Parsers¶
Common Parser Utilities¶
Collection of input parser utilities to extract IP addresses.
This includes common regex patterns and utilities for extracting IP addresses for resolution.
-
class
libchickadee.parsers.ParserBase(ignore_bogon=True)¶ Base class for parsers, containing common utilities.
-
check_ips(data)¶ Check data for IP addresses. Results stored in
self.ips.- Parameters
data (str) – String to search for IP address content.
- Returns
None
-
static
is_bogon(ip_addr)¶ Identifies whether an IP address is a known BOGON.
- Parameters
ip_addr (str) – Valid IP address to check.
- Returns
Whether or not the IP is a known BOGON address.
- Return type
(bool)
-
static
strip_ipv6(ipv6_addr)¶ Isolate IPv6 Value containing a
%symbol.- Parameters
ipv6_addr (str) – Raw IPv6 IP address to strip.
- Returns
IP address base.
- Return type
(str)
-
-
libchickadee.parsers.run_parser_from_cli(args, parser_obj)¶ Allow a parser to run from the command line, both for testing and increased usability.
Plain Text Parser¶
Parse IP addresses from plain text files. Plain text files include logs, CSVs, JSON, and other formats where ascii strings contain IPv4 or IPv6 addresses.
Also supported reading from gzipped compressed plain text data without needing to first decompress it.
-
class
libchickadee.parsers.plain_text.PlainTextParser(ignore_bogon=True)¶ Class to extract IP addresses from plain text and gzipped plain text files.
-
static
is_gz_file(filepath)¶ Validate whether the input is GZipped.
- Parameters
filepath (str) – File path to test.
- Returns
True if a gzip file signature is identified.
- Return type
(bool)
-
parse_file(file_entry, is_stream=False)¶ Parse contents of the file and extract IP addresses.
Will read from STDIN or path to a file. Stores results in
self.ips.- Parameters
file_entry (str or file_obj) – Path to file for reading.
is_stream (bool) – Whether the input file is a file to open or a file-like object.
- Returns
None
-
static
XLSX File Parser¶
Parse IP addresses from XLSX files. This will extract IP addresses stored as values (not formulas) across all tabs within a spreadsheet.
-
class
libchickadee.parsers.xlsx.XLSXParser(ignore_bogon=True)¶ Class to extract IP addresses from XLSX workbooks.
-
parse_file(file_entry, is_stream=False)¶ Parse xlsx contents. Must be a path to an existing XLSX workbook. Cannot parse from STDIN.
- Parameters
file_entry (str) – Path to workbook to load.
is_stream (bool) – Unused argument, required for implementation. Does not change functionality.
-
Extract IP addresses from EVTX files.
-
class
libchickadee.parsers.evtx.EVTXParser(ignore_bogon=True)¶ Class to expose EVTX record contents for IP address extraction
-
parse_file(file_entry, is_stream=False)¶ Parse EVTX contents. Must be a path to an existing EVTX file. Cannot parse from STDIN.
- Parameters
file_entry (str) – Path to EVTX file to load.
is_stream (bool) – Unused argument, required for implementation. Does not change functionality.
-