diff --git a/lookyloo/lookyloo.py b/lookyloo/lookyloo.py index f8ae006..c59ef9e 100644 --- a/lookyloo/lookyloo.py +++ b/lookyloo/lookyloo.py @@ -766,14 +766,13 @@ class Lookyloo(): def takedown_filtered(self, hostnode: HostNode) -> dict[str, Any] | None: config = configparser.ConfigParser() config.optionxform = str - config.read('config/domain.ini') + config.read('/home/amaraj/Stage/Workshop/domain.ini') #checking if domain should be ignored domains = config['domain']['ignore'] pattern = r"(https?://)?(www\d?\.)?(?P[\w\.-]+\.\w+)(/\S*)?" match = re.match(pattern, hostnode.name) - if match: - if match.group("domain") in domains: - return None + if match and match.group("domain") in domains: + return None result = self.takedown_details(hostnode) #ignoring mails final_mails = [] @@ -783,7 +782,7 @@ class Lookyloo(): # ignoring mails is_valid = True for regex in ignorelist: - if regex.strip() == '': + if not regex.strip(): continue match = re.search(regex.strip(), mail) if match: @@ -804,11 +803,11 @@ class Lookyloo(): def get_filtered_emails(self, capture_uuid, detailed=False) -> set[str] | dict[str, str]: info = self.contacts(capture_uuid) - if detailed: + if detailed: #emails in a dict with their hostname as key final_mails = {} for i in info: final_mails[i['hostname']] = i['all_emails'] - else: + else: #just all emails together final_mails = set() for i in info: for mail in i['all_emails']: @@ -861,11 +860,11 @@ class Lookyloo(): misp_url = occurrences[1] for element in occurrences[0]: for attribute in occurrences[0][element]: - if isinstance(attribute, datetime): + if attribute[0] == cache.url: now = datetime.now(timezone.utc) - diff = now - attribute + diff = now - attribute[1] if diff.days < 1: # MISP event should not be older than 24hours - misp += str(attribute) + ': ' + misp_url + 'events/' + str(element) + '\n' + misp += f"\n{attribute[1]:%a %m-%d-%y %I:%M%p(%z %Z)} : {misp_url}events/{element}" break # some events have more than just one timestamp, we just take the first one msg = EmailMessage() msg['From'] = email_config['from'] @@ -881,7 +880,7 @@ class Lookyloo(): initial_url=initial_url, redirects=redirects, comment=comment if comment else '', - misp='MISP occurrences from the last 24h: \n' + misp if misp else '', + misp=f"MISP occurrences from the last 24h: {misp}" if misp else '', sender=msg['From'].addresses[0].display_name, ) msg.set_content(body) diff --git a/lookyloo/modules/misp.py b/lookyloo/modules/misp.py index e70ecc3..db2ca85 100644 --- a/lookyloo/modules/misp.py +++ b/lookyloo/modules/misp.py @@ -2,12 +2,13 @@ from __future__ import annotations +import datetime import re from io import BytesIO from collections import defaultdict from collections.abc import Mapping -from typing import Any, TYPE_CHECKING, Iterator +from typing import Any, TYPE_CHECKING, Iterator, Literal import requests from har2tree import HostNode, URLNode, Har2TreeError @@ -270,9 +271,10 @@ class MISP(AbstractModule): to_return: dict[str, set[str]] = defaultdict(set) # NOTE: We have MISPAttribute in that list for a in attributes: - to_return[a.event_id].add(a.value) # type: ignore[union-attr,index] if time: - to_return[a.event_id].add(a.timestamp) + to_return[a.event_id].add((a.value,a.timestamp)) + else: + to_return[a.event_id].add(a.value) # type: ignore[union-attr,index] return to_return else: # The request returned an error diff --git a/website/web/genericapi.py b/website/web/genericapi.py index 5a2dfc4..a4afacf 100644 --- a/website/web/genericapi.py +++ b/website/web/genericapi.py @@ -284,10 +284,10 @@ class TriggerModules(Resource): # type: ignore[misc] @api.route('/json//modules') @api.doc(description='Get responses from the 3rd party modules', - params={'tree_uuid': 'The UUID of the capture'}) + params={'capture_uuid': 'The UUID of the capture'}) class ModulesResponse(Resource): # type: ignore[misc] - def get(self, tree_uuid: str) -> dict[str, Any]: - return lookyloo.get_modules_responses(tree_uuid) + def get(self, capture_uuid: str) -> dict[str, Any]: + return lookyloo.get_modules_responses(capture_uuid) @api.route('/json/hash_info/')