MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-modules/misp_modules/modules/expansion/whois.py

63 lines
2.0 KiB
Python
Raw Normal View History

Add whois module
2016-08-04 17:23:23 +02:00
# -*- coding: utf-8 -*-
import json
Remove bin script, use cleaner way. Fix last commit.
2016-08-12 12:35:33 +02:00
try:
from uwhois import Uwhois
except ImportError:
print("uwhois module not installed.")
Add whois module
2016-08-04 17:23:23 +02:00
misperrors = {'error': 'Error'}
mispattributes = {'input': ['domain', 'ip-src', 'ip-dst'], 'output': ['freetext']}
chg: [doc] Big doc revamp #680
2024-08-12 11:23:10 +02:00
moduleinfo = {
'version': '0.1',
'author': 'Raphaël Vinot',
'description': 'Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).',
'module-type': ['expansion'],
'name': 'Whois Lookup',
'logo': '',
'requirements': ['uwhois: A whois python library'],
'features': "This module takes a domain or IP address attribute as input and queries a 'Univseral Whois proxy server' to get the correct details of the Whois query on the input value (check the references for more details about this whois server).",
'references': ['https://github.com/rafiot/uwhoisd'],
'input': 'A domain or IP address attribute.',
'output': 'Text describing the result of a whois request for the input value.',
}
Add whois module
2016-08-04 17:23:23 +02:00
moduleconfig = ['server', 'port']
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if request.get('domain'):
toquery = request['domain']
elif request.get('ip-src'):
toquery = request['ip-src']
elif request.get('ip-dst'):
toquery = request['ip-dst']
else:
misperrors['error'] = "Unsupported attributes type"
return misperrors
fix: Fixed config parsing and the associated error message
2019-10-31 11:52:34 +01:00
if not request.get('config') or (not request['config'].get('server') and not request['config'].get('port')):
misperrors['error'] = 'Whois local instance address is missing'
Add whois module
2016-08-04 17:23:23 +02:00
return misperrors
Pass the server port as integer to the uwhois client
2016-08-04 17:44:40 +02:00
uwhois = Uwhois(request['config']['server'], int(request['config']['port']))
Add whois module
2016-08-04 17:23:23 +02:00
if 'event_id' in request:
return handle_expansion(uwhois, toquery)
def handle_expansion(w, domain):
return {'results': [{'types': mispattributes['output'], 'values': w.query(domain)}]}
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo