Raphaël Vinot
c5c1d84bcf
fix: Better warning if lief is outdated.
2021-01-21 11:55:30 +01:00
Raphaël Vinot
76c4f92c17
chg: Use lief 0.11.0, generate authenticode entries
2021-01-19 15:44:58 +01:00
Raphaël Vinot
de6125a623
fix: Do not fail if extract_msg is missing
2021-01-11 14:57:22 +01:00
Raphaël Vinot
fa95c9d84f
fix: Properly decode the body depending on the encoding of the email
...
Fix #671
2021-01-11 14:15:34 +01:00
Raphaël Vinot
c50bbd5d1c
chg: Add controller argument to get_csv script
2021-01-11 11:49:12 +01:00
seamus tuohy
87c02da0d7
Updated emailobject.
...
Email object no longer requires extra php libraries for install.
Tests have been expanded to improve coverage.
RTF encapsulated HTML and Plain Text will now be de-encapsulated.
The raw MSG binary will now be included in the extracted email object.
2020-12-28 13:47:21 -05:00
nighttardis
2a4b215026
adding check if "from" is in the "received" header row
2020-11-30 18:45:53 -06:00
Raphaël Vinot
9046b08a3c
fix: Do not fail on PyMISP import when mail-parser is not present
2020-11-24 14:56:29 +01:00
Raphaël Vinot
71fe62b466
fix: Make mail-parser really optional
2020-11-24 12:18:35 +01:00
Raphaël Vinot
9fed66eb2b
chg: Make mail-parser an optional dependency
2020-11-24 11:17:23 +01:00
Raphaël Vinot
b55370cdad
chg: Improve error handling for Outlook emails
...
Related: #631
2020-11-19 11:38:35 +01:00
Jakub Onderka
9fd3d8a3e3
fix: [emailobject] Correctly parse multiple addresses
2020-10-24 17:24:18 +02:00
Jakub Onderka
055ef16e41
new: Test parsing just email header
2020-10-24 17:24:18 +02:00
Jakub Onderka
5e0ad0a47f
new: Test parsing outlook message format
2020-10-24 17:24:18 +02:00
Jakub Onderka
f598865ce4
new: Refactored emailobject generator
2020-10-24 17:24:17 +02:00
Jakub Onderka
d39d4caf7d
new: Export display name from email
2020-10-24 17:16:16 +02:00
Jakub Onderka
c2fedc3850
new: Parse date from email
2020-10-24 17:16:16 +02:00
garanews
cd785aab09
fix typo
...
fix typo
2020-10-01 13:45:29 +02:00
Raphaël Vinot
18474a2144
chg: Add comments to ELF, PE, and MachO object generators.
2020-09-15 12:39:59 +02:00
Raphaël Vinot
9c48079d88
new: Method to get the new version of the templates
2020-09-10 15:26:34 +02:00
Raphaël Vinot
e3815a41f1
fix: Make flake8 happy
2020-09-09 15:41:42 +02:00
seamus tuohy
07137209e2
Attempt to decode utf-8-sig encoded emails.
...
eml files downloaded from Windows Online security on some Windows 11
systems are automatically encoded in UTF with a byte order mark (BOM)
at the front of the file. This will cause the email parser to fail.
This is a somewhat isolated problem. It only will affects a small
subset of Windows users who download and re-upload eml files. But,
this small subset of users is the target user-base for the MISP
email module: low expertiese users who wish to quickly share
high-value indicators on an ad-hoc basis.
While this fix could be tacked onto the MISP email module instead of
here, I beleive that this fix is more appropriate in the PyMISP object
code. As the "email" object parser this object should be built to
parse all manner of emails that it may encounter. This includes common
malformations such as this one and, even horrors such as, the .msg
format. This commit adds a generically named "attempt_decoding"
function which can be expanded to address all manner of sins that
are encountered in the future.
2020-09-09 07:45:07 -04:00
deku
dd6922fd3a
Exclude section correlation .rsrc and zero-filled
2020-08-14 11:13:53 -04:00
Paal Braathen
ff62f1c19c
Linting/Add missing whitespace
2020-07-28 20:05:42 +02:00
louis
f8589061cb
chg: Remove standalone default value from MISPObject children c'tor
...
MISPObject.__init__ sets standalone=True by default, so there is no
need to do it in its child classes.
2020-06-30 12:40:08 +02:00
Troy Ross
17ebfe86ab
Previously file object was reporting the libmagic description of a file
...
instead of the mimetype. According to [MISP DataModels](https://www.misp-project.org/datamodels/#types )
```
mime-type: A media type (also MIME type and content type) is a two-part identifier for file formats and format contents transmitted on the Internet
```
more precisely defined in [RFC2045](https://tools.ietf.org/html/rfc2045 ) and others.
The description returned by libmagic is more useful than the generic mime-type,
but I did not find a place to put the description in the current data model.
2020-06-14 10:48:29 -06:00
Raphaël Vinot
5d97d7ee0c
new: Add helper and test case for GitVulnFinderObject
2020-05-26 15:37:24 +02:00
Raphaël Vinot
b214c7d4c1
chg: Add comment in microblog object
2020-05-12 22:34:25 +02:00
Raphaël Vinot
5df58406ef
fix: Catch exception when liblua-5.3 is not present
...
Related: https://github.com/MISP/misp-modules/issues/398
2020-05-12 13:21:05 +02:00
Raphaël Vinot
35257e538d
fix: Make flake8 happy
2020-05-12 11:34:38 +02:00
Raphaël Vinot
dcd1db8883
fix: make flake8 happy
2020-05-11 15:40:20 +02:00
VVX7
fff0caa330
chg: [dev] clean up how keys are accessed in self._parameters
2020-05-08 19:54:12 -04:00
VVX7
759e9196de
chg: [dev] use isinstance() type check.
2020-05-08 19:31:19 -04:00
VVX7
395d6aabac
chg: [dev] fix abstract generator import. add logger.
2020-05-08 19:27:42 -04:00
VVX7
de994fd944
chg: [dev] change type() == list
2020-05-08 16:32:29 -04:00
VVX7
0eb209c7df
new: [dev] add microblog object tool
2020-05-08 16:10:09 -04:00
DocArmoryTech
4ee4db16fe
Fixed __query_virustotal return type
...
__query_virustotal returned a Response object and not the json expected; modified so that report_json is returned instead of report.
2020-04-06 10:46:15 +01:00
Raphaël Vinot
11353f8ae2
fix: Make lief optional again
...
fix #538
2020-02-07 11:51:48 +01:00
Raphaël Vinot
4e586d0de5
chg: Bump deps, add pep8 test
2020-01-30 11:44:13 +01:00
Raphaël Vinot
b0e95fd5af
chg: Refactorize typing, validate
2020-01-23 10:27:40 +01:00
Raphaël Vinot
24a8f90ea8
new: Remove python < 3.6 support.
2019-12-18 14:45:14 +01:00
Raphaël Vinot
c03b26a18c
new: URLObject (requires pyfaup)
2019-12-04 15:18:27 +01:00
Raphaël Vinot
4fed55a09d
fix: Rename feed_meta_generator so it clearly fails with python<3.6
2019-11-27 11:10:57 +01:00
Raphaël Vinot
6098cd869f
chg: Make the feed generator more generic
2019-11-22 17:36:24 +01:00
Christophe Vandeplas
494e70eb69
fix: prevents exception when lief is not installed
2019-10-30 14:23:37 +01:00
Raphaël Vinot
f312f87072
fix: Objects helpers were broken, do not overwrite describe_types
2019-10-08 09:28:33 +02:00
Pierre-Jean Grenier
a2aa5646df
chg: Return empty list instead of None
...
In all cases but one, the 3rd returned object is a (potentially empty) list.
2019-08-08 14:35:51 +02:00
Raphaël Vinot
d477a3688c
chg: Rename relationship included-in -> includes
2019-07-24 13:57:36 +02:00
Raphaël Vinot
b8b384a3c3
Merge branch 'master' of github.com:MISP/PyMISP
2019-07-04 16:57:15 +02:00
Raphaël Vinot
7d5b55fcdc
fix: Skip attribute in object when value is empty, skip empty objects.
2019-07-04 16:56:56 +02:00
Raphaël Vinot
7c76d6be39
Merge pull request #409 from 3c7/bugfix/openioc_datatypes
...
[OpenIOC] Allow the use of content type for RouteEntryItem/Destination
2019-07-04 10:35:40 +02:00
Raphaël Vinot
e0fac90310
new: Allow to pass delimiter & quotechar to the CSV loader
2019-07-02 11:55:51 +02:00
0x3c7
7be58af56a
[openioc] changed default mapping for RouteEntryItem/Destination/string.
2019-06-19 12:45:20 +02:00
0x3c7
b7d15380c9
[openioc] Changed mapping for RouteEntryItem/Destination/string to domain instead of url because UrlHistoryItem/URL is mostly used for urls
2019-06-19 07:39:15 +02:00
0x3c7
42a3dcf704
Fixes other mapping to other types
2019-06-19 07:38:15 +02:00
0x3c7
efd8b80adb
[openioc] Allow the use of types in openioc content tags
2019-06-18 16:10:20 +02:00
Raphaël Vinot
3b56b218b5
new: Object generator for ssh authorized_keys files.
2019-05-20 16:40:47 +02:00
Raphaël Vinot
67cb8e9d53
chg: Allow to pass a eml as string to EmailObject
2019-04-24 15:37:40 +02:00
Raphaël Vinot
52402c2acf
new: add_attributes method in MISPObject (for multiple attributes)
2019-04-09 17:54:12 +02:00
Raphaël Vinot
e5a42b812f
new: Add CSV loader
...
