Automic VaultAutomic Vault

brew

使用 Homebrew, Nix 安装 iocextract

查看 iocextract 的安装路径、可执行文件、元数据以及面向 AI 代理工作流的安全说明。

安装

其他安装命令

macOS

Homebrew已验证 · 100%
brew install iocextract

local Homebrew formula metadata

概览

软件包摘要

Defanged indicator of compromise extractor

命令和别名

  • iocextract

历史

项目历史与用法

iocextract is an InQuest Python library and CLI for extracting indicators of compromise from text, including deliberately defanged URLs, IP addresses, email addresses, hashes, and YARA rules. It sits in the security-automation niche where analysts need to turn threat reports, tweets, notes, and pasted text into machine-readable observables.

项目历史

The project documentation frames iocextract around a specific analyst problem: simple regular expressions miss indicators that have been defanged to avoid accidental clicks or live requests. iocextract combines custom regexes and post-processing so those strings can be detected and optionally refanged.

The GitHub release history shows continuing feature and bug-fix releases, including work around URL/IP extraction and CLI input sources. The documentation links the repository, PyPI package, issue tracker, and changelog, which is typical of a Python security utility distributed both as a library and as an executable command.

采用历史

The docs list InQuest and PacketTotal as users and point analysts who need automation beyond extraction toward InQuest's ThreatIngestor. The Homebrew and Nix packaging in the input facts show the tool leaving Python-only workflows and becoming available as a command-line package.

使用方式

iocextract can be used as a Python iterator-based library or as the `iocextract` command. The CLI reads from standard input or files, extracts selected IOC classes, supports custom regex files, and can refang supported URLs, emails, and IPv4 addresses when an analyst wants normalized output.

为什么软件包爱好者会关心

The package is significant because it encodes a practical security convention: dangerous observables are often intentionally mangled before publication. A package manager shipping iocextract gives shell pipelines and incident-response scripts a reusable way to reverse that convention without every analyst copying fragile regexes.

时间线

  • 2018: Public PyPI releases establish iocextract as an installable Python IOC extractor.
  • 2019-2023: InQuest-hosted documentation presents the library, CLI, related projects, and users.
  • 2023: v1.16.x releases add CLI extraction from remote data sources and fix URL/IP extraction behavior.
  • Package-manager era: Homebrew and Nix provide package installs for the `iocextract` executable.

Related projects

  • ThreatIngestor is the InQuest project suggested for automated IOC extraction, enrichment, and export workflows.
  • Cacador, ioc-extractor, and Cyobstract are listed by the docs as similar IOC extraction projects.
  • plyara is called out for users working with YARA rules.

安全态势

尚未找到受保护工具覆盖

没有找到 iocextract 的匹配本地密钥处理 manifest。Nucleus 软件包元数据仍在此发布,以便未来覆盖拥有稳定的软件包 URL。

安装行为

  • formula 元数据中未记录 Homebrew post-install 钩子。
  • Homebrew bottle 元数据适用于 6 个平台目标。
  • 安装时包含 2 个运行时依赖。

建议审查

在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。

可执行文件

已安装的可执行文件

命令类型暴露范围备注
iocextractcli全局可执行文件

新鲜度

版本和新鲜度

这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。

页面生成时间2026-07-08
管理器版本1.16.1
管理器更新时间2026-05-21
本地数据OK
上游not checked
检测到的最新版本未检测到

https://inquest.readthedocs.io/projects/iocextract/en/latest/

安装元数据

软件包元数据

软件包键brew:iocextract
版本1.16.1
软件包管理器Homebrew
软件包管理器页面https://formulae.brew.sh/formula/iocextract
主页https://inquest.readthedocs.io/projects/iocextract/en/latest/
仓库https://github.com/InQuest/iocextract
上游文档https://inquest.readthedocs.io/projects/iocextract/en/latest
许可证GPL-2.0-only
源码归档https://files.pythonhosted.org/packages/ad/4b/19934df6cd6a0f6923aabae391a67b630fdd03c12c1226377c99a747a4f1/iocextract-1.16.1.tar.gz
最后更新2026-05-21T12:53:41Z
Pulseupdated
依赖certifi, python@3.14
Bottle可用 (于 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-install未定义
服务未声明

注册表事实

源数据库详情

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameiocextract
Version Scheme0
Revision13
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

源数据库匹配

其他软件包管理器记录

匹配项来自外部软件包管理器索引,并与本地 Automic Vault 软件包链接分开显示。

Nix95%

iocextract

nix profile install nixpkgs#iocextract
  • normalized package name match
  • 匹配方式:Iocextract
nixpkgs package indexes · raw.githubusercontent.com · nixpkgs package indexes: iocextract from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

来源线索

由仓库数据生成

此页面由 av-webscripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。

使用的来源

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment