macOS
brew install iocextractlocal Homebrew formula metadata
安装
brew install iocextractlocal Homebrew formula metadata
nix profile install nixpkgs#iocextractnixpkgs package indexes · iocextract · 来源: raw.githubusercontent.com
概览
Defanged indicator of compromise extractor
历史
iocextract is an InQuest Python library and CLI for extracting indicators of compromise from text, including deliberately defanged URLs, IP addresses, email addresses, hashes, and YARA rules. It sits in the security-automation niche where analysts need to turn threat reports, tweets, notes, and pasted text into machine-readable observables.
The project documentation frames iocextract around a specific analyst problem: simple regular expressions miss indicators that have been defanged to avoid accidental clicks or live requests. iocextract combines custom regexes and post-processing so those strings can be detected and optionally refanged.
The GitHub release history shows continuing feature and bug-fix releases, including work around URL/IP extraction and CLI input sources. The documentation links the repository, PyPI package, issue tracker, and changelog, which is typical of a Python security utility distributed both as a library and as an executable command.
The docs list InQuest and PacketTotal as users and point analysts who need automation beyond extraction toward InQuest's ThreatIngestor. The Homebrew and Nix packaging in the input facts show the tool leaving Python-only workflows and becoming available as a command-line package.
iocextract can be used as a Python iterator-based library or as the `iocextract` command. The CLI reads from standard input or files, extracts selected IOC classes, supports custom regex files, and can refang supported URLs, emails, and IPv4 addresses when an analyst wants normalized output.
The package is significant because it encodes a practical security convention: dangerous observables are often intentionally mangled before publication. A package manager shipping iocextract gives shell pipelines and incident-response scripts a reusable way to reverse that convention without every analyst copying fragile regexes.
安全态势
没有找到 iocextract 的匹配本地密钥处理 manifest。Nucleus 软件包元数据仍在此发布,以便未来覆盖拥有稳定的软件包 URL。
在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。
可执行文件
| 命令 | 类型 | 暴露范围 | 备注 |
|---|---|---|---|
iocextract | cli | 全局可执行文件 |
新鲜度
这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。
https://inquest.readthedocs.io/projects/iocextract/en/latest/
安装元数据
| 软件包键 | brew:iocextract |
|---|---|
| 版本 | 1.16.1 |
| 软件包管理器 | Homebrew |
| 软件包管理器页面 | https://formulae.brew.sh/formula/iocextract |
| 主页 | https://inquest.readthedocs.io/projects/iocextract/en/latest/ |
| 仓库 | https://github.com/InQuest/iocextract |
| 上游文档 | https://inquest.readthedocs.io/projects/iocextract/en/latest |
| 许可证 | GPL-2.0-only |
| 源码归档 | https://files.pythonhosted.org/packages/ad/4b/19934df6cd6a0f6923aabae391a67b630fdd03c12c1226377c99a747a4f1/iocextract-1.16.1.tar.gz |
| 最后更新 | 2026-05-21T12:53:41Z |
| Pulse | updated |
| 依赖 | certifi, python@3.14 |
| Bottle | 可用 (于 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | 未定义 |
| 服务 | 未声明 |
注册表事实
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | iocextract |
| Version Scheme | 0 |
| Revision | 13 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
源数据库匹配
匹配项来自外部软件包管理器索引,并与本地 Automic Vault 软件包链接分开显示。
iocextract
nix profile install nixpkgs#iocextract来源线索
此页面由 av-web 从 scripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。
View the package source record on GitHub.