mirror of https://github.com/MISP/PyMISP
Do not fail if pymisp is not installed
parent
44008d1c0c
commit
f06bfd310b
|
@ -1,11 +1,14 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from pymisp import MISPEncode
|
||||
from pymisp.tools import make_binary_objects
|
||||
import argparse
|
||||
import json
|
||||
|
||||
try:
|
||||
from pymisp import MISPEncode
|
||||
from pymisp.tools import make_binary_objects
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
def check():
|
||||
missing_dependencies = {'pydeep': False, 'lief': False, 'magic': False, 'pymisp': False}
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
__version__ = '2.4.77'
|
||||
|
||||
from .exceptions import PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey
|
||||
from .api import PyMISP
|
||||
from .abstract import AbstractMISP, MISPEncode
|
||||
from .mispevent import MISPEvent, MISPAttribute, EncodeUpdate, EncodeFull
|
||||
from .tools import Neo4j
|
||||
from .tools import stix
|
||||
from .tools import MISPObjectGenerator
|
||||
try:
|
||||
from .exceptions import PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey
|
||||
from .api import PyMISP
|
||||
from .abstract import AbstractMISP, MISPEncode
|
||||
from .mispevent import MISPEvent, MISPAttribute, EncodeUpdate, EncodeFull
|
||||
from .tools import Neo4j
|
||||
from .tools import stix
|
||||
from .tools import MISPObjectGenerator
|
||||
except ImportError:
|
||||
pass
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import six # Remove that import when discarding python2 support.
|
||||
import abc
|
||||
import json
|
||||
from json import JSONEncoder
|
||||
import collections
|
||||
|
||||
import six # Remove that import when discarding python2 support.
|
||||
|
||||
class MISPEncode(JSONEncoder):
|
||||
|
||||
|
|
|
@ -0,0 +1,91 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from pymisp.tools import MISPObjectGenerator
|
||||
from io import BytesIO
|
||||
from hashlib import md5, sha1, sha256, sha512
|
||||
import warnings
|
||||
|
||||
|
||||
try:
|
||||
import lief
|
||||
HAS_LIEF = True
|
||||
except ImportError:
|
||||
HAS_LIEF = False
|
||||
|
||||
try:
|
||||
import pydeep
|
||||
HAS_PYDEEP = True
|
||||
except ImportError:
|
||||
HAS_PYDEEP = False
|
||||
|
||||
|
||||
class ELFObject(MISPObjectGenerator):
|
||||
|
||||
def __init__(self, parsed=None, filepath=None, pseudofile=None):
|
||||
if not HAS_PYDEEP:
|
||||
warnings.warn("Please install pydeep: pip install git+https://github.com/kbandla/pydeep.git")
|
||||
if not HAS_LIEF:
|
||||
raise ImportError('Please install lief, documentation here: https://github.com/lief-project/LIEF')
|
||||
if pseudofile:
|
||||
if isinstance(pseudofile, BytesIO):
|
||||
self.elf = lief.ELF.parse(raw=pseudofile.getvalue())
|
||||
elif isinstance(pseudofile, bytes):
|
||||
self.elf = lief.ELF.parse(raw=pseudofile)
|
||||
else:
|
||||
raise Exception('Pseudo file can be BytesIO or bytes got {}'.format(type(pseudofile)))
|
||||
elif filepath:
|
||||
self.elf = lief.ELF.parse(filepath)
|
||||
elif parsed:
|
||||
# Got an already parsed blob
|
||||
if isinstance(parsed, lief.ELF.Binary):
|
||||
self.elf = parsed
|
||||
else:
|
||||
raise Exception('Not a lief.ELF.Binary: {}'.format(type(parsed)))
|
||||
# Python3 way
|
||||
# super().__init__('elf')
|
||||
super(ELFObject, self).__init__('elf')
|
||||
self.generate_attributes()
|
||||
|
||||
def generate_attributes(self):
|
||||
# General information
|
||||
self._create_attribute('type', value=str(self.elf.header.file_type).split('.')[1])
|
||||
self._create_attribute('entrypoint-address', value=self.elf.entrypoint)
|
||||
self._create_attribute('arch', value=str(self.elf.header.machine_type).split('.')[1])
|
||||
self._create_attribute('os_abi', value=str(self.elf.header.identity_os_abi).split('.')[1])
|
||||
# Sections
|
||||
self.sections = []
|
||||
if self.elf.sections:
|
||||
pos = 0
|
||||
for section in self.elf.sections:
|
||||
s = ELFSectionObject(section)
|
||||
self.add_reference(s.uuid, 'included-in', 'Section {} of ELF'.format(pos))
|
||||
pos += 1
|
||||
self.sections.append(s)
|
||||
self._create_attribute('number-sections', value=len(self.sections))
|
||||
|
||||
|
||||
class ELFSectionObject(MISPObjectGenerator):
|
||||
|
||||
def __init__(self, section):
|
||||
# Python3 way
|
||||
# super().__init__('pe-section')
|
||||
super(ELFSectionObject, self).__init__('elf-section')
|
||||
self.section = section
|
||||
self.data = bytes(self.section.content)
|
||||
self.generate_attributes()
|
||||
|
||||
def generate_attributes(self):
|
||||
self._create_attribute('name', value=self.section.name)
