2019-02-08 18:27:20 +01:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
"""Backscatter.io Module."""
|
|
|
|
import json
|
|
|
|
try:
|
|
|
|
from backscatter import Backscatter
|
|
|
|
except ImportError:
|
|
|
|
print("Backscatter.io library not installed.")
|
|
|
|
|
|
|
|
misperrors = {'error': 'Error'}
|
|
|
|
mispattributes = {'input': ['ip-src', 'ip-dst'], 'output': ['freetext']}
|
2024-08-12 11:23:10 +02:00
|
|
|
moduleinfo = {
|
|
|
|
'version': '1',
|
|
|
|
'author': 'brandon@backscatter.io',
|
|
|
|
'description': 'Backscatter.io module to bring mass-scanning observations into MISP.',
|
|
|
|
'module-type': ['expansion', 'hover'],
|
|
|
|
'name': 'Backscatter.io',
|
|
|
|
'logo': 'backscatter_io.png',
|
|
|
|
'requirements': ['backscatter python library'],
|
|
|
|
'features': 'The module takes a source or destination IP address as input and displays the information known by backscatter.io.',
|
|
|
|
'references': ['https://pypi.org/project/backscatter/'],
|
|
|
|
'input': 'IP addresses.',
|
|
|
|
'output': 'Text containing a history of the IP addresses especially on scanning based on backscatter.io information .',
|
|
|
|
}
|
2019-02-08 18:27:20 +01:00
|
|
|
moduleconfig = ['api_key']
|
|
|
|
query_playbook = [
|
|
|
|
{'inputs': ['ip-src', 'ip-dst'],
|
|
|
|
'services': ['observations', 'enrichment'],
|
|
|
|
'name': 'generic'}
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
def check_query(request):
|
|
|
|
"""Check the incoming request for a valid configuration."""
|
|
|
|
output = {'success': False}
|
|
|
|
config = request.get('config', None)
|
|
|
|
if not config:
|
|
|
|
misperrors['error'] = "Configuration is missing from the request."
|
|
|
|
return output
|
|
|
|
for item in moduleconfig:
|
|
|
|
if config.get(item, None):
|
|
|
|
continue
|
|
|
|
misperrors['error'] = "Backscatter.io authentication is missing."
|
|
|
|
return output
|
|
|
|
if not request.get('ip-src') and request.get('ip-dst'):
|
|
|
|
misperrors['error'] = "Unsupported attributes type."
|
|
|
|
return output
|
|
|
|
profile = {'success': True, 'config': config, 'playbook': 'generic'}
|
|
|
|
if 'ip-src' in request:
|
|
|
|
profile.update({'value': request.get('ip-src')})
|
|
|
|
else:
|
|
|
|
profile.update({'value': request.get('ip-dst')})
|
|
|
|
return profile
|
|
|
|
|
|
|
|
|
|
|
|
def handler(q=False):
|
|
|
|
"""Handle gathering data."""
|
|
|
|
if not q:
|
|
|
|
return q
|
|
|
|
request = json.loads(q)
|
|
|
|
checks = check_query(request)
|
|
|
|
if not checks['success']:
|
|
|
|
return misperrors
|
|
|
|
|
|
|
|
try:
|
|
|
|
bs = Backscatter(checks['config']['api_key'])
|
2019-02-10 16:56:01 +01:00
|
|
|
response = bs.get_observations(query=checks['value'], query_type='ip')
|
2019-02-08 18:27:20 +01:00
|
|
|
if not response['success']:
|
|
|
|
misperrors['error'] = '%s: %s' % (response['error'], response['message'])
|
|
|
|
return misperrors
|
2019-02-08 18:29:43 +01:00
|
|
|
output = {'results': [{'types': mispattributes['output'], 'values': [str(response)]}]}
|
2019-02-10 16:33:09 +01:00
|
|
|
except Exception as e:
|
2019-02-08 18:27:20 +01:00
|
|
|
misperrors['error'] = str(e)
|
|
|
|
return misperrors
|
|
|
|
|
|
|
|
return output
|
|
|
|
|
|
|
|
|
|
|
|
def introspection():
|
|
|
|
return mispattributes
|
|
|
|
|
|
|
|
|
|
|
|
def version():
|
|
|
|
moduleinfo['config'] = moduleconfig
|
|
|
|
return moduleinfo
|