cacador - Indicator of compromise (IOC) Extractor.

cacador – Indicator of compromise (IOC) Extractor.

Cacador (Portugese for hunter) is tool for extracting common indicators of compromise from a block of text.

What is Indicator of compromise (IOC):
Indicator of compromise (IOC) — in computer forensics is an artifact observed on a network or in an operating system that with high confidence indicates a computer intrusion.
Typical IOCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers. After IOCs have been identified in a process of incident response and computer forensics, they can be used for early detection of future attack attempts using intrusion detection systems and antivirus software.


Other tools for doing indicator extraction are pretty awesome (like armbues/ioc_parser or sroberts/jager), but what’s nice about cacador is you can compile it and put it in your path and use it for Unix style workflows with pipes and things.

+ Golang 1.8.X or higher