2020-09-16 17:36:37 +02:00
|
|
|
#!/usr/bin/env python
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
2020-09-16 20:58:57 +02:00
|
|
|
from pymisp import PyMISP
|
|
|
|
from pymisp import MISPObject
|
2020-09-16 17:36:37 +02:00
|
|
|
from pymisp.tools import update_objects
|
|
|
|
from keys import misp_url, misp_key, misp_verifycert
|
|
|
|
import argparse
|
|
|
|
import requests
|
|
|
|
import sys
|
|
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
usage: add_github_user.py [-h] -e EVENT [-f] -u USERNAME
|
|
|
|
|
|
|
|
Fetch GitHub user details and add it in object in MISP
|
|
|
|
|
|
|
|
optional arguments:
|
|
|
|
-h, --help show this help message and exit
|
|
|
|
-e EVENT, --event EVENT
|
|
|
|
Event ID to update
|
|
|
|
-f, --force-template-update
|
|
|
|
-u USERNAME, --username USERNAME
|
|
|
|
GitHub username to add
|
|
|
|
"""
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
parser = argparse.ArgumentParser(description='Fetch GitHub user details and add it in object in MISP')
|
|
|
|
parser.add_argument("-e", "--event", required=True, help="Event ID to update")
|
|
|
|
parser.add_argument("-f", "--force-template-update", required=False, action="store_true")
|
|
|
|
parser.add_argument("-u", "--username", required=True, help="GitHub username to add")
|
|
|
|
args = parser.parse_args()
|
|
|
|
|
|
|
|
r = requests.get("https://api.github.com/users/{}".format(args.username))
|
|
|
|
if r.status_code != 200:
|
2020-09-16 20:58:57 +02:00
|
|
|
sys.exit("HTTP return is {} and not 200 as expected".format(r.status_code))
|
2020-09-16 17:36:37 +02:00
|
|
|
if args.force_template_update:
|
2020-09-16 20:58:57 +02:00
|
|
|
print("Updating MISP Object templates...")
|
|
|
|
update_objects()
|
|
|
|
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
|
2020-09-16 17:36:37 +02:00
|
|
|
|
2020-09-16 20:58:57 +02:00
|
|
|
misp_object = MISPObject(name="github-user")
|
|
|
|
github_user = r.json()
|
2020-09-16 17:36:37 +02:00
|
|
|
rfollowers = requests.get(github_user['followers_url'])
|
2020-09-16 20:58:57 +02:00
|
|
|
followers = rfollowers.json()
|
2020-09-16 21:40:34 +02:00
|
|
|
rfollowing = requests.get("https://api.github.com/users/{}/following".format(args.username))
|
|
|
|
followings = rfollowing.json()
|
2020-09-17 10:36:54 +02:00
|
|
|
rkeys = requests.get("https://api.github.com/users/{}/keys".format(args.username))
|
|
|
|
keys = rkeys.json()
|
2020-09-16 21:08:02 +02:00
|
|
|
misp_object.add_attributes("follower", *[follower['login'] for follower in followers])
|
2020-09-16 21:40:34 +02:00
|
|
|
misp_object.add_attributes("following", *[following['login'] for following in followings])
|
2020-09-17 10:36:54 +02:00
|
|
|
misp_object.add_attributes("ssh-public-key", *[sshkey['key'] for sshkey in keys])
|
2020-09-16 20:58:57 +02:00
|
|
|
misp_object.add_attribute('bio', github_user['bio'])
|
|
|
|
misp_object.add_attribute('link', github_user['html_url'])
|
|
|
|
misp_object.add_attribute('user-fullname', github_user['name'])
|
|
|
|
misp_object.add_attribute('username', github_user['login'])
|
2020-09-17 07:40:13 +02:00
|
|
|
misp_object.add_attribute('twitter_username', github_user['twitter_username'])
|
|
|
|
misp_object.add_attribute('location', github_user['location'])
|
|
|
|
misp_object.add_attribute('company', github_user['company'])
|
|
|
|
misp_object.add_attribute('public_gists', github_user['public_gists'])
|
|
|
|
misp_object.add_attribute('public_repos', github_user['public_repos'])
|
|
|
|
misp_object.add_attribute('blog', github_user['blog'])
|
|
|
|
misp_object.add_attribute('node_id', github_user['node_id'])
|
2020-09-16 17:36:37 +02:00
|
|
|
retcode = pymisp.add_object(args.event, misp_object)
|