DuckIntel / Security Tools
Paste any text and automatically extract IOCs: IP addresses, file hashes (MD5/SHA1/SHA256), domains, emails, CVE IDs, and URLs.
The IOC Bulk Scanner automatically extracts indicators of compromise from any pasted text: IP addresses (IPv4 and IPv6), file hashes (MD5, SHA-1, SHA-256), domain names, URLs, email addresses, and CVE identifiers. Paste a threat report, an email body, a log file, or raw paste dump and get a clean, categorized list of every IOC in seconds.
Indicators of Compromise are the artifacts left behind by threat actors — the IP addresses their malware calls home to, the domains used for phishing, the file hashes of their tools. Extracting these from unstructured text and adding them to detection rules, SIEM queries, and blocklists is a daily task for threat intelligence analysts. The manual process of reading through reports and copying indicators one by one is error-prone and time-consuming.
The tool also computes a composite risk score based on the quantity and types of IOCs found, the presence of URLs with suspicious patterns, and the mix of indicator types. Extracted IOCs can be exported as a plain text list for import into your SIEM or threat intelligence platform, or sent directly to the SIEM Query Builder to auto-generate detection rules.
Related tools
SIEM Query BuilderDuck DecoderOSINT PivotHash Analyzer
Part of DuckIntel.io — 59 free browser-based security tools for SOC analysts. No login. No tracking. 100% client-side.