search

fhightower / ioc-finder

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/
GNU Lesser General Public License v3.0
158 stars 42 forks source link

parser ssdeeps error #258

Open FANGOD opened 2 years ago

FANGOD commented 2 years ago

from this url : https://botscout.com/last_caught_cache.htm

2600:114:62:902:769:6957:571:334 | 2600:114:62:902:769:6957:571:334

Maybe is ipv6, but the results type is ssdeeps.

        "ipv6s": [
            "2600:114:62:903:7335:5009:78:9631",
            "2600:114:62:902:769:6957:571:334",
            "20:906:21::22:2:9396:59",
            "2607:90:2776:957:3:391:893:944",
            "2600:114:62:903:5845:9020:1995:910",
            "2600:114:62:903:61:7220:2:81",
            "2806:20:5120:34:9199:81:982:970",
            "2600:114:62:904:6166:57:42:14"
        ],
        "ssdeeps": [
            "6957:571:334",
            "81:982:970",
            "903:5845:9020",
            "62:902:769",
            "90:2776:957",
            "3:391:893",
            "903:7335:5009"
        ]

Maybe it's not clear, please look at the example directly.

Thanks ~

fhightower commented 2 years ago

Thanks for reporting - that definitely looks like inaccurate parsing. I'll take a look at this as part of the 7.x.y work.

fhightower commented 2 years ago

There is a similar issue demonstrated here. If anyone would like to pick up this work, please comment on this issue and I'd be happy to work with you.