MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

new: URLObject (requires pyfaup)

pull/511/head
Raphaël Vinot 2019-12-04 15:18:27 +01:00
parent 99d015a0d1
commit c03b26a18c
3 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pymisp/tools/__init__.py
View File

@ -22,3 +22,8 @@ if sys.version_info >= (3, 6):
from .csvloader import CSVLoader # noqa from .csvloader import CSVLoader # noqa
from .sshauthkeyobject import SSHAuthorizedKeysObject # noqa from .sshauthkeyobject import SSHAuthorizedKeysObject # noqa
from .feed import feed_meta_generator # noqa from .feed import feed_meta_generator # noqa
try:
from .urlobject import URLObject # noqa
except ImportError:
# Requires faup, which is a bit difficult to install
pass

13
pymisp/tools/emailobject.py
View File

@ -50,17 +50,30 @@ class EMailObject(AbstractMISPObjectGenerator):
if 'Message-ID' in self.__email: if 'Message-ID' in self.__email:
self.add_attribute('message-id', value=self.__email['Message-ID']) self.add_attribute('message-id', value=self.__email['Message-ID'])
if 'To' in self.__email: if 'To' in self.__email:
# TODO: split name and email address
to_add = [to.strip() for to in self.__email['To'].split(',')] to_add = [to.strip() for to in self.__email['To'].split(',')]
self.add_attributes('to', *to_add) self.add_attributes('to', *to_add)
if 'Cc' in self.__email: if 'Cc' in self.__email:
# TODO: split name and email address
to_add = [to.strip() for to in self.__email['Cc'].split(',')] to_add = [to.strip() for to in self.__email['Cc'].split(',')]
self.add_attributes('cc', *to_add) self.add_attributes('cc', *to_add)
if 'Subject' in self.__email: if 'Subject' in self.__email:
self.add_attribute('subject', value=self.__email['Subject']) self.add_attribute('subject', value=self.__email['Subject'])
if 'From' in self.__email: if 'From' in self.__email:
# TODO: split name and email address
to_add = [to.strip() for to in self.__email['From'].split(',')] to_add = [to.strip() for to in self.__email['From'].split(',')]
self.add_attributes('from', *to_add) self.add_attributes('from', *to_add)
if 'Return-Path' in self.__email: if 'Return-Path' in self.__email:
# TODO: split name and email address
self.add_attribute('return-path', value=self.__email['Return-Path']) self.add_attribute('return-path', value=self.__email['Return-Path'])
if 'User-Agent' in self.__email: if 'User-Agent' in self.__email:
self.add_attribute('user-agent', value=self.__email['User-Agent']) self.add_attribute('user-agent', value=self.__email['User-Agent'])
if self.__email.get_boundary():
self.add_attribute('mime-boundary', value=self.__email.get_boundary())
if 'X-Mailer' in self.__email:
self.add_attribute('x-mailer', value=self.__email['X-Mailer'])
if 'Thread-Index' in self.__email:
self.add_attribute('thread-index', value=self.__email['Thread-Index'])
# TODO: email-header: all headers in one bloc
# TODO: BCC?
# TODO: received headers sometimes have TO email addresses

28
pymisp/tools/urlobject.py Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .abstractgenerator import AbstractMISPObjectGenerator
import logging
from pyfaup.faup import Faup
from urllib.parse import unquote_plus
logger = logging.getLogger('pymisp')
faup = Faup()
class URLObject(AbstractMISPObjectGenerator):
def __init__(self, url, standalone=True, **kwargs):
# PY3 way:
# super().__init__('file')
super(URLObject, self).__init__('url', standalone=standalone, **kwargs)
faup.decode(unquote_plus(url))
self.generate_attributes()
def generate_attributes(self):
self.add_attribute('url', value=faup.url.decode())
if faup.get_host():
self.add_attribute('host', value=faup.get_host())
if faup.get_domain():
self.add_attribute('domain', value=faup.get_domain())