Awesome

     ____.
    |    |____     ____   ___________
    |    \__  \   / ___\_/ __ \_  __ \
/\__|    |/ __ \_/ /_/  >  ___/|  | \/
\________(____  /\___  / \___  >__|
               \//_____/      \/        Hunting IOCs All Day Every Day

Jager is a tool for pulling useful IOCs (indicators of compromise) out of various input sources (PDFs for now, plane text really soon, webpages eventually) and putting them into an easy to manipulate JSON format. Who doesn't want that?!

Short Comings

First of all there's some stuff Jager doesn't do (or does poorly):

• It doesn't do OCR, so CrowdStrikes annoying "Images only" PDFs don't work terribly well. That's why it's going to have text analysis, so you can OCR by hand and extract IOCs from the text.
• The regex's are fine, but they need some work. We'll see. Regexs are hard, lets go shopping.
• There are lots of things you can't regex, like group names or attribution. You'll have to do some of that by hand.

Use:

To analyze a PDF:

python jager.py -i foo.pdf -o bar.json

To analyze a directory of PDFs:

python jager.py -d ~/foo -o ~/bar

Features for the Future

• New Analysis Modes
  • Webpages
  • Plain Text
• New Indicator Types
  • URLs
  • File Paths
  • Registry Keys (Not super important to me, but they're a thing)
• More Useful Output
  • Write stuff out to a database (like Mongo shudder)
  • Write out to a TrackerSmacker:tm: DB
  • Data enrichment

License

Assuming this is ever released (it may not be) check LICENSE.md for information.

Contributing

See above s/LICENSE/CONTRIBUTING/g.