ioc_extract 0.4.8

Extract indicators like urls,domains,ip,emails,etc... from a given string
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

use crate::validators::{
    crypto::{self, which_cryptocurrency},
    internet, network, system,
};
use serde::{Deserialize, Serialize};

#[derive(Serialize, Deserialize, Default, Debug, Clone)]
pub struct NewlineResult {
    pub registry_keys: Option<Vec<String>>,
    pub sql: Option<Vec<String>>,
    pub file_paths: Option<Vec<String>>,
}

#[derive(Serialize, Deserialize, Default, Debug, Clone)]
pub struct WhitespaceResult {
    pub urls: Option<Vec<String>>,
    pub domains: Option<Vec<String>>,
    pub emails: Option<Vec<String>>,
    pub ip_address: Option<Vec<String>>,
    pub crypto: Option<Vec<String>>,
    pub regexes: Option<Vec<String>>,
}

pub fn by_newline(s: String) -> NewlineResult {
    let mut registry = vec![];
    let mut sql = vec![];
    let mut file_paths = vec![];

    // check for registry keys & sql queries by breaking only newlines
    for x in s.split('\n').collect::<Vec<&str>>() {
        let x = x.trim();
        if system::is_registry_key(x) {
            registry.push(x.to_string())
        } else if system::is_sql(x) {
            sql.push(x.to_string())
        } else if system::is_file_path(x) {
            file_paths.push(x.to_string())
        }
    }

    NewlineResult {
        registry_keys: if !registry.is_empty() {
            registry.sort();
            registry.dedup();
            Some(registry)
        } else {
            None
        },
        sql: if !sql.is_empty() {
            sql.sort();
            sql.dedup();
            Some(sql)
        } else {
            None
        },
        file_paths: if !file_paths.is_empty() {
            file_paths.sort();
            file_paths.dedup();
            Some(file_paths)
        } else {
            None
        },
    }
}

pub fn by_whitespace(s: String) -> WhitespaceResult {
    let mut urls = vec![];
    let mut domains = vec![];
    let mut emails = vec![];
    let mut ip_address = vec![];
    let mut crypto_address = vec![];
    let mut regexes = vec![];

    // check for the rest by breaking newlines, whitespace, tabs, etc...
    for x in s.split_whitespace().collect::<Vec<&str>>() {
        let x = x.trim();
        if network::is_ipv_any(x) || network::is_ip_cidr_any(x) {
            ip_address.push(x.to_string())
        } else if crypto::is_cryptocurrency_any(x) {
            if let Some(coin) = which_cryptocurrency(x) {
                crypto_address.push(format!("{} - {}", x, coin))
            } else {
                crypto_address.push("".to_string())
            }
        } else if internet::is_domain(x) {
            domains.push(x.to_string())
        } else if let Some(url) = internet::get_url(x) {
            urls.push(url)
        } else if internet::is_email(x, None) {
            emails.push(x.to_string())
        } else if system::is_regex(x) {
            regexes.push(x.to_string())
        }
    }

    WhitespaceResult {
        urls: if !urls.is_empty() {
            urls.sort();
            urls.dedup();
            Some(urls)
        } else {
            None
        },
        domains: if !domains.is_empty() {
            domains.sort();
            domains.dedup();
            Some(domains)
        } else {
            None
        },
        emails: if !emails.is_empty() {
            emails.sort();
            emails.dedup();
            Some(emails)
        } else {
            None
        },
        ip_address: if !ip_address.is_empty() {
            ip_address.sort();
            ip_address.dedup();
            Some(ip_address)
        } else {
            None
        },
        crypto: if !crypto_address.is_empty() {
            crypto_address.sort();
            crypto_address.dedup();
            Some(crypto_address)
        } else {
            None
        },
        regexes: if !regexes.is_empty() {
            regexes.sort();
            regexes.dedup();
            Some(regexes)
        } else {
            None
        },
    }
}