search

mlsecproject / combine

Tool to gather Threat Intelligence indicators from publicly available sources
https://www.mlsecproject.org/
GNU General Public License v3.0
652 stars 179 forks source link

Better base thresher - greedy regex #79

Closed alexcpsec closed 9 years ago

alexcpsec commented 9 years ago

Create a greedy regex thresher that will be able to parse through most stuff without a lot of finesse.

Finesse can be added later on plugins ;)

krmaxwell commented 9 years ago

Do you basically mean "grab everything that looks like an IP address or domain name"?

alexcpsec commented 9 years ago

That is the general idea. There is an educated way to do this, I think.

I wanted to mimic the functionality of the original harvest.py script, as it is relevant to some of the private feeds I use. Can't really replace it with combine before that it done.

krmaxwell commented 9 years ago

I have some code from another project I should be able to use. Will check in the morning.