InQuest/iocextract

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/InQuest/iocextract)

InQuest / iocextract

Defanged Indicator of Compromise (IOC) Extractor.

☆567

Alternatives and similar repositories for iocextract

Users that are interested in iocextract are comparing it to the libraries listed below

Sorting:

InQuest / ThreatIngestor
View on GitHub
Extract and aggregate threat intelligence.
☆906Jan 31, 2024Updated 2 years ago
InQuest / ThreatKB
View on GitHub
Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
☆102Jul 10, 2025Updated 7 months ago
fhightower / ioc-finder
View on GitHub
Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security relate…
☆179Nov 16, 2023Updated 2 years ago
sroberts / cacador
View on GitHub
Indicator Extractor
☆141Jul 14, 2018Updated 7 years ago
armbues / ioc_parser
View on GitHub
Tool to extract indicators of compromise from security reports in PDF format
☆439Feb 24, 2023Updated 3 years ago
yeti-platform / yeti
View on GitHub
Your Everyday Threat Intelligence
☆1,951Feb 12, 2026Updated 2 weeks ago
eset / malware-ioc
View on GitHub
Indicators of Compromises (IOC) of our various investigations
☆1,917Feb 20, 2026Updated last week
InQuest / yara-rules
View on GitHub
A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
☆387May 11, 2022Updated 3 years ago
ioc-fang / ioc-fanger
View on GitHub
Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
☆68Oct 2, 2023Updated 2 years ago
sroberts / awesome-iocs
View on GitHub
A collection of sources of indicators of compromise.
☆952May 8, 2025Updated 9 months ago
silascutler / MalPipe
View on GitHub
Malware/IOC ingestion and processing engine
☆109Nov 20, 2018Updated 7 years ago
cmu-sei / cyobstract
View on GitHub
A tool to extract structured cyber information from incident reports.
☆82Aug 30, 2018Updated 7 years ago
Neo23x0 / signature-base
View on GitHub
YARA signature and IOC database for my scanners and tools
☆2,874Feb 5, 2026Updated 3 weeks ago
PUNCH-Cyber / stoq
View on GitHub
An open source framework for enterprise level automated analysis.
☆394Jun 27, 2022Updated 3 years ago
CERT-Polska / mquery
View on GitHub
YARA malware query accelerator (web frontend)
☆437Feb 3, 2026Updated 3 weeks ago
InQuest / awesome-yara
View on GitHub
A curated list of awesome YARA rules, tools, and people.
☆4,146Updated this week
certtools / intelmq
View on GitHub
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
☆1,113Feb 14, 2026Updated 2 weeks ago
ninoseki / iocingestor
View on GitHub
An extendable tool to extract and aggregate IoCs from threat feeds
☆33Feb 6, 2024Updated 2 years ago
drb-ra / C2IntelFeeds
View on GitHub
Automatically created C2 Feeds
☆666Updated this week
Neo23x0 / munin
View on GitHub
Online hash checker for Virustotal and other services
☆846Mar 21, 2025Updated 11 months ago
CyberMonitor / APT_CyberCriminal_Campagin_Collections
View on GitHub
APT & CyberCriminal Campaign Collection
☆4,043Jul 25, 2024Updated last year
OTRF / ThreatHunter-Playbook
View on GitHub
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
☆4,486Jan 12, 2026Updated last month
InQuest / sandboxapi
View on GitHub
Minimal, consistent Python API for building integrations with malware sandboxes.
☆142Jan 31, 2024Updated 2 years ago
NextronSystems / APTSimulator
View on GitHub
A toolset to make a system look as if it was the victim of an APT attack
☆2,715Sep 23, 2025Updated 5 months ago
CIRCL / AIL-framework
View on GitHub
AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
☆1,362Updated this week
PUNCH-Cyber / YaraGuardian
View on GitHub
Django web interface for managing Yara rules
☆196Jul 28, 2018Updated 7 years ago
StrangerealIntel / DailyIOC
View on GitHub
IOC from articles, tweets for archives
☆318Dec 12, 2023Updated 2 years ago
advanced-threat-research / Yara-Rules
View on GitHub
Repository of YARA rules made by Trellix ATR Team
☆625Mar 18, 2025Updated 11 months ago
AlienVault-OTX / yabin
View on GitHub
A Yara rule generator for finding related samples and hunting
☆162Sep 11, 2022Updated 3 years ago
Neo23x0 / yarGen
View on GitHub
yarGen is a generator for YARA rules
☆1,776Jan 10, 2026Updated last month
ciscocsirt / GOSINT
View on GitHub
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).
☆554May 9, 2023Updated 2 years ago
sroberts / jager
View on GitHub
Hunting IOCs all day every day...
☆87Sep 26, 2023Updated 2 years ago
diogo-fernan / malsub
View on GitHub
A Python RESTful API framework for online malware analysis and threat intelligence services.
☆368May 21, 2024Updated last year
dfirtrack / dfirtrack
View on GitHub
DFIRTrack - The Incident Response Tracking Application
☆532Jan 13, 2026Updated last month
reversinglabs / reversinglabs-yara-rules
View on GitHub
ReversingLabs YARA Rules
☆898Nov 3, 2025Updated 3 months ago
DissectMalware / base64_substring
View on GitHub
Generate a Yara rule to find base64-encoded files containg a specific keyword
☆40Jul 13, 2018Updated 7 years ago
ctxis / CAPE
View on GitHub
Malware Configuration And Payload Extraction
☆761Nov 22, 2024Updated last year
Te-k / harpoon
View on GitHub
CLI tool for open source and threat intelligence
☆1,257Feb 27, 2025Updated last year
Neo23x0 / vti-dorks
View on GitHub
Awesome VirusTotal Intelligence Search Queries
☆332May 16, 2023Updated 2 years ago