security-forensics/pyioc
SHA256
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
pyioc/pyioc.git
Greg Freemyer 2d83a940f1 Accepting request 248422 from home:gregfreemyer:Tools-for-forensic-boot-cd 
This is an early stage version of this, but it seems useful to have in a public place.

OBS-URL: https://build.opensuse.org/request/show/248422
OBS-URL: https://build.opensuse.org/package/show/security:forensics/pyioc?expand=0&rev=1
2014-09-10 23:12:08 +00:00

765 lines
35 KiB
Plaintext
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en" class="">
<head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# object: http://ogp.me/ns/object# article: http://ogp.me/ns/article# profile: http://ogp.me/ns/profile#">
<meta charset='utf-8'>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="Content-Language" content="en">
<title>jeffbryner/pyioc · GitHub</title>
<link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="GitHub">
<link rel="fluid-icon" href="https://github.com/fluidicon.png" title="GitHub">
<link rel="apple-touch-icon" sizes="57x57" href="/apple-touch-icon-114.png">
<link rel="apple-touch-icon" sizes="114x114" href="/apple-touch-icon-114.png">
<link rel="apple-touch-icon" sizes="72x72" href="/apple-touch-icon-144.png">
<link rel="apple-touch-icon" sizes="144x144" href="/apple-touch-icon-144.png">
<meta property="fb:app_id" content="1401488693436528">
<meta content="@github" name="twitter:site" /><meta content="summary" name="twitter:card" /><meta content="jeffbryner/pyioc" name="twitter:title" /><meta content="pyioc - Python tools for IOC (Indicator of Compromise) handling" name="twitter:description" /><meta content="https://avatars2.githubusercontent.com/u/566889?v=2&amp;s=400" name="twitter:image:src" />
<meta content="GitHub" property="og:site_name" /><meta content="object" property="og:type" /><meta content="https://avatars2.githubusercontent.com/u/566889?v=2&amp;s=400" property="og:image" /><meta content="jeffbryner/pyioc" property="og:title" /><meta content="https://github.com/jeffbryner/pyioc" property="og:url" /><meta content="pyioc - Python tools for IOC (Indicator of Compromise) handling" property="og:description" />
<meta name="browser-stats-url" content="/_stats">
<link rel="assets" href="https://assets-cdn.github.com/">
<link rel="conduit-xhr" href="https://ghconduit.com:25035">
<meta name="msapplication-TileImage" content="/windows-tile.png">
<meta name="msapplication-TileColor" content="#ffffff">
<meta name="selected-link" value="repo_source" data-pjax-transient>
<meta name="google-analytics" content="UA-3769691-2">
<meta content="collector.githubapp.com" name="octolytics-host" /><meta content="collector-cdn.github.com" name="octolytics-script-host" /><meta content="github" name="octolytics-app-id" /><meta content="D80FB231:3F03:1C81308:5410CD64" name="octolytics-dimension-request_id" />
<meta content="Rails, view, files#disambiguate" name="analytics-event" />
<link rel="icon" type="image/x-icon" href="https://assets-cdn.github.com/favicon.ico">
<meta content="authenticity_token" name="csrf-param" />
<meta content="V4SL4WVM9Jfj3ygDwhNURAX25LXdbUjVdbSBeosFvS3FrfZb+s0elq6s3wXFXbQ2TqgeEpcSNJYu/ACcDUtx4Q==" name="csrf-token" />
<link href="https://assets-cdn.github.com/assets/github-16eef2dfd315153ad8e41edc42e244e7e6833129.css" media="all" rel="stylesheet" type="text/css" />
<link href="https://assets-cdn.github.com/assets/github2-82995f19067bce1fbe294c479951d2a21d0d085c.css" media="all" rel="stylesheet" type="text/css" />
<meta http-equiv="x-pjax-version" content="bc5ec63be3d54aa3231f30c6b935dab5">
<meta name="description" content="pyioc - Python tools for IOC (Indicator of Compromise) handling">
<meta name="go-import" content="github.com/jeffbryner/pyioc git https://github.com/jeffbryner/pyioc.git">
<meta content="566889" name="octolytics-dimension-user_id" /><meta content="jeffbryner" name="octolytics-dimension-user_login" /><meta content="5990891" name="octolytics-dimension-repository_id" /><meta content="jeffbryner/pyioc" name="octolytics-dimension-repository_nwo" /><meta content="true" name="octolytics-dimension-repository_public" /><meta content="false" name="octolytics-dimension-repository_is_fork" /><meta content="5990891" name="octolytics-dimension-repository_network_root_id" /><meta content="jeffbryner/pyioc" name="octolytics-dimension-repository_network_root_nwo" />
