2016-04-28 14:21:39 +02:00
# -*- coding: utf-8 -*-
import json
from pyeupi import PyEUPI
misperrors = { ' error ' : ' Error ' }
mispattributes = { ' input ' : [ ' hostname ' , ' domain ' , ' url ' ] , ' output ' : [ ' freetext ' ] }
2024-08-12 11:23:10 +02:00
moduleinfo = {
' version ' : ' 0.1 ' ,
' author ' : ' Raphaël Vinot ' ,
' description ' : ' A module to query the Phishing Initiative service (https://phishing-initiative.lu). ' ,
' module-type ' : [ ' expansion ' , ' hover ' ] ,
' name ' : ' EUPI Lookup ' ,
' logo ' : ' eupi.png ' ,
' requirements ' : [ ' pyeupi: eupi python library ' , ' An access to the Phishing Initiative API (apikey & url) ' ] ,
' features ' : ' This module takes a domain, hostname or url MISP attribute as input to query the Phishing Initiative API. The API returns then the result of the query with some information about the value queried. \n \n Please note that composite attributes containing domain or hostname are also supported. ' ,
' references ' : [ ' https://phishing-initiative.eu/?lang=en ' ] ,
' input ' : ' A domain, hostname or url MISP attribute. ' ,
' output ' : ' Text containing information about the input, resulting from the query on Phishing Initiative. ' ,
}
2016-04-28 14:21:39 +02:00
moduleconfig = [ ' apikey ' , ' url ' ]
def handler ( q = False ) :
if q is False :
return False
request = json . loads ( q )
if request . get ( ' hostname ' ) :
toquery = request [ ' hostname ' ]
elif request . get ( ' domain ' ) :
toquery = request [ ' domain ' ]
elif request . get ( ' url ' ) :
toquery = request [ ' url ' ]
else :
misperrors [ ' error ' ] = " Unsupported attributes type "
return misperrors
2016-09-15 15:32:13 +02:00
if not request . get ( ' config ' ) and not ( request [ ' config ' ] . get ( ' apikey ' ) and request [ ' config ' ] . get ( ' url ' ) ) :
2016-06-01 16:19:41 +02:00
misperrors [ ' error ' ] = ' EUPI authentication is missing '
2016-04-28 14:21:39 +02:00
return misperrors
2016-06-01 16:19:41 +02:00
pyeupi = PyEUPI ( request [ ' config ' ] [ ' apikey ' ] , request [ ' config ' ] [ ' url ' ] )
if ' event_id ' in request :
return handle_expansion ( pyeupi , toquery )
else :
return handle_hover ( pyeupi , toquery )
def handle_expansion ( pyeupi , url ) :
results = pyeupi . search_url ( url = url )
2016-04-28 14:21:39 +02:00
if results . get ( ' results ' ) :
to_return = ' '
for r in results [ ' results ' ] :
if r [ ' tag_label ' ] != ' phishing ' :
continue
2016-04-28 16:31:55 +02:00
to_return + = ' {} {} {} ' . format ( r [ ' url ' ] , r [ ' domain ' ] , r [ ' ip_address ' ] )
2016-05-13 11:44:35 +02:00
if to_return :
return { ' results ' : [ { ' types ' : mispattributes [ ' output ' ] , ' values ' : to_return } ] }
2016-05-13 11:56:12 +02:00
else :
2016-06-01 16:19:41 +02:00
misperrors [ ' error ' ] = ' Unknown in the EUPI service '
2016-05-13 11:56:12 +02:00
return misperrors
2016-06-01 16:19:41 +02:00
else :
2016-06-08 17:52:11 +02:00
return { ' results ' : [ { ' types ' : mispattributes [ ' output ' ] , ' values ' : ' ' } ] }
2016-06-01 16:19:41 +02:00
def handle_hover ( pyeupi , url ) :
try :
result = pyeupi . lookup ( url = url ) [ ' results ' ] [ 0 ]
except ( KeyError , IndexError ) :
misperrors [ ' error ' ] = ' Error in EUPI lookup '
return misperrors
return { ' results ' : [ { ' types ' : mispattributes [ ' output ' ] ,
' values ' : result [ ' tag_label ' ] . title ( ) } ] }
2016-04-28 14:21:39 +02:00
def introspection ( ) :
return mispattributes
def version ( ) :
moduleinfo [ ' config ' ] = moduleconfig
return moduleinfo
