Handle extraction from all files in a directory

[deadbits]

It'd be great to be able to provide a directory path to iocextract and have it iterate over all files, extracting IOC's from each as it goes.

for example, i have a directory of malicious SLK files and I want to quickly dump all the URLs. right now I have to use something like for i inls; do iocextract --extract-urls --input $i; done

passing a dir to --input obviously throws an exception due to the arguments use to io:

 File "iocextract.py", line 442, in <lambda>
    parser.add_argument('--input', type=lambda x: io.open(x, 'r', encoding='utf-8', errors='ignore'),
IOError: [Errno 21] Is a directory: '/home/adam/research/malware/campaigns/slk-droppers'

Would you be okay with re-working --input to accept a file as input, stdin as an optional positional argument, and add a --dir argument for folders? I can put in a PR if so - or if you have any other suggestions for this use case, that'd be great :D

[rshipp]

Go for it. The cli is an afterthought on my end, I only use the library - so if there's anything you want to change to make it fit your workflow better, its fine with me.

One note - the --input flag used to use the argparse builtins for file handling, which supports - as stdin, but I had to change to the current lambda because argparse dies when fed binary input. This piece can be fragile moving between Python 2/3 too, because of the unicode/str/bytes differences.

[deadbits]

Sounds good. thanks for the input too on potential argparse quirks - good to know ahead of time. I'll play around a bit so nothing breaks and throw in a PR

Personally I very much use the script instead of the library. I end up using little oneliners to act as my directory input currently... if adding the new input gives me too much trouble I might just close this and stick to shell scripting unless I see anyone else who also really wants this. If it's just really for myself I'll deal.