Quick method to extract Indicators of Compromise (IOCs) from an Threat Intel Report in PDF format. It can output the results to a file or to the console.
git clone https://github.com/dfirsec/pie.git
cd pie
poetry install- rich
- pdfplumber
- requests
poetry shell
python pie.py [-h] [-o] pdf_docpdf_doc: The path to the PDF document to be processed.
-h, --help: show the help message and exit.
-o, --out: Write output to file.
python pie.py Intel_Report.pdf
____ ____ ______
/ __ \ / _/ / ____/
/ /_/ / / / / __/
/ ____/ _/ / / /___
/_/ /___/ /_____/
PDF IOC Extractor
....................
Gathering IOCs...
EMAIL
--------------
waco-leaks@emailinbox.123
xoap1@emailinbox.123
DOMAIN
--------------
emailinbox.123
whoisleaky.com
werearetheleaks.com
URL
--------------
file://123.45.67.89/weirdfile.png
MD5
--------------
01efc52acec2b1986aabe2472401a2cf
3c6b9bde7e06064f56d54bbcdd39b9cf
SHA1
--------------
302fc52acec2b1121aabe2473471a2cf89919ecb
6b699ee60c0o8cb2d9d87c35895a3a24b0937d85
This script is released under the MIT License. See LICENSE.md for more information.