# iocextract を Homebrew, Nix でインストール

iocextract のインストール経路、実行ファイル、メタデータ、AI エージェント向けセキュリティノートを確認します。

## インストール

```sh
sudo av install brew:iocextract
```

追加のインストールコマンド:

### macOS

- Homebrew (100%):

```sh
brew install iocextract
```

  証拠: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#iocextract
```

  証拠: nixpkgs package indexes: iocextract from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

## パッケージ情報

- **パッケージキー:** brew:iocextract
- **パッケージマネージャ:** Homebrew
- **パッケージマネージャページ:** <https://formulae.brew.sh/formula/iocextract>
- **バージョン:** 1.16.1
- **ソース概要:** Defanged indicator of compromise extractor
- **ホームページ:** <https://inquest.readthedocs.io/projects/iocextract/en/latest/>
- **リポジトリ:** <https://github.com/InQuest/iocextract>
- **上流ドキュメント:** <https://inquest.readthedocs.io/projects/iocextract/en/latest>
- **ライセンス:** GPL-2.0-only
- **ソースアーカイブ:** <https://files.pythonhosted.org/packages/ad/4b/19934df6cd6a0f6923aabae391a67b630fdd03c12c1226377c99a747a4f1/iocextract-1.16.1.tar.gz>
- **最終更新:** 2026-05-21T12:53:41Z
- **生成日時:** 2026-07-08T18:08:21+00:00

## 実行可能ファイル

- iocextract (cli)
- iocextract (エイリアス)

## 依存関係

- certifi
- python@3.14

## インストール挙動

- post-install フック: 未定義
- Bottle: 利用可能 対象 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## バージョンと鮮度

- ページ生成日: 2026-07-08
- マネージャ版: 1.16.1
- マネージャ更新日: 2026-05-21
- ローカルデータ: OK
- 上流リポジトリ: https://inquest.readthedocs.io/projects/iocextract/en/latest/
- 情報: Release/tag comparison is only available for GitHub repositories.
## プロジェクトの歴史と使われ方

iocextract is an InQuest Python library and CLI for extracting indicators of compromise from text, including deliberately defanged URLs, IP addresses, email addresses, hashes, and YARA rules. It sits in the security-automation niche where analysts need to turn threat reports, tweets, notes, and pasted text into machine-readable observables.

### プロジェクトの歴史

The project documentation frames iocextract around a specific analyst problem: simple regular expressions miss indicators that have been defanged to avoid accidental clicks or live requests. iocextract combines custom regexes and post-processing so those strings can be detected and optionally refanged.

The GitHub release history shows continuing feature and bug-fix releases, including work around URL/IP extraction and CLI input sources. The documentation links the repository, PyPI package, issue tracker, and changelog, which is typical of a Python security utility distributed both as a library and as an executable command.

### 採用の歴史

The docs list InQuest and PacketTotal as users and point analysts who need automation beyond extraction toward InQuest's ThreatIngestor. The Homebrew and Nix packaging in the input facts show the tool leaving Python-only workflows and becoming available as a command-line package.

### 使われ方

iocextract can be used as a Python iterator-based library or as the `iocextract` command. The CLI reads from standard input or files, extracts selected IOC classes, supports custom regex files, and can refang supported URLs, emails, and IPv4 addresses when an analyst wants normalized output.

### パッケージ好きにとっての重要性

The package is significant because it encodes a practical security convention: dangerous observables are often intentionally mangled before publication. A package manager shipping iocextract gives shell pipelines and incident-response scripts a reusable way to reverse that convention without every analyst copying fragile regexes.

### タイムライン

- 2018: Public PyPI releases establish iocextract as an installable Python IOC extractor.
- 2019-2023: InQuest-hosted documentation presents the library, CLI, related projects, and users.
- 2023: v1.16.x releases add CLI extraction from remote data sources and fix URL/IP extraction behavior.
- Package-manager era: Homebrew and Nix provide package installs for the `iocextract` executable.

### Related projects

- ThreatIngestor is the InQuest project suggested for automated IOC extraction, enrichment, and export workflows.
- Cacador, ioc-extractor, and Cyobstract are listed by the docs as similar IOC extraction projects.
- plyara is called out for users working with YARA rules.

### ソース

- <https://formulae.brew.sh/formula/iocextract>
- <https://github.com/InQuest/iocextract>
- <https://github.com/InQuest/iocextract/releases>
- <https://inquest.readthedocs.io/projects/iocextract/en/latest/>
- <https://pypi.org/project/iocextract/>


## セキュリティノート

iocextract に一致するローカルシークレット処理マニフェストは見つかりませんでした。将来の対応で安定したパッケージ URL を使えるよう、Nucleus パッケージメタデータはここに公開されています。


## ソースデータベース詳細

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** iocextract
- **Version Scheme:** 0
- **Revision:** 13
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## 他のパッケージマネージャ記録

- Nix - iocextract: normalized package name match | nixpkgs package indexes: iocextract from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix


## 関連リンク

- [Terminal utility packages](https://www.automicvault.com/ja/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/ja/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/ja/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Homebrew utility packages](https://www.automicvault.com/ja/pkg/brew-utility-packages/) - Matched Homebrew package provider.
- [python@3.14](https://www.automicvault.com/ja/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [dnstwist](https://www.automicvault.com/ja/pkg/brew/dnstwist/) - Shares av.db curated category or tags: cli, security, threat-intelligence.
- [virustotal-cli](https://www.automicvault.com/ja/pkg/brew/virustotal-cli/) - Shares av.db curated category or tags: cli, security, threat-intelligence.
- [aide](https://www.automicvault.com/ja/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/ja/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/ja/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [anubis](https://www.automicvault.com/ja/pkg/brew/anubis/) - Shares av.db curated category or tags: cli, security.
- [authoscope](https://www.automicvault.com/ja/pkg/brew/authoscope/) - Shares av.db curated category or tags: cli, security.
- [azurehound](https://www.automicvault.com/ja/pkg/brew/azurehound/) - Shares av.db curated category or tags: cli, security.
- [shodan](https://www.automicvault.com/ja/pkg/brew/shodan/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, intelligence, python, python-3-14.
- [bbot](https://www.automicvault.com/ja/pkg/brew/bbot/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, python, python-3-14, security.

## Combined YAML source

View the package source record on GitHub. [combined/iocextract.yml](https://github.com/automic-vault/db/blob/main/combined/iocextract.yml)


## ソース

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
