macOS
brew install iocextractlocal Homebrew formula metadata
brew
Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für iocextract in AI-Agent-Workflows.
Installation
brew install iocextractlocal Homebrew formula metadata
nix profile install nixpkgs#iocextractnixpkgs package indexes · iocextract · Quelle: raw.githubusercontent.com
Überblick
Defanged indicator of compromise extractor
Verlauf
iocextract is an InQuest Python library and CLI for extracting indicators of compromise from text, including deliberately defanged URLs, IP addresses, email addresses, hashes, and YARA rules. It sits in the security-automation niche where analysts need to turn threat reports, tweets, notes, and pasted text into machine-readable observables.
The project documentation frames iocextract around a specific analyst problem: simple regular expressions miss indicators that have been defanged to avoid accidental clicks or live requests. iocextract combines custom regexes and post-processing so those strings can be detected and optionally refanged.
The GitHub release history shows continuing feature and bug-fix releases, including work around URL/IP extraction and CLI input sources. The documentation links the repository, PyPI package, issue tracker, and changelog, which is typical of a Python security utility distributed both as a library and as an executable command.
The docs list InQuest and PacketTotal as users and point analysts who need automation beyond extraction toward InQuest's ThreatIngestor. The Homebrew and Nix packaging in the input facts show the tool leaving Python-only workflows and becoming available as a command-line package.
iocextract can be used as a Python iterator-based library or as the `iocextract` command. The CLI reads from standard input or files, extracts selected IOC classes, supports custom regex files, and can refang supported URLs, emails, and IPv4 addresses when an analyst wants normalized output.
The package is significant because it encodes a practical security convention: dangerous observables are often intentionally mangled before publication. A package manager shipping iocextract gives shell pipelines and incident-response scripts a reusable way to reverse that convention without every analyst copying fragile regexes.
Sicherheitslage
Für iocextract wurde kein passendes lokales Secret-Handling-Manifest gefunden. Nucleus-Paketmetadaten bleiben hier veröffentlicht, damit künftige Abdeckung eine stabile Paket-URL hat.
Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.
Executables
| Befehl | Art | Sichtbarkeit | Hinweis |
|---|---|---|---|
iocextract | cli | globales Executable |
Aktualität
Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.
https://inquest.readthedocs.io/projects/iocextract/en/latest/
Installationsmetadaten
| Paketschlüssel | brew:iocextract |
|---|---|
| Version | 1.16.1 |
| Paketmanager | Homebrew |
| Paketmanager-Seite | https://formulae.brew.sh/formula/iocextract |
| Homepage | https://inquest.readthedocs.io/projects/iocextract/en/latest/ |
| Repository | https://github.com/InQuest/iocextract |
| Upstream-Dokumentation | https://inquest.readthedocs.io/projects/iocextract/en/latest |
| Lizenz | GPL-2.0-only |
| Quellarchiv | https://files.pythonhosted.org/packages/ad/4b/19934df6cd6a0f6923aabae391a67b630fdd03c12c1226377c99a747a4f1/iocextract-1.16.1.tar.gz |
| Zuletzt aktualisiert | 2026-05-21T12:53:41Z |
| Pulse | updated |
| Abhängigkeiten | certifi, python@3.14 |
| Bottle | verfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | nicht definiert |
| Dienst | keiner deklariert |
Registry-Fakten
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | iocextract |
| Version Scheme | 0 |
| Revision | 13 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
Source-Datenbank-Treffer
Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.
iocextract
nix profile install nixpkgs#iocextractQuellspur
Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.
View the package source record on GitHub.