# 使用 Homebrew, Nix 安装 iocextract

查看 iocextract 的安装路径、可执行文件、元数据以及面向 AI 代理工作流的安全说明。

## 安装

```sh
sudo av install brew:iocextract
```

其他安装命令:

### macOS

- Homebrew (100%):

```sh
brew install iocextract
```

  证据: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#iocextract
```

  证据: nixpkgs package indexes: iocextract from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

## 软件包事实

- **软件包键:** brew:iocextract
- **软件包管理器:** Homebrew
- **软件包管理器页面:** <https://formulae.brew.sh/formula/iocextract>
- **版本:** 1.16.1
- **来源摘要:** Defanged indicator of compromise extractor
- **主页:** <https://inquest.readthedocs.io/projects/iocextract/en/latest/>
- **仓库:** <https://github.com/InQuest/iocextract>
- **上游文档:** <https://inquest.readthedocs.io/projects/iocextract/en/latest>
- **许可证:** GPL-2.0-only
- **源码归档:** <https://files.pythonhosted.org/packages/ad/4b/19934df6cd6a0f6923aabae391a67b630fdd03c12c1226377c99a747a4f1/iocextract-1.16.1.tar.gz>
- **最后更新:** 2026-05-21T12:53:41Z
- **已生成:** 2026-07-08T18:08:21+00:00

## 可执行文件

- iocextract (cli)
- iocextract (别名)

## 依赖

- certifi
- python@3.14

## 安装行为

- post-install 钩子: 未定义
- Bottle: 可用 于 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## 版本和新鲜度

- 页面生成时间: 2026-07-08
- 管理器版本: 1.16.1
- 管理器更新时间: 2026-05-21
- 本地数据: OK
- 上游仓库: https://inquest.readthedocs.io/projects/iocextract/en/latest/
- 信息: Release/tag comparison is only available for GitHub repositories.
## 项目历史与用法

iocextract is an InQuest Python library and CLI for extracting indicators of compromise from text, including deliberately defanged URLs, IP addresses, email addresses, hashes, and YARA rules. It sits in the security-automation niche where analysts need to turn threat reports, tweets, notes, and pasted text into machine-readable observables.

### 项目历史

The project documentation frames iocextract around a specific analyst problem: simple regular expressions miss indicators that have been defanged to avoid accidental clicks or live requests. iocextract combines custom regexes and post-processing so those strings can be detected and optionally refanged.

The GitHub release history shows continuing feature and bug-fix releases, including work around URL/IP extraction and CLI input sources. The documentation links the repository, PyPI package, issue tracker, and changelog, which is typical of a Python security utility distributed both as a library and as an executable command.

### 采用历史

The docs list InQuest and PacketTotal as users and point analysts who need automation beyond extraction toward InQuest's ThreatIngestor. The Homebrew and Nix packaging in the input facts show the tool leaving Python-only workflows and becoming available as a command-line package.

### 使用方式

iocextract can be used as a Python iterator-based library or as the `iocextract` command. The CLI reads from standard input or files, extracts selected IOC classes, supports custom regex files, and can refang supported URLs, emails, and IPv4 addresses when an analyst wants normalized output.

### 为什么软件包爱好者会关心

The package is significant because it encodes a practical security convention: dangerous observables are often intentionally mangled before publication. A package manager shipping iocextract gives shell pipelines and incident-response scripts a reusable way to reverse that convention without every analyst copying fragile regexes.

### 时间线

- 2018: Public PyPI releases establish iocextract as an installable Python IOC extractor.
- 2019-2023: InQuest-hosted documentation presents the library, CLI, related projects, and users.
- 2023: v1.16.x releases add CLI extraction from remote data sources and fix URL/IP extraction behavior.
- Package-manager era: Homebrew and Nix provide package installs for the `iocextract` executable.

### Related projects

- ThreatIngestor is the InQuest project suggested for automated IOC extraction, enrichment, and export workflows.
- Cacador, ioc-extractor, and Cyobstract are listed by the docs as similar IOC extraction projects.
- plyara is called out for users working with YARA rules.

### 来源

- <https://formulae.brew.sh/formula/iocextract>
- <https://github.com/InQuest/iocextract>
- <https://github.com/InQuest/iocextract/releases>
- <https://inquest.readthedocs.io/projects/iocextract/en/latest/>
- <https://pypi.org/project/iocextract/>


## 安全说明

没有找到 iocextract 的匹配本地密钥处理 manifest。Nucleus 软件包元数据仍在此发布，以便未来覆盖拥有稳定的软件包 URL。


## 源数据库详情

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** iocextract
- **Version Scheme:** 0
- **Revision:** 13
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## 其他软件包管理器记录

- Nix - iocextract: normalized package name match | nixpkgs package indexes: iocextract from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix


## 相关链接

- [Terminal utility packages](https://www.automicvault.com/zh-hans/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/zh-hans/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/zh-hans/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Homebrew utility packages](https://www.automicvault.com/zh-hans/pkg/brew-utility-packages/) - Matched Homebrew package provider.
- [python@3.14](https://www.automicvault.com/zh-hans/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [dnstwist](https://www.automicvault.com/zh-hans/pkg/brew/dnstwist/) - Shares av.db curated category or tags: cli, security, threat-intelligence.
- [virustotal-cli](https://www.automicvault.com/zh-hans/pkg/brew/virustotal-cli/) - Shares av.db curated category or tags: cli, security, threat-intelligence.
- [aide](https://www.automicvault.com/zh-hans/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/zh-hans/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/zh-hans/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [anubis](https://www.automicvault.com/zh-hans/pkg/brew/anubis/) - Shares av.db curated category or tags: cli, security.
- [authoscope](https://www.automicvault.com/zh-hans/pkg/brew/authoscope/) - Shares av.db curated category or tags: cli, security.
- [azurehound](https://www.automicvault.com/zh-hans/pkg/brew/azurehound/) - Shares av.db curated category or tags: cli, security.
- [shodan](https://www.automicvault.com/zh-hans/pkg/brew/shodan/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, intelligence, python, python-3-14.
- [bbot](https://www.automicvault.com/zh-hans/pkg/brew/bbot/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, python, python-3-14, security.

## Combined YAML source

View the package source record on GitHub. [combined/iocextract.yml](https://github.com/automic-vault/db/blob/main/combined/iocextract.yml)


## 来源

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