<link href="https://github.com/jeffbryner/pyioc/commits/master.atom" rel="alternate" title="Recent Commits to pyioc:master" type="application/atom+xml">
</head>
<body class="logged_out env-production vis-public">
<a href="#start-of-content" tabindex="1" class="accessibility-aid js-skip-to-content">Skip to content</a>
<div class="wrapper">
<div class="header header-logged-out">
<div class="container clearfix">
<a class="header-logo-wordmark" href="https://github.com/" ga-data-click="(Logged out) Header, go to homepage, icon:logo-wordmark">
<span class="mega-octicon octicon-logo-github"></span>
</a>
<div class="header-actions">
<a class="button primary" href="/join" data-ga-click="(Logged out) Header, clicked Sign up, text:sign-up">Sign up</a>
<a class="button signin" href="/login?return_to=%2Fjeffbryner%2Fpyioc" data-ga-click="(Logged out) Header, clicked Sign in, text:sign-in">Sign in</a>
</div>
<div class="site-search repo-scope js-site-search">
<form accept-charset="UTF-8" action="/jeffbryner/pyioc/search" class="js-site-search-form" data-global-search-url="/search" data-repo-search-url="/jeffbryner/pyioc/search" method="get"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="&#x2713;" /></div>
<input type="text"
class="js-site-search-field is-clearable"
data-hotkey="s"
name="q"
placeholder="Search"
data-global-scope-placeholder="Search GitHub"
data-repo-scope-placeholder="Search"
tabindex="1"
autocapitalize="off">
<div class="scope-badge">This repository</div>
</form>
</div>
<ul class="header-nav left">
<li class="header-nav-item">
<a class="header-nav-link" href="/explore" data-ga-click="(Logged out) Header, go to explore, text:explore">Explore</a>
</li>
<li class="header-nav-item">
<a class="header-nav-link" href="/features" data-ga-click="(Logged out) Header, go to features, text:features">Features</a>
</li>
<li class="header-nav-item">
<a class="header-nav-link" href="https://enterprise.github.com/" data-ga-click="(Logged out) Header, go to enterprise, text:enterprise">Enterprise</a>
</li>
<li class="header-nav-item">
<a class="header-nav-link" href="/blog" data-ga-click="(Logged out) Header, go to blog, text:blog">Blog</a>
</li>
</ul>
</div>
</div>
<div id="start-of-content" class="accessibility-aid"></div>
<div class="site" itemscope itemtype="http://schema.org/WebPage">
<div id="js-flash-container">
</div>
<div class="pagehead repohead instapaper_ignore readability-menu">
<div class="container">
<ul class="pagehead-actions">
<li>
<a href="/login?return_to=%2Fjeffbryner%2Fpyioc"
class="minibutton with-count star-button tooltipped tooltipped-n"
aria-label="You must be signed in to star a repository" rel="nofollow">
<span class="octicon octicon-star"></span>
Star
</a>
<a class="social-count js-social-count" href="/jeffbryner/pyioc/stargazers">
52
</a>
</li>
<li>
<a href="/login?return_to=%2Fjeffbryner%2Fpyioc"
class="minibutton with-count js-toggler-target fork-button tooltipped tooltipped-n"
aria-label="You must be signed in to fork a repository" rel="nofollow">
<span class="octicon octicon-repo-forked"></span>
Fork
</a>
<a href="/jeffbryner/pyioc/network" class="social-count">
6
</a>
</li>
</ul>
<h1 itemscope itemtype="http://data-vocabulary.org/Breadcrumb" class="entry-title public">
<span class="mega-octicon octicon-repo"></span>
<span class="author"><a href="/jeffbryner" class="url fn" itemprop="url" rel="author"><span itemprop="title">jeffbryner</span></a></span><!--
--><span class="path-divider">/</span><!--
--><strong><a href="/jeffbryner/pyioc" class="js-current-repository js-repo-home-link">pyioc</a></strong>
<span class="page-context-loader">
<img alt="" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</span>
</h1>
</div><!-- /.container -->
</div><!-- /.repohead -->
<div class="container">
<div class="repository-with-sidebar repo-container new-discussion-timeline with-full-navigation ">
<div class="repository-sidebar clearfix">
<div class="sunken-menu vertical-right repo-nav js-repo-nav js-repository-container-pjax js-octicon-loaders" data-issue-count-url="/jeffbryner/pyioc/issues/counts">
<div class="sunken-menu-contents">
<ul class="sunken-menu-group">
<li class="tooltipped tooltipped-w" aria-label="Code">
<a href="/jeffbryner/pyioc" aria-label="Code" class="selected js-selected-navigation-item sunken-menu-item" data-hotkey="g c" data-pjax="true" data-selected-links="repo_source repo_downloads repo_commits repo_releases repo_tags repo_branches /jeffbryner/pyioc">
<span class="octicon octicon-code"></span> <span class="full-word">Code</span>
<img alt="" class="mini-loader" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</a> </li>
<li class="tooltipped tooltipped-w" aria-label="Issues">
<a href="/jeffbryner/pyioc/issues" aria-label="Issues" class="js-selected-navigation-item sunken-menu-item js-disable-pjax" data-hotkey="g i" data-selected-links="repo_issues repo_labels repo_milestones /jeffbryner/pyioc/issues">
<span class="octicon octicon-issue-opened"></span> <span class="full-word">Issues</span>
<span class="js-issue-replace-counter"></span>
<img alt="" class="mini-loader" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</a> </li>
<li class="tooltipped tooltipped-w" aria-label="Pull Requests">
<a href="/jeffbryner/pyioc/pulls" aria-label="Pull Requests" class="js-selected-navigation-item sunken-menu-item js-disable-pjax" data-hotkey="g p" data-selected-links="repo_pulls /jeffbryner/pyioc/pulls">
<span class="octicon octicon-git-pull-request"></span> <span class="full-word">Pull Requests</span>
<span class="js-pull-replace-counter"></span>
<img alt="" class="mini-loader" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</a> </li>
</ul>
<div class="sunken-menu-separator"></div>
<ul class="sunken-menu-group">
<li class="tooltipped tooltipped-w" aria-label="Pulse">
<a href="/jeffbryner/pyioc/pulse/weekly" aria-label="Pulse" class="js-selected-navigation-item sunken-menu-item" data-pjax="true" data-selected-links="pulse /jeffbryner/pyioc/pulse/weekly">
<span class="octicon octicon-pulse"></span> <span class="full-word">Pulse</span>
<img alt="" class="mini-loader" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</a> </li>
<li class="tooltipped tooltipped-w" aria-label="Graphs">
<a href="/jeffbryner/pyioc/graphs" aria-label="Graphs" class="js-selected-navigation-item sunken-menu-item" data-pjax="true" data-selected-links="repo_graphs repo_contributors /jeffbryner/pyioc/graphs">
<span class="octicon octicon-graph"></span> <span class="full-word">Graphs</span>
<img alt="" class="mini-loader" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</a> </li>
</ul>
</div>
</div>
<div class="only-with-full-nav">
<div class="clone-url open"
data-protocol-type="http"
data-url="/users/set_protocol?protocol_selector=http&amp;protocol_type=clone">
<h3><span class="text-emphasized">HTTPS</span> clone URL</h3>
<div class="input-group">
<input type="text" class="input-mini input-monospace js-url-field"
value="https://github.com/jeffbryner/pyioc.git" readonly="readonly">
<span class="input-group-button">
<button aria-label="Copy to clipboard" class="js-zeroclipboard minibutton zeroclipboard-button" data-clipboard-text="https://github.com/jeffbryner/pyioc.git" data-copied-hint="Copied!" type="button"><span class="octicon octicon-clippy"></span></button>
</span>
</div>
</div>
<div class="clone-url "
data-protocol-type="subversion"
data-url="/users/set_protocol?protocol_selector=subversion&amp;protocol_type=clone">
<h3><span class="text-emphasized">Subversion</span> checkout URL</h3>
<div class="input-group">
<input type="text" class="input-mini input-monospace js-url-field"
value="https://github.com/jeffbryner/pyioc" readonly="readonly">
<span class="input-group-button">
<button aria-label="Copy to clipboard" class="js-zeroclipboard minibutton zeroclipboard-button" data-clipboard-text="https://github.com/jeffbryner/pyioc" data-copied-hint="Copied!" type="button"><span class="octicon octicon-clippy"></span></button>
</span>
</div>
</div>
<p class="clone-options">You can clone with
<a href="#" class="js-clone-selector" data-protocol="http">HTTPS</a>
or <a href="#" class="js-clone-selector" data-protocol="subversion">Subversion</a>.
<a href="https://help.github.com/articles/which-remote-url-should-i-use" class="help tooltipped tooltipped-n" aria-label="Get help on which URL is right for you.">
<span class="octicon octicon-question"></span>
</a>
</p>
<a href="/jeffbryner/pyioc/archive/master.zip"
class="minibutton sidebar-button"
aria-label="Download the contents of jeffbryner/pyioc as a zip file"
title="Download the contents of jeffbryner/pyioc as a zip file"
rel="nofollow">
<span class="octicon octicon-cloud-download"></span>
Download ZIP
</a>
</div>
</div><!-- /.repository-sidebar -->
<div id="js-repo-pjax-container" class="repository-content context-loader-container" data-pjax-container>
<span id="js-show-full-navigation"></span>
<div class="repository-meta js-details-container ">
<div class="repository-description">
<p>Python tools for IOC (Indicator of Compromise) handling</p>
</div>
</div>
<div class="overall-summary overall-summary-bottomless">
<div class="stats-switcher-viewport js-stats-switcher-viewport">
<div class="stats-switcher-wrapper">
<ul class="numbers-summary">
<li class="commits">
<a data-pjax href="/jeffbryner/pyioc/commits/master">
<span class="octicon octicon-history"></span>
<span class="num text-emphasized">
32
</span>
commits
</a>
</li>
<li>
<a data-pjax href="/jeffbryner/pyioc/branches">
<span class="octicon octicon-git-branch"></span>
<span class="num text-emphasized">
1
</span>
branch
</a>
</li>
<li>
<a data-pjax href="/jeffbryner/pyioc/releases">
<span class="octicon octicon-tag"></span>
<span class="num text-emphasized">
0
</span>
releases
</a>
</li>
<li>
<a href="/jeffbryner/pyioc/graphs/contributors">
<span class="octicon octicon-organization"></span>
<span class="num text-emphasized">
1
</span>
contributor
</a>
</li>
</ul>
<div class="repository-lang-stats">
<ol class="repository-lang-stats-numbers">
<li>
<a href="/jeffbryner/pyioc/search?l=python">
<span class="color-block language-color" style="background-color:#3581ba;"></span>
<span class="lang">Python</span>
<span class="percent">86.7%</span>
</a>
</li>
<li>
<a href="/jeffbryner/pyioc/search?l=bash">
<span class="color-block language-color" style="background-color:#5861ce;"></span>
<span class="lang">Shell</span>
<span class="percent">6.8%</span>
</a>
</li>
<li>
<a href="/jeffbryner/pyioc/search?l=visual-basic">
<span class="color-block language-color" style="background-color:#945db7;"></span>
<span class="lang">Visual Basic</span>
<span class="percent">6.5%</span>
</a>
</li>
</ol>
</div>
</div>
</div>
</div>
<div class="tooltipped tooltipped-s" aria-label="Show language statistics">
<a href="#"
class="repository-lang-stats-graph js-toggle-lang-stats"
style="background-color:#945db7">
<span class="language-color" style="width:86.7%; background-color:#3581ba;" itemprop="keywords">Python</span><span class="language-color" style="width:6.8%; background-color:#5861ce;" itemprop="keywords">Shell</span><span class="language-color" style="width:6.5%; background-color:#945db7;" itemprop="keywords">Visual Basic</span>
</a>
</div>
<div class="file-navigation in-mid-page">
<a href="/jeffbryner/pyioc/find/master"
class="js-show-file-finder minibutton empty-icon tooltipped tooltipped-s right"
data-pjax
data-hotkey="t"
aria-label="Quickly jump between files">
<span class="octicon octicon-list-unordered"></span>
</a>
<a href="/jeffbryner/pyioc/compare" aria-label="Compare, review, create a pull request" class="minibutton primary tooltipped tooltipped-s left compare-button" aria-label="Compare &amp; review" data-pjax>
<span class="octicon octicon-git-compare"></span>
</a>
<div class="select-menu js-menu-container js-select-menu left">
<span class="minibutton select-menu-button js-menu-target css-truncate" data-hotkey="w"
data-master-branch="master"
data-ref="master"
title="master"
role="button" aria-label="Switch branches or tags" tabindex="0" aria-haspopup="true">
