IOC Extractor

Paste logs, threat reports, email bodies or any raw text. Automatically extract and classify indicators of compromise.

All analysis happens locally in your browser. No data is uploaded to our servers.

Input

Drop a .txt / .log / .csv / .json file here or click to browse

Accepted: .txt,.log,.csv,.json

Frequently Asked Questions

What types of IOC does this tool extract?

IPv4, IPv6, domains, URLs, email addresses, MD5/SHA-1/SHA-256 hashes, CVE identifiers and Windows file paths.

Is my data sent anywhere?

No. All extraction runs locally in your browser using JavaScript regex engines. No text is ever transmitted to a server.

What do the enrichment links do?

Each link opens an external lookup service (VirusTotal, AbuseIPDB, etc.) in a new tab with the IOC pre-filled. Clicking a link will share that specific value with the external service.