CIRCL
/
lookyloo
mirror of https://github.com/CIRCL/lookyloo
2
0
Fork 0
Code Issues Releases Wiki Activity

fixing mistakes

pull/907/head
Adrian Maraj 2024-04-08 13:48:08 +02:00 committed by Raphaël Vinot
parent 88db208561
commit 65c855b95b
3 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lookyloo/lookyloo.py
View File

@ -766,14 +766,13 @@ class Lookyloo():
def takedown_filtered(self, hostnode: HostNode) -> dict[str, Any] | None: def takedown_filtered(self, hostnode: HostNode) -> dict[str, Any] | None:
config = configparser.ConfigParser() config = configparser.ConfigParser()
config.optionxform = str config.optionxform = str
config.read('config/domain.ini') config.read('/home/amaraj/Stage/Workshop/domain.ini')
#checking if domain should be ignored #checking if domain should be ignored
domains = config['domain']['ignore'] domains = config['domain']['ignore']
pattern = r"(https?://)?(www\d?\.)?(?P<domain>[\w\.-]+\.\w+)(/\S*)?" pattern = r"(https?://)?(www\d?\.)?(?P<domain>[\w\.-]+\.\w+)(/\S*)?"
match = re.match(pattern, hostnode.name) match = re.match(pattern, hostnode.name)
if match: if match and match.group("domain") in domains:
if match.group("domain") in domains: return None
return None
result = self.takedown_details(hostnode) result = self.takedown_details(hostnode)
#ignoring mails #ignoring mails
final_mails = [] final_mails = []
@ -783,7 +782,7 @@ class Lookyloo():
# ignoring mails # ignoring mails
is_valid = True is_valid = True
for regex in ignorelist: for regex in ignorelist:
if regex.strip() == '': if not regex.strip():
continue continue
match = re.search(regex.strip(), mail) match = re.search(regex.strip(), mail)
if match: if match:
@ -804,11 +803,11 @@ class Lookyloo():
def get_filtered_emails(self, capture_uuid, detailed=False) -> set[str] | dict[str, str]: def get_filtered_emails(self, capture_uuid, detailed=False) -> set[str] | dict[str, str]:
info = self.contacts(capture_uuid) info = self.contacts(capture_uuid)
if detailed: if detailed: #emails in a dict with their hostname as key
final_mails = {} final_mails = {}
for i in info: for i in info:
final_mails[i['hostname']] = i['all_emails'] final_mails[i['hostname']] = i['all_emails']
else: else: #just all emails together
final_mails = set() final_mails = set()
for i in info: for i in info:
for mail in i['all_emails']: for mail in i['all_emails']:
@ -861,11 +860,11 @@ class Lookyloo():
misp_url = occurrences[1] misp_url = occurrences[1]
for element in occurrences[0]: for element in occurrences[0]:
for attribute in occurrences[0][element]: for attribute in occurrences[0][element]:
if isinstance(attribute, datetime): if attribute[0] == cache.url:
now = datetime.now(timezone.utc) now = datetime.now(timezone.utc)
diff = now - attribute diff = now - attribute[1]
if diff.days < 1: # MISP event should not be older than 24hours if diff.days < 1: # MISP event should not be older than 24hours
misp += str(attribute) + ': ' + misp_url + 'events/' + str(element) + '\n' misp += f"\n{attribute[1]:%a %m-%d-%y %I:%M%p(%z %Z)} : {misp_url}events/{element}"
break # some events have more than just one timestamp, we just take the first one break # some events have more than just one timestamp, we just take the first one
msg = EmailMessage() msg = EmailMessage()
msg['From'] = email_config['from'] msg['From'] = email_config['from']
@ -881,7 +880,7 @@ class Lookyloo():
initial_url=initial_url, initial_url=initial_url,
redirects=redirects, redirects=redirects,
comment=comment if comment else '', comment=comment if comment else '',
misp='MISP occurrences from the last 24h: \n' + misp if misp else '', misp=f"MISP occurrences from the last 24h: {misp}" if misp else '',
sender=msg['From'].addresses[0].display_name, sender=msg['From'].addresses[0].display_name,
) )
msg.set_content(body) msg.set_content(body)

8
lookyloo/modules/misp.py
View File

@ -2,12 +2,13 @@
from __future__ import annotations from __future__ import annotations
import datetime
import re import re
from io import BytesIO from io import BytesIO
from collections import defaultdict from collections import defaultdict
from collections.abc import Mapping from collections.abc import Mapping
from typing import Any, TYPE_CHECKING, Iterator from typing import Any, TYPE_CHECKING, Iterator, Literal
import requests import requests
from har2tree import HostNode, URLNode, Har2TreeError from har2tree import HostNode, URLNode, Har2TreeError
@ -270,9 +271,10 @@ class MISP(AbstractModule):
to_return: dict[str, set[str]] = defaultdict(set) to_return: dict[str, set[str]] = defaultdict(set)
# NOTE: We have MISPAttribute in that list # NOTE: We have MISPAttribute in that list
for a in attributes: for a in attributes:
to_return[a.event_id].add(a.value) # type: ignore[union-attr,index]
if time: if time:
to_return[a.event_id].add(a.timestamp) to_return[a.event_id].add((a.value,a.timestamp))
else:
to_return[a.event_id].add(a.value) # type: ignore[union-attr,index]
return to_return return to_return
else: else:
# The request returned an error # The request returned an error

6
website/web/genericapi.py
View File

@ -284,10 +284,10 @@ class TriggerModules(Resource): # type: ignore[misc]
@api.route('/json/<string:tree_uuid>/modules') @api.route('/json/<string:tree_uuid>/modules')
@api.doc(description='Get responses from the 3rd party modules', @api.doc(description='Get responses from the 3rd party modules',
params={'tree_uuid': 'The UUID of the capture'}) params={'capture_uuid': 'The UUID of the capture'})
class ModulesResponse(Resource): # type: ignore[misc] class ModulesResponse(Resource): # type: ignore[misc]
def get(self, tree_uuid: str) -> dict[str, Any]: def get(self, capture_uuid: str) -> dict[str, Any]:
return lookyloo.get_modules_responses(tree_uuid) return lookyloo.get_modules_responses(capture_uuid)
@api.route('/json/hash_info/<h>') @api.route('/json/hash_info/<h>')