Skip to content

Add IPv6 address extraction #47

Open
Open
Add IPv6 address extraction#47
Labels
entity-patternsNew entity extraction patternsgood first issueGood for newcomers
@rolandpg

Description

@rolandpg
rolandpg
opened on Apr 15, 2026

Summary

Add IPv6 address extraction to the entity extractor.

Context

The entity extractor handles IPv4 but not IPv6 addresses. CTI reports increasingly reference IPv6 IOCs (e.g., C2 servers, infrastructure).

  • File to edit: src/zettelforge/entity_indexer.py
  • Tests: tests/test_basic.py::TestEntityExtractor

Acceptance Criteria

  • Add ipv6 to REGEX_PATTERNS in entity_indexer.py
  • Pattern matches standard IPv6 formats: full (2001:0db8:85a3::8a2e:0370:7334), compressed (::1, fe80::1), and mixed (::ffff:192.168.1.1)
  • Add ipv6 to ENTITY_TYPES
  • Does NOT false-positive on SHA-256 hashes (hex strings with colons in other contexts)
  • At least 4 test cases:
    • Full IPv6: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
    • Compressed: fe80::1
    • Loopback: ::1
    • No false positive on hash: a1b2c3d4e5f6... should not match
  • All existing tests pass: pytest tests/test_basic.py -v

Example Input/Output

ext = EntityExtractor()
result = ext.extract_all("C2 server at 2001:db8::1 was observed")
assert "2001:db8::1" in result["ipv6"]

Metadata

Metadata

Assignees

No one assigned

    Labels

    entity-patternsNew entity extraction patternsgood first issueGood for newcomers

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions