Persecure : my learning archive

JSON IP Extractor

As a SOC analyst, clients often request certain IPs to be blocked or whitelisted. However, dealing with a large JSON file that contains various information including the necessary IP addresses can be time-consuming. To overcome this challenge, a straightforward Python script can be used to extract IP addresses from the JSON format and export them to a CSV file. The resulting CSV file enables a more efficient and faster way to block or whitelist the IPs, saving valuable time for the SOC analyst.

#!/usr/bin/env python3
import argparse
import re


# Define a regular expression pattern to match an IP address
pattern = r'\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b'

# Parse the command-line arguments
parser = argparse.ArgumentParser(description='Extract IP addresses from a text file.')
parser.add_argument('-o',dest='output_file', metavar='OUTPUT_FILE', default='output.csv')
args = parser.parse_args()

# Prompt the user to enter the input file path
input_file = input('Enter the input file path: ')

# Open the input and output files
with open(input_file, 'r') as f_in, open(args.output_file, 'w') as f_out:
    # Loop through each line in the input file
    for line in f_in:
        # Use the re.search() function to find the first occurrence of the pattern in the line
        match = re.search(pattern, line)

        if match:
            # Write the matched IP address to the output file
            f_out.write(match.group(0) + '\n')

Create a website or blog at WordPress.com