|
||||
self._create_attribute('type', value=str(self.section.type).split('.')[1])
|
||||
print(self.section.flags)
|
||||
# self._create_attribute('flag', value=str(self.section.flags).split('.')[1])
|
||||
size = self._create_attribute('size-in-bytes', value=self.section.size)
|
||||
if int(size.value) > 0:
|
||||
self._create_attribute('entropy', value=self.section.entropy)
|
||||
self._create_attribute('md5', value=md5(self.data).hexdigest())
|
||||
self._create_attribute('sha1', value=sha1(self.data).hexdigest())
|
||||
self._create_attribute('sha256', value=sha256(self.data).hexdigest())
|
||||
self._create_attribute('sha512', value=sha512(self.data).hexdigest())
|
||||
if HAS_PYDEEP:
|
||||
self._create_attribute('ssdeep', value=pydeep.hash_buf(self.data).decode())
|
|
@ -0,0 +1,88 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from pymisp.tools import MISPObjectGenerator
|
||||
from io import BytesIO
|
||||
from hashlib import md5, sha1, sha256, sha512
|
||||
import warnings
|
||||
|
||||
|
||||
try:
|
||||
import lief
|
||||
HAS_LIEF = True
|
||||
except ImportError:
|
||||
HAS_LIEF = False
|
||||
|
||||
try:
|
||||
import pydeep
|
||||
HAS_PYDEEP = True
|
||||
except ImportError:
|
||||
HAS_PYDEEP = False
|
||||
|
||||
|
||||
class MachOObject(MISPObjectGenerator):
|
||||
|
||||
def __init__(self, parsed=None, filepath=None, pseudofile=None):
|
||||
if not HAS_PYDEEP:
|
||||
warnings.warn("Please install pydeep: pip install git+https://github.com/kbandla/pydeep.git")
|
||||
if not HAS_LIEF:
|
||||
raise ImportError('Please install lief, documentation here: https://github.com/lief-project/LIEF')
|
||||
if pseudofile:
|
||||
if isinstance(pseudofile, BytesIO):
|
||||
self.macho = lief.MachO.parse(raw=pseudofile.getvalue())
|
||||
elif isinstance(pseudofile, bytes):
|
||||
self.macho = lief.MachO.parse(raw=pseudofile)
|
||||
else:
|
||||
raise Exception('Pseudo file can be BytesIO or bytes got {}'.format(type(pseudofile)))
|
||||
elif filepath:
|
||||
self.macho = lief.MachO.parse(filepath)
|
||||
elif parsed:
|
||||
# Got an already parsed blob
|
||||
if isinstance(parsed, lief.MachO.Binary):
|
||||
self.macho = parsed
|
||||
else:
|
||||
raise Exception('Not a lief.MachO.Binary: {}'.format(type(parsed)))
|
||||
# Python3 way
|
||||
# super().__init__('elf')
|
||||
super(MachOObject, self).__init__('macho')
|
||||
self.generate_attributes()
|
||||
|
||||
def generate_attributes(self):
|
||||
self._create_attribute('type', value=str(self.macho.header.file_type).split('.')[1])
|
||||
self._create_attribute('name', value=self.macho.name)
|
||||
# General information
|
||||
if self.macho.has_entrypoint:
|
||||
self._create_attribute('entrypoint-address', value=self.macho.entrypoint)
|
||||
# Sections
|
||||
self.sections = []
|
||||
if self.macho.sections:
|
||||
pos = 0
|
||||
for section in self.macho.sections:
|
||||
s = MachOSectionObject(section)
|
||||
self.add_reference(s.uuid, 'included-in', 'Section {} of MachO'.format(pos))
|
||||
pos += 1
|
||||
self.sections.append(s)
|
||||
self._create_attribute('number-sections', value=len(self.sections))
|
||||
|
||||
|
||||
class MachOSectionObject(MISPObjectGenerator):
|
||||
|
||||
def __init__(self, section):
|
||||
# Python3 way
|
||||
# super().__init__('pe-section')
|
||||
super(MachOSectionObject, self).__init__('macho-section')
|
||||
self.section = section
|
||||
self.data = bytes(self.section.content)
|
||||
self.generate_attributes()
|
||||
|
||||
def generate_attributes(self):
|
||||
self._create_attribute('name', value=self.section.name)
|
||||
size = self._create_attribute('size-in-bytes', value=self.section.size)
|
||||
if int(size.value) > 0:
|
||||
self._create_attribute('entropy', value=self.section.entropy)
|
||||
self._create_attribute('md5', value=md5(self.data).hexdigest())
|
||||
self._create_attribute('sha1', value=sha1(self.data).hexdigest())
|
||||
self._create_attribute('sha256', value=sha256(self.data).hexdigest())
|
||||
self._create_attribute('sha512', value=sha512(self.data).hexdigest())
|
||||
if HAS_PYDEEP:
|
||||
self._create_attribute('ssdeep', value=pydeep.hash_buf(self.data).decode())
|
2
setup.py
2
setup.py
|
@ -27,7 +27,7 @@ setup(
|
|||
'Topic :: Internet',
|
||||
],
|
||||
test_suite="tests",
|
||||
install_requires=['requests', 'python-dateutil', 'jsonschema'],
|
||||
install_requires=['six', 'requests', 'python-dateutil', 'jsonschema'],
|
||||
include_package_data=True,
|
||||
package_data={'pymisp': ['data/*.json', 'data/misp-objects/schema_objects.json',
|
||||
'data/misp-objects/schema_relationships.json',
|
||||
|
|
Loading…
Reference in New Issue