"]
output = indicator-parser.parse("as10.0.0.10df1234 1.2.3.4 https://google.com", types)

print(output)

Expected output:

########
[{
  "type": "ipv4",
  "data": "10.0.0.10",
  "internal": True,
 },
  {
  "type": "ipv4",
  "data": "1.2.3.4",
  "internal": False,
 },
 {
  "type": "url",
  "data": "https://google.com"
 },
 {
  "type": "domain",
  "data": "google.com"
 }
]

Datatypes (asap)

  • IPv4
  • URL
  • Domains

Future:

  • Mitre Att&ck tactics & techniques
  • File paths
  • Registry keys
  • Email related stuff

Optimizing (long-term)

  • Process Trees: Specific sequences of process creation that indicate malicious behavior.
  • CyberChef-related toolkit

About

An IOC parser library written in Rust, made to handle multithreaded IOC management. Will be used in both apps and backend of Shuffle.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published