示例#1
0
    (Optional(Combine('?' + url_query)('url_query'))
     & Optional(Combine('#' + url_fragment)('url_fragment'))))
scheme_less_url = alphanum_word_start + Combine(
    Or([
        Combine(
            url_scheme('url_scheme') + '://' + url_authority('url_authority') +
            Optional(Combine('/' + Optional(url_path)))('url_path')),
        Combine(
            url_authority('url_authority') + Combine('/' + Optional(url_path))
            ('url_path')),
    ]) + (Optional(Combine('?' + url_query)('url_query'))
          & Optional(Combine('#' + url_fragment)('url_fragment'))))

# this allows for matching file hashes preceeded with an 'x' or 'X' (https://github.com/fhightower/ioc-finder/issues/41)
file_hash_word_start = WordStart(
    wordChars=alphanums.replace('x', '').replace('X', ''))
md5 = file_hash_word_start + Word(
    hexnums, exact=32).setParseAction(downcaseTokens) + alphanum_word_end
imphash = Combine(
    Or(['imphash', 'import hash']) +
    Optional(Word(printables, excludeChars=alphanums)) + md5('hash'),
    joinString=' ',
    adjacent=False,
)
sha1 = file_hash_word_start + Word(
    hexnums, exact=40).setParseAction(downcaseTokens) + alphanum_word_end
sha256 = file_hash_word_start + Word(
    hexnums, exact=64).setParseAction(downcaseTokens) + alphanum_word_end
authentihash = Combine(
    Or(['authentihash']) + Optional(Word(printables, excludeChars=alphanums)) +
    sha256('hash'),
示例#2
0
    Or(
        [
            Combine(
                url_scheme('url_scheme')
                + '://'
                + url_authority('url_authority')
                + Optional(Combine('/' + Optional(url_path)))('url_path')
            ),
            Combine(url_authority('url_authority') + Combine('/' + Optional(url_path))('url_path')),
        ]
    )
    + (Optional(Combine('?' + url_query)('url_query')) & Optional(Combine('#' + url_fragment)('url_fragment')))
)

# this allows for matching file hashes preceeded with an 'x' or 'X' (https://github.com/fhightower/ioc-finder/issues/41)
file_hash_word_start = WordStart(wordChars=alphanums.replace('x', '').replace('X', ''))
md5 = file_hash_word_start + Word(hexnums, exact=32).setParseAction(downcaseTokens) + alphanum_word_end
imphash = Combine(Or(['imphash', 'import hash']) + Optional(Word(printables, excludeChars=alphanums)) + md5('hash'), joinString=' ', adjacent=False)
sha1 = file_hash_word_start + Word(hexnums, exact=40).setParseAction(downcaseTokens) + alphanum_word_end
sha256 = file_hash_word_start + Word(hexnums, exact=64).setParseAction(downcaseTokens) + alphanum_word_end
authentihash = Combine(Or(['authentihash']) + Optional(Word(printables, excludeChars=alphanums)) + sha256('hash'), joinString=' ', adjacent=False)
sha512 = file_hash_word_start + Word(hexnums, exact=128).setParseAction(downcaseTokens) + alphanum_word_end

year = Word('12') + Word(nums, exact=3)
cve = (
    alphanum_word_start
    + Combine(
        Or(['cve', 'CVE']).setParseAction(replaceWith('CVE'))
        + Word('- ').setParseAction(replaceWith('-'))
        + year('year')
        + Word('-')