2017-11-20 14:57:25 +01:00
|
|
|
#!/usr/bin/env python3.5
|
2016-08-08 09:17:44 +02:00
|
|
|
# -*-coding:UTF-8 -*
|
|
|
|
|
|
|
|
"""
|
|
|
|
The Browse_warning_paste module
|
|
|
|
====================
|
|
|
|
|
|
|
|
This module saved signaled paste (logged as 'warning') in redis for further usage
|
|
|
|
like browsing by category
|
|
|
|
|
|
|
|
Its input comes from other modules, namely:
|
|
|
|
Credential, CreditCard, SQLinjection, CVE, Keys, Mail and Phone
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
import redis
|
|
|
|
import time
|
|
|
|
from datetime import datetime, timedelta
|
|
|
|
from packages import Paste
|
|
|
|
from pubsublogger import publisher
|
|
|
|
from Helper import Process
|
|
|
|
|
2017-11-16 09:52:37 +01:00
|
|
|
from pymisp import PyMISP
|
|
|
|
import ailleakObject
|
2017-11-16 11:18:13 +01:00
|
|
|
import sys
|
|
|
|
sys.path.append('../')
|
|
|
|
from mispKEYS import misp_url, misp_key, misp_verifycert
|
2017-11-16 09:52:37 +01:00
|
|
|
|
2016-08-08 09:17:44 +02:00
|
|
|
if __name__ == "__main__":
|
|
|
|
publisher.port = 6380
|
|
|
|
publisher.channel = "Script"
|
|
|
|
|
2017-11-15 16:15:43 +01:00
|
|
|
config_section = 'alertHandler'
|
2016-08-08 09:17:44 +02:00
|
|
|
|
|
|
|
p = Process(config_section)
|
2017-11-16 09:52:37 +01:00
|
|
|
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
|
2017-11-20 14:57:25 +01:00
|
|
|
print('Connected to MISP:', misp_url)
|
|
|
|
wrapper = ailleakObject.ObjectWrapper(pymisp)
|
2016-08-08 09:17:44 +02:00
|
|
|
|
2017-08-22 17:52:15 +02:00
|
|
|
# port generated automatically depending on the date
|
|
|
|
curYear = datetime.now().year
|
2016-08-08 09:17:44 +02:00
|
|
|
server = redis.StrictRedis(
|
|
|
|
host=p.config.get("Redis_Level_DB", "host"),
|
2017-08-22 17:52:15 +02:00
|
|
|
port=curYear,
|
2016-08-08 09:17:44 +02:00
|
|
|
db=p.config.get("Redis_Level_DB", "db"))
|
|
|
|
|
|
|
|
# FUNCTIONS #
|
|
|
|
publisher.info("Script duplicate started")
|
|
|
|
|
|
|
|
while True:
|
|
|
|
message = p.get_from_set()
|
|
|
|
if message is not None:
|
2017-11-20 14:57:25 +01:00
|
|
|
message = message.decode('utf8') #decode because of pyhton3
|
2016-08-08 09:17:44 +02:00
|
|
|
module_name, p_path = message.split(';')
|
|
|
|
#PST = Paste.Paste(p_path)
|
|
|
|
else:
|
|
|
|
publisher.debug("Script Attribute is idling 10s")
|
|
|
|
time.sleep(10)
|
|
|
|
continue
|
|
|
|
|
2017-11-15 16:15:43 +01:00
|
|
|
# Add in redis for browseWarningPaste
|
2016-08-08 09:17:44 +02:00
|
|
|
# Format in set: WARNING_moduleName -> p_path
|
|
|
|
key = "WARNING_" + module_name
|
|
|
|
server.sadd(key, p_path)
|
|
|
|
|
2017-11-15 16:15:43 +01:00
|
|
|
publisher.info('Saved warning paste {}'.format(p_path))
|
2016-08-08 09:17:44 +02:00
|
|
|
|
2017-11-20 14:57:25 +01:00
|
|
|
# Create MISP AIL-leak object and push it
|
|
|
|
allowed_modules = ['credential']
|
|
|
|
if module_name in allowed_modules:
|
|
|
|
wrapper.add_new_object(module_name, p_path)
|
|
|
|
wrapper.pushToMISP()
|
|
|
|
else:
|
|
|
|
print('not pushing to MISP:', module_name, p_path)
|