Open threatlead opened 8 years ago
The default PDF library was switched to pdfminer because of the parsing better performance. In a head-to-head test it was able to parse considerably more text from a report set than pypdf2, therefore also generating more IOCs.
An option would be to dynamically check the Python version during runtime and accordingly change the default PDF library.
For anyone with issues with pdfminer on python3, consider using pdfminer.six, a fork for compatibility with python3 https://github.com/pdfminer/pdfminer.six
Also, as a totally unrelated side-note (no idea where to put this), you might want to set the re.compile flag to IGNORECASE, so that you can catch cases that are typed in all caps, at parser.py line 133:
ind_regex = re.compile(ind_pattern, flags=re.IGNORECASE)
As far as IGNORECASE
support is concerned, this is handled with #34.
Suggestions: