CIRCL
/
lookyloo
mirror of https://github.com/CIRCL/lookyloo
2
0
Fork 0
Code Issues Releases Wiki Activity

fixing mistakes

pull/907/head
Adrian Maraj 2024-04-08 13:48:08 +02:00 committed by Raphaël Vinot
parent 88db208561
commit 65c855b95b
3 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lookyloo/lookyloo.py
View File

@ -766,14 +766,13 @@ class Lookyloo():
def takedown_filtered(self, hostnode: HostNode) -> dict[str, Any] | None:
config = configparser.ConfigParser()
config.optionxform = str
config.read('config/domain.ini')
config.read('/home/amaraj/Stage/Workshop/domain.ini')
#checking if domain should be ignored
domains = config['domain']['ignore']
pattern = r"(https?://)?(www\d?\.)?(?P<domain>[\w\.-]+\.\w+)(/\S*)?"
match = re.match(pattern, hostnode.name)
if match:
if match.group("domain") in domains:
return None
if match and match.group("domain") in domains:
return None
result = self.takedown_details(hostnode)
#ignoring mails
final_mails = []
@ -783,7 +782,7 @@ class Lookyloo():
# ignoring mails
is_valid = True
for regex in ignorelist:
if regex.strip() == '':
if not regex.strip():
continue
match = re.search(regex.strip(), mail)
if match:
@ -804,11 +803,11 @@ class Lookyloo():
def get_filtered_emails(self, capture_uuid, detailed=False) -> set[str] | dict[str, str]:
info = self.contacts(capture_uuid)
if detailed:
if detailed: #emails in a dict with their hostname as key
final_mails = {}
for i in info:
final_mails[i['hostname']] = i['all_emails']
else:
else: #just all emails together
final_mails = set()
for i in info:
for mail in i['all_emails']:
@ -861,11 +860,11 @@ class Lookyloo():
misp_url = occurrences[1]
for element in occurrences[0]:
for attribute in occurrences[0][element]:
if isinstance(attribute, datetime):
if attribute[0] == cache.url:
now = datetime.now(timezone.utc)
diff = now - attribute
diff = now - attribute[1]
if diff.days < 1: # MISP event should not be older than 24hours
misp += str(attribute) + ': ' + misp_url + 'events/' + str(element) + '\n'
misp += f"\n{attribute[1]:%a %m-%d-%y %I:%M%p(%z %Z)} : {misp_url}events/{element}"
break # some events have more than just one timestamp, we just take the first one
msg = EmailMessage()
msg['From'] = email_config['from']
@ -881,7 +880,7 @@ class Lookyloo():
initial_url=initial_url,
redirects=redirects,
comment=comment if comment else '',
misp='MISP occurrences from the last 24h: \n' + misp if misp else '',
misp=f"MISP occurrences from the last 24h: {misp}" if misp else '',
sender=msg['From'].addresses[0].display_name,
)
msg.set_content(body)

8
lookyloo/modules/misp.py
View File

@ -2,12 +2,13 @@
from __future__ import annotations
import datetime
import re
from io import BytesIO
from collections import defaultdict
from collections.abc import Mapping
from typing import Any, TYPE_CHECKING, Iterator
from typing import Any, TYPE_CHECKING, Iterator, Literal
import requests
from har2tree import HostNode, URLNode, Har2TreeError
@ -270,9 +271,10 @@ class MISP(AbstractModule):
to_return: dict[str, set[str]] = defaultdict(set)
# NOTE: We have MISPAttribute in that list
for a in attributes:
to_return[a.event_id].add(a.value) # type: ignore[union-attr,index]
if time:
to_return[a.event_id].add(a.timestamp)
to_return[a.event_id].add((a.value,a.timestamp))
else:
to_return[a.event_id].add(a.value) # type: ignore[union-attr,index]
return to_return
else:
# The request returned an error

6
website/web/genericapi.py
View File

@ -284,10 +284,10 @@ class TriggerModules(Resource): # type: ignore[misc]
@api.route('/json/<string:tree_uuid>/modules')
@api.doc(description='Get responses from the 3rd party modules',
params={'tree_uuid': 'The UUID of the capture'})
params={'capture_uuid': 'The UUID of the capture'})
class ModulesResponse(Resource): # type: ignore[misc]
def get(self, tree_uuid: str) -> dict[str, Any]:
return lookyloo.get_modules_responses(tree_uuid)
def get(self, capture_uuid: str) -> dict[str, Any]:
return lookyloo.get_modules_responses(capture_uuid)
@api.route('/json/hash_info/<h>')