Fix #376
2019-04-03 16:28:31 +02:00
Raphaël Vinot
1e060f669f
new: Helper to create MISP Objects for regcheck.org.uk
2019-04-02 17:13:07 +02:00
Falconieri
bdff7e635f
fix: [exportpdf] Doc update
2019-03-14 08:11:30 +01:00
Falconieri
ea4ed24f4f
fix: [exportpdf] Coding Style
2019-03-14 08:02:45 +01:00
Raphaël Vinot
9d2251cb38
chg: Initial set of refactoring on PDF generator
2019-03-12 15:14:44 +01:00
Falconieri
9d6585cd3a
fix: [exportpdf] Custom path for fonts and font package
2019-03-05 11:37:01 +01:00
Raphaël Vinot
b8759673b9
chg: Add i8n for pdfexport, without all the fonts in the main repo
2019-03-04 16:06:38 -08:00
Falconieri
1b8921d820
fix: [exportpdf] fix empty object/attribute/galaxy bugs
2019-03-01 11:12:04 +01:00
Falconieri
b2c5477cd9
fix: [exportpdf] Add suggestions (UX)
2019-03-01 10:45:44 +01:00
Falconieri
ead9cec7d3
fix: [exportpdf] switch page size to A4
2019-03-01 09:56:38 +01:00
Falconieri
39b4677bf9
fix: [exportpdf] switch page size to A4
2019-03-01 09:55:42 +01:00
Falconieri
f1d2f3ae1e
Merge branch 'master' of github.com:Vincent-CIRCL/PyMISP
2019-03-01 09:22:55 +01:00
Falconieri
e6291e71d5
fix: [exportpdf] None if no Galaxies bug
2019-03-01 09:21:48 +01:00
Vincent-CIRCL
83ef1b851e
Merge branch 'master' into master
2019-03-01 09:07:45 +01:00
Falconieri
a06c8cf5b8
fix: [reportlab] Galaxies and Clusters printing
2019-03-01 09:06:01 +01:00
Falconieri
24e1a1732c
fix: [reportlab] Clusters added. Still UX to perform
2019-02-28 16:34:07 +01:00
Falconieri
79e66363d2
fix: [reportlab] working clusters and galaxies. Not nice however
2019-02-28 15:14:52 +01:00
Falconieri
6031a7d426
chg: [exportpdf] BIG refactoring. Classes, comments, Galaxy starting
2019-02-28 13:44:54 +01:00
Falconieri
9adff0b574
chg: [exportPDF] add basic handling of clusters
2019-02-28 10:58:49 +01:00
Raphaël Vinot
2e93aad34a
fix: Make sure install works even without reportlab installed.
2019-02-27 21:16:49 -08:00
Falconieri
a9c0ce4107
fix: [exportPDF] Adding facultative text description, sightings, tests cases
2019-02-27 11:48:56 +01:00
Falconieri
10b5496174
fix : [exportpdf] Add Object date
2019-02-26 15:51:06 +01:00
Falconieri
133db6aeaa
fix : [exportpdf] Double property printing error fixed
2019-02-26 15:42:49 +01:00
Falconieri
8194c534d7
add : [exportpdf] Objects handling, tests cases,
...
test files
2019-02-26 15:35:40 +01:00
Falconieri
029ca57b5f
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
Falconieri
29a1b05c1f
add: [exportpdf] Handling pictures embedded as attributes
2019-02-26 14:03:25 +01:00
Falconieri
cefcc3430c
add : [exportpdf] Picture management, manual
2019-02-26 11:13:24 +01:00
Falconieri
2adac8f0d2
chg: [exportpdf] Add metadata, bugfixes cases (too long values, sanitization), links to misp instances
2019-02-25 15:49:53 +01:00
Falconieri
37d3f2f613
fix & add: [exportpdf] Add metadata, fix special cases (too long values, sanitization)
2019-02-22 17:47:22 +01:00
Falconieri
76ef3d058f
fix: [pdfexport] Fix tests paths, dependency in pipfile, imports, and 'file' name overwrite in test function
2019-02-22 11:34:41 +01:00
Falconieri
57eccfe7dc
add: exportpdf tool working
2019-02-22 10:18:44 +01:00
Falconieri
0fc780994f
general improvement : deisgn, exhaustiviness of mispEvent values displayed, good pratice concerning paragraphe/table made
2019-02-20 16:15:56 +01:00
Falconieri
01b2ad9199
update with table basics
2019-02-19 16:00:57 +01:00
Falconieri
c7511812f0
Structure of the improvements OK : test file, test folder, report generator
2019-02-19 15:17:00 +01:00
Raphaël Vinot
fe91d06b91
chg: Remove dependency on six
2019-02-06 11:31:05 +01:00
Raphaël Vinot
fd365943a1
fix: Typo in OpenIOC script
...
Fix #237
2018-07-16 13:52:51 +02:00
Raphaël Vinot
b11ad18d2b
chg: Add comments
...
Fix #242
2018-07-16 13:40:51 +02:00
Raphaël Vinot
42c99054f8
fix: Decoding issue.
2018-05-11 10:20:07 -04:00
Raphaël Vinot
04d3183115
fix: Properly get and decode the body of the email
2018-05-08 11:02:32 +02:00
Raphaël Vinot
cb15bdfca1
fix: Provide the extension of the EML file to attach.
2018-05-07 10:18:38 +02:00
Raphaël Vinot
1193e904bf
fix: Properly handle attachments
2018-05-04 16:06:48 +02:00