<span class="octicon octicon-git-branch"></span>
<i>branch:</i>
<span class="js-select-button css-truncate-target">master</span>
</span>
<div class="select-menu-modal-holder js-menu-content js-navigation-container" data-pjax aria-hidden="true">
<div class="select-menu-modal">
<div class="select-menu-header">
<span class="select-menu-title">Switch branches/tags</span>
<span class="octicon octicon-x js-menu-close" role="button" aria-label="Close"></span>
</div> <!-- /.select-menu-header -->
<div class="select-menu-filters">
<div class="select-menu-text-filter">
<input type="text" aria-label="Filter branches/tags" id="context-commitish-filter-field" class="js-filterable-field js-navigation-enable" placeholder="Filter branches/tags">
</div>
<div class="select-menu-tabs">
<ul>
<li class="select-menu-tab">
<a href="#" data-tab-filter="branches" class="js-select-menu-tab">Branches</a>
</li>
<li class="select-menu-tab">
<a href="#" data-tab-filter="tags" class="js-select-menu-tab">Tags</a>
</li>
</ul>
</div><!-- /.select-menu-tabs -->
</div><!-- /.select-menu-filters -->
<div class="select-menu-list select-menu-tab-bucket js-select-menu-tab-bucket" data-tab-filter="branches">
<div data-filterable-for="context-commitish-filter-field" data-filterable-type="substring">
<div class="select-menu-item js-navigation-item selected">
<span class="select-menu-item-icon octicon octicon-check"></span>
<a href="/jeffbryner/pyioc/tree/master"
data-name="master"
data-skip-pjax="true"
rel="nofollow"
class="js-navigation-open select-menu-item-text css-truncate-target"
title="master">master</a>
</div> <!-- /.select-menu-item -->
</div>
<div class="select-menu-no-results">Nothing to show</div>
</div> <!-- /.select-menu-list -->
<div class="select-menu-list select-menu-tab-bucket js-select-menu-tab-bucket" data-tab-filter="tags">
<div data-filterable-for="context-commitish-filter-field" data-filterable-type="substring">
</div>
<div class="select-menu-no-results">Nothing to show</div>
</div> <!-- /.select-menu-list -->
</div> <!-- /.select-menu-modal -->
</div> <!-- /.select-menu-modal-holder -->
</div> <!-- /.select-menu -->
<div class="breadcrumb"><span class='repo-root js-repo-root'><span itemscope="" itemtype="http://data-vocabulary.org/Breadcrumb"><a href="/jeffbryner/pyioc" class="" data-branch="master" data-direction="back" data-pjax="true" itemscope="url"><span itemprop="title">pyioc</span></a></span></span><span class="separator"> / </span><form action="/login?return_to=%2Fjeffbryner%2Fpyioc" aria-label="Sign in to make or propose changes" class="js-new-blob-form tooltipped tooltipped-e new-file-link" method="post"><span aria-label="Sign in to make or propose changes" class="js-new-blob-submit octicon octicon-plus" data-test-id="create-new-git-file" role="button"></span></form></div>
</div>
<div class="commit commit-tease js-details-container" >
<p class="commit-title ">
<a href="/jeffbryner/pyioc/commit/6310f9f5fcf6aa0e20767b30e3a084dbe6b9cd32" class="message" data-pjax="true" title="Merge branch &#39;master&#39; of github.com:jeffbryner/pyioc">Merge branch 'master' of github.com:jeffbryner/pyioc</a>
</p>
<div class="commit-meta">
<button aria-label="Copy SHA" class="js-zeroclipboard zeroclipboard-link" data-clipboard-text="6310f9f5fcf6aa0e20767b30e3a084dbe6b9cd32" data-copied-hint="Copied!" type="button"><span class="octicon octicon-clippy"></span></button>
<a href="/jeffbryner/pyioc/commit/6310f9f5fcf6aa0e20767b30e3a084dbe6b9cd32" class="sha-block" data-pjax>latest commit <span class="sha">6310f9f5fc</span></a>
<div class="authorship">
<img alt="Jeff Bryner" class="avatar" data-user="566889" height="20" src="https://avatars0.githubusercontent.com/u/566889?v=2&amp;s=40" width="20" />
<span class="author-name"><a href="/jeffbryner" rel="author">jeffbryner</a></span>
