Author: Alayna Ferdarko
Version: 1.0
Date: March 13, 2025
FangShepherd is a lightweight, terminal-based tool for extracting, defanging, and refanging Indicators of Compromise (IOCs). Built with threat analysts and digital forensic investigators in mind, FangShepherd helps sanitize malicious URLs, IPs, emails, and hashes for safe sharing and analysis.
- 🔍 IOC Extraction: URLs, IP addresses, email addresses, MD5, SHA1, SHA256 hashes
- 🦷 Defang/Refang: Safe IOCs for sharing or revert to original form for analysis
- 📄 File I/O Support: Read from and save to text files
- 🎨 CLI Art Banner: Terminal ASCII art for style using
pyfiglet
- Python 3.x
- pyfiglet
pip install pyfigletRun the script via terminal:
python3 FangShepherd.py| Option | Description |
|---|---|
| 1 | Extract IOCs + Defang |
| 2 | Extract IOCs + Refang |
| 3 | Just Defang (line-by-line) |
| 4 | Just Refang (line-by-line) |
- Choose action: e.g.,
1for Extract + Defang - Select input method:
1Paste text2Read from file
- Paste your content or provide a file path
- Processed IOCs are printed to screen
- Optionally save to an output file
| Original | Defanged |
|---|---|
http |
hxxp |
. |
[.] |
@ |
[@] |
Input Text:
http://malicious.com/path
192.168.1.1
user@example.com
d41d8cd98f00b204e9800998ecf8427e
Defanged Output:
hxxp://malicious[.]com/path
192[.]168[.]1[.]1
user[@]example[.]com
d41d8cd98f00b204e9800998ecf8427e
After processing, choose to save results:
Save results to a file? (y/n): y
Enter output file name (e.g., output.txt):
This project is licensed under the MIT License.
© 2025 Alayna Ferdarko. All rights reserved.
This tool is intended for educational and professional use only. While FangShepherd helps reduce the risk of accidental interaction with live IOCs, always handle threat data in a secure and controlled environment.
Contributions, issues, and feature requests are welcome!
Feel free to fork this repo and submit a pull request.
For inquiries or feedback:
📧 alaynavendetta@proton.me