Cacador (Portugese for hunter) is tool for extracting common indicators of compromise from a block of text.

The Short Way: Downloading Cacador

The easiest way to get cacador is to download the latest release for your platform . Good? Great.

The Long Way: Compiling Cacador

Install golang

go get github.com/sroberts/cacador

Compile with go build

Running

Run with ./cacador . It accepts text from stdin and writes a JSON blob of IOCs to stdout. For example cat text.txt | ./cacador | import where text is some IOC rich text and import pushes your new IOCs into your threat management system.

Cacador does recognize two command line flags:

-comment="Foo" which makes it possible to leave a note as metadata.

-tags="Foo, bar, baz" which adds tags.

Generating a new release