Welcome to the documentation for the
This documentation is interactive so you can learn and explore the package live.
Basically, this package can fang and defang indicators of compromise (a.k.a observables).
example.com => example[.]com) converts indicators of compromise from their normal form (in which they may become links to malicious content) to a form which cannot accidentally become a link.
example[.]com => example.com) is the opposite process which converts indicators of compromise from a defanged form to the normal, original form.
Check out the tests to see what this package can fang/defang.
Use the Package (LIVE!)¶
Copy this example and paste it in the terminal below to get an idea of what this package does:
import ioc_fanger ioc_fanger.fang("example[.]com hXXp://bad[.]com/phishing[.]php") ioc_fanger.defang("example.com http://bad.com/phishing.php")
If you have any ideas to improve this package, please raise an issue!
Other Helpful Projects¶
If you are working with indicators of compromise (a.k.a. observables), you may find the ioc-finder project helpful. The ioc-finder project parses indicators of compromise from text (using grammars).