InQuest/iocextract

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/InQuest/iocextract)

InQuest / iocextract

Defanged Indicator of Compromise (IOC) Extractor.

☆569

Alternatives and similar repositories for iocextract

Users that are interested in iocextract are comparing it to the libraries listed below

Sorting:

InQuest / ThreatIngestor
View on GitHub
Extract and aggregate threat intelligence.
☆908Jan 31, 2024Updated 2 years ago
InQuest / ThreatKB
View on GitHub
Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
☆103Jul 10, 2025Updated 8 months ago
armbues / ioc_parser
View on GitHub
Tool to extract indicators of compromise from security reports in PDF format
☆439Feb 24, 2023Updated 3 years ago
fhightower / ioc-finder
View on GitHub
Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security relate…
☆179Updated this week
sroberts / cacador
View on GitHub
Indicator Extractor
☆141Jul 14, 2018Updated 7 years ago
eset / malware-ioc
View on GitHub
Indicators of Compromises (IOC) of our various investigations
☆1,933Mar 10, 2026Updated last week
yeti-platform / yeti
View on GitHub
Your Everyday Threat Intelligence
☆1,959Updated this week
cmu-sei / cyobstract
View on GitHub
A tool to extract structured cyber information from incident reports.
☆82Aug 30, 2018Updated 7 years ago
ioc-fang / ioc-fanger
View on GitHub
Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
☆68Oct 2, 2023Updated 2 years ago
sroberts / awesome-iocs
View on GitHub
A collection of sources of indicators of compromise.
☆957May 8, 2025Updated 10 months ago
ninoseki / iocingestor
View on GitHub
An extendable tool to extract and aggregate IoCs from threat feeds
☆33Feb 6, 2024Updated 2 years ago
InQuest / yara-rules
View on GitHub
A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
☆388May 11, 2022Updated 3 years ago
sroberts / jager
View on GitHub
Hunting IOCs all day every day...
☆88Sep 26, 2023Updated 2 years ago
ninoseki / ioc-extractor
View on GitHub
An npm package for extracting common IoC (Indicator of Compromise) from a block of text
☆62Mar 14, 2026Updated last week
silascutler / MalPipe
View on GitHub
Malware/IOC ingestion and processing engine
☆109Nov 20, 2018Updated 7 years ago
InQuest / awesome-yara
View on GitHub
A curated list of awesome YARA rules, tools, and people.
☆4,163Updated this week
Neo23x0 / signature-base
View on GitHub
YARA signature and IOC database for my scanners and tools
☆2,884Mar 9, 2026Updated last week
PUNCH-Cyber / stoq
View on GitHub
An open source framework for enterprise level automated analysis.
☆394Jun 27, 2022Updated 3 years ago
InQuest / sandboxapi
View on GitHub
Minimal, consistent Python API for building integrations with malware sandboxes.
☆142Jan 31, 2024Updated 2 years ago
CyberMonitor / APT_CyberCriminal_Campagin_Collections
View on GitHub
APT & CyberCriminal Campaign Collection
☆4,046Jul 25, 2024Updated last year
NextronSystems / APTSimulator
View on GitHub
A toolset to make a system look as if it was the victim of an APT attack
☆2,722Sep 23, 2025Updated 5 months ago
CIRCL / AIL-framework
View on GitHub
AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
☆1,364Updated this week
ciscocsirt / GOSINT
View on GitHub
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).
☆556May 9, 2023Updated 2 years ago
certtools / intelmq
View on GitHub
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
☆1,116Feb 14, 2026Updated last month
StrangerealIntel / DailyIOC
View on GitHub
IOC from articles, tweets for archives
☆318Dec 12, 2023Updated 2 years ago
drb-ra / C2IntelFeeds
View on GitHub
Automatically created C2 Feeds
☆667Updated this week
Neo23x0 / munin
View on GitHub
Online hash checker for Virustotal and other services
☆846Mar 21, 2025Updated last year
Te-k / harpoon
View on GitHub
CLI tool for open source and threat intelligence
☆1,267Feb 27, 2025Updated last year
reversinglabs / reversinglabs-yara-rules
View on GitHub
ReversingLabs YARA Rules
☆900Nov 3, 2025Updated 4 months ago
OTRF / ThreatHunter-Playbook
View on GitHub
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
☆4,501Jan 12, 2026Updated 2 months ago
CERT-Polska / mquery
View on GitHub
YARA malware query accelerator (web frontend)
☆437Feb 3, 2026Updated last month
caschnee / misp-use-cases
View on GitHub
☆14May 30, 2018Updated 7 years ago
PUNCH-Cyber / YaraGuardian
View on GitHub
Django web interface for managing Yara rules
☆196Jul 28, 2018Updated 7 years ago
Neo23x0 / yarGen
View on GitHub
yarGen is a generator for YARA rules
☆1,781Jan 10, 2026Updated 2 months ago
stephenbrannon / IOCextractor
View on GitHub
IOC (Indicator of Compromise) Extractor: a program to help extract IOCs from text files.
☆135Jan 14, 2016Updated 10 years ago
Neo23x0 / vti-dorks
View on GitHub
Awesome VirusTotal Intelligence Search Queries
☆333May 16, 2023Updated 2 years ago
advanced-threat-research / Yara-Rules
View on GitHub
Repository of YARA rules made by Trellix ATR Team
☆627Mar 18, 2025Updated last year
AlienVault-OTX / yabin
View on GitHub
A Yara rule generator for finding related samples and hunting
☆162Sep 11, 2022Updated 3 years ago
StrangerealIntel / CyberThreatIntel
View on GitHub
Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
☆723Dec 26, 2022Updated 3 years ago