authored <time class="updated" datetime="2013-04-22T16:34:51-07:00" is="relative-time">April 22, 2013</time>
</div>
</div>
</div>
<div class="file-wrap">
<table class="files" data-pjax>
<tbody class=""
data-url="/jeffbryner/pyioc/file-list/master"
data-deferred-content-error="Failed to load latest commit information.">
<tr>
<td class="icon">
<span class="octicon octicon-file-directory"></span>
<img alt="" class="spinner" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</td>
<td class="content">
<span class="css-truncate css-truncate-target"><a href="/jeffbryner/pyioc/tree/master/builds" class="js-directory-link" id="cd255022df04facc108ae4d30a05e7bb-5f2b524da8495e9fb04cc5f5c3d4913e9e147e02" title="builds">builds</a></span>
</td>
<td class="message">
<span class="css-truncate css-truncate-target ">
<a href="/jeffbryner/pyioc/commit/01a7d78c9ce4683477b51abd32c671ad0ec9acc8" class="message" data-pjax="true" title="build update for linux64">build update for linux64</a>
</span>
</td>
<td class="age">
<span class="css-truncate css-truncate-target"><time datetime="2013-02-28T02:12:04Z" is="time-ago">February 27, 2013</time></span>
</td>
</tr>
<tr>
<td class="icon">
<span class="octicon octicon-file-directory"></span>
<img alt="" class="spinner" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</td>
<td class="content">
<span class="css-truncate css-truncate-target"><a href="/jeffbryner/pyioc/tree/master/client" class="js-directory-link" id="62608e08adc29a8d6dbc9754e659f125-905abc95832ff07dac15ec999b940d8f360d64cc" title="client">client</a></span>
</td>
<td class="message">
<span class="css-truncate css-truncate-target ">
<a href="/jeffbryner/pyioc/commit/74a910f06eba5279325a787922d184e5a01b2140" class="message" data-pjax="true" title="fixes for python string handling of trailing slashes">fixes for python string handling of trailing slashes</a>
</span>
</td>
<td class="age">
<span class="css-truncate css-truncate-target"><time datetime="2013-02-27T22:46:03Z" is="time-ago">February 27, 2013</time></span>
</td>
</tr>
<tr>
<td class="icon">
<span class="octicon octicon-file-directory"></span>
<img alt="" class="spinner" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</td>
<td class="content">
<span class="css-truncate css-truncate-target"><a href="/jeffbryner/pyioc/tree/master/docs" class="js-directory-link" id="e3e2a9bfd88566b05001b02a3f51d286-72ad3e07a11fb1dc1042356f2b5daa5856d2b053" title="docs">docs</a></span>
</td>
<td class="message">
<span class="css-truncate css-truncate-target ">
<a href="/jeffbryner/pyioc/commit/6d9da62afc5094e9d7d491c02dd5b143cc7c8136" class="message" data-pjax="true" title="APT1 support for pefile IOCs">APT1 support for pefile IOCs</a>
</span>
</td>
<td class="age">
<span class="css-truncate css-truncate-target"><time datetime="2013-02-21T22:25:49Z" is="time-ago">February 21, 2013</time></span>
</td>
</tr>
<tr>
<td class="icon">
<span class="octicon octicon-file-directory"></span>
<img alt="" class="spinner" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</td>
<td class="content">
<span class="css-truncate css-truncate-target"><a href="/jeffbryner/pyioc/tree/master/server" class="js-directory-link" id="cf1e8c14e54505f60aa10ceb8d5d8ab3-b07794e4589a72117954280754bb971cbd4fc4c9" title="server">server</a></span>
</td>
<td class="message">
<span class="css-truncate css-truncate-target ">
<a href="/jeffbryner/pyioc/commit/eb50905a81f7bb33d49d1fa32075bac648bb20bb" class="message" data-pjax="true" title="more (&gt;0) error checking for sane start up and command line options.">more (&gt;0) error checking for sane start up and command line options.</a>
</span>
</td>
<td class="age">
<span class="css-truncate css-truncate-target"><time datetime="2012-10-05T17:07:23Z" is="time-ago">October 05, 2012</time></span>
</td>
</tr>
<tr>
<td class="icon">
