[FREE] cwzIPe: IP Address Extraction tool for threat intelligence and malware research

I was performing some research on malicious domains and IP addresses and I noticed that I was spending way too much time on filtering the IP addresses from specific lists or trend reports. So I decided to create a simple but powerful tool which performs a filter on inserted texts.

The program has been crafted for the Windows operating system and it does not take a lot of storage in use. The program is very fast when it comes to finding IP addresses and it is very straight forward.

The program contains an option to provide your own filter and once the program is started, it will loop the fields for IP addresses or other values (advanced mode).

These texts could be full PDF reports or scrambled messages which contain IP addresses. Once the text is inserted in to the program, the program will list the found IP addresses in to another field in the program. This allows you to copy and use the found IP’s directly.

The program is written in C sharp and it has an option available for advanced users which want to try out other regular expressions.

I have been using the regular expression below to find IP’s:


Feel free to play around with the regular expression field, I have implemented a “reset” button which will reset the regular expression field to the default value once pressed.


Once you start the cwzIPe tool, you will see that the box above has been pre-filled with values, this is an example of how you can simply copy and paste information in the box.

Please do note that the IP’s which are shown in the example could be still active! The IP’s in the example are values from the cybercrime-tracker.com project which tracks command and control domains and IP’s.

Screenshot of the cwzIPe tool
Screenshot of the cwzIPe tool

This tool allows you to extract multiple IP addresses from PDF files, log files and much more.

Use this tool for your malware and threat intelligence research.


cwzIPe v1.0

Scan on virustotal: 


Uninstall the cwzIPe tool

When this application is installed on the client machine, a shortcut will be added to the Start Menu, and the application can be uninstalled via Add/Remove Programs.

Share This Message