======= Just another tool to extract IOC's from files. this tool has the capability to extract IOC's from the following sources: pdf documents, urls that contain pdf's, a text file that contains urls, ioc's from emails and rss feeds. it also perform whitelisting in order to prevent false positives. it uses the files whitelist.dat and the alexa top 1m files.
======
usage: iocminion.py [-h] [--rss RSS] [--url_file URL_FILE] [--url URL]
[--pdf PDF] [--email EMAIL EMAIL] [--format {csv,json}]
welcome to iocMinion
optional arguments:
-h, --help show this help message and exit
Formats supported:
--rss RSS process rss url
--url_file URL_FILE process text file with urls
--url URL process url
--pdf PDF process pdf on an url or a pdf on the filesystem. make sure filename doesnt contain spaces
--email EMAIL EMAIL looks for iocs on gmail inbox. username and password are required (username pass)
--format {csv,json} output format
python iocminion.py --url http://blog.malwaremustdie.org/2015/06/mmd-0034-2015-new-elf.htmlpython iocminion.py --pdf http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdfpython iocminion.py --url_file urls.txtpython iocminion.py --url http://blog.malwaremustdie.org/2015/06/mmd-0034-2015-new-elf.html -w outfile.txtpython iocminion.py --email 'username 'password'