<span class="octicon octicon-file-directory"></span>
<img alt="" class="spinner" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</td>
<td class="content">
<span class="css-truncate css-truncate-target"><a href="/jeffbryner/pyioc/tree/master/utils" class="js-directory-link" id="2b3583e6e17721c54496bd04e57a0c15-979d51ebd21eb008534327412e114578f68f0ef7" title="utils">utils</a></span>
</td>
<td class="message">
<span class="css-truncate css-truncate-target ">
<a href="/jeffbryner/pyioc/commit/6310f9f5fcf6aa0e20767b30e3a084dbe6b9cd32" class="message" data-pjax="true" title="Merge branch &#39;master&#39; of github.com:jeffbryner/pyioc">Merge branch 'master' of github.com:jeffbryner/pyioc</a>
</span>
</td>
<td class="age">
<span class="css-truncate css-truncate-target"><time datetime="2013-04-22T23:34:51Z" is="time-ago">April 22, 2013</time></span>
</td>
</tr>
<tr>
<td class="icon">
<span class="octicon octicon-file-text"></span>
<img alt="" class="spinner" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</td>
<td class="content">
<span class="css-truncate css-truncate-target"><a href="/jeffbryner/pyioc/blob/master/COPYING" class="js-directory-link" id="7116ef0705885343c9e1b2171a06be0e-2babeeb0dee95a0941edabdb578535d1c2b9abd2" title="COPYING">COPYING</a></span>
</td>
<td class="message">
<span class="css-truncate css-truncate-target ">
<a href="/jeffbryner/pyioc/commit/fe6d3297513fa6c4f47c655da5c93be86633713e" class="message" data-pjax="true" title="Add license">Add license</a>
</span>
</td>
<td class="age">
<span class="css-truncate css-truncate-target"><time datetime="2012-10-05T22:12:05Z" is="time-ago">October 05, 2012</time></span>
</td>
</tr>
<tr>
<td class="icon">
<span class="octicon octicon-file-text"></span>
<img alt="" class="spinner" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
</td>
<td class="content">
<span class="css-truncate css-truncate-target"><a href="/jeffbryner/pyioc/blob/master/README" class="js-directory-link" id="c47c7c7383225ab55ff591cb59c41e6b-0be2ba9d561513387caf5b3aa66ce3145bad9745" title="README">README</a></span>
</td>
<td class="message">
<span class="css-truncate css-truncate-target ">
<a href="/jeffbryner/pyioc/commit/05224f978de7c52080afad4658b3d882848393bb" class="message" data-pjax="true" title="Prereq update">Prereq update</a>
</span>
</td>
<td class="age">
<span class="css-truncate css-truncate-target"><time datetime="2013-02-22T16:34:52Z" is="time-ago">February 22, 2013</time></span>
</td>
</tr>
</tbody>
</table>
</div>
<div id="readme" class="boxed-group flush clearfix announce instapaper_body ">
<h3>
<span class="octicon octicon-book"></span>
README
</h3>
<div class="plain"><pre>pyioc is a set of tools to handle IOC files (openioc.org).
Some simple utilities for parsing IOC files:
iocdump.py: spit out the indicator items being referenced
iocwalk.py: parse the boolean logic behind the IOC and the items referenced.
pyiocClient:
A client for linux/windows that handles basic searches for Files,
processes, registry items and ports. It compiles to native linux/windows
32 or 64bit code via pyinstaller and can therefore be run with no python
interpreter on the client system.
pyiocServer:
The server-side compliment to the client. It dishes out .ioc files to
clients that call in via SOAP over SSL and logs the results of the
client checks.
IOCs can be tailored by a simple directory structure corresponding to
the net CIDR mask of the client system.
i.e.
iocs/172.21-16/firefox.ioc
will issue the firefox.ioc to any system inthe 172.21.0.0/16 ip range
when the client is run.
Python library prereqs
python 2.7
Client:
SOAPpy
M2Crypto
psutil
lxml v2.3.2 ( pip install lxml==2.3.2 )
regobj
pefile
python-magic
python-dateutil
Server:
SOAPpy
M2Crypto
netaddr
If you're on linux you can get the libs through your favorite package manager
or via pip.
