2018-05-29 21:54:22 +02:00
|
|
|
import json
|
|
|
|
import requests
|
|
|
|
|
|
|
|
misperrors = {'error': 'Error'}
|
2022-09-15 10:09:21 +02:00
|
|
|
mispattributes = {'input': ['md5'], 'output': ['text']}
|
2024-08-12 11:23:10 +02:00
|
|
|
moduleinfo = {
|
|
|
|
'version': '0.2',
|
|
|
|
'author': 'Alexandre Dulaunoy',
|
|
|
|
'description': 'A hover module to check hashes against hashdd.com including NSLR dataset.',
|
|
|
|
'module-type': ['hover'],
|
|
|
|
'name': 'Hashdd Lookup',
|
|
|
|
'logo': '',
|
|
|
|
'requirements': [],
|
|
|
|
'features': 'This module takes a hash attribute as input to check its known level, using the hashdd API. This information is then displayed.',
|
|
|
|
'references': ['https://hashdd.com/'],
|
|
|
|
'input': 'A hash MISP attribute (md5).',
|
|
|
|
'output': 'Text describing the known level of the hash in the hashdd databases.',
|
|
|
|
}
|
2018-05-29 21:54:22 +02:00
|
|
|
moduleconfig = []
|
2022-09-15 10:09:21 +02:00
|
|
|
hashddapi_url = 'https://api.hashdd.com/v1/knownlevel/nsrl/'
|
2018-05-29 21:54:22 +02:00
|
|
|
|
|
|
|
|
|
|
|
def handler(q=False):
|
|
|
|
if q is False:
|
|
|
|
return False
|
2018-11-19 11:32:36 +01:00
|
|
|
v = None
|
2018-05-29 21:54:22 +02:00
|
|
|
request = json.loads(q)
|
2018-11-19 11:32:36 +01:00
|
|
|
for input_type in mispattributes['input']:
|
|
|
|
if request.get(input_type):
|
|
|
|
v = request[input_type].upper()
|
|
|
|
break
|
|
|
|
if v is None:
|
|
|
|
misperrors['error'] = 'Hash value is missing.'
|
2018-05-29 21:54:22 +02:00
|
|
|
return misperrors
|
2022-09-15 10:09:21 +02:00
|
|
|
r = requests.get(hashddapi_url + v)
|
2018-05-29 21:54:22 +02:00
|
|
|
if r.status_code == 200:
|
|
|
|
state = json.loads(r.text)
|
2022-09-15 10:09:21 +02:00
|
|
|
summary = state['knownlevel'] if state and state['result'] == "SUCCESS" else state['message']
|
2018-05-29 21:54:22 +02:00
|
|
|
else:
|
|
|
|
misperrors['error'] = '{} API not accessible'.format(hashddapi_url)
|
|
|
|
return misperrors['error']
|
|
|
|
|
|
|
|
r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
|
|
|
|
return r
|
|
|
|
|
|
|
|
|
|
|
|
def introspection():
|
|
|
|
return mispattributes
|
|
|
|
|
|
|
|
|
|
|
|
def version():
|
|
|
|
moduleinfo['config'] = moduleconfig
|
|
|
|
return moduleinfo
|