mirror of https://github.com/MISP/PyMISP
new: Object generator for ssh authorized_keys files.
parent
f55add5a6d
commit
3b56b218b5
|
@ -0,0 +1,30 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from pymisp import PyMISP
|
||||
from pymisp.tools import SSHAuthorizedKeysObject
|
||||
import traceback
|
||||
from keys import misp_url, misp_key, misp_verifycert
|
||||
import glob
|
||||
import argparse
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = argparse.ArgumentParser(description='Extract indicators out of authorized_keys file.')
|
||||
parser.add_argument("-e", "--event", required=True, help="Event ID to update.")
|
||||
parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
|
||||
args = parser.parse_args()
|
||||
|
||||
pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True)
|
||||
|
||||
for f in glob.glob(args.path):
|
||||
try:
|
||||
auth_keys = SSHAuthorizedKeysObject(f)
|
||||
except Exception:
|
||||
traceback.print_exc()
|
||||
continue
|
||||
|
||||
template_id = pymisp.get_object_template_id(auth_keys.template_uuid)
|
||||
response = pymisp.add_object(args.event, template_id, auth_keys)
|
||||
for ref in auth_keys.ObjectReference:
|
||||
r = pymisp.add_object_reference(ref)
|
|
@ -1 +1 @@
|
|||
Subproject commit b656cc532d1656da8aa12b695fe0322f2d16c0fd
|
||||
Subproject commit 816f38c61ee3d68d1872a107bcca0646668f532e
|
|
@ -20,3 +20,4 @@ if sys.version_info >= (3, 6):
|
|||
from .emailobject import EMailObject # noqa
|
||||
from .vehicleobject import VehicleObject # noqa
|
||||
from .csvloader import CSVLoader # noqa
|
||||
from .sshauthkeyobject import SSHAuthorizedKeysObject # noqa
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from ..exceptions import InvalidMISPObject
|
||||
from .abstractgenerator import AbstractMISPObjectGenerator
|
||||
from io import StringIO
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger('pymisp')
|
||||
|
||||
|
||||
class SSHAuthorizedKeysObject(AbstractMISPObjectGenerator):
|
||||
|
||||
def __init__(self, authorized_keys_path=None, authorized_keys_pseudofile=None, standalone=True, **kwargs):
|
||||
if authorized_keys_path:
|
||||
with open(authorized_keys_path, 'r') as f:
|
||||
self.__pseudofile = StringIO(f.read())
|
||||
elif authorized_keys_pseudofile and isinstance(authorized_keys_pseudofile, StringIO):
|
||||
self.__pseudofile = authorized_keys_path
|
||||
else:
|
||||
raise InvalidMISPObject('File buffer (StringIO) or a path is required.')
|
||||
# PY3 way:
|
||||
# super().__init__('file')
|
||||
super(SSHAuthorizedKeysObject, self).__init__('ssh-authorized-keys', standalone=standalone, **kwargs)
|
||||
self.__data = self.__pseudofile.getvalue()
|
||||
self.generate_attributes()
|
||||
|
||||
def generate_attributes(self):
|
||||
for l in self.__pseudofile:
|
||||
if l.startswith('ssh') or l.startswith('ecdsa'):
|
||||
key = l.split(' ')[1]
|
||||
self.add_attribute('key', key)
|
Loading…
Reference in New Issue