Closed deadbits closed 1 year ago
Go for it. The cli is an afterthought on my end, I only use the library - so if there's anything you want to change to make it fit your workflow better, its fine with me.
One note - the --input
flag used to use the argparse builtins for file handling, which supports -
as stdin, but I had to change to the current lambda because argparse dies when fed binary input. This piece can be fragile moving between Python 2/3 too, because of the unicode/str/bytes differences.
Sounds good. thanks for the input too on potential argparse quirks - good to know ahead of time. I'll play around a bit so nothing breaks and throw in a PR
Personally I very much use the script instead of the library. I end up using little oneliners to act as my directory input currently... if adding the new input gives me too much trouble I might just close this and stick to shell scripting unless I see anyone else who also really wants this. If it's just really for myself I'll deal.
It'd be great to be able to provide a directory path to iocextract and have it iterate over all files, extracting IOC's from each as it goes.
for example, i have a directory of malicious SLK files and I want to quickly dump all the URLs. right now I have to use something like
for i in
ls; do iocextract --extract-urls --input $i; done
passing a dir to --input obviously throws an exception due to the arguments use to
io
:Would you be okay with re-working --input to accept a file as input, stdin as an optional positional argument, and add a
--dir
argument for folders? I can put in a PR if so - or if you have any other suggestions for this use case, that'd be great :D