iocextract
« Back to VersTracker
Description:
Defanged indicator of compromise extractor
Type: Formula  |  Latest Version: 1.16.1@10  |  Tracked Since: Dec 6, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security threat-intelligence iocs python forensics
Install: brew install iocextract
About:
iocextract is a Python library designed to extract Indicators of Compromise (IOCs) from text, even when they are 'defanged' to evade detection. It automatically refangs the IOCs to their original, actionable format, supporting URLs, IP addresses, hashes, and more. This tool is invaluable for security analysts automating the collection and processing of threat intelligence from unstructured sources.
Key Features:
  • Extracts IOCs from raw text and binary data
  • Automatically refangs defanged indicators (e.g., hxxp -> http)
  • Supports a wide range of IOC types including IPs, URLs, and file hashes
  • Can also be used to defang IOCs for safe sharing
Use Cases:
  • Parsing threat intelligence reports and blog posts for automated ingestion
  • Scanning log files or email bodies to identify malicious indicators
  • Preparing IOCs for safe distribution in threat intelligence sharing platforms
Alternatives:
  • ioc-finder – ioc-finder is another robust library for IOC extraction, often cited for its comprehensive parsing capabilities.
  • grep/sed/awk – Standard CLI tools can be used for simple pattern matching but lack built-in support for defanging/refanging and structured IOC validation.
Version History
Detected Version Rev Change Commit
Jan 9, 2026 8:29am 10 REVISION_ONLY 9c05bf0f
Dec 6, 2025 1:49am 9 VERSION_BUMP 2bf2330b
Sep 12, 2025 2:30pm 8 VERSION_BUMP a719536f
Oct 12, 2024 4:55pm 6 VERSION_BUMP 2b60a326
Oct 12, 2024 11:48am 6 VERSION_BUMP 1b3e7a26
Sep 14, 2024 9:02am 6 VERSION_BUMP 1f655d0b