Subdomains and IPs in URLs are not always parsed correctly

[JayFields]

Given defanged URLs with an IP address or a subdomain such as:

hXXps://192.168.149[.]100/api/info hXXps://subdomain.example[.]com/some/path

The GENERIC_URL_RE regex returns the correct results. However, since they are also parsed with the BRACKET_URL_RE regex additional invalid results are also returned:

http://149.100/api/info http://example.com/some/path

A simple change seems to fix the problem--assuming I'm not missing some false positive scenario.

diff --git a/iocextract.py b/iocextract.py
index 8fdb374..dcd25dd 100644
--- a/iocextract.py
+++ b/iocextract.py
@@ -66,7 +66,7 @@ GENERIC_URL_RE = re.compile(r"""
 BRACKET_URL_RE = re.compile(r"""
         \b
         (
-            [\:\/\\\w\[\]\(\)-]+
+            [\.\:\/\\\w\[\]\(\)-]+
             (?:
                 \x20?
                 [\(\[]

[rshipp]

Interesting, thanks for the issue and suggested fix! I'll dig into this a little and see if I can get a new version pushed out to fix this and #27 on Friday.

[rshipp]

Alright I wrote some tests for this and your change looks perfect. I'll get it shipped tomorrow. :+1:

[JayFields]

Great, thanks!

[rshipp]

Pushed to PyPI as v1.13.0. Thanks again for the fix.