On windows x64, pip or through the following sources:
win64
python2.7 <a href="http://python.org/download/">http://python.org/download/</a>
psutil: exe <a href="http://www.lfd.uci.edu/~gohlke/pythonlibs/">http://www.lfd.uci.edu/~gohlke/pythonlibs/</a>
lxml : .exe <a href="http://www.lfd.uci.edu/~gohlke/pythonlibs/">http://www.lfd.uci.edu/~gohlke/pythonlibs/</a>
m2crypto: exe <a href="http://chandlerproject.org/Projects/MeTooCrypto#Contributed%20Builds">http://chandlerproject.org/Projects/MeTooCrypto#Contributed%20Builds</a>
soappy: pip install soappy
pywin32: exe <a href="http://sourceforge.net/projects/pywin32/files/pywin32/Build%20217/">http://sourceforge.net/projects/pywin32/files/pywin32/Build%20217/</a>
pyinstaller: <a href="http://www.pyinstaller.org/">http://www.pyinstaller.org/</a>
Native builds for various platforms can be found in the builds directory.
Notes on Setup for the server:
It expects several subdirectories to exist:
./certs
./confs
./iocs
./certs should contain at least:
ca.crt
pyiocserver.pem
pyiocserver.key
which you can create using the simpleca.sh script, use the default from github (note the risk that you're using a publically
available 'private' key) or ideally; use your internal CA.
The confs directory is your chance to issue configuration files to pyiocClients in real time.
The iocs directory is where you create netblocks (./iocs/172.21-16 for example) and publish .ioc files you want the clients to
process.
</pre></div>
</div>
</div>
</div><!-- /.repo-container -->
<div class="modal-backdrop"></div>
</div><!-- /.container -->
</div><!-- /.site -->
</div><!-- /.wrapper -->
<div class="container">
<div class="site-footer">
<ul class="site-footer-links right">
<li><a href="https://status.github.com/">Status</a></li>
<li><a href="http://developer.github.com">API</a></li>
<li><a href="http://training.github.com">Training</a></li>
<li><a href="http://shop.github.com">Shop</a></li>
<li><a href="/blog">Blog</a></li>
<li><a href="/about">About</a></li>
</ul>
<a href="/" aria-label="Homepage">
<span class="mega-octicon octicon-mark-github" title="GitHub"></span>
</a>
<ul class="site-footer-links">
<li>&copy; 2014 <span title="0.02869s from github-fe132-cp1-prd.iad.github.net">GitHub</span>, Inc.</li>
<li><a href="/site/terms">Terms</a></li>
<li><a href="/site/privacy">Privacy</a></li>
<li><a href="/security">Security</a></li>
<li><a href="/contact">Contact</a></li>
</ul>
</div><!-- /.site-footer -->
</div><!-- /.container -->
<div class="fullscreen-overlay js-fullscreen-overlay" id="fullscreen_overlay">
<div class="fullscreen-container js-suggester-container">
<div class="textarea-wrap">
<textarea name="fullscreen-contents" id="fullscreen-contents" class="fullscreen-contents js-fullscreen-contents js-suggester-field" placeholder=""></textarea>
</div>
</div>
<div class="fullscreen-sidebar">
<a href="#" class="exit-fullscreen js-exit-fullscreen tooltipped tooltipped-w" aria-label="Exit Zen Mode">
<span class="mega-octicon octicon-screen-normal"></span>
</a>
<a href="#" class="theme-switcher js-theme-switcher tooltipped tooltipped-w"
aria-label="Switch themes">
<span class="octicon octicon-color-mode"></span>
</a>
</div>
</div>
<div id="ajax-error-message" class="flash flash-error">
<span class="octicon octicon-alert"></span>
<a href="#" class="octicon octicon-x flash-close js-ajax-error-dismiss" aria-label="Dismiss error"></a>
Something went wrong with that request. Please try again.
</div>
<script crossorigin="anonymous" src="https://assets-cdn.github.com/assets/frameworks-0c1b00f7935ae85624f5fc5d40d52d60febf92b4.js" type="text/javascript"></script>
<script async="async" crossorigin="anonymous" src="https://assets-cdn.github.com/assets/github-3a1c48ea0f18c0aab4f7dc0d549847d95e0d6da8.js" type="text/javascript"></script>
<script async src="https://www.google-analytics.com/analytics.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink