diff --git a/Pipfile b/Pipfile
index 5bd615c..6a8fb80 100644
--- a/Pipfile
+++ b/Pipfile
@@ -61,7 +61,8 @@ apiosintDS = "*"
assemblyline_client = "*"
vt-graph-api = "*"
trustar = "*"
-socialscan="*"
+markdownify = "==0.5.3"
+socialscan = "*"
[requires]
python_version = "3"
diff --git a/Pipfile.lock b/Pipfile.lock
index ffb3243..f862610 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -18,21 +18,42 @@
"default": {
"aiohttp": {
"hashes": [
- "sha256:1e984191d1ec186881ffaed4581092ba04f7c61582a177b187d3a2f07ed9719e",
- "sha256:259ab809ff0727d0e834ac5e8a283dc5e3e0ecc30c4d80b3cd17a4139ce1f326",
- "sha256:2f4d1a4fdce595c947162333353d4a44952a724fba9ca3205a3df99a33d1307a",
- "sha256:32e5f3b7e511aa850829fbe5aa32eb455e5534eaa4b1ce93231d00e2f76e5654",
- "sha256:344c780466b73095a72c616fac5ea9c4665add7fc129f285fbdbca3cccf4612a",
- "sha256:460bd4237d2dbecc3b5ed57e122992f60188afe46e7319116da5eb8a9dfedba4",
- "sha256:4c6efd824d44ae697814a2a85604d8e992b875462c6655da161ff18fd4f29f17",
- "sha256:50aaad128e6ac62e7bf7bd1f0c0a24bc968a0c0590a726d5a955af193544bcec",
- "sha256:6206a135d072f88da3e71cc501c59d5abffa9d0bb43269a6dcd28d66bfafdbdd",
- "sha256:65f31b622af739a802ca6fd1a3076fd0ae523f8485c52924a89561ba10c49b48",
- "sha256:ae55bac364c405caa23a4f2d6cfecc6a0daada500274ffca4a9230e7129eac59",
- "sha256:b778ce0c909a2653741cb4b1ac7015b5c130ab9c897611df43ae6a58523cb965"
+ "sha256:027be45c4b37e21be81d07ae5242361d73eebad1562c033f80032f955f34df82",
+ "sha256:06efdb01ab71ec20786b592d510d1d354fbe0b2e4449ee47067b9ca65d45a006",
+ "sha256:0989ff15834a4503056d103077ec3652f9ea5699835e1ceaee46b91cf59830bf",
+ "sha256:11e087c316e933f1f52f3d4a09ce13f15ad966fc43df47f44ca4e8067b6a2e0d",
+ "sha256:184ead67248274f0e20b0cd6bb5f25209b2fad56e5373101cc0137c32c825c87",
+ "sha256:1c36b7ef47cfbc150314c2204cd73613d96d6d0982d41c7679b7cdcf43c0e979",
+ "sha256:2aea79734ac5ceeac1ec22b4af4efb4efd6a5ca3d73d77ec74ed782cf318f238",
+ "sha256:2e886611b100c8c93b753b457e645c5e4b8008ec443434d2a480e5a2bb3e6514",
+ "sha256:476b1f8216e59a3c2ffb71b8d7e1da60304da19f6000d422bacc371abb0fc43d",
+ "sha256:48104c883099c0e614c5c38f98c1d174a2c68f52f58b2a6e5a07b59df78262ab",
+ "sha256:4afd8002d9238e5e93acf1a8baa38b3ddf1f7f0ebef174374131ff0c6c2d7973",
+ "sha256:547b196a7177511da4f475fc81d0bb88a51a8d535c7444bbf2338b6dc82cb996",
+ "sha256:67f8564c534d75c1d613186939cee45a124d7d37e7aece83b17d18af665b0d7a",
+ "sha256:6e0d1231a626d07b23f6fe904caa44efb249da4222d8a16ab039fb2348722292",
+ "sha256:7e26712871ebaf55497a60f55483dc5e74326d1fb0bfceab86ebaeaa3a266733",
+ "sha256:7f1aeb72f14b9254296cdefa029c00d3c4550a26e1059084f2ee10d22086c2d0",
+ "sha256:8319a55de469d5af3517dfe1f6a77f248f6668c5a552396635ef900f058882ef",
+ "sha256:835bd35e14e4f36414e47c195e6645449a0a1c3fd5eeae4b7f22cb4c5e4f503a",
+ "sha256:89c1aa729953b5ac6ca3c82dcbd83e7cdecfa5cf9792c78c154a642e6e29303d",
+ "sha256:8a8addd41320637c1445fea0bae1fd9fe4888acc2cd79217ee33e5d1c83cfe01",
+ "sha256:8fbeeb2296bb9fe16071a674eadade7391be785ae0049610e64b60ead6abcdd7",
+ "sha256:a1f1cc11c9856bfa7f1ca55002c39070bde2a97ce48ef631468e99e2ac8e3fe6",
+ "sha256:ad5c3559e3cd64f746df43fa498038c91aa14f5d7615941ea5b106e435f3b892",
+ "sha256:b822bf7b764283b5015e3c49b7bb93f37fc03545f4abe26383771c6b1c813436",
+ "sha256:b84cef790cb93cec82a468b7d2447bf16e3056d2237b652e80f57d653b61da88",
+ "sha256:be9fa3fe94fc95e9bf84e84117a577c892906dd3cb0a95a7ae21e12a84777567",
+ "sha256:c53f1d2bd48f5f407b534732f5b3c6b800a58e70b53808637848d8a9ee127fe7",
+ "sha256:c588a0f824dc7158be9eec1ff465d1c868ad69a4dc518cd098cc11e4f7da09d9",
+ "sha256:c6da1af59841e6d43255d386a2c4bfb59c0a3b262bdb24325cc969d211be6070",
+ "sha256:c9a415f4f2764ab6c7d63ee6b86f02a46b4df9bc11b0de7ffef206908b7bf0b4",
+ "sha256:cdbb65c361ff790c424365a83a496fc8dd1983689a5fb7c6852a9a3ff1710c61",
+ "sha256:f04dcbf6af1868048a9b4754b1684c669252aa2419aa67266efbcaaead42ced7",
+ "sha256:f8c583c31c6e790dc003d9d574e3ed2c5b337947722965096c4d684e4f183570"
],
- "markers": "python_full_version >= '3.5.3'",
- "version": "==3.6.2"
+ "markers": "python_version >= '3.6'",
+ "version": "==3.7.2"
},
"antlr4-python3-runtime": {
"hashes": [
@@ -174,11 +195,11 @@
},
"colorama": {
"hashes": [
- "sha256:7d73d2a99753107a36ac6b455ee49046802e59d9d076ef8e47b61499fa29afff",
- "sha256:e96da0d330793e2cb9485e9ddfd918d456036c7149416295932478192f4436a1"
+ "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b",
+ "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
- "version": "==0.4.3"
+ "version": "==0.4.4"
},
"configparser": {
"hashes": [
@@ -190,30 +211,30 @@
},
"cryptography": {
"hashes": [
- "sha256:21b47c59fcb1c36f1113f3709d37935368e34815ea1d7073862e92f810dc7499",
- "sha256:451cdf60be4dafb6a3b78802006a020e6cd709c22d240f94f7a0696240a17154",
- "sha256:4549b137d8cbe3c2eadfa56c0c858b78acbeff956bd461e40000b2164d9167c6",
- "sha256:48ee615a779ffa749d7d50c291761dc921d93d7cf203dca2db663b4f193f0e49",
- "sha256:559d622aef2a2dff98a892eef321433ba5bc55b2485220a8ca289c1ecc2bd54f",
- "sha256:5d52c72449bb02dd45a773a203196e6d4fae34e158769c896012401f33064396",
- "sha256:65beb15e7f9c16e15934569d29fb4def74ea1469d8781f6b3507ab896d6d8719",
- "sha256:680da076cad81cdf5ffcac50c477b6790be81768d30f9da9e01960c4b18a66db",
- "sha256:762bc5a0df03c51ee3f09c621e1cee64e3a079a2b5020de82f1613873d79ee70",
- "sha256:89aceb31cd5f9fc2449fe8cf3810797ca52b65f1489002d58fe190bfb265c536",
- "sha256:983c0c3de4cb9fcba68fd3f45ed846eb86a2a8b8d8bc5bb18364c4d00b3c61fe",
- "sha256:99d4984aabd4c7182050bca76176ce2dbc9fa9748afe583a7865c12954d714ba",
- "sha256:9d9fc6a16357965d282dd4ab6531013935425d0dc4950df2e0cf2a1b1ac1017d",
- "sha256:a7597ffc67987b37b12e09c029bd1dc43965f75d328076ae85721b84046e9ca7",
- "sha256:ab010e461bb6b444eaf7f8c813bb716be2d78ab786103f9608ffd37a4bd7d490",
- "sha256:b12e715c10a13ca1bd27fbceed9adc8c5ff640f8e1f7ea76416352de703523c8",
- "sha256:b2bded09c578d19e08bd2c5bb8fed7f103e089752c9cf7ca7ca7de522326e921",
- "sha256:b372026ebf32fe2523159f27d9f0e9f485092e43b00a5adacf732192a70ba118",
- "sha256:cb179acdd4ae1e4a5a160d80b87841b3d0e0be84af46c7bb2cd7ece57a39c4ba",
- "sha256:e97a3b627e3cb63c415a16245d6cef2139cca18bb1183d1b9375a1c14e83f3b3",
- "sha256:f0e099fc4cc697450c3dd4031791559692dd941a95254cb9aeded66a7aa8b9bc",
- "sha256:f99317a0fa2e49917689b8cf977510addcfaaab769b3f899b9c481bbd76730c2"
+ "sha256:07ca431b788249af92764e3be9a488aa1d39a0bc3be313d826bbec690417e538",
+ "sha256:13b88a0bd044b4eae1ef40e265d006e34dbcde0c2f1e15eb9896501b2d8f6c6f",
+ "sha256:32434673d8505b42c0de4de86da8c1620651abd24afe91ae0335597683ed1b77",
+ "sha256:3cd75a683b15576cfc822c7c5742b3276e50b21a06672dc3a800a2d5da4ecd1b",
+ "sha256:4e7268a0ca14536fecfdf2b00297d4e407da904718658c1ff1961c713f90fd33",
+ "sha256:545a8550782dda68f8cdc75a6e3bf252017aa8f75f19f5a9ca940772fc0cb56e",
+ "sha256:55d0b896631412b6f0c7de56e12eb3e261ac347fbaa5d5e705291a9016e5f8cb",
+ "sha256:5849d59358547bf789ee7e0d7a9036b2d29e9a4ddf1ce5e06bb45634f995c53e",
+ "sha256:6dc59630ecce8c1f558277ceb212c751d6730bd12c80ea96b4ac65637c4f55e7",
+ "sha256:7117319b44ed1842c617d0a452383a5a052ec6aa726dfbaffa8b94c910444297",
+ "sha256:75e8e6684cf0034f6bf2a97095cb95f81537b12b36a8fedf06e73050bb171c2d",
+ "sha256:7b8d9d8d3a9bd240f453342981f765346c87ade811519f98664519696f8e6ab7",
+ "sha256:a035a10686532b0587d58a606004aa20ad895c60c4d029afa245802347fab57b",
+ "sha256:a4e27ed0b2504195f855b52052eadcc9795c59909c9d84314c5408687f933fc7",
+ "sha256:a733671100cd26d816eed39507e585c156e4498293a907029969234e5e634bc4",
+ "sha256:a75f306a16d9f9afebfbedc41c8c2351d8e61e818ba6b4c40815e2b5740bb6b8",
+ "sha256:bd717aa029217b8ef94a7d21632a3bb5a4e7218a4513d2521c2a2fd63011e98b",
+ "sha256:d25cecbac20713a7c3bc544372d42d8eafa89799f492a43b79e1dfd650484851",
+ "sha256:d26a2557d8f9122f9bf445fc7034242f4375bd4e95ecda007667540270965b13",
+ "sha256:d3545829ab42a66b84a9aaabf216a4dce7f16dbc76eb69be5c302ed6b8f4a29b",
+ "sha256:d3d5e10be0cf2a12214ddee45c6bd203dab435e3d83b4560c03066eda600bfe3",
+ "sha256:efe15aca4f64f3a7ea0c09c87826490e50ed166ce67368a68f315ea0807a20df"
],
- "version": "==3.1.1"
+ "version": "==3.2.1"
},
"decorator": {
"hashes": [
@@ -320,10 +341,10 @@
},
"jbxapi": {
"hashes": [
- "sha256:8458f01a9b4e4245d61f6fa75edef17e2992192975f746c51ed5392ba9aa7ce5"
+ "sha256:0605208a072ff5752754df0798f0de5acd8630e37237e04f816f1393c2c08b80"
],
"index": "pypi",
- "version": "==3.11.0"
+ "version": "==3.13.0"
},
"json-log-formatter": {
"hashes": [
@@ -359,40 +380,45 @@
},
"lxml": {
"hashes": [
- "sha256:05a444b207901a68a6526948c7cc8f9fe6d6f24c70781488e32fd74ff5996e3f",
- "sha256:08fc93257dcfe9542c0a6883a25ba4971d78297f63d7a5a26ffa34861ca78730",
- "sha256:107781b213cf7201ec3806555657ccda67b1fccc4261fb889ef7fc56976db81f",
- "sha256:121b665b04083a1e85ff1f5243d4a93aa1aaba281bc12ea334d5a187278ceaf1",
- "sha256:1fa21263c3aba2b76fd7c45713d4428dbcc7644d73dcf0650e9d344e433741b3",
- "sha256:2b30aa2bcff8e958cd85d907d5109820b01ac511eae5b460803430a7404e34d7",
- "sha256:4b4a111bcf4b9c948e020fd207f915c24a6de3f1adc7682a2d92660eb4e84f1a",
- "sha256:5591c4164755778e29e69b86e425880f852464a21c7bb53c7ea453bbe2633bbe",
- "sha256:59daa84aef650b11bccd18f99f64bfe44b9f14a08a28259959d33676554065a1",
- "sha256:5a9c8d11aa2c8f8b6043d845927a51eb9102eb558e3f936df494e96393f5fd3e",
- "sha256:5dd20538a60c4cc9a077d3b715bb42307239fcd25ef1ca7286775f95e9e9a46d",
- "sha256:74f48ec98430e06c1fa8949b49ebdd8d27ceb9df8d3d1c92e1fdc2773f003f20",
- "sha256:786aad2aa20de3dbff21aab86b2fb6a7be68064cbbc0219bde414d3a30aa47ae",
- "sha256:7ad7906e098ccd30d8f7068030a0b16668ab8aa5cda6fcd5146d8d20cbaa71b5",
- "sha256:80a38b188d20c0524fe8959c8ce770a8fdf0e617c6912d23fc97c68301bb9aba",
- "sha256:8f0ec6b9b3832e0bd1d57af41f9238ea7709bbd7271f639024f2fc9d3bb01293",
- "sha256:92282c83547a9add85ad658143c76a64a8d339028926d7dc1998ca029c88ea6a",
- "sha256:94150231f1e90c9595ccc80d7d2006c61f90a5995db82bccbca7944fd457f0f6",
- "sha256:9dc9006dcc47e00a8a6a029eb035c8f696ad38e40a27d073a003d7d1443f5d88",
- "sha256:a76979f728dd845655026ab991df25d26379a1a8fc1e9e68e25c7eda43004bed",
- "sha256:aa8eba3db3d8761db161003e2d0586608092e217151d7458206e243be5a43843",
- "sha256:bea760a63ce9bba566c23f726d72b3c0250e2fa2569909e2d83cda1534c79443",
- "sha256:c3f511a3c58676147c277eff0224c061dd5a6a8e1373572ac817ac6324f1b1e0",
- "sha256:c9d317efde4bafbc1561509bfa8a23c5cab66c44d49ab5b63ff690f5159b2304",
- "sha256:cc411ad324a4486b142c41d9b2b6a722c534096963688d879ea6fa8a35028258",
- "sha256:cdc13a1682b2a6241080745b1953719e7fe0850b40a5c71ca574f090a1391df6",
- "sha256:cfd7c5dd3c35c19cec59c63df9571c67c6d6e5c92e0fe63517920e97f61106d1",
- "sha256:e1cacf4796b20865789083252186ce9dc6cc59eca0c2e79cca332bdff24ac481",
- "sha256:e70d4e467e243455492f5de463b72151cc400710ac03a0678206a5f27e79ddef",
- "sha256:ecc930ae559ea8a43377e8b60ca6f8d61ac532fc57efb915d899de4a67928efd",
- "sha256:f161af26f596131b63b236372e4ce40f3167c1b5b5d459b29d2514bd8c9dc9ee"
+ "sha256:0e89f5d422988c65e6936e4ec0fe54d6f73f3128c80eb7ecc3b87f595523607b",
+ "sha256:189ad47203e846a7a4951c17694d845b6ade7917c47c64b29b86526eefc3adf5",
+ "sha256:1d87936cb5801c557f3e981c9c193861264c01209cb3ad0964a16310ca1b3301",
+ "sha256:211b3bcf5da70c2d4b84d09232534ad1d78320762e2c59dedc73bf01cb1fc45b",
+ "sha256:2358809cc64394617f2719147a58ae26dac9e21bae772b45cfb80baa26bfca5d",
+ "sha256:23c83112b4dada0b75789d73f949dbb4e8f29a0a3511647024a398ebd023347b",
+ "sha256:24e811118aab6abe3ce23ff0d7d38932329c513f9cef849d3ee88b0f848f2aa9",
+ "sha256:2d5896ddf5389560257bbe89317ca7bcb4e54a02b53a3e572e1ce4226512b51b",
+ "sha256:2d6571c48328be4304aee031d2d5046cbc8aed5740c654575613c5a4f5a11311",
+ "sha256:2e311a10f3e85250910a615fe194839a04a0f6bc4e8e5bb5cac221344e3a7891",
+ "sha256:302160eb6e9764168e01d8c9ec6becddeb87776e81d3fcb0d97954dd51d48e0a",
+ "sha256:3a7a380bfecc551cfd67d6e8ad9faa91289173bdf12e9cfafbd2bdec0d7b1ec1",
+ "sha256:3d9b2b72eb0dbbdb0e276403873ecfae870599c83ba22cadff2db58541e72856",
+ "sha256:475325e037fdf068e0c2140b818518cf6bc4aa72435c407a798b2db9f8e90810",
+ "sha256:4b7572145054330c8e324a72d808c8c8fbe12be33368db28c39a255ad5f7fb51",
+ "sha256:4fff34721b628cce9eb4538cf9a73d02e0f3da4f35a515773cce6f5fe413b360",
+ "sha256:56eff8c6fb7bc4bcca395fdff494c52712b7a57486e4fbde34c31bb9da4c6cc4",
+ "sha256:573b2f5496c7e9f4985de70b9bbb4719ffd293d5565513e04ac20e42e6e5583f",
+ "sha256:7ecaef52fd9b9535ae5f01a1dd2651f6608e4ec9dc136fc4dfe7ebe3c3ddb230",
+ "sha256:803a80d72d1f693aa448566be46ffd70882d1ad8fc689a2e22afe63035eb998a",
+ "sha256:8862d1c2c020cb7a03b421a9a7b4fe046a208db30994fc8ff68c627a7915987f",
+ "sha256:9b06690224258db5cd39a84e993882a6874676f5de582da57f3df3a82ead9174",
+ "sha256:a71400b90b3599eb7bf241f947932e18a066907bf84617d80817998cee81e4bf",
+ "sha256:bb252f802f91f59767dcc559744e91efa9df532240a502befd874b54571417bd",
+ "sha256:be1ebf9cc25ab5399501c9046a7dcdaa9e911802ed0e12b7d620cd4bbf0518b3",
+ "sha256:be7c65e34d1b50ab7093b90427cbc488260e4b3a38ef2435d65b62e9fa3d798a",
+ "sha256:c0dac835c1a22621ffa5e5f999d57359c790c52bbd1c687fe514ae6924f65ef5",
+ "sha256:c152b2e93b639d1f36ec5a8ca24cde4a8eefb2b6b83668fcd8e83a67badcb367",
+ "sha256:d182eada8ea0de61a45a526aa0ae4bcd222f9673424e65315c35820291ff299c",
+ "sha256:d18331ea905a41ae71596502bd4c9a2998902328bbabd29e3d0f5f8569fabad1",
+ "sha256:d20d32cbb31d731def4b1502294ca2ee99f9249b63bc80e03e67e8f8e126dea8",
+ "sha256:d4ad7fd3269281cb471ad6c7bafca372e69789540d16e3755dd717e9e5c9d82f",
+ "sha256:d6f8c23f65a4bfe4300b85f1f40f6c32569822d08901db3b6454ab785d9117cc",
+ "sha256:d84d741c6e35c9f3e7406cb7c4c2e08474c2a6441d59322a00dcae65aac6315d",
+ "sha256:e65c221b2115a91035b55a593b6eb94aa1206fa3ab374f47c6dc10d364583ff9",
+ "sha256:f98b6f256be6cec8dd308a8563976ddaff0bdc18b730720f6f4bee927ffe926f"
],
"index": "pypi",
- "version": "==4.5.2"
+ "version": "==4.6.1"
},
"maclookup": {
"hashes": [
@@ -402,12 +428,20 @@
"index": "pypi",
"version": "==1.0.3"
},
+ "markdownify": {
+ "hashes": [
+ "sha256:30be8340724e706c9e811c27fe8c1542cf74a15b46827924fff5c54b40dd9b0d",
+ "sha256:a69588194fd76634f0139d6801b820fd652dc5eeba9530e90d323dfdc0155252"
+ ],
+ "index": "pypi",
+ "version": "==0.5.3"
+ },
"maxminddb": {
"hashes": [
- "sha256:b95d8ed21799e6604683669c7ed3c6a184fcd92434d5762dccdb139b4f29e597"
+ "sha256:47e86a084dd814fac88c99ea34ba3278a74bc9de5a25f4b815b608798747c7dc"
],
"markers": "python_version >= '3.6'",
- "version": "==2.0.2"
+ "version": "==2.0.3"
},
"misp-modules": {
"editable": true,
@@ -415,26 +449,42 @@
},
"multidict": {
"hashes": [
- "sha256:1ece5a3369835c20ed57adadc663400b5525904e53bae59ec854a5d36b39b21a",
- "sha256:275ca32383bc5d1894b6975bb4ca6a7ff16ab76fa622967625baeebcf8079000",
- "sha256:3750f2205b800aac4bb03b5ae48025a64e474d2c6cc79547988ba1d4122a09e2",
- "sha256:4538273208e7294b2659b1602490f4ed3ab1c8cf9dbdd817e0e9db8e64be2507",
- "sha256:5141c13374e6b25fe6bf092052ab55c0c03d21bd66c94a0e3ae371d3e4d865a5",
- "sha256:51a4d210404ac61d32dada00a50ea7ba412e6ea945bbe992e4d7a595276d2ec7",
- "sha256:5cf311a0f5ef80fe73e4f4c0f0998ec08f954a6ec72b746f3c179e37de1d210d",
- "sha256:6513728873f4326999429a8b00fc7ceddb2509b01d5fd3f3be7881a257b8d463",
- "sha256:7388d2ef3c55a8ba80da62ecfafa06a1c097c18032a501ffd4cabbc52d7f2b19",
- "sha256:9456e90649005ad40558f4cf51dbb842e32807df75146c6d940b6f5abb4a78f3",
- "sha256:c026fe9a05130e44157b98fea3ab12969e5b60691a276150db9eda71710cd10b",
- "sha256:d14842362ed4cf63751648e7672f7174c9818459d169231d03c56e84daf90b7c",
- "sha256:e0d072ae0f2a179c375f67e3da300b47e1a83293c554450b29c900e50afaae87",
- "sha256:f07acae137b71af3bb548bd8da720956a3bc9f9a0b87733e0899226a2317aeb7",
- "sha256:fbb77a75e529021e7c4a8d4e823d88ef4d23674a202be4f5addffc72cbb91430",
- "sha256:fcfbb44c59af3f8ea984de67ec7c306f618a3ec771c2843804069917a8f2e255",
- "sha256:feed85993dbdb1dbc29102f50bca65bdc68f2c0c8d352468c25b54874f23c39d"
+ "sha256:02b2ea2bb1277a970d238c5c783023790ca94d386c657aeeb165259950951cc6",
+ "sha256:0ce1d956ecbf112d49915ebc2f29c03e35fe451fb5e9f491edf9a2f4395ee0af",
+ "sha256:0ffdb4b897b15df798c0a5939a0323ccf703f2bae551dfab4eb1af7fbab38ead",
+ "sha256:11dcf2366da487d5b9de1d4b2055308c7ed9bde1a52973d07a89b42252af9ebe",
+ "sha256:167bd8e6351b57525bbf2d524ca5a133834699a2fcb090aad0c330c6017f3f3e",
+ "sha256:1b324444299c3a49b601b1bf621fc21704e29066f6ac2b7d7e4034a4a18662a1",
+ "sha256:20eaf1c279c543e07c164e4ac02151488829177da06607efa7ccfecd71b21e79",
+ "sha256:2739d1d9237835122b27d88990849ecf41ef670e0fcb876159edd236ca9ef40f",
+ "sha256:28b5913e5b6fef273e5d4230b61f33c8a51c3ce5f44a88582dee6b5ca5c9977b",
+ "sha256:2b0cfc33f53e5c8226f7d7c4e126fa0780f970ef1e96f7c6353da7d01eafe490",
+ "sha256:32f0a904859a6274d7edcbb01752c8ae9c633fb7d1c131771ff5afd32eceee42",
+ "sha256:39713fa2c687e0d0e709ad751a8a709ac051fcdc7f2048f6fd09365dd03c83eb",
+ "sha256:4ef76ce695da72e176f6a51867afb3bf300ce16ba2597824caaef625af5906a9",
+ "sha256:5263359a03368985b5296b7a73363d761a269848081879ba04a6e4bfd0cf4a78",
+ "sha256:52b5b51281d760197ce3db063c166fdb626e01c8e428a325aa37198ce31c9565",
+ "sha256:5dd303b545b62f9d2b14f99fbdb84c109a20e64a57f6a192fe6aebcb6263b59d",
+ "sha256:60af726c19a899ed49bbb276e062f08b80222cb6b9feda44b59a128b5ff52966",
+ "sha256:60b12d14bc122ba2dae1e4460a891b3a96e73d815b4365675f6ec0a1725416a5",
+ "sha256:620c39b1270b68e194023ad471b6a54bdb517bb48515939c9829b56c783504a3",
+ "sha256:62f6e66931fb87e9016e7c1cc806ab4f3e39392fd502362df3cac888078b27cb",
+ "sha256:711289412b78cf41a21457f4c806890466013d62bf4296bd3d71fad73ff8a581",
+ "sha256:7561a804093ea4c879e06b5d3d18a64a0bc21004bade3540a4b31342b528d326",
+ "sha256:786ad04ad954afe9927a1b3049aa58722e182160fe2fcac7ad7f35c93595d4f6",
+ "sha256:79dc3e6e7ce853fb7ed17c134e01fcb0d0c826b33201aa2a910fb27ed75c2eb9",
+ "sha256:84e4943d8725659942e7401bdf31780acde9cfdaf6fe977ff1449fffafcd93a9",
+ "sha256:932964cf57c0e59d1f3fb63ff342440cf8aaa75bf0dbcbad902c084024975380",
+ "sha256:a5eca9ee72b372199c2b76672145e47d3c829889eefa2037b1f3018f54e5f67d",
+ "sha256:aad240c1429e386af38a2d6761032f0bec5177fed7c5f582c835c99fff135b5c",
+ "sha256:bbec545b8f82536bc50afa9abce832176ed250aa22bfff3e20b3463fb90b0b35",
+ "sha256:c339b7d73c0ea5c551025617bb8aa1c00a0111187b6545f48836343e6cfbe6a0",
+ "sha256:c692087913e12b801a759e25a626c3d311f416252dfba2ecdfd254583427949f",
+ "sha256:cda06c99cd6f4a36571bb38e560a6fcfb1f136521e57f612e0bc31957b1cd4bd",
+ "sha256:ec8bc0ab00c76c4260a201eaa58812ea8b1b7fde0ecf5f9c9365a182bd4691ed"
],
"markers": "python_version >= '3.5'",
- "version": "==4.7.6"
+ "version": "==5.0.0"
},
"np": {
"hashes": [
@@ -445,35 +495,43 @@
},
"numpy": {
"hashes": [
- "sha256:04c7d4ebc5ff93d9822075ddb1751ff392a4375e5885299445fcebf877f179d5",
- "sha256:0bfd85053d1e9f60234f28f63d4a5147ada7f432943c113a11afcf3e65d9d4c8",
- "sha256:0c66da1d202c52051625e55a249da35b31f65a81cb56e4c69af0dfb8fb0125bf",
- "sha256:0d310730e1e793527065ad7dde736197b705d0e4c9999775f212b03c44a8484c",
- "sha256:1669ec8e42f169ff715a904c9b2105b6640f3f2a4c4c2cb4920ae8b2785dac65",
- "sha256:2117536e968abb7357d34d754e3733b0d7113d4c9f1d921f21a3d96dec5ff716",
- "sha256:3733640466733441295b0d6d3dcbf8e1ffa7e897d4d82903169529fd3386919a",
- "sha256:4339741994c775396e1a274dba3609c69ab0f16056c1077f18979bec2a2c2e6e",
- "sha256:51ee93e1fac3fe08ef54ff1c7f329db64d8a9c5557e6c8e908be9497ac76374b",
- "sha256:54045b198aebf41bf6bf4088012777c1d11703bf74461d70cd350c0af2182e45",
- "sha256:58d66a6b3b55178a1f8a5fe98df26ace76260a70de694d99577ddeab7eaa9a9d",
- "sha256:59f3d687faea7a4f7f93bd9665e5b102f32f3fa28514f15b126f099b7997203d",
- "sha256:62139af94728d22350a571b7c82795b9d59be77fc162414ada6c8b6a10ef5d02",
- "sha256:7118f0a9f2f617f921ec7d278d981244ba83c85eea197be7c5a4f84af80a9c3c",
- "sha256:7c6646314291d8f5ea900a7ea9c4261f834b5b62159ba2abe3836f4fa6705526",
- "sha256:967c92435f0b3ba37a4257c48b8715b76741410467e2bdb1097e8391fccfae15",
- "sha256:9a3001248b9231ed73894c773142658bab914645261275f675d86c290c37f66d",
- "sha256:aba1d5daf1144b956bc87ffb87966791f5e9f3e1f6fab3d7f581db1f5b598f7a",
- "sha256:addaa551b298052c16885fc70408d3848d4e2e7352de4e7a1e13e691abc734c1",
- "sha256:b594f76771bc7fc8a044c5ba303427ee67c17a09b36e1fa32bde82f5c419d17a",
- "sha256:c35a01777f81e7333bcf276b605f39c872e28295441c265cd0c860f4b40148c1",
- "sha256:cebd4f4e64cfe87f2039e4725781f6326a61f095bc77b3716502bed812b385a9",
- "sha256:d526fa58ae4aead839161535d59ea9565863bb0b0bdb3cc63214613fb16aced4",
- "sha256:d7ac33585e1f09e7345aa902c281bd777fdb792432d27fca857f39b70e5dd31c",
- "sha256:e6ddbdc5113628f15de7e4911c02aed74a4ccff531842c583e5032f6e5a179bd",
- "sha256:eb25c381d168daf351147713f49c626030dcff7a393d5caa62515d415a6071d8"
+ "sha256:0ee77786eebbfa37f2141fd106b549d37c89207a0d01d8852fde1c82e9bfc0e7",
+ "sha256:199bebc296bd8a5fc31c16f256ac873dd4d5b4928dfd50e6c4995570fc71a8f3",
+ "sha256:1a307bdd3dd444b1d0daa356b5f4c7de2e24d63bdc33ea13ff718b8ec4c6a268",
+ "sha256:1ea7e859f16e72ab81ef20aae69216cfea870676347510da9244805ff9670170",
+ "sha256:271139653e8b7a046d11a78c0d33bafbddd5c443a5b9119618d0652a4eb3a09f",
+ "sha256:35bf5316af8dc7c7db1ad45bec603e5fb28671beb98ebd1d65e8059efcfd3b72",
+ "sha256:463792a249a81b9eb2b63676347f996d3f0082c2666fd0604f4180d2e5445996",
+ "sha256:50d3513469acf5b2c0406e822d3f314d7ac5788c2b438c24e5dd54d5a81ef522",
+ "sha256:50f68ebc439821b826823a8da6caa79cd080dee2a6d5ab9f1163465a060495ed",
+ "sha256:51e8d2ae7c7e985c7bebf218e56f72fa93c900ad0c8a7d9fbbbf362f45710f69",
+ "sha256:522053b731e11329dd52d258ddf7de5288cae7418b55e4b7d32f0b7e31787e9d",
+ "sha256:5ea4401ada0d3988c263df85feb33818dc995abc85b8125f6ccb762009e7bc68",
+ "sha256:604d2e5a31482a3ad2c88206efd43d6fcf666ada1f3188fd779b4917e49b7a98",
+ "sha256:6ff88bcf1872b79002569c63fe26cd2cda614e573c553c4d5b814fb5eb3d2822",
+ "sha256:7197ee0a25629ed782c7bd01871ee40702ffeef35bc48004bc2fdcc71e29ba9d",
+ "sha256:741d95eb2b505bb7a99fbf4be05fa69f466e240c2b4f2d3ddead4f1b5f82a5a5",
+ "sha256:83af653bb92d1e248ccf5fdb05ccc934c14b936bcfe9b917dc180d3f00250ac6",
+ "sha256:8802d23e4895e0c65e418abe67cdf518aa5cbb976d97f42fd591f921d6dffad0",
+ "sha256:8edc4d687a74d0a5f8b9b26532e860f4f85f56c400b3a98899fc44acb5e27add",
+ "sha256:942d2cdcb362739908c26ce8dd88db6e139d3fa829dd7452dd9ff02cba6b58b2",
+ "sha256:9a0669787ba8c9d3bb5de5d9429208882fb47764aa79123af25c5edc4f5966b9",
+ "sha256:9d08d84bb4128abb9fbd9f073e5c69f70e5dab991a9c42e5b4081ea5b01b5db0",
+ "sha256:9f7f56b5e85b08774939622b7d45a5d00ff511466522c44fc0756ac7692c00f2",
+ "sha256:a2daea1cba83210c620e359de2861316f49cc7aea8e9a6979d6cb2ddab6dda8c",
+ "sha256:b9074d062d30c2779d8af587924f178a539edde5285d961d2dfbecbac9c4c931",
+ "sha256:c4aa79993f5d856765819a3651117520e41ac3f89c3fc1cb6dee11aa562df6da",
+ "sha256:d78294f1c20f366cde8a75167f822538a7252b6e8b9d6dbfb3bdab34e7c1929e",
+ "sha256:dfdc8b53aa9838b9d44ed785431ca47aa3efaa51d0d5dd9c412ab5247151a7c4",
+ "sha256:dffed17848e8b968d8d3692604e61881aa6ef1f8074c99e81647ac84f6038535",
+ "sha256:e080087148fd70469aade2abfeadee194357defd759f9b59b349c6192aba994c",
+ "sha256:e983cbabe10a8989333684c98fdc5dd2f28b236216981e0c26ed359aaa676772",
+ "sha256:ea6171d2d8d648dee717457d0f75db49ad8c2f13100680e284d7becf3dc311a6",
+ "sha256:eefc13863bf01583a85e8c1121a901cc7cb8f059b960c4eba30901e2e6aba95f",
+ "sha256:efd656893171bbf1331beca4ec9f2e74358fc732a2084f664fd149cc4b3441d2"
],
"markers": "python_version >= '3.6'",
- "version": "==1.19.2"
+ "version": "==1.19.3"
},
"oauth2": {
"hashes": [
@@ -512,24 +570,29 @@
},
"pandas": {
"hashes": [
- "sha256:206d7c3e5356dcadf082e64dc25c24bc8541718045826074f96346e9d6d05a20",
- "sha256:24f61f40febe47edac271eda45d683e42838b7db2bd0f82574d9800259d2b182",
+ "sha256:ca71a5aa9eeb3ef5b31feca7d9b6369d6b3d0b2e9c85d7a89abe3ecb013f1e86",
+ "sha256:df43ea0e9fd9f9672b0de9cac26d01255ad50481994bf3cb4687c21eec2d7bbc",
+ "sha256:babbeda2f83b0686c9ad38d93b10516e68cdcd5771007eb80a763e98aaf44613",
+ "sha256:147162568b1242355290341baf281926cfac66ada07e634f3fc521ac967e4653",
+ "sha256:d6b1f9d506dc23da2915bcae5c5968990049c9cec44108bd9855d2c7c89d91dc",
"sha256:3a038cd5da602b955d335aa80cbaa0e5774f68501ff47b9c21509906981478da",
- "sha256:427be9938b2f79ab298de84f87693914cda238a27cf10580da96caf3dff64115",
- "sha256:54f5f564058b0280d588c3758abde82e280702c440db5faf0c686b80336096f9",
- "sha256:5a8a84b75ca3a29bb4263b35d5ed9fcaae2b062f014feed8c5daa897339c7d85",
"sha256:84a4ffe668df357e31f98c829536e3a7142c3036c82f996e639f644c5d32eda1",
"sha256:882012763668af54b48f1412bab95c5cc0a7ccce5a2a8221cfc3839a6e3394ef",
- "sha256:920d30fdff65a079f071db635d282b4f583c2b26f2b58d5dca218aac7c59974d",
- "sha256:a605054fbca71ed1d08bb2aef6f73c84a579bbac956bfe8f9718d5e84cb41248",
+ "sha256:d89dbc58aec1544722a8d5046f880b597c497ef8a82c5fe695b4b2effafac5ec",
+ "sha256:5a8a84b75ca3a29bb4263b35d5ed9fcaae2b062f014feed8c5daa897339c7d85",
+ "sha256:24f61f40febe47edac271eda45d683e42838b7db2bd0f82574d9800259d2b182",
"sha256:b11b496c317dbe007898de699fd59eaf687d0fe8c1b7dad109db6010155d28ae",
- "sha256:babbeda2f83b0686c9ad38d93b10516e68cdcd5771007eb80a763e98aaf44613",
+ "sha256:206d7c3e5356dcadf082e64dc25c24bc8541718045826074f96346e9d6d05a20",
"sha256:c22e40f1b4d162ca18eb6b2c572e63eef220dbc9cc3de0241cefb77972621bb7",
"sha256:ca31ac8578d48da354cf66a473d4d5ff99277ca71d321dc7ea4e6fad3c6bb0fd",
- "sha256:ca71a5aa9eeb3ef5b31feca7d9b6369d6b3d0b2e9c85d7a89abe3ecb013f1e86",
- "sha256:d6b1f9d506dc23da2915bcae5c5968990049c9cec44108bd9855d2c7c89d91dc",
- "sha256:d89dbc58aec1544722a8d5046f880b597c497ef8a82c5fe695b4b2effafac5ec",
- "sha256:df43ea0e9fd9f9672b0de9cac26d01255ad50481994bf3cb4687c21eec2d7bbc",
+ "sha256:a605054fbca71ed1d08bb2aef6f73c84a579bbac956bfe8f9718d5e84cb41248",
+ "sha256:f4cb8252ae71f093f4a6b847adf0bc9330f109c48f08363c2071f189f1c89c87",
+ "sha256:2999adc6736f8cb4c69d65a6e2b25a11bcb395da5b048342b8e4d6fe055e57ae",
+ "sha256:54f5f564058b0280d588c3758abde82e280702c440db5faf0c686b80336096f9",
+ "sha256:b026e913d88fad3a74eea8ed5a5f98e8823080ea02f8d9bb0ec19e92552daad6",
+ "sha256:11c284769f41e95f7d16a327eb555989c5f29418aad075fa80c97ef3aa8fb885",
+ "sha256:920d30fdff65a079f071db635d282b4f583c2b26f2b58d5dca218aac7c59974d",
+ "sha256:427be9938b2f79ab298de84f87693914cda238a27cf10580da96caf3dff64115",
"sha256:fd6f05b6101d0e76f3e5c26a47be5be7be96ed84ef3981dc1852e76898e73594"
],
"index": "pypi",
@@ -598,7 +661,7 @@
"sha256:ffe538682dc19cc542ae7c3e504fdf54ca7f86fb8a135e59dd6bc8627eae6cce"
],
"index": "pypi",
- "version": "==7.2.0"
+ "version": "==8.0.1"
},
"progressbar2": {
"hashes": [
@@ -609,20 +672,20 @@
},
"psutil": {
"hashes": [
- "sha256:0ee3c36428f160d2d8fce3c583a0353e848abb7de9732c50cf3356dd49ad63f8",
- "sha256:10512b46c95b02842c225f58fa00385c08fa00c68bac7da2d9a58ebe2c517498",
- "sha256:4080869ed93cce662905b029a1770fe89c98787e543fa7347f075ade761b19d6",
- "sha256:5e9d0f26d4194479a13d5f4b3798260c20cecf9ac9a461e718eb59ea520a360c",
- "sha256:66c18ca7680a31bf16ee22b1d21b6397869dda8059dbdb57d9f27efa6615f195",
- "sha256:68d36986ded5dac7c2dcd42f2682af1db80d4bce3faa126a6145c1637e1b559f",
- "sha256:90990af1c3c67195c44c9a889184f84f5b2320dce3ee3acbd054e3ba0b4a7beb",
- "sha256:a5b120bb3c0c71dfe27551f9da2f3209a8257a178ed6c628a819037a8df487f1",
- "sha256:d8a82162f23c53b8525cf5f14a355f5d1eea86fa8edde27287dd3a98399e4fdf",
- "sha256:f2018461733b23f308c298653c8903d32aaad7873d25e1d228765e91ae42c3f2",
- "sha256:ff1977ba1a5f71f89166d5145c3da1cea89a0fdb044075a12c720ee9123ec818"
+ "sha256:01bc82813fbc3ea304914581954979e637bcc7084e59ac904d870d6eb8bb2bc7",
+ "sha256:1cd6a0c9fb35ece2ccf2d1dd733c1e165b342604c67454fd56a4c12e0a106787",
+ "sha256:2cb55ef9591b03ef0104bedf67cc4edb38a3edf015cf8cf24007b99cb8497542",
+ "sha256:56c85120fa173a5d2ad1d15a0c6e0ae62b388bfb956bb036ac231fbdaf9e4c22",
+ "sha256:5d9106ff5ec2712e2f659ebbd112967f44e7d33f40ba40530c485cc5904360b8",
+ "sha256:6a3e1fd2800ca45083d976b5478a2402dd62afdfb719b30ca46cd28bb25a2eb4",
+ "sha256:ade6af32eb80a536eff162d799e31b7ef92ddcda707c27bbd077238065018df4",
+ "sha256:af73f7bcebdc538eda9cc81d19db1db7bf26f103f91081d780bbacfcb620dee2",
+ "sha256:e02c31b2990dcd2431f4524b93491941df39f99619b0d312dfe1d4d530b08b4b",
+ "sha256:fa38ac15dbf161ab1e941ff4ce39abd64b53fec5ddf60c23290daed2bc7d1157",
+ "sha256:fbcac492cb082fa38d88587d75feb90785d05d7e12d4565cbf1ecc727aff71b7"
],
"markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
- "version": "==5.7.2"
+ "version": "==5.7.3"
},
"pybgpranking": {
"editable": true,
@@ -779,7 +842,7 @@
"pdfexport"
],
"git": "https://github.com/MISP/PyMISP.git",
- "ref": "bacd4c78cd83d3bf45dcf55cd9ad3514747ac985"
+ "ref": "deb9e06c726592c145e44b25fa6a05db56e3aa80"
},
"pyonyphe": {
"editable": true,
@@ -946,49 +1009,49 @@
},
"reportlab": {
"hashes": [
- "sha256:0145233d3596fa5828972eb474b5a9f3fd5dea45d6f196fe006a7a7a461fcd03",
- "sha256:04fd4a129393006c4ba9cd9fff56b78ad60fe6702326e9260f55d4abac9f1df2",
- "sha256:067800caa12ea69e8df0a9206a7eda6697f91a33edb8413b778647d270bc9f34",
- "sha256:106a61093cf6084fbcb1272768f090b06137027e09c5e53c573c6c7b90216066",
- "sha256:13afbdca2b0844c19ee6804220bb96630f44ffa2571781de66a04e3f83609295",
- "sha256:155887770694a1febb4b1bcd2e2856c931225fa1fe8c5ef6772fce47c07f6204",
- "sha256:17c906bc410f5eef01795d709ad88663ab98447683d21b6e97bac9b366504a8a",
- "sha256:1880282b9a278b4df5139b2083b9116388d9e1fb4a438c60b3cc4ad983da1bc5",
- "sha256:2248f9c362f417d108329fdf5083ede1914757534f1b255d6c37a9a6d99c5efe",
- "sha256:2dc571be9d2fec76f8bddb540581429eb16057ff9101767d8b15166ad1de70db",
- "sha256:35dda0a1994a8fc009bf5826fe34dcdb15e561b05a5a01c506d949accfbdf027",
- "sha256:3858534058ab99fbedb34ceae31f85bbadeeb8e4dbb78a58927599a6f0422617",
- "sha256:4710d237fe9f729eacbbb7477d14eea00781704e0cdb83c789e610365e40627f",
- "sha256:49e32586d3a814a5f77407c0590504a72743ca278518b3c0f90182430f2d87af",
- "sha256:4cdb2ab88839f0d36364b71744b742e09699bde9b943aa35da26580831c3f106",
- "sha256:5e995f77124933d3e16ddc09f95ab36793083a1cb08ed2557811f8cfb254434b",
- "sha256:73bc92579692609837fb13f271f7436fdb7b6ddebb9e10185452d45814c365c3",
- "sha256:7931097db5f18e3ac6909a223e94dd3ad0258541f9802effa5b8f519ef9278e4",
- "sha256:7eb3d96adb309593bded364d25a32b80f9dc18b2f9a4b2001972194027a77eef",
- "sha256:886bdc7c13e6c6513696eb044000491c787fd53a486aa3adea060d34aa3cd028",
- "sha256:8c242a2be8d71ff18e11938cf45114d1144544984cd34fea0606f04144d62bea",
- "sha256:8f2759d2a81ee992054e7a1123cadd6baff4edecc1249e503bb6decd6b55e8ee",
- "sha256:9765c0eec5e6927aaccf6bd460fe24a014d35a3979f2c7507644fd5946775921",
- "sha256:9c7173def03fd3048f07bce00d4ca4793efc37239811d9b3eb77edb561363cd2",
- "sha256:a1d0e20cae86c6ba5e6626a9e07eca4d298341adfee778f87d5837bc76912135",
- "sha256:a5398e7af6136c25a34569132e7e2646c72a2f89e53028ef109fb03b5a2923a6",
- "sha256:a690fe672aa51ee3a6ff4c96d2f5d9744d3b6f27c999a795b9c513923f875bfc",
- "sha256:b18ea3593d4edc7f05c510ab298d48548d9a4473a643f37661b1669365d7d33c",
- "sha256:b727050ec5dfc4baeded07199d4640156f360ff4624b0194d8e91b234fc0c26b",
- "sha256:be53e8423f35d3c80b0560aec034226fdab5623bb4d64b962c3f04b65980b3e0",
- "sha256:c70e9c9cfdc0596c3912e0d147f42e83c7ac5642ac82d6fe05d85a6326bae14d",
- "sha256:ce7c13eb469f864085a546881a3bc9b46e20a73dc1a43b9e84153833e628dee3",
- "sha256:d6bd4d59f4b558165f05f9f7dfad37b9d788bcc05c0b37a6b0fcb6165d6893ec",
- "sha256:d75114965cc84ee51aaf3d7eda90f3554f3ac67350ebacd1dbb9193a7a525e21",
- "sha256:d78fdb967bd7652515d9a23ff3088e32e32ef96332737696e9eb0fda5602bf81",
- "sha256:d930a3de0fa9711b9c960dee92ff2b30c3f69568f00f0244834fe28d5563ea9b",
- "sha256:e32af1e47076a3fc77e6be5f7e2c8cbbc82fe493a5cd3f6190c0f8980c401e59",
- "sha256:e50de7d196f2d3940f3fdea0f30bf67929686d57285b3779fb071d05a810d65f",
- "sha256:e7b7e4a0ce0f455a4777528a8a316e87cc6cf887eaa2a4e6a0cc103f031c57c2",
- "sha256:e8dd01462a1bb41b6806aa93a703100d3fbba760f8feca96fcec710db9384a25"
+ "sha256:00b9b3ffbd197b21cb076acc336993005b75d16b60f7a79a3c8faee926f890b7",
+ "sha256:0177b58d0ae81f6775b10e66f97bc7aa490659398e1f24401b6d1767803c4880",
+ "sha256:03c792a92ba21e75e05230ef1ce038025c23b124c706d7369dfa1475a0d24785",
+ "sha256:04044318273fa00487557f2e79bb6f8faa08185b8b1795cc29985ccb609c8680",
+ "sha256:217da82e7451e2b101a4bd72006a7e6c0d3203200cfb5c4d6a17b997b9ba73c6",
+ "sha256:226b5ef9af16aa8b3487513556ae7386239fe3ec8b121b1e23f45b850f0a10a8",
+ "sha256:24773aba8c74e1e023a1d3c3c60dbd6ef4a76472e38f13b5a214c8bb48db7aef",
+ "sha256:25eb9bb45e206b3a464f763d1231d70bb5f351c01d5ab94568e687fec4bd9eee",
+ "sha256:3d6d26294e8e3f6a639ee4a4b423d2cb0fa7de24c4cccea50a32d50d20db52ad",
+ "sha256:4987cca329df7f9bf4b6abea3e83c26a5a8edfe5b133344e24f146ddc8c09b9a",
+ "sha256:4b6a7e9a83e00cfe020c8e8bdd595384312228b24dcb40538d5cf00df15c5bff",
+ "sha256:531b70748dd89456c4e1d2132497bc8580ac74d7fcb790b8e2d1b20378655ba2",
+ "sha256:57abf06c045d16a85906fbdd8d826d7e334377bbb29b7442d249a95cf5f3a5c5",
+ "sha256:58877ed7390327bf4c41ca75473223866f7d8da0f8a606eb682127c8ac4af990",
+ "sha256:640d41838b1e663c5db53f3c32294cd742ac5cc4ba3098aeaad53297b7e1cc47",
+ "sha256:658471d5b06e121692449f44a4e39e3c7128fea757c4e9354b488f35ac3f82de",
+ "sha256:6f971a53e02682866886c451513143f46aed65704e46327bb6440604cd7cd7eb",
+ "sha256:78dcf1aff25ddf68b147e78b074bef1384e804dd54322eb1d1f1f680892f8788",
+ "sha256:793ed7edd50306cd05213ac012749dfe65768485bd493c3434936438d594a363",
+ "sha256:7a3512585308e5c73bf123457ccfc90acb99493df89fae6131caaec9ffe1e4ca",
+ "sha256:7ace84b3aae39b14ce7235d096bc81891f60b871b7edad2b656cb1729100e0f2",
+ "sha256:7e84d123ec98816fce5a97af2755d664519e7891e9793330ec271900acb2bfab",
+ "sha256:813c31d8b7f28ee2f38f238c3eb6afb02b81b00d749ab10e38b534843680aea7",
+ "sha256:8365efe779e43e8005eace19c11c36e6a4bbea86ddc868b8db122240391c1747",
+ "sha256:8412514dc0d1bf62c6b33a645b5a7c46933cc16f3678db5546d0ac4e27f3dbae",
+ "sha256:8d4ba2aea71ab6ec688b3f3416db0d457e7814a642433b7f407a3f29e054816d",
+ "sha256:99a7cdd8633a8717dd239917647b42d9a6b869a01c39019c7b0b08b963be2a7e",
+ "sha256:9d86fe83e9c4838e0048f14067869d1ca8722bb52545781db7a9d345939e77f0",
+ "sha256:a626a97ab135f2129d87c5f98b2aee45e0ef1652bc9afef92509a8f5a5f72e45",
+ "sha256:a921906c1deb199f7910163703e4073b52e8d7f00d56d4f6bbc255a6ca3cfb1d",
+ "sha256:b80840cc4fece1426d30070a9dad016d9589e8d82ebddfc9ed30004b44ba2803",
+ "sha256:c5318b4e23803c7c5f2b7384858b7b6be5faf51f63664c97f6bf8601cd248855",
+ "sha256:cd5546d840f639587f352d4c54ff35422cbeba81eb2c50d156cd733015ecc4b2",
+ "sha256:d445fc4ada6a24a90080f7379d169fba1072ba5a75179ce2f5c3280adf605b45",
+ "sha256:d56f150bb4b2d32596291aa98d3c6986721c5cf41b8f90346a84cee8b7fb35f2",
+ "sha256:d6e42636247e4c6d2db929b9db01d1af907f63aa74af8123cd699107df8a7b23",
+ "sha256:dcf732695b1325289a9a74b849179d8475db32a00803644a664c2172a603237e",
+ "sha256:e7b20927e5e11bad8bac5d5b6c286ce2cae2804073513aa67f20986bc4b3b4e0",
+ "sha256:f6295876665359790dcb7042a9221c60e1f89dee042f33414e3ce440772f7aa1",
+ "sha256:f8ec6637f56c293ac62c9a94daebb856c4ef9b97eae4cf7b4e518813e41c8c75"
],
"index": "pypi",
- "version": "==3.5.53"
+ "version": "==3.5.54"
},
"requests": {
"extras": [
@@ -1010,10 +1073,10 @@
},
"shodan": {
"hashes": [
- "sha256:d2d37d47dd084747df672e6d981f6d72d5d03f4ee12f0ce2170e618147578349"
+ "sha256:0b5ec40c954cd48c4e3234e81ad92afdc68438f82ad392fed35b7097eb77b6dd"
],
"index": "pypi",
- "version": "==1.23.1"
+ "version": "==1.24.0"
},
"sigmatools": {
"hashes": [
@@ -1104,10 +1167,18 @@
},
"trustar": {
"hashes": [
- "sha256:47c45674a4a310dc8d932035e0de112de55c1e899663865b996a6b6b2d79cbde"
+ "sha256:2618a377e3c000a41a47eb34b31ea694215eed4a1d2e3cfca1801ac6baebd958"
],
"index": "pypi",
- "version": "==0.3.33"
+ "version": "==0.3.34"
+ },
+ "typing-extensions": {
+ "hashes": [
+ "sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918",
+ "sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c",
+ "sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f"
+ ],
+ "version": "==3.7.4.3"
},
"tzlocal": {
"hashes": [
@@ -1124,11 +1195,11 @@
},
"url-normalize": {
"hashes": [
- "sha256:1709cb4739e496f9f807a894e361915792f273538e250b1ab7da790544a665c3",
- "sha256:1bd7085349dcdf06e52194d0f75ff99fff2eeed0da85a50e4cc2346452c1b8bc"
+ "sha256:d23d3a070ac52a67b83a1c59a0e68f8608d1cd538783b401bc9de2c0fac999b2",
+ "sha256:ec3c301f04e5bb676d333a7fa162fa977ad2ca04b7e652bfc9fac4e405728eed"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
- "version": "==1.4.2"
+ "version": "==1.4.3"
},
"urlarchiver": {
"hashes": [
@@ -1139,11 +1210,11 @@
},
"urllib3": {
"hashes": [
- "sha256:91056c15fa70756691db97756772bb1eb9678fa585d9184f24534b100dc60f4a",
- "sha256:e7983572181f5e1522d9c98453462384ee92a0be7fac5f1413a1e35c56cc0461"
+ "sha256:8d7eaa5a82a1cac232164990f04874c594c9453ec55eef02eab885aa02fc17a2",
+ "sha256:f5321fbe4bf3fefa0efd0bfe7fb14e90909eb62a48ccda331726b4319897dd5e"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
- "version": "==1.25.10"
+ "version": "==1.25.11"
},
"uwhois": {
"editable": true,
@@ -1167,12 +1238,12 @@
},
"vulners": {
"hashes": [
- "sha256:4e78fc7492d33a1e612e7d5046e51f4c272eb7febdfc0fc06061648d2153e75a",
- "sha256:6b088b7c8da9bdcc16e8283afd4a8f804388f1432d12d17b29b770778113ec62",
- "sha256:7964884c1f262004a950d5915d49520d22afa3ab175d473492e2dbcc6b5e0a9a"
+ "sha256:065aa63d5626d51cf45260bc6cc3a6ea682977689c036a6daba695905e881ba7",
+ "sha256:0e1356040f456f87841ccfe9f2f6ed36a256370606d530679d5d9993fe91386c",
+ "sha256:ab9ed8fbf1d3c80f0d066b13ac9d70d11dc9cb0b77568be65396117a4245e916"
],
"index": "pypi",
- "version": "==1.5.8"
+ "version": "==1.5.9"
},
"wand": {
"hashes": [
@@ -1205,10 +1276,10 @@
},
"xlsxwriter": {
"hashes": [
- "sha256:99b665203d737db31378ec729c9990a004c1abae53a6fa211c104f8c2e36cffd",
- "sha256:b89002dea57bb3d4c8207f3e28ef8244bfd9e936b85d74e7dd1f97e11bb70313"
+ "sha256:9b1ade2d1ba5d9b40a6d1de1d55ded4394ab8002718092ae80a08532c2add2e6",
+ "sha256:b807c2d3e379bf6a925f472955beef3e07495c1bac708640696876e68675b49b"
],
- "version": "==1.3.6"
+ "version": "==1.3.7"
},
"yara-python": {
"hashes": [
@@ -1229,26 +1300,42 @@
},
"yarl": {
"hashes": [
- "sha256:04a54f126a0732af75e5edc9addeaa2113e2ca7c6fce8974a63549a70a25e50e",
- "sha256:3cc860d72ed989f3b1f3abbd6ecf38e412de722fb38b8f1b1a086315cf0d69c5",
- "sha256:5d84cc36981eb5a8533be79d6c43454c8e6a39ee3118ceaadbd3c029ab2ee580",
- "sha256:5e447e7f3780f44f890360ea973418025e8c0cdcd7d6a1b221d952600fd945dc",
- "sha256:61d3ea3c175fe45f1498af868879c6ffeb989d4143ac542163c45538ba5ec21b",
- "sha256:67c5ea0970da882eaf9efcf65b66792557c526f8e55f752194eff8ec722c75c2",
- "sha256:6f6898429ec3c4cfbef12907047136fd7b9e81a6ee9f105b45505e633427330a",
- "sha256:7ce35944e8e61927a8f4eb78f5bc5d1e6da6d40eadd77e3f79d4e9399e263921",
- "sha256:b7c199d2cbaf892ba0f91ed36d12ff41ecd0dde46cbf64ff4bfe997a3ebc925e",
- "sha256:c15d71a640fb1f8e98a1423f9c64d7f1f6a3a168f803042eaf3a5b5022fde0c1",
- "sha256:c22607421f49c0cb6ff3ed593a49b6a99c6ffdeaaa6c944cdda83c2393c8864d",
- "sha256:c604998ab8115db802cc55cb1b91619b2831a6128a62ca7eea577fc8ea4d3131",
- "sha256:d088ea9319e49273f25b1c96a3763bf19a882cff774d1792ae6fba34bd40550a",
- "sha256:db9eb8307219d7e09b33bcb43287222ef35cbcf1586ba9472b0a4b833666ada1",
- "sha256:e31fef4e7b68184545c3d68baec7074532e077bd1906b040ecfba659737df188",
- "sha256:e32f0fb443afcfe7f01f95172b66f279938fbc6bdaebe294b0ff6747fb6db020",
- "sha256:fcbe419805c9b20db9a51d33b942feddbf6e7fb468cb20686fd7089d4164c12a"
+ "sha256:03b7a44384ad60be1b7be93c2a24dc74895f8d767ea0bce15b2f6fc7695a3843",
+ "sha256:076157404db9db4bb3fa9db22db319bbb36d075eeab19ba018ce20ae0cacf037",
+ "sha256:1c05ae3d5ea4287470046a2c2754f0a4c171b84ea72c8a691f776eb1753dfb91",
+ "sha256:2467baf8233f7c64048df37e11879c553943ffe7f373e689711ec2807ea13805",
+ "sha256:2bb2e21cf062dfbe985c3cd4618bae9f25271efcad9e7be1277861247eee9839",
+ "sha256:311effab3b3828ab34f0e661bb57ff422f67d5c33056298bda4c12195251f8dd",
+ "sha256:3526cb5905907f0e42bee7ef57ae4a5f02bc27dcac27859269e2bba0caa4c2b6",
+ "sha256:39b1e586f34b1d2512c9b39aa3cf24c870c972d525e36edc9ee19065db4737bb",
+ "sha256:4bed5cd7c8e69551eb19df15295ba90e62b9a6a1149c76eb4a9bab194402a156",
+ "sha256:51c6d3cf7a1f1fbe134bb92f33b7affd94d6de24cd64b466eb12de52120fb8c6",
+ "sha256:59f78b5da34ddcffb663b772f7619e296518712e022e57fc5d9f921818e2ab7c",
+ "sha256:6f29115b0c330da25a04f48612d75333bca04521181a666ca0b8761005a99150",
+ "sha256:73d4e1e1ef5e52d526c92f07d16329e1678612c6a81dd8101fdcae11a72de15c",
+ "sha256:9b48d31f8d881713fd461abfe7acbb4dcfeb47cec3056aa83f2fbcd2244577f7",
+ "sha256:a1fd575dd058e10ad4c35065e7c3007cc74d142f622b14e168d8a273a2fa8713",
+ "sha256:b3dd1052afd436ba737e61f5d3bed1f43a7f9a33fc58fbe4226eb919a7006019",
+ "sha256:b99c25ed5c355b35d1e6dae87ac7297a4844a57dc5766b173b88b6163a36eb0d",
+ "sha256:c056e86bff5a0b566e0d9fab4f67e83b12ae9cbcd250d334cbe2005bbe8c96f2",
+ "sha256:c45b49b59a5724869899798e1bbd447ac486215269511d3b76b4c235a1b766b6",
+ "sha256:cd623170c729a865037828e3f99f8ebdb22a467177a539680dfc5670b74c84e2",
+ "sha256:d25d3311794e6c71b608d7c47651c8f65eea5ab15358a27f29330b3475e8f8e5",
+ "sha256:d695439c201ed340745250f9eb4dfe8d32bf1e680c16477107b8f3ce4bff4fdb",
+ "sha256:d77f6c9133d2aabb290a7846aaa74ec14d7b5ab35b01591fac5a70c4a8c959a2",
+ "sha256:d894a2442d2cd20a3b0b0dce5a353d316c57d25a2b445e03f7eac90eee27b8af",
+ "sha256:db643ce2b58a4bd11a82348225c53c76ecdd82bb37cf4c085e6df1b676f4038c",
+ "sha256:e3a0c43a26dfed955b2a06fdc4d51d2c51bc2200aff8ce8faf14e676ea8c8862",
+ "sha256:e77bf79ad1ccae672eab22453838382fe9029fc27c8029e84913855512a587d8",
+ "sha256:f2f0174cb15435957d3b751093f89aede77df59a499ab7516bbb633b77ead13a",
+ "sha256:f3031c78edf10315abe232254e6a36b65afe65fded41ee54ed7976d0b2cdf0da",
+ "sha256:f4c007156732866aa4507d619fe6f8f2748caabed4f66b276ccd97c82572620c",
+ "sha256:f4f27ff3dd80bc7c402def211a47291ea123d59a23f59fe18fc0e81e3e71f385",
+ "sha256:f57744fc61e118b5d114ae8077d8eb9df4d2d2c11e2af194e21f0c11ed9dcf6c",
+ "sha256:f835015a825980b65356e9520979a1564c56efea7da7d4b68a14d4a07a3a7336"
],
- "markers": "python_version >= '3.5'",
- "version": "==1.6.0"
+ "markers": "python_version >= '3.6'",
+ "version": "==1.6.2"
}
},
"develop": {
@@ -1276,12 +1363,12 @@
},
"codecov": {
"hashes": [
- "sha256:24545847177a893716b3455ac5bfbafe0465f38d4eb86ea922c09adc7f327e65",
- "sha256:355fc7e0c0b8a133045f0d6089bde351c845e7b52b99fec5903b4ea3ab5f6aab",
- "sha256:7877f68effde3c2baadcff807a5d13f01019a337f9596eece0d64e57393adf3a"
+ "sha256:61bc71b5f58be8000bf9235aa9d0112f8fd3acca00aa02191bb81426d22a8584",
+ "sha256:a333626e6ff882db760ce71a1d84baf80ddff2cd459a3cc49b41fdac47d77ca5",
+ "sha256:d30ad6084501224b1ba699cbf018a340bb9553eb2701301c14133995fdd84f33"
],
"index": "pypi",
- "version": "==2.1.9"
+ "version": "==2.1.10"
},
"coverage": {
"hashes": [
@@ -1341,10 +1428,10 @@
},
"iniconfig": {
"hashes": [
- "sha256:80cf40c597eb564e86346103f609d74efce0f6b4d4f30ec8ce9e2c26411ba437",
- "sha256:e5f92f89355a67de0595932a6c6c02ab4afddc6fcdc0bfc5becd0d60884d3f69"
+ "sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3",
+ "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32"
],
- "version": "==1.0.1"
+ "version": "==1.1.1"
},
"mccabe": {
"hashes": [
@@ -1412,11 +1499,11 @@
},
"pytest": {
"hashes": [
- "sha256:7a8190790c17d79a11f847fba0b004ee9a8122582ebff4729a082c109e81a4c9",
- "sha256:8f593023c1a0f916110285b6efd7f99db07d59546e3d8c36fc60e2ab05d3be92"
+ "sha256:4288fed0d9153d9646bfcdf0c0428197dba1ecb27a33bb6e031d002fa88653fe",
+ "sha256:c0a7e94a8cdbc5422a51ccdad8e6f1024795939cc89159a0ae7f0b316ad3823e"
],
"index": "pypi",
- "version": "==6.1.1"
+ "version": "==6.1.2"
},
"requests": {
"extras": [
@@ -1446,11 +1533,11 @@
},
"urllib3": {
"hashes": [
- "sha256:91056c15fa70756691db97756772bb1eb9678fa585d9184f24534b100dc60f4a",
- "sha256:e7983572181f5e1522d9c98453462384ee92a0be7fac5f1413a1e35c56cc0461"
+ "sha256:8d7eaa5a82a1cac232164990f04874c594c9453ec55eef02eab885aa02fc17a2",
+ "sha256:f5321fbe4bf3fefa0efd0bfe7fb14e90909eb62a48ccda331726b4319897dd5e"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
- "version": "==1.25.10"
+ "version": "==1.25.11"
}
}
}
diff --git a/README.md b/README.md
index ce9b57c..b1d80a3 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
* [CIRCL Passive SSL](misp_modules/modules/expansion/circl_passivessl.py) - a hover and expansion module to expand IP addresses with the X.509 certificate(s) seen.
* [countrycode](misp_modules/modules/expansion/countrycode.py) - a hover module to tell you what country a URL belongs to.
* [CrowdStrike Falcon](misp_modules/modules/expansion/crowdstrike_falcon.py) - an expansion module to expand using CrowdStrike Falcon Intel Indicator API.
+* [CPE](misp_modules/modules/expansion/cpe.py) - An expansion module to query the CVE Search API with a cpe code, to get its related vulnerabilities.
* [CVE](misp_modules/modules/expansion/cve.py) - a hover module to give more information about a vulnerability (CVE).
* [CVE advanced](misp_modules/modules/expansion/cve_advanced.py) - An expansion module to query the CIRCL CVE search API for more information about a vulnerability (CVE).
* [Cuckoo submit](misp_modules/modules/expansion/cuckoo_submit.py) - A hover module to submit malware sample, url, attachment, domain to Cuckoo Sandbox.
@@ -48,6 +49,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
* [Greynoise](misp_modules/modules/expansion/greynoise.py) - a hover to get information from greynoise.
* [hashdd](misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset.
* [hibp](misp_modules/modules/expansion/hibp.py) - a hover module to lookup against Have I Been Pwned?
+* [html_to_markdown](misp_modules/modules/expansion/html_to_markdown.py) - Simple HTML to markdown converter
* [intel471](misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
* [IPASN](misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
* [iprep](misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
diff --git a/REQUIREMENTS b/REQUIREMENTS
index 9b26d1c..f6362b5 100644
--- a/REQUIREMENTS
+++ b/REQUIREMENTS
@@ -47,6 +47,7 @@ jsonschema==3.2.0
lief==0.10.1
lxml==4.5.2
maclookup==1.0.3
+markdownify==0.5.3
maxminddb==2.0.2; python_version >= '3.6'
multidict==4.7.6; python_version >= '3.5'
np==1.0.2
diff --git a/doc/expansion/farsight_passivedns.json b/doc/expansion/farsight_passivedns.json
deleted file mode 100644
index 2c1bf05..0000000
--- a/doc/expansion/farsight_passivedns.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "description": "Module to access Farsight DNSDB Passive DNS.",
- "logo": "logos/farsight.png",
- "requirements": ["An access to the Farsight Passive DNS API (apikey)"],
- "input": "A domain, hostname or IP address MISP attribute.",
- "output": "Text containing information about the input, resulting from the query on the Farsight Passive DNS API.",
- "references": ["https://www.farsightsecurity.com/"],
- "features": "This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API. The API returns then the result of the query with some information about the value queried."
-}
diff --git a/doc/expansion/greynoise.json b/doc/expansion/greynoise.json
deleted file mode 100644
index 49ba481..0000000
--- a/doc/expansion/greynoise.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "description": "Module to access GreyNoise.io API",
- "logo": "logos/greynoise.png",
- "requirements": ["A Greynoise API key."],
- "input": "An IP address.",
- "output": "Additional information about the IP fetched from Greynoise API.",
- "references": ["https://greynoise.io/", "https://github.com/GreyNoise-Intelligence/api.greynoise.io"],
- "features": "The module takes an IP address as input and queries Greynoise for some additional information about it: basically it checks whether a given IP address is “Internet background noise”, or has been observed scanning or attacking devices across the Internet. The result is returned as text."
-}
diff --git a/doc/export_mod/cef_export.json b/doc/export_mod/cef_export.json
deleted file mode 100644
index 84bba8e..0000000
--- a/doc/export_mod/cef_export.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "description": "Module to export a MISP event in CEF format.",
- "requirements": [],
- "features": "The module takes a MISP event in input, to look every attribute. Each attribute matching with some predefined types is then exported in Common Event Format.\nThus, there is no particular feature concerning MISP Events since any event can be exported. However, 4 configuration parameters recognized by CEF format are required and should be provided by users before exporting data: the device vendor, product and version, as well as the default severity of data.",
- "references": ["https://community.softwaregrp.com/t5/ArcSight-Connectors/ArcSight-Common-Event-Format-CEF-Guide/ta-p/1589306?attachment-id=65537"],
- "input": "MISP Event attributes",
- "output": "Common Event Format file"
-}
diff --git a/doc/export_mod/goamlexport.json b/doc/export_mod/goamlexport.json
deleted file mode 100644
index 57a1587..0000000
--- a/doc/export_mod/goamlexport.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "description": "This module is used to export MISP events containing transaction objects into GoAML format.",
- "logo": "logos/goAML.jpg",
- "requirements": ["PyMISP","MISP objects"],
- "features": "The module works as long as there is at least one transaction object in the Event.\n\nThen in order to have a valid GoAML document, please follow these guidelines:\n- For each transaction object, use either a bank-account, person, or legal-entity object to describe the origin of the transaction, and again one of them to describe the target of the transaction.\n- Create an object reference for both origin and target objects of the transaction.\n- A bank-account object needs a signatory, which is a person object, put as object reference of the bank-account.\n- A person can have an address, which is a geolocation object, put as object reference of the person.\n\nSupported relation types for object references that are recommended for each object are the folowing:\n- transaction:\n\t- 'from', 'from_my_client': Origin of the transaction - at least one of them is required.\n\t- 'to', 'to_my_client': Target of the transaction - at least one of them is required.\n\t- 'address': Location of the transaction - optional.\n- bank-account:\n\t- 'signatory': Signatory of a bank-account - the reference from bank-account to a signatory is required, but the relation-type is optional at the moment since this reference will always describe a signatory.\n\t- 'entity': Entity owning the bank account - optional.\n- person:\n\t- 'address': Address of a person - optional.",
- "references": ["http://goaml.unodc.org/"],
- "input": "MISP objects (transaction, bank-account, person, legal-entity, geolocation), with references, describing financial transactions and their origin and target.",
- "output": "GoAML format file, describing financial transactions, with their origin and target (bank accounts, persons or entities)."
-}
diff --git a/doc/export_mod/liteexport.json b/doc/export_mod/liteexport.json
deleted file mode 100644
index 110577c..0000000
--- a/doc/export_mod/liteexport.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "description": "Lite export of a MISP event.",
- "requirements": [],
- "features": "This module is simply producing a json MISP event format file, but exporting only Attributes from the Event. Thus, MISP Events exported with this module should have attributes that are not internal references, otherwise the resulting event would be empty.",
- "references": [],
- "input": "MISP Event attributes",
- "output": "Lite MISP Event"
-}
diff --git a/doc/export_mod/nexthinkexport.json b/doc/export_mod/nexthinkexport.json
deleted file mode 100644
index 182448c..0000000
--- a/doc/export_mod/nexthinkexport.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "description": "Nexthink NXQL query export module",
- "requirements": [],
- "features": "This module export an event as Nexthink NXQL queries that can then be used in your own python3 tool or from wget/powershell",
- "references": ["https://doc.nexthink.com/Documentation/Nexthink/latest/APIAndIntegrations/IntroducingtheWebAPIV2"],
- "input": "MISP Event attributes",
- "output": "Nexthink NXQL queries",
- "logo": "logos/nexthink.svg"
-}
diff --git a/doc/export_mod/osqueryexport.json b/doc/export_mod/osqueryexport.json
deleted file mode 100644
index 6543cb1..0000000
--- a/doc/export_mod/osqueryexport.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "description": "OSQuery export of a MISP event.",
- "requirements": [],
- "features": "This module export an event as osquery queries that can be used in packs or in fleet management solution like Kolide.",
- "references": [],
- "input": "MISP Event attributes",
- "output": "osquery SQL queries",
- "logo": "logos/osquery.png"
-}
diff --git a/doc/export_mod/pdfexport.json b/doc/export_mod/pdfexport.json
deleted file mode 100644
index f1654dc..0000000
--- a/doc/export_mod/pdfexport.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "description": "Simple export of a MISP event to PDF.",
- "requirements": ["PyMISP", "reportlab"],
- "features": "The module takes care of the PDF file building, and work with any MISP Event. Except the requirement of reportlab, used to create the file, there is no special feature concerning the Event. Some parameters can be given through the config dict. 'MISP_base_url_for_dynamic_link' is your MISP URL, to attach an hyperlink to your event on your MISP instance from the PDF. Keep it clear to avoid hyperlinks in the generated pdf.\n 'MISP_name_for_metadata' is your CERT or MISP instance name. Used as text in the PDF' metadata\n 'Activate_textual_description' is a boolean (True or void) to activate the textual description/header abstract of an event\n 'Activate_galaxy_description' is a boolean (True or void) to activate the description of event related galaxies.\n 'Activate_related_events' is a boolean (True or void) to activate the description of related event. Be aware this might leak information on confidential events linked to the current event !\n 'Activate_internationalization_fonts' is a boolean (True or void) to activate Noto fonts instead of default fonts (Helvetica). This allows the support of CJK alphabet. Be sure to have followed the procedure to download Noto fonts (~70Mo) in the right place (/tools/pdf_fonts/Noto_TTF), to allow PyMisp to find and use them during PDF generation.\n 'Custom_fonts_path' is a text (path or void) to the TTF file of your choice, to create the PDF with it. Be aware the PDF won't support bold/italic/special style anymore with this option ",
- "references": ["https://acrobat.adobe.com/us/en/acrobat/about-adobe-pdf.html"],
- "input": "MISP Event",
- "output": "MISP Event in a PDF file."
-}
diff --git a/doc/export_mod/threatStream_misp_export.json b/doc/export_mod/threatStream_misp_export.json
deleted file mode 100644
index 3fdc50a..0000000
--- a/doc/export_mod/threatStream_misp_export.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "description": "Module to export a structured CSV file for uploading to threatStream.",
- "logo": "logos/threatstream.png",
- "requirements": ["csv"],
- "features": "The module takes a MISP event in input, to look every attribute. Each attribute matching with some predefined types is then exported in a CSV format recognized by ThreatStream.",
- "references": ["https://www.anomali.com/platform/threatstream", "https://github.com/threatstream"],
- "input": "MISP Event attributes",
- "output": "ThreatStream CSV format file"
-}
diff --git a/doc/export_mod/threat_connect_export.json b/doc/export_mod/threat_connect_export.json
deleted file mode 100644
index 8d19572..0000000
--- a/doc/export_mod/threat_connect_export.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "description": "Module to export a structured CSV file for uploading to ThreatConnect.",
- "logo": "logos/threatconnect.png",
- "requirements": ["csv"],
- "features": "The module takes a MISP event in input, to look every attribute. Each attribute matching with some predefined types is then exported in a CSV format recognized by ThreatConnect.\nUsers should then provide, as module configuration, the source of data they export, because it is required by the output format.",
- "references": ["https://www.threatconnect.com"],
- "input": "MISP Event attributes",
- "output": "ThreatConnect CSV format file"
-}
diff --git a/doc/generate_documentation.py b/doc/generate_documentation.py
deleted file mode 100644
index f86b5a7..0000000
--- a/doc/generate_documentation.py
+++ /dev/null
@@ -1,65 +0,0 @@
-# -*- coding: utf-8 -*-
-import os
-import json
-
-module_types = ['expansion', 'export_mod', 'import_mod']
-titles = ['Expansion Modules', 'Export Modules', 'Import Modules']
-markdown = ["# MISP modules documentation\n"]
-githublink = 'https://github.com/MISP/misp-modules/tree/master/misp_modules/modules'
-
-
-def generate_doc(root_path):
- for _path, title in zip(module_types, titles):
- markdown.append('\n## {}\n'.format(title))
- current_path = os.path.join(root_path, _path)
- files = sorted(os.listdir(current_path))
- githubpath = '{}/{}'.format(githublink, _path)
- for _file in files:
- modulename = _file.split('.json')[0]
- githubref = '{}/{}.py'.format(githubpath, modulename)
- markdown.append('\n#### [{}]({})\n'.format(modulename, githubref))
- filename = os.path.join(current_path, _file)
- with open(filename, 'rt') as f:
- definition = json.loads(f.read())
- if 'logo' in definition:
- markdown.append('\n
\n'.format(definition.pop('logo')))
- if 'description' in definition:
- markdown.append('\n{}\n'.format(definition.pop('description')))
- for field, value in sorted(definition.items()):
- if value:
- value = ', '.join(value) if isinstance(value, list) else '{}'.format(value.replace('\n', '\n>'))
- markdown.append('- **{}**:\n>{}\n'.format(field, value))
- markdown.append('\n-----\n')
- with open('README.md', 'w') as w:
- w.write(''.join(markdown))
-
-def generate_docs_for_mkdocs(root_path):
- for _path, title in zip(module_types, titles):
- markdown = []
- #markdown.append('## {}\n'.format(title))
- current_path = os.path.join(root_path, _path)
- files = sorted(os.listdir(current_path))
- githubpath = '{}/{}'.format(githublink, _path)
- for _file in files:
- modulename = _file.split('.json')[0]
- githubref = '{}/{}.py'.format(githubpath, modulename)
- markdown.append('\n#### [{}]({})\n'.format(modulename, githubref))
- filename = os.path.join(current_path, _file)
- with open(filename, 'rt') as f:
- definition = json.loads(f.read())
- if 'logo' in definition:
- markdown.append('\n\n'.format(definition.pop('logo')))
- if 'description' in definition:
- markdown.append('\n{}\n'.format(definition.pop('description')))
- for field, value in sorted(definition.items()):
- if value:
- value = ', '.join(value) if isinstance(value, list) else '{}'.format(value.replace('\n', '\n>'))
- markdown.append('- **{}**:\n>{}\n'.format(field, value))
- markdown.append('\n-----\n')
- with open(root_path+"/../"+"/docs/"+_path+".md", 'w') as w:
- w.write(''.join(markdown))
-
-if __name__ == '__main__':
- root_path = os.path.dirname(os.path.realpath(__file__))
- generate_doc(root_path)
- generate_docs_for_mkdocs(root_path)
diff --git a/doc/import_mod/csvimport.json b/doc/import_mod/csvimport.json
deleted file mode 100644
index 66a10fd..0000000
--- a/doc/import_mod/csvimport.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "description": "Module to import MISP attributes from a csv file.",
- "requirements": ["PyMISP"],
- "features": "In order to parse data from a csv file, a header is required to let the module know which column is matching with known attribute fields / MISP types.\n\nThis header either comes from the csv file itself or is part of the configuration of the module and should be filled out in MISP plugin settings, each field separated by COMMAS. Fields that do not match with any type known in MISP or are not MISP attribute fields should be ignored in import, using a space or simply nothing between two separators (example: 'ip-src, , comment, ').\n\nIf the csv file already contains a header that does not start by a '#', you should tick the checkbox 'has_header' to avoid importing it and have potential issues. You can also redefine the header even if it is already contained in the file, by following the rules for headers explained earlier. One reason why you would redefine a header is for instance when you want to skip some fields, or some fields are not valid types.",
- "references": ["https://tools.ietf.org/html/rfc4180", "https://tools.ietf.org/html/rfc7111"],
- "input": "CSV format file.",
- "output": "MISP Event attributes"
-}
diff --git a/doc/import_mod/cuckooimport.json b/doc/import_mod/cuckooimport.json
deleted file mode 100644
index 8091d07..0000000
--- a/doc/import_mod/cuckooimport.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "description": "Module to import Cuckoo JSON.",
- "logo": "logos/cuckoo.png",
- "requirements": [],
- "features": "The module simply imports MISP Attributes from a Cuckoo JSON format file. There is thus no special feature to make it work.",
- "references": ["https://cuckoosandbox.org/", "https://github.com/cuckoosandbox/cuckoo"],
- "input": "Cuckoo JSON file",
- "output": "MISP Event attributes"
-}
diff --git a/doc/import_mod/email_import.json b/doc/import_mod/email_import.json
deleted file mode 100644
index 1f53852..0000000
--- a/doc/import_mod/email_import.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "description": "Module to import emails in MISP.",
- "requirements": [],
- "features": "This module can be used to import e-mail text as well as attachments and urls.\n3 configuration parameters are then used to unzip attachments, guess zip attachment passwords, and extract urls: set each one of them to True or False to process or not the respective corresponding actions.",
- "references": [],
- "input": "E-mail file",
- "output": "MISP Event attributes"
-}
diff --git a/doc/import_mod/goamlimport.json b/doc/import_mod/goamlimport.json
deleted file mode 100644
index f2a1ec2..0000000
--- a/doc/import_mod/goamlimport.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "description": "Module to import MISP objects about financial transactions from GoAML files.",
- "logo": "logos/goAML.jpg",
- "requirements": ["PyMISP"],
- "features": "Unlike the GoAML export module, there is here no special feature to import data from GoAML external files, since the module will import MISP Objects with their References on its own, as it is required for the export module to rebuild a valid GoAML document.",
- "references": "http://goaml.unodc.org/",
- "input": "GoAML format file, describing financial transactions, with their origin and target (bank accounts, persons or entities).",
- "output": "MISP objects (transaction, bank-account, person, legal-entity, geolocation), with references, describing financial transactions and their origin and target."
-}
diff --git a/doc/import_mod/mispjson.json b/doc/import_mod/mispjson.json
deleted file mode 100644
index dd11405..0000000
--- a/doc/import_mod/mispjson.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "description": "Module to import MISP JSON format for merging MISP events.",
- "requirements": [],
- "features": "The module simply imports MISP Attributes from an other MISP Event in order to merge events together. There is thus no special feature to make it work.",
- "references": [],
- "input": "MISP Event",
- "output": "MISP Event attributes"
-}
diff --git a/doc/import_mod/ocr.json b/doc/import_mod/ocr.json
deleted file mode 100644
index 14bbf0b..0000000
--- a/doc/import_mod/ocr.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "description": "Optical Character Recognition (OCR) module for MISP.",
- "requirements": [],
- "features": "The module tries to recognize some text from an image and import the result as a freetext attribute, there is then no special feature asked to users to make it work.",
- "references": [],
- "input": "Image",
- "output": "freetext MISP attribute"
-}
diff --git a/doc/import_mod/openiocimport.json b/doc/import_mod/openiocimport.json
deleted file mode 100644
index e173392..0000000
--- a/doc/import_mod/openiocimport.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "description": "Module to import OpenIOC packages.",
- "requirements": ["PyMISP"],
- "features": "The module imports MISP Attributes from OpenIOC packages, there is then no special feature for users to make it work.",
- "references": ["https://www.fireeye.com/blog/threat-research/2013/10/openioc-basics.html"],
- "input": "OpenIOC packages",
- "output": "MISP Event attributes"
-}
diff --git a/doc/import_mod/threatanalyzer_import.json b/doc/import_mod/threatanalyzer_import.json
deleted file mode 100644
index 40e4436..0000000
--- a/doc/import_mod/threatanalyzer_import.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "description": "Module to import ThreatAnalyzer archive.zip / analysis.json files.",
- "requirements": [],
- "features": "The module imports MISP Attributes from a ThreatAnalyzer format file. This file can be either ZIP, or JSON format.\nThere is by the way no special feature for users to make the module work.",
- "references": ["https://www.threattrack.com/malware-analysis.aspx"],
- "input": "ThreatAnalyzer format file",
- "output": "MISP Event attributes"
-}
diff --git a/doc/import_mod/vmray_import.json b/doc/import_mod/vmray_import.json
deleted file mode 100644
index b7c0dad..0000000
--- a/doc/import_mod/vmray_import.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "description": "Module to import VMRay (VTI) results.",
- "logo": "logos/vmray.png",
- "requirements": ["vmray_rest_api"],
- "features": "The module imports MISP Attributes from VMRay format, using the VMRay api.\nUsers should then provide as the module configuration the API Key as well as the server url in order to fetch their data to import.",
- "references": ["https://www.vmray.com/"],
- "input": "VMRay format",
- "output": "MISP Event attributes"
-}
diff --git a/doc/README.md b/documentation/README.md
similarity index 82%
rename from doc/README.md
rename to documentation/README.md
index 1407ae7..0c51ad4 100644
--- a/doc/README.md
+++ b/documentation/README.md
@@ -2,7 +2,7 @@
## Expansion Modules
-#### [apiosintds](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/apiosintds.py)
+#### [apiosintds](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/apiosintds.py)
On demand query API for OSINT.digitalside.it project.
- **features**:
@@ -22,7 +22,7 @@ On demand query API for OSINT.digitalside.it project.
-----
-#### [apivoid](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/apivoid.py)
+#### [apivoid](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/apivoid.py)
@@ -42,7 +42,7 @@ Module to query APIVoid with some domain attributes.
-----
-#### [assemblyline_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/assemblyline_query.py)
+#### [assemblyline_query](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/assemblyline_query.py)
@@ -64,7 +64,7 @@ A module tu query the AssemblyLine API with a submission ID to get the submissio
-----
-#### [assemblyline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/assemblyline_submit.py)
+#### [assemblyline_submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/assemblyline_submit.py)
@@ -84,15 +84,13 @@ A module to submit samples and URLs to AssemblyLine for advanced analysis, and r
-----
-#### [backscatter_io](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py)
+#### [backscatter_io](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/backscatter_io.py)
Query backscatter.io (https://backscatter.io/).
- **features**:
>The module takes a source or destination IP address as input and displays the information known by backscatter.io.
->
->
- **input**:
>IP addresses.
- **output**:
@@ -104,13 +102,11 @@ Query backscatter.io (https://backscatter.io/).
-----
-#### [bgpranking](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/bgpranking.py)
+#### [bgpranking](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/bgpranking.py)
Query BGP Ranking (https://bgpranking-ng.circl.lu/).
- **features**:
>The module takes an AS number attribute as input and displays its description as well as its ranking position in BGP Ranking for a given day.
->
->
- **input**:
>Autonomous system number.
- **output**:
@@ -122,7 +118,7 @@ Query BGP Ranking (https://bgpranking-ng.circl.lu/).
-----
-#### [btc_scam_check](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/btc_scam_check.py)
+#### [btc_scam_check](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/btc_scam_check.py)
@@ -140,7 +136,7 @@ An expansion hover module to query a special dns blacklist to check if a bitcoin
-----
-#### [btc_steroids](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/btc_steroids.py)
+#### [btc_steroids](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/btc_steroids.py)
@@ -152,7 +148,7 @@ An expansion hover module to get a blockchain balance from a BTC address in MISP
-----
-#### [censys_enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/censys_enrich.py)
+#### [censys_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/censys_enrich.py)
An expansion module to enrich attributes in MISP by quering the censys.io API
- **features**:
@@ -168,7 +164,7 @@ An expansion module to enrich attributes in MISP by quering the censys.io API
-----
-#### [circl_passivedns](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/circl_passivedns.py)
+#### [circl_passivedns](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/circl_passivedns.py)
@@ -182,13 +178,15 @@ Module to access CIRCL Passive DNS.
- **ouput**:
>Passive DNS objects related to the input attribute.
- **references**:
->https://www.circl.lu/services/passive-dns/, https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/
+> - https://www.circl.lu/services/passive-dns/
+> - https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/
- **requirements**:
->pypdns: Passive DNS python library, A CIRCL passive DNS account with username & password
+> - pypdns: Passive DNS python library
+> - A CIRCL passive DNS account with username & password
-----
-#### [circl_passivessl](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/circl_passivessl.py)
+#### [circl_passivessl](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/circl_passivessl.py)
@@ -204,11 +202,12 @@ Modules to access CIRCL Passive SSL.
- **references**:
>https://www.circl.lu/services/passive-ssl/
- **requirements**:
->pypssl: Passive SSL python library, A CIRCL passive SSL account with username & password
+> - pypssl: Passive SSL python library
+> - A CIRCL passive SSL account with username & password
-----
-#### [countrycode](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/countrycode.py)
+#### [countrycode](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/countrycode.py)
Module to expand country codes.
- **features**:
@@ -222,7 +221,28 @@ Module to expand country codes.
-----
-#### [crowdstrike_falcon](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/crowdstrike_falcon.py)
+#### [cpe](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cpe.py)
+
+
+
+An expansion module to query the CVE search API with a cpe code to get its related vulnerabilities.
+- **features**:
+>The module takes a cpe attribute as input and queries the CVE search API to get its related vulnerabilities.
+>The list of vulnerabilities is then parsed and returned as vulnerability objects.
+>
+>Users can use their own CVE search API url by defining a value to the custom_API_URL parameter. If no custom API url is given, the default cve.circl.lu api url is used.
+>
+>In order to limit the amount of data returned by CVE serach, users can also the limit parameter. With the limit set, the API returns only the requested number of vulnerabilities, sorted from the highest cvss score to the lowest one.
+- **input**:
+>CPE attribute.
+- **output**:
+>The vulnerabilities related to the CPE.
+- **references**:
+>https://cve.circl.lu/api/
+
+-----
+
+#### [crowdstrike_falcon](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/crowdstrike_falcon.py)
@@ -276,7 +296,7 @@ Module to query Crowdstrike Falcon.
-----
-#### [cuckoo_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cuckoo_submit.py)
+#### [cuckoo_submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cuckoo_submit.py)
@@ -289,13 +309,14 @@ An expansion module to submit files and URLs to Cuckoo Sandbox.
- **output**:
>A text field containing 'Cuckoo task id: '
- **references**:
->https://cuckoosandbox.org/, https://cuckoo.sh/docs/
+> - https://cuckoosandbox.org/
+> - https://cuckoo.sh/docs/
- **requirements**:
>Access to a Cuckoo Sandbox API and an API key if the API requires it. (api_url and api_key)
-----
-#### [cve](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cve.py)
+#### [cve](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cve.py)
@@ -307,11 +328,12 @@ An expansion hover module to expand information about CVE id.
- **output**:
>Text giving information about the CVE related to the Vulnerability.
- **references**:
->https://cve.circl.lu/, https://cve.mitre.org/
+> - https://cve.circl.lu/
+> - https://cve.mitre.org/
-----
-#### [cve_advanced](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cve_advanced.py)
+#### [cve_advanced](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cve_advanced.py)
@@ -327,11 +349,12 @@ An expansion module to query the CIRCL CVE search API for more information about
- **output**:
>Additional information about the vulnerability, such as its cvss score, some references, or the related weaknesses and attack patterns.
- **references**:
->https://cve.circl.lu, https://cve/mitre.org/
+> - https://cve.circl.lu
+> - https://cve/mitre.org/
-----
-#### [cytomic_orion](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cytomic_orion.py)
+#### [cytomic_orion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cytomic_orion.py)
@@ -343,13 +366,14 @@ An expansion module to enrich attributes in MISP by quering the Cytomic Orion AP
- **output**:
>MISP objects with sightings of the hash in Cytomic Orion. Includes files and machines.
- **references**:
->https://www.vanimpe.eu/2020/03/10/integrating-misp-and-cytomic-orion/, https://www.cytomicmodel.com/solutions/
+> - https://www.vanimpe.eu/2020/03/10/integrating-misp-and-cytomic-orion/
+> - https://www.cytomicmodel.com/solutions/
- **requirements**:
>Access (license) to Cytomic Orion
-----
-#### [dbl_spamhaus](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/dbl_spamhaus.py)
+#### [dbl_spamhaus](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/dbl_spamhaus.py)
@@ -371,7 +395,7 @@ Module to check Spamhaus DBL for a domain name.
-----
-#### [dns](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/dns.py)
+#### [dns](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/dns.py)
A simple DNS expansion service to resolve IP address from domain MISP attributes.
- **features**:
@@ -389,7 +413,7 @@ A simple DNS expansion service to resolve IP address from domain MISP attributes
-----
-#### [docx_enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/docx_enrich.py)
+#### [docx_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/docx_enrich.py)
@@ -405,7 +429,7 @@ Module to extract freetext from a .docx document.
-----
-#### [domaintools](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/domaintools.py)
+#### [domaintools](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/domaintools.py)
@@ -438,11 +462,12 @@ DomainTools MISP expansion module.
- **references**:
>https://www.domaintools.com/
- **requirements**:
->Domaintools python library, A Domaintools API access (username & apikey)
+> - Domaintools python library
+> - A Domaintools API access (username & apikey)
-----
-#### [eql](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/eql.py)
+#### [eql](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/eql.py)
@@ -458,7 +483,7 @@ EQL query generation for a MISP attribute.
-----
-#### [eupi](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/eupi.py)
+#### [eupi](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/eupi.py)
@@ -474,29 +499,36 @@ A module to query the Phishing Initiative service (https://phishing-initiative.l
- **references**:
>https://phishing-initiative.eu/?lang=en
- **requirements**:
->pyeupi: eupi python library, An access to the Phishing Initiative API (apikey & url)
+> - pyeupi: eupi python library
+> - An access to the Phishing Initiative API (apikey & url)
-----
-#### [farsight_passivedns](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/farsight_passivedns.py)
+#### [farsight_passivedns](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/farsight_passivedns.py)
Module to access Farsight DNSDB Passive DNS.
- **features**:
->This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API. The API returns then the result of the query with some information about the value queried.
+>This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API.
+> The results of rdata and rrset lookups are then returned and parsed into passive-dns objects.
+>
+>An API key is required to submit queries to the API.
+> It is also possible to define a custom server URL, and to set a limit of results to get.
+> This limit is set for each lookup, which means we can have an up to the limit number of passive-dns objects resulting from an rdata query about an IP address, but an up to the limit number of passive-dns objects for each lookup queries about a domain or a hostname (== twice the limit).
- **input**:
>A domain, hostname or IP address MISP attribute.
- **output**:
->Text containing information about the input, resulting from the query on the Farsight Passive DNS API.
+>Passive-dns objects, resulting from the query on the Farsight Passive DNS API.
- **references**:
->https://www.farsightsecurity.com/
+> - https://www.farsightsecurity.com/
+> - https://docs.dnsdb.info/dnsdb-api/
- **requirements**:
>An access to the Farsight Passive DNS API (apikey)
-----
-#### [geoip_asn](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/geoip_asn.py)
+#### [geoip_asn](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/geoip_asn.py)
- **descrption**:
@@ -514,7 +546,7 @@ Module to access Farsight DNSDB Passive DNS.
-----
-#### [geoip_city](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/geoip_city.py)
+#### [geoip_city](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/geoip_city.py)
@@ -532,7 +564,7 @@ An expansion module to query a local copy of Maxmind's Geolite database with an
-----
-#### [geoip_country](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/geoip_country.py)
+#### [geoip_country](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/geoip_country.py)
@@ -552,7 +584,7 @@ Module to query a local copy of Maxmind's Geolite database.
-----
-#### [google_search](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/google_search.py)
+#### [google_search](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/google_search.py)
- **descrption**:
@@ -570,7 +602,7 @@ Module to query a local copy of Maxmind's Geolite database.
-----
-#### [greynoise](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/greynoise.py)
+#### [greynoise](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/greynoise.py)
@@ -582,13 +614,14 @@ Module to access GreyNoise.io API
- **output**:
>Additional information about the IP fetched from Greynoise API.
- **references**:
->https://greynoise.io/, https://github.com/GreyNoise-Intelligence/api.greynoise.io
+> - https://greynoise.io/
+> - https://github.com/GreyNoise-Intelligence/api.greynoise.io
- **requirements**:
>A Greynoise API key.
-----
-#### [hashdd](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/hashdd.py)
+#### [hashdd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py)
A hover module to check hashes against hashdd.com including NSLR dataset.
- **features**:
@@ -602,7 +635,7 @@ A hover module to check hashes against hashdd.com including NSLR dataset.
-----
-#### [hibp](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/hibp.py)
+#### [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py)
@@ -618,7 +651,21 @@ Module to access haveibeenpwned.com API.
-----
-#### [intel471](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/intel471.py)
+#### [html_to_markdown](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/html_to_markdown.py)
+
+Expansion module to fetch the html content from an url and convert it into markdown.
+- **features**:
+>The module take an URL as input and the HTML content is fetched from it. This content is then converted into markdown that is returned as text.
+- **input**:
+>URL attribute.
+- **output**:
+>Markdown content converted from the HTML fetched from the url.
+- **requirements**:
+>The markdownify python library
+
+-----
+
+#### [intel471](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py)
- **descrption**:
@@ -649,7 +696,7 @@ Module to access haveibeenpwned.com API.
-----
-#### [intelmq_eventdb](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/intelmq_eventdb.py)
+#### [intelmq_eventdb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intelmq_eventdb.py)
@@ -663,13 +710,15 @@ Module to access intelmqs eventdb.
- **output**:
>Text giving information about the input using IntelMQ database.
- **references**:
->https://github.com/certtools/intelmq, https://intelmq.readthedocs.io/en/latest/Developers-Guide/
+> - https://github.com/certtools/intelmq
+> - https://intelmq.readthedocs.io/en/latest/Developers-Guide/
- **requirements**:
->psycopg2: Python library to support PostgreSQL, An access to the IntelMQ database (username, password, hostname and database reference)
+> - psycopg2: Python library to support PostgreSQL
+> - An access to the IntelMQ database (username, password, hostname and database reference)
-----
-#### [ipasn](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ipasn.py)
+#### [ipasn](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py)
Module to query an IP ASN history service (https://github.com/D4-project/IPASN-History).
- **features**:
@@ -685,7 +734,7 @@ Module to query an IP ASN history service (https://github.com/D4-project/IPASN-H
-----
-#### [iprep](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/iprep.py)
+#### [iprep](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py)
Module to query IPRep data for IP addresses.
- **features**:
@@ -701,7 +750,7 @@ Module to query IPRep data for IP addresses.
-----
-#### [joesandbox_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py)
+#### [joesandbox_query](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/joesandbox_query.py)
@@ -721,13 +770,14 @@ This url can by the way come from the result of the [joesandbox_submit expansion
- **output**:
>MISP attributes & objects parsed from the analysis report.
- **references**:
->https://www.joesecurity.org, https://www.joesandbox.com/
+> - https://www.joesecurity.org
+> - https://www.joesandbox.com/
- **requirements**:
>jbxapi: Joe Sandbox API python3 library
-----
-#### [joesandbox_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_submit.py)
+#### [joesandbox_submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/joesandbox_submit.py)
@@ -741,13 +791,14 @@ A module to submit files or URLs to Joe Sandbox for an advanced analysis, and re
- **output**:
>Link of the report generated in Joe Sandbox.
- **references**:
->https://www.joesecurity.org, https://www.joesandbox.com/
+> - https://www.joesecurity.org
+> - https://www.joesandbox.com/
- **requirements**:
>jbxapi: Joe Sandbox API python3 library
-----
-#### [lastline_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_query.py)
+#### [lastline_query](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/lastline_query.py)
@@ -766,7 +817,7 @@ The analysis link can also be retrieved from the output of the [lastline_submit]
-----
-#### [lastline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_submit.py)
+#### [lastline_submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/lastline_submit.py)
@@ -783,7 +834,7 @@ Module to submit a file or URL to Lastline.
-----
-#### [macaddress_io](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/macaddress_io.py)
+#### [macaddress_io](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/macaddress_io.py)
@@ -800,13 +851,15 @@ MISP hover module for macaddress.io
- **output**:
>Text containing information on the MAC address fetched from a query on macaddress.io.
- **references**:
->https://macaddress.io/, https://github.com/CodeLineFi/maclookup-python
+> - https://macaddress.io/
+> - https://github.com/CodeLineFi/maclookup-python
- **requirements**:
->maclookup: macaddress.io python library, An access to the macaddress.io API (apikey)
+> - maclookup: macaddress.io python library
+> - An access to the macaddress.io API (apikey)
-----
-#### [macvendors](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/macvendors.py)
+#### [macvendors](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/macvendors.py)
@@ -818,11 +871,12 @@ Module to access Macvendors API.
- **output**:
>Additional information about the MAC address.
- **references**:
->https://macvendors.com/, https://macvendors.com/api
+> - https://macvendors.com/
+> - https://macvendors.com/api
-----
-#### [malwarebazaar](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/malwarebazaar.py)
+#### [malwarebazaar](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malwarebazaar.py)
Query the MALWAREbazaar API to get additional information about the input hash attribute.
- **features**:
@@ -838,7 +892,7 @@ Query the MALWAREbazaar API to get additional information about the input hash a
-----
-#### [ocr_enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ocr_enrich.py)
+#### [ocr_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ocr_enrich.py)
Module to process some optical character recognition on pictures.
- **features**:
@@ -852,7 +906,7 @@ Module to process some optical character recognition on pictures.
-----
-#### [ods_enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ods_enrich.py)
+#### [ods_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ods_enrich.py)
@@ -864,11 +918,12 @@ Module to extract freetext from a .ods document.
- **output**:
>Text and freetext parsed from the document.
- **requirements**:
->ezodf: Python package to create/manipulate OpenDocumentFormat files., pandas_ods_reader: Python library to read in ODS files.
+> - ezodf: Python package to create/manipulate OpenDocumentFormat files.
+> - pandas_ods_reader: Python library to read in ODS files.
-----
-#### [odt_enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/odt_enrich.py)
+#### [odt_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/odt_enrich.py)
@@ -884,7 +939,7 @@ Module to extract freetext from a .odt document.
-----
-#### [onyphe](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/onyphe.py)
+#### [onyphe](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/onyphe.py)
@@ -896,13 +951,15 @@ Module to process a query on Onyphe.
- **output**:
>MISP attributes fetched from the Onyphe query.
- **references**:
->https://www.onyphe.io/, https://github.com/sebdraven/pyonyphe
+> - https://www.onyphe.io/
+> - https://github.com/sebdraven/pyonyphe
- **requirements**:
->onyphe python library, An access to the Onyphe API (apikey)
+> - onyphe python library
+> - An access to the Onyphe API (apikey)
-----
-#### [onyphe_full](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/onyphe_full.py)
+#### [onyphe_full](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/onyphe_full.py)
@@ -916,13 +973,15 @@ Module to process a full query on Onyphe.
- **output**:
>MISP attributes fetched from the Onyphe query.
- **references**:
->https://www.onyphe.io/, https://github.com/sebdraven/pyonyphe
+> - https://www.onyphe.io/
+> - https://github.com/sebdraven/pyonyphe
- **requirements**:
->onyphe python library, An access to the Onyphe API (apikey)
+> - onyphe python library
+> - An access to the Onyphe API (apikey)
-----
-#### [otx](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/otx.py)
+#### [otx](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/otx.py)
@@ -957,7 +1016,7 @@ Module to get information from AlienVault OTX.
-----
-#### [passivetotal](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/passivetotal.py)
+#### [passivetotal](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivetotal.py)
@@ -1003,11 +1062,12 @@ Module to get information from AlienVault OTX.
- **references**:
>https://www.passivetotal.org/register
- **requirements**:
->Passivetotal python library, An access to the PassiveTotal API (apikey)
+> - Passivetotal python library
+> - An access to the PassiveTotal API (apikey)
-----
-#### [pdf_enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/pdf_enrich.py)
+#### [pdf_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/pdf_enrich.py)
@@ -1023,7 +1083,7 @@ Module to extract freetext from a PDF document.
-----
-#### [pptx_enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/pptx_enrich.py)
+#### [pptx_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/pptx_enrich.py)
@@ -1039,7 +1099,7 @@ Module to extract freetext from a .pptx document.
-----
-#### [qrcode](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/qrcode.py)
+#### [qrcode](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/qrcode.py)
Module to decode QR codes.
- **features**:
@@ -1049,11 +1109,12 @@ Module to decode QR codes.
- **output**:
>The URL or bitcoin address the QR code is pointing to.
- **requirements**:
->cv2: The OpenCV python library., pyzbar: Python library to read QR codes.
+> - cv2: The OpenCV python library.
+> - pyzbar: Python library to read QR codes.
-----
-#### [ransomcoindb](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ransomcoindb.py)
+#### [ransomcoindb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ransomcoindb.py)
- **descrption**:
>Module to access the ransomcoinDB with a hash or btc address attribute and get the associated btc address of hashes.
- **features**:
@@ -1071,7 +1132,7 @@ Module to decode QR codes.
-----
-#### [rbl](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/rbl.py)
+#### [rbl](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/rbl.py)
Module to check an IPv4 address against known RBLs.
- **features**:
@@ -1089,7 +1150,7 @@ Module to check an IPv4 address against known RBLs.
-----
-#### [recordedfuture](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/recordedfuture.py)
+#### [recordedfuture](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/recordedfuture.py)
@@ -1107,7 +1168,7 @@ Module to enrich attributes with threat intelligence from Recorded Future.
-----
-#### [reversedns](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/reversedns.py)
+#### [reversedns](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/reversedns.py)
Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes.
- **features**:
@@ -1125,7 +1186,7 @@ Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes
-----
-#### [securitytrails](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/securitytrails.py)
+#### [securitytrails](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/securitytrails.py)
@@ -1154,11 +1215,12 @@ An expansion modules for SecurityTrails.
- **references**:
>https://securitytrails.com/
- **requirements**:
->dnstrails python library, An access to the SecurityTrails API (apikey)
+> - dnstrails python library
+> - An access to the SecurityTrails API (apikey)
-----
-#### [shodan](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/shodan.py)
+#### [shodan](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/shodan.py)
@@ -1172,11 +1234,12 @@ Module to query on Shodan.
- **references**:
>https://www.shodan.io/
- **requirements**:
->shodan python library, An access to the Shodan API (apikey)
+> - shodan python library
+> - An access to the Shodan API (apikey)
-----
-#### [sigma_queries](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sigma_queries.py)
+#### [sigma_queries](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigma_queries.py)
@@ -1194,7 +1257,7 @@ An expansion hover module to display the result of sigma queries.
-----
-#### [sigma_syntax_validator](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sigma_syntax_validator.py)
+#### [sigma_syntax_validator](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigma_syntax_validator.py)
@@ -1210,11 +1273,12 @@ An expansion hover module to perform a syntax check on sigma rules.
- **references**:
>https://github.com/Neo23x0/sigma/wiki
- **requirements**:
->Sigma python library, Yaml python library
+> - Sigma python library
+> - Yaml python library
-----
-#### [socialscan](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/socialscan.py)
+#### [socialscan](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/socialscan.py)
A hover module to get information on the availability of an email address or username on some online platforms.
- **features**:
@@ -1230,7 +1294,7 @@ A hover module to get information on the availability of an email address or use
-----
-#### [sophoslabs_intelix](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sophoslabs_intelix.py)
+#### [sophoslabs_intelix](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sophoslabs_intelix.py)
@@ -1248,7 +1312,7 @@ An expansion module to query the Sophoslabs intelix API to get additional inform
-----
-#### [sourcecache](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sourcecache.py)
+#### [sourcecache](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sourcecache.py)
Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.
- **features**:
@@ -1264,7 +1328,7 @@ Module to cache web pages of analysis reports, OSINT sources. The module returns
-----
-#### [stix2_pattern_syntax_validator](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/stix2_pattern_syntax_validator.py)
+#### [stix2_pattern_syntax_validator](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/stix2_pattern_syntax_validator.py)
@@ -1284,7 +1348,7 @@ An expansion hover module to perform a syntax check on stix2 patterns.
-----
-#### [threatcrowd](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/threatcrowd.py)
+#### [threatcrowd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/threatcrowd.py)
@@ -1321,7 +1385,7 @@ Module to get information from ThreatCrowd.
-----
-#### [threatminer](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/threatminer.py)
+#### [threatminer](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/threatminer.py)
@@ -1361,7 +1425,7 @@ Module to get information from ThreatMiner.
-----
-#### [trustar_enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/trustar_enrich.py)
+#### [trustar_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/trustar_enrich.py)
@@ -1390,7 +1454,7 @@ Module to get enrich indicators with TruSTAR.
-----
-#### [urlhaus](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlhaus.py)
+#### [urlhaus](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/urlhaus.py)
@@ -1408,7 +1472,7 @@ Query of the URLhaus API to get additional information about the input attribute
-----
-#### [urlscan](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlscan.py)
+#### [urlscan](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/urlscan.py)
@@ -1428,7 +1492,7 @@ An expansion module to query urlscan.io.
-----
-#### [virustotal](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/virustotal.py)
+#### [virustotal](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal.py)
@@ -1446,13 +1510,14 @@ Module to get advanced information from virustotal.
- **output**:
>MISP attributes and objects resulting from the parsing of the VirusTotal report concerning the input attribute.
- **references**:
->https://www.virustotal.com/, https://developers.virustotal.com/reference
+> - https://www.virustotal.com/
+> - https://developers.virustotal.com/reference
- **requirements**:
>An access to the VirusTotal API (apikey), with a high request rate limit.
-----
-#### [virustotal_public](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/virustotal_public.py)
+#### [virustotal_public](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal_public.py)
@@ -1470,13 +1535,14 @@ Module to get information from VirusTotal.
- **output**:
>MISP attributes and objects resulting from the parsing of the VirusTotal report concerning the input attribute.
- **references**:
->https://www.virustotal.com, https://developers.virustotal.com/reference
+> - https://www.virustotal.com
+> - https://developers.virustotal.com/reference
- **requirements**:
>An access to the VirusTotal API (apikey)
-----
-#### [vmray_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/vmray_submit.py)
+#### [vmray_submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py)
@@ -1501,7 +1567,7 @@ Module to submit a sample to VMRay.
-----
-#### [vulndb](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/vulndb.py)
+#### [vulndb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py)
@@ -1521,7 +1587,7 @@ Module to query VulnDB (RiskBasedSecurity.com).
-----
-#### [vulners](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/vulners.py)
+#### [vulners](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py)
@@ -1537,11 +1603,12 @@ An expansion hover module to expand information about CVE id using Vulners API.
- **references**:
>https://vulners.com/
- **requirements**:
->Vulners python library, An access to the Vulners API
+> - Vulners python library
+> - An access to the Vulners API
-----
-#### [whois](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/whois.py)
+#### [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py)
Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).
- **features**:
@@ -1557,7 +1624,7 @@ Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).
-----
-#### [wiki](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/wiki.py)
+#### [wiki](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py)
@@ -1575,7 +1642,7 @@ An expansion hover module to extract information from Wikidata to have additiona
-----
-#### [xforceexchange](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/xforceexchange.py)
+#### [xforceexchange](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py)
@@ -1599,7 +1666,7 @@ An expansion module for IBM X-Force Exchange.
-----
-#### [xlsx_enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/xlsx_enrich.py)
+#### [xlsx_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xlsx_enrich.py)
@@ -1615,7 +1682,7 @@ Module to extract freetext from a .xlsx document.
-----
-#### [yara_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/yara_query.py)
+#### [yara_query](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/yara_query.py)
@@ -1628,13 +1695,14 @@ An expansion & hover module to translate any hash attribute into a yara rule.
- **output**:
>YARA rule.
- **references**:
->https://virustotal.github.io/yara/, https://github.com/virustotal/yara-python
+> - https://virustotal.github.io/yara/
+> - https://github.com/virustotal/yara-python
- **requirements**:
>yara-python python library
-----
-#### [yara_syntax_validator](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/yara_syntax_validator.py)
+#### [yara_syntax_validator](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/yara_syntax_validator.py)
@@ -1654,7 +1722,7 @@ An expansion hover module to perform a syntax check on if yara rules are valid o
## Export Modules
-#### [cef_export](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/cef_export.py)
+#### [cef_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cef_export.py)
Module to export a MISP event in CEF format.
- **features**:
@@ -1669,7 +1737,7 @@ Module to export a MISP event in CEF format.
-----
-#### [cisco_firesight_manager_ACL_rule_export](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/cisco_firesight_manager_ACL_rule_export.py)
+#### [cisco_firesight_manager_ACL_rule_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cisco_firesight_manager_ACL_rule_export.py)
@@ -1685,7 +1753,7 @@ Module to export malicious network activity attributes to Cisco fireSIGHT manage
-----
-#### [goamlexport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/goamlexport.py)
+#### [goamlexport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/goamlexport.py)
@@ -1716,11 +1784,12 @@ This module is used to export MISP events containing transaction objects into Go
- **references**:
>http://goaml.unodc.org/
- **requirements**:
->PyMISP, MISP objects
+> - PyMISP
+> - MISP objects
-----
-#### [liteexport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/liteexport.py)
+#### [liteexport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/liteexport.py)
Lite export of a MISP event.
- **features**:
@@ -1732,7 +1801,7 @@ Lite export of a MISP event.
-----
-#### [mass_eql_export](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/mass_eql_export.py)
+#### [mass_eql_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/mass_eql_export.py)
@@ -1748,7 +1817,7 @@ Mass EQL query export for a MISP event.
-----
-#### [nexthinkexport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/nexthinkexport.py)
+#### [nexthinkexport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/nexthinkexport.py)
@@ -1764,7 +1833,7 @@ Nexthink NXQL query export module
-----
-#### [osqueryexport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/osqueryexport.py)
+#### [osqueryexport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/osqueryexport.py)
@@ -1778,7 +1847,7 @@ OSQuery export of a MISP event.
-----
-#### [pdfexport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/pdfexport.py)
+#### [pdfexport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/pdfexport.py)
Simple export of a MISP event to PDF.
- **features**:
@@ -1788,7 +1857,7 @@ Simple export of a MISP event to PDF.
> 'Activate_galaxy_description' is a boolean (True or void) to activate the description of event related galaxies.
> 'Activate_related_events' is a boolean (True or void) to activate the description of related event. Be aware this might leak information on confidential events linked to the current event !
> 'Activate_internationalization_fonts' is a boolean (True or void) to activate Noto fonts instead of default fonts (Helvetica). This allows the support of CJK alphabet. Be sure to have followed the procedure to download Noto fonts (~70Mo) in the right place (/tools/pdf_fonts/Noto_TTF), to allow PyMisp to find and use them during PDF generation.
-> 'Custom_fonts_path' is a text (path or void) to the TTF file of your choice, to create the PDF with it. Be aware the PDF won't support bold/italic/special style anymore with this option
+> 'Custom_fonts_path' is a text (path or void) to the TTF file of your choice, to create the PDF with it. Be aware the PDF won't support bold/italic/special style anymore with this option
- **input**:
>MISP Event
- **output**:
@@ -1796,17 +1865,18 @@ Simple export of a MISP event to PDF.
- **references**:
>https://acrobat.adobe.com/us/en/acrobat/about-adobe-pdf.html
- **requirements**:
->PyMISP, reportlab
+> - PyMISP
+> - reportlab
-----
-#### [testexport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/testexport.py)
+#### [testexport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/testexport.py)
Skeleton export module.
-----
-#### [threatStream_misp_export](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/threatStream_misp_export.py)
+#### [threatStream_misp_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/threatStream_misp_export.py)
@@ -1818,13 +1888,14 @@ Module to export a structured CSV file for uploading to threatStream.
- **output**:
>ThreatStream CSV format file
- **references**:
->https://www.anomali.com/platform/threatstream, https://github.com/threatstream
+> - https://www.anomali.com/platform/threatstream
+> - https://github.com/threatstream
- **requirements**:
>csv
-----
-#### [threat_connect_export](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/threat_connect_export.py)
+#### [threat_connect_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/threat_connect_export.py)
@@ -1843,7 +1914,7 @@ Module to export a structured CSV file for uploading to ThreatConnect.
-----
-#### [vt_graph](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/vt_graph.py)
+#### [vt_graph](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/vt_graph.py)
@@ -1865,7 +1936,7 @@ This module is used to create a VirusTotal Graph from a MISP event.
## Import Modules
-#### [csvimport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/csvimport.py)
+#### [csvimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/csvimport.py)
Module to import MISP attributes from a csv file.
- **features**:
@@ -1879,13 +1950,14 @@ Module to import MISP attributes from a csv file.
- **output**:
>MISP Event attributes
- **references**:
->https://tools.ietf.org/html/rfc4180, https://tools.ietf.org/html/rfc7111
+> - https://tools.ietf.org/html/rfc4180
+> - https://tools.ietf.org/html/rfc7111
- **requirements**:
>PyMISP
-----
-#### [cuckooimport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/cuckooimport.py)
+#### [cuckooimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/cuckooimport.py)
@@ -1897,11 +1969,12 @@ Module to import Cuckoo JSON.
- **output**:
>MISP Event attributes
- **references**:
->https://cuckoosandbox.org/, https://github.com/cuckoosandbox/cuckoo
+> - https://cuckoosandbox.org/
+> - https://github.com/cuckoosandbox/cuckoo
-----
-#### [email_import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/email_import.py)
+#### [email_import](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/email_import.py)
Module to import emails in MISP.
- **features**:
@@ -1914,7 +1987,7 @@ Module to import emails in MISP.
-----
-#### [goamlimport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/goamlimport.py)
+#### [goamlimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/goamlimport.py)
@@ -1932,7 +2005,7 @@ Module to import MISP objects about financial transactions from GoAML files.
-----
-#### [joe_import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/joe_import.py)
+#### [joe_import](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/joe_import.py)
@@ -1941,18 +2014,17 @@ A module to import data from a Joe Sandbox analysis json report.
>Module using the new format of modules able to return attributes and objects.
>
>The module returns the same results as the expansion module [joesandbox_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) using the submission link of the analysis to get the json report.
->
->
- **input**:
>Json report of a Joe Sandbox analysis.
- **output**:
>MISP attributes & objects parsed from the analysis report.
- **references**:
->https://www.joesecurity.org, https://www.joesandbox.com/
+> - https://www.joesecurity.org
+> - https://www.joesandbox.com/
-----
-#### [lastline_import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/lastline_import.py)
+#### [lastline_import](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/lastline_import.py)
@@ -1970,7 +2042,7 @@ Module to import and parse reports from Lastline analysis links.
-----
-#### [mispjson](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/mispjson.py)
+#### [mispjson](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/mispjson.py)
Module to import MISP JSON format for merging MISP events.
- **features**:
@@ -1982,7 +2054,7 @@ Module to import MISP JSON format for merging MISP events.
-----
-#### [ocr](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/ocr.py)
+#### [ocr](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/ocr.py)
Optical Character Recognition (OCR) module for MISP.
- **features**:
@@ -1994,7 +2066,7 @@ Optical Character Recognition (OCR) module for MISP.
-----
-#### [openiocimport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/openiocimport.py)
+#### [openiocimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/openiocimport.py)
Module to import OpenIOC packages.
- **features**:
@@ -2010,7 +2082,7 @@ Module to import OpenIOC packages.
-----
-#### [threatanalyzer_import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/threatanalyzer_import.py)
+#### [threatanalyzer_import](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/threatanalyzer_import.py)
Module to import ThreatAnalyzer archive.zip / analysis.json files.
- **features**:
@@ -2025,7 +2097,7 @@ Module to import ThreatAnalyzer archive.zip / analysis.json files.
-----
-#### [vmray_import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/vmray_import.py)
+#### [vmray_import](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/vmray_import.py)
diff --git a/documentation/generate_documentation.py b/documentation/generate_documentation.py
new file mode 100644
index 0000000..4081e50
--- /dev/null
+++ b/documentation/generate_documentation.py
@@ -0,0 +1,68 @@
+# -*- coding: utf-8 -*-
+import os
+import json
+
+module_types = ['expansion', 'export_mod', 'import_mod']
+titles = ['Expansion Modules', 'Export Modules', 'Import Modules']
+githublink = 'https://github.com/MISP/misp-modules/tree/main/misp_modules/modules'
+
+
+def generate_doc(module_type, root_path, logo_path='logos'):
+ markdown = []
+ current_path = os.path.join(root_path, 'website', module_type)
+ files = sorted(os.listdir(current_path))
+ githubpath = f'{githublink}/{module_type}'
+ for filename in files:
+ modulename = filename.split('.json')[0]
+ githubref = f'{githubpath}/{modulename}.py'
+ markdown.append(f'\n#### [{modulename}]({githubref})\n')
+ filename = os.path.join(current_path, filename)
+ with open(filename, 'rt') as f:
+ definition = json.loads(f.read())
+ if 'logo' in definition:
+ logo = os.path.join(logo_path, definition.pop('logo'))
+ markdown.append(f"\n
\n")
+ if 'description' in definition:
+ markdown.append(f"\n{definition.pop('description')}\n")
+ for field, value in sorted(definition.items()):
+ if not value:
+ continue
+ if isinstance(value, list):
+ markdown.append(handle_list(field, value))
+ continue
+ markdown.append(get_single_value(field, value.replace('\n', '\n>')))
+ markdown.append('\n-----\n')
+ return markdown
+
+
+def get_single_value(field, value):
+ return f"- **{field}**:\n>{value}\n"
+
+
+def handle_list(field, values):
+ if len(values) == 1:
+ return get_single_value(field, values[0])
+ values = '\n> - '.join(values)
+ return f"- **{field}**:\n> - {values}\n"
+
+
+def write_doc(root_path):
+ markdown = ["# MISP modules documentation\n"]
+ for _path, title in zip(module_types, titles):
+ markdown.append(f'\n## {title}\n')
+ markdown.extend(generate_doc(_path, root_path))
+ with open('README.md', 'w') as w:
+ w.write(''.join(markdown))
+
+
+def write_docs_for_mkdocs(root_path):
+ for _path, title in zip(module_types, titles):
+ markdown = generate_doc(_path, root_path, logo_path='../logos')
+ with open(os.path.join(root_path, 'mkdocs', f'{_path}.md'), 'w') as w:
+ w.write(''.join(markdown))
+
+
+if __name__ == '__main__':
+ root_path = os.path.dirname(os.path.realpath(__file__))
+ write_doc(root_path)
+ write_docs_for_mkdocs(root_path)
diff --git a/doc/logos/apivoid.png b/documentation/logos/apivoid.png
similarity index 100%
rename from doc/logos/apivoid.png
rename to documentation/logos/apivoid.png
diff --git a/doc/logos/assemblyline.png b/documentation/logos/assemblyline.png
similarity index 100%
rename from doc/logos/assemblyline.png
rename to documentation/logos/assemblyline.png
diff --git a/doc/logos/backscatter_io.png b/documentation/logos/backscatter_io.png
similarity index 100%
rename from doc/logos/backscatter_io.png
rename to documentation/logos/backscatter_io.png
diff --git a/doc/logos/bitcoin.png b/documentation/logos/bitcoin.png
similarity index 100%
rename from doc/logos/bitcoin.png
rename to documentation/logos/bitcoin.png
diff --git a/doc/logos/cisco.png b/documentation/logos/cisco.png
similarity index 100%
rename from doc/logos/cisco.png
rename to documentation/logos/cisco.png
diff --git a/doc/logos/crowdstrike.png b/documentation/logos/crowdstrike.png
similarity index 100%
rename from doc/logos/crowdstrike.png
rename to documentation/logos/crowdstrike.png
diff --git a/doc/logos/cuckoo.png b/documentation/logos/cuckoo.png
similarity index 100%
rename from doc/logos/cuckoo.png
rename to documentation/logos/cuckoo.png
diff --git a/doc/logos/cve.png b/documentation/logos/cve.png
similarity index 100%
rename from doc/logos/cve.png
rename to documentation/logos/cve.png
diff --git a/doc/logos/cytomic_orion.png b/documentation/logos/cytomic_orion.png
similarity index 100%
rename from doc/logos/cytomic_orion.png
rename to documentation/logos/cytomic_orion.png
diff --git a/doc/logos/docx.png b/documentation/logos/docx.png
similarity index 100%
rename from doc/logos/docx.png
rename to documentation/logos/docx.png
diff --git a/doc/logos/domaintools.png b/documentation/logos/domaintools.png
similarity index 100%
rename from doc/logos/domaintools.png
rename to documentation/logos/domaintools.png
diff --git a/doc/logos/eql.png b/documentation/logos/eql.png
similarity index 100%
rename from doc/logos/eql.png
rename to documentation/logos/eql.png
diff --git a/doc/logos/eupi.png b/documentation/logos/eupi.png
similarity index 100%
rename from doc/logos/eupi.png
rename to documentation/logos/eupi.png
diff --git a/doc/logos/farsight.png b/documentation/logos/farsight.png
similarity index 100%
rename from doc/logos/farsight.png
rename to documentation/logos/farsight.png
diff --git a/doc/logos/goAML.jpg b/documentation/logos/goAML.jpg
similarity index 100%
rename from doc/logos/goAML.jpg
rename to documentation/logos/goAML.jpg
diff --git a/doc/logos/google.png b/documentation/logos/google.png
similarity index 100%
rename from doc/logos/google.png
rename to documentation/logos/google.png
diff --git a/doc/logos/greynoise.png b/documentation/logos/greynoise.png
similarity index 100%
rename from doc/logos/greynoise.png
rename to documentation/logos/greynoise.png
diff --git a/doc/logos/hibp.png b/documentation/logos/hibp.png
similarity index 100%
rename from doc/logos/hibp.png
rename to documentation/logos/hibp.png
diff --git a/doc/logos/intel471.png b/documentation/logos/intel471.png
similarity index 100%
rename from doc/logos/intel471.png
rename to documentation/logos/intel471.png
diff --git a/doc/logos/intelmq.png b/documentation/logos/intelmq.png
similarity index 100%
rename from doc/logos/intelmq.png
rename to documentation/logos/intelmq.png
diff --git a/doc/logos/joesandbox.png b/documentation/logos/joesandbox.png
similarity index 100%
rename from doc/logos/joesandbox.png
rename to documentation/logos/joesandbox.png
diff --git a/doc/logos/lastline.png b/documentation/logos/lastline.png
similarity index 100%
rename from doc/logos/lastline.png
rename to documentation/logos/lastline.png
diff --git a/doc/logos/macaddress_io.png b/documentation/logos/macaddress_io.png
similarity index 100%
rename from doc/logos/macaddress_io.png
rename to documentation/logos/macaddress_io.png
diff --git a/doc/logos/macvendors.png b/documentation/logos/macvendors.png
similarity index 100%
rename from doc/logos/macvendors.png
rename to documentation/logos/macvendors.png
diff --git a/doc/logos/maxmind.png b/documentation/logos/maxmind.png
similarity index 100%
rename from doc/logos/maxmind.png
rename to documentation/logos/maxmind.png
diff --git a/doc/logos/nexthink.svg b/documentation/logos/nexthink.svg
similarity index 100%
rename from doc/logos/nexthink.svg
rename to documentation/logos/nexthink.svg
diff --git a/doc/logos/ods.png b/documentation/logos/ods.png
similarity index 100%
rename from doc/logos/ods.png
rename to documentation/logos/ods.png
diff --git a/doc/logos/odt.png b/documentation/logos/odt.png
similarity index 100%
rename from doc/logos/odt.png
rename to documentation/logos/odt.png
diff --git a/doc/logos/onyphe.jpg b/documentation/logos/onyphe.jpg
similarity index 100%
rename from doc/logos/onyphe.jpg
rename to documentation/logos/onyphe.jpg
diff --git a/doc/logos/osquery.png b/documentation/logos/osquery.png
similarity index 100%
rename from doc/logos/osquery.png
rename to documentation/logos/osquery.png
diff --git a/doc/logos/otx.png b/documentation/logos/otx.png
similarity index 100%
rename from doc/logos/otx.png
rename to documentation/logos/otx.png
diff --git a/doc/logos/passivedns.png b/documentation/logos/passivedns.png
similarity index 100%
rename from doc/logos/passivedns.png
rename to documentation/logos/passivedns.png
diff --git a/doc/logos/passivessl.png b/documentation/logos/passivessl.png
similarity index 100%
rename from doc/logos/passivessl.png
rename to documentation/logos/passivessl.png
diff --git a/doc/logos/passivetotal.png b/documentation/logos/passivetotal.png
similarity index 100%
rename from doc/logos/passivetotal.png
rename to documentation/logos/passivetotal.png
diff --git a/doc/logos/pdf.jpg b/documentation/logos/pdf.jpg
similarity index 100%
rename from doc/logos/pdf.jpg
rename to documentation/logos/pdf.jpg
diff --git a/doc/logos/pptx.png b/documentation/logos/pptx.png
similarity index 100%
rename from doc/logos/pptx.png
rename to documentation/logos/pptx.png
diff --git a/doc/logos/recordedfuture.png b/documentation/logos/recordedfuture.png
similarity index 100%
rename from doc/logos/recordedfuture.png
rename to documentation/logos/recordedfuture.png
diff --git a/doc/logos/securitytrails.png b/documentation/logos/securitytrails.png
similarity index 100%
rename from doc/logos/securitytrails.png
rename to documentation/logos/securitytrails.png
diff --git a/doc/logos/shodan.png b/documentation/logos/shodan.png
similarity index 100%
rename from doc/logos/shodan.png
rename to documentation/logos/shodan.png
diff --git a/doc/logos/sigma.png b/documentation/logos/sigma.png
similarity index 100%
rename from doc/logos/sigma.png
rename to documentation/logos/sigma.png
diff --git a/doc/logos/sophoslabs_intelix.svg b/documentation/logos/sophoslabs_intelix.svg
similarity index 100%
rename from doc/logos/sophoslabs_intelix.svg
rename to documentation/logos/sophoslabs_intelix.svg
diff --git a/doc/logos/spamhaus.jpg b/documentation/logos/spamhaus.jpg
similarity index 100%
rename from doc/logos/spamhaus.jpg
rename to documentation/logos/spamhaus.jpg
diff --git a/doc/logos/stix.png b/documentation/logos/stix.png
similarity index 100%
rename from doc/logos/stix.png
rename to documentation/logos/stix.png
diff --git a/doc/logos/threatconnect.png b/documentation/logos/threatconnect.png
similarity index 100%
rename from doc/logos/threatconnect.png
rename to documentation/logos/threatconnect.png
diff --git a/doc/logos/threatcrowd.png b/documentation/logos/threatcrowd.png
similarity index 100%
rename from doc/logos/threatcrowd.png
rename to documentation/logos/threatcrowd.png
diff --git a/doc/logos/threatminer.png b/documentation/logos/threatminer.png
similarity index 100%
rename from doc/logos/threatminer.png
rename to documentation/logos/threatminer.png
diff --git a/doc/logos/threatstream.png b/documentation/logos/threatstream.png
similarity index 100%
rename from doc/logos/threatstream.png
rename to documentation/logos/threatstream.png
diff --git a/doc/logos/trustar.png b/documentation/logos/trustar.png
similarity index 100%
rename from doc/logos/trustar.png
rename to documentation/logos/trustar.png
diff --git a/doc/logos/urlhaus.png b/documentation/logos/urlhaus.png
similarity index 100%
rename from doc/logos/urlhaus.png
rename to documentation/logos/urlhaus.png
diff --git a/doc/logos/urlscan.jpg b/documentation/logos/urlscan.jpg
similarity index 100%
rename from doc/logos/urlscan.jpg
rename to documentation/logos/urlscan.jpg
diff --git a/doc/logos/virustotal.png b/documentation/logos/virustotal.png
similarity index 100%
rename from doc/logos/virustotal.png
rename to documentation/logos/virustotal.png
diff --git a/doc/logos/vmray.png b/documentation/logos/vmray.png
similarity index 100%
rename from doc/logos/vmray.png
rename to documentation/logos/vmray.png
diff --git a/doc/logos/vulndb.png b/documentation/logos/vulndb.png
similarity index 100%
rename from doc/logos/vulndb.png
rename to documentation/logos/vulndb.png
diff --git a/doc/logos/vulners.png b/documentation/logos/vulners.png
similarity index 100%
rename from doc/logos/vulners.png
rename to documentation/logos/vulners.png
diff --git a/doc/logos/wikidata.png b/documentation/logos/wikidata.png
similarity index 100%
rename from doc/logos/wikidata.png
rename to documentation/logos/wikidata.png
diff --git a/doc/logos/xforce.png b/documentation/logos/xforce.png
similarity index 100%
rename from doc/logos/xforce.png
rename to documentation/logos/xforce.png
diff --git a/doc/logos/xlsx.png b/documentation/logos/xlsx.png
similarity index 100%
rename from doc/logos/xlsx.png
rename to documentation/logos/xlsx.png
diff --git a/doc/logos/yara.png b/documentation/logos/yara.png
similarity index 100%
rename from doc/logos/yara.png
rename to documentation/logos/yara.png
diff --git a/docs/REQUIREMENTS.txt b/documentation/mkdocs/REQUIREMENTS.txt
similarity index 100%
rename from docs/REQUIREMENTS.txt
rename to documentation/mkdocs/REQUIREMENTS.txt
diff --git a/docs/contribute.md b/documentation/mkdocs/contribute.md
similarity index 100%
rename from docs/contribute.md
rename to documentation/mkdocs/contribute.md
diff --git a/docs/img/favicon.ico b/documentation/mkdocs/img/favicon.ico
similarity index 100%
rename from docs/img/favicon.ico
rename to documentation/mkdocs/img/favicon.ico
diff --git a/docs/img/misp.png b/documentation/mkdocs/img/misp.png
similarity index 100%
rename from docs/img/misp.png
rename to documentation/mkdocs/img/misp.png
diff --git a/docs/index.md b/documentation/mkdocs/index.md
similarity index 100%
rename from docs/index.md
rename to documentation/mkdocs/index.md
diff --git a/docs/install.md b/documentation/mkdocs/install.md
similarity index 100%
rename from docs/install.md
rename to documentation/mkdocs/install.md
diff --git a/docs/license.md b/documentation/mkdocs/license.md
similarity index 100%
rename from docs/license.md
rename to documentation/mkdocs/license.md
diff --git a/doc/expansion/apiosintds.json b/documentation/website/expansion/apiosintds.json
similarity index 76%
rename from doc/expansion/apiosintds.json
rename to documentation/website/expansion/apiosintds.json
index 81a1eec..8bdaf39 100644
--- a/doc/expansion/apiosintds.json
+++ b/documentation/website/expansion/apiosintds.json
@@ -1,8 +1,12 @@
{
"description": "On demand query API for OSINT.digitalside.it project.",
- "requirements": ["The apiosintDS python library to query the OSINT.digitalside.it API."],
+ "requirements": [
+ "The apiosintDS python library to query the OSINT.digitalside.it API."
+ ],
"input": "A domain, ip, url or hash attribute.",
"output": "Hashes and urls resulting from the query to OSINT.digitalside.it",
- "references": ["https://osint.digitalside.it/#About"],
+ "references": [
+ "https://osint.digitalside.it/#About"
+ ],
"features": "The module simply queries the API of OSINT.digitalside.it with a domain, ip, url or hash attribute.\n\nThe result of the query is then parsed to extract additional hashes or urls. A module parameters also allows to parse the hashes related to the urls.\n\nFurthermore, it is possible to cache the urls and hashes collected over the last 7 days by OSINT.digitalside.it"
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/apivoid.json b/documentation/website/expansion/apivoid.json
similarity index 72%
rename from doc/expansion/apivoid.json
rename to documentation/website/expansion/apivoid.json
index 2173d5b..5962f57 100644
--- a/doc/expansion/apivoid.json
+++ b/documentation/website/expansion/apivoid.json
@@ -1,9 +1,13 @@
{
"description": "Module to query APIVoid with some domain attributes.",
- "logo": "logos/apivoid.png",
- "requirements": ["A valid APIVoid API key with enough credits to proceed 2 queries"],
+ "logo": "apivoid.png",
+ "requirements": [
+ "A valid APIVoid API key with enough credits to proceed 2 queries"
+ ],
"input": "A domain attribute.",
"output": "DNS records and SSL certificates related to the domain.",
"features": "This module takes a domain name and queries API Void to get the related DNS records and the SSL certificates. It returns then those pieces of data as MISP objects that can be added to the event.\n\nTo make it work, a valid API key and enough credits to proceed 2 queries (0.06 + 0.07 credits) are required.",
- "references": ["https://www.apivoid.com/"]
-}
+ "references": [
+ "https://www.apivoid.com/"
+ ]
+}
\ No newline at end of file
diff --git a/doc/expansion/assemblyline_query.json b/documentation/website/expansion/assemblyline_query.json
similarity index 78%
rename from doc/expansion/assemblyline_query.json
rename to documentation/website/expansion/assemblyline_query.json
index 700bde0..4d54176 100644
--- a/doc/expansion/assemblyline_query.json
+++ b/documentation/website/expansion/assemblyline_query.json
@@ -1,9 +1,13 @@
{
"description": "A module tu query the AssemblyLine API with a submission ID to get the submission report and parse it.",
- "logo": "logos/assemblyline.png",
- "requirements": ["assemblyline_client: Python library to query the AssemblyLine rest API."],
+ "logo": "assemblyline.png",
+ "requirements": [
+ "assemblyline_client: Python library to query the AssemblyLine rest API."
+ ],
"input": "Link of an AssemblyLine submission report.",
"output": "MISP attributes & objects parsed from the AssemblyLine submission.",
- "references": ["https://www.cyber.cg.ca/en/assemblyline"],
+ "references": [
+ "https://www.cyber.cg.ca/en/assemblyline"
+ ],
"features": "The module requires the address of the AssemblyLine server you want to query as well as your credentials used for this instance. Credentials include the used-ID and an API key or the password associated to the user-ID.\n\nThe submission ID extracted from the submission link is then used to query AssemblyLine and get the full submission report. This report is parsed to extract file objects and the associated IPs, domains or URLs the files are connecting to.\n\nSome more data may be parsed in the future."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/assemblyline_submit.json b/documentation/website/expansion/assemblyline_submit.json
similarity index 72%
rename from doc/expansion/assemblyline_submit.json
rename to documentation/website/expansion/assemblyline_submit.json
index 9fe9af6..8f147ca 100644
--- a/doc/expansion/assemblyline_submit.json
+++ b/documentation/website/expansion/assemblyline_submit.json
@@ -1,9 +1,13 @@
{
"description": "A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission.",
- "logo": "logos/assemblyline.png",
- "requirements": ["assemblyline_client: Python library to query the AssemblyLine rest API."],
+ "logo": "assemblyline.png",
+ "requirements": [
+ "assemblyline_client: Python library to query the AssemblyLine rest API."
+ ],
"input": "Sample, or url to submit to AssemblyLine.",
"output": "Link of the report generated in AssemblyLine.",
- "references": ["https://www.cyber.gc.ca/en/assemblyline"],
+ "references": [
+ "https://www.cyber.gc.ca/en/assemblyline"
+ ],
"features": "The module requires the address of the AssemblyLine server you want to query as well as your credentials used for this instance. Credentials include the user-ID and an API key or the password associated to the user-ID.\n\nIf the sample or url is correctly submitted, you get then the link of the submission."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/backscatter_io.json b/documentation/website/expansion/backscatter_io.json
similarity index 66%
rename from doc/expansion/backscatter_io.json
rename to documentation/website/expansion/backscatter_io.json
index a8475c5..146e41c 100644
--- a/doc/expansion/backscatter_io.json
+++ b/documentation/website/expansion/backscatter_io.json
@@ -1,9 +1,13 @@
{
"description": "Query backscatter.io (https://backscatter.io/).",
- "requirements": ["backscatter python library"],
- "features": "The module takes a source or destination IP address as input and displays the information known by backscatter.io.\n\n",
- "logo": "logos/backscatter_io.png",
- "references": ["https://pypi.org/project/backscatter/"],
+ "requirements": [
+ "backscatter python library"
+ ],
+ "features": "The module takes a source or destination IP address as input and displays the information known by backscatter.io.",
+ "logo": "backscatter_io.png",
+ "references": [
+ "https://pypi.org/project/backscatter/"
+ ],
"input": "IP addresses.",
"output": "Text containing a history of the IP addresses especially on scanning based on backscatter.io information ."
}
diff --git a/doc/expansion/bgpranking.json b/documentation/website/expansion/bgpranking.json
similarity index 63%
rename from doc/expansion/bgpranking.json
rename to documentation/website/expansion/bgpranking.json
index 4695aa1..5b0383e 100644
--- a/doc/expansion/bgpranking.json
+++ b/documentation/website/expansion/bgpranking.json
@@ -1,8 +1,12 @@
{
"description": "Query BGP Ranking (https://bgpranking-ng.circl.lu/).",
- "requirements": ["pybgpranking python library"],
- "features": "The module takes an AS number attribute as input and displays its description as well as its ranking position in BGP Ranking for a given day.\n\n",
- "references": ["https://github.com/D4-project/BGP-Ranking/"],
+ "requirements": [
+ "pybgpranking python library"
+ ],
+ "features": "The module takes an AS number attribute as input and displays its description as well as its ranking position in BGP Ranking for a given day.",
+ "references": [
+ "https://github.com/D4-project/BGP-Ranking/"
+ ],
"input": "Autonomous system number.",
"output": "An asn object with its related bgp-ranking object."
}
diff --git a/doc/expansion/btc_scam_check.json b/documentation/website/expansion/btc_scam_check.json
similarity index 57%
rename from doc/expansion/btc_scam_check.json
rename to documentation/website/expansion/btc_scam_check.json
index 44fce03..01fe8ff 100644
--- a/doc/expansion/btc_scam_check.json
+++ b/documentation/website/expansion/btc_scam_check.json
@@ -1,9 +1,13 @@
{
"description": "An expansion hover module to query a special dns blacklist to check if a bitcoin address has been abused.",
- "requirements": ["dnspython3: dns python library"],
+ "requirements": [
+ "dnspython3: dns python library"
+ ],
"features": "The module queries a dns blacklist directly with the bitcoin address and get a response if the address has been abused.",
- "logo": "logos/bitcoin.png",
+ "logo": "bitcoin.png",
"input": "btc address attribute.",
- "output" : "Text to indicate if the BTC address has been abused.",
- "references": ["https://btcblack.it/"]
-}
+ "output": "Text to indicate if the BTC address has been abused.",
+ "references": [
+ "https://btcblack.it/"
+ ]
+}
\ No newline at end of file
diff --git a/doc/expansion/btc_steroids.json b/documentation/website/expansion/btc_steroids.json
similarity index 88%
rename from doc/expansion/btc_steroids.json
rename to documentation/website/expansion/btc_steroids.json
index fd264d8..b365d44 100644
--- a/doc/expansion/btc_steroids.json
+++ b/documentation/website/expansion/btc_steroids.json
@@ -1,6 +1,6 @@
{
"description": "An expansion hover module to get a blockchain balance from a BTC address in MISP.",
- "logo": "logos/bitcoin.png",
+ "logo": "bitcoin.png",
"input": "btc address attribute.",
"output": "Text to describe the blockchain balance and the transactions related to the btc address in input."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/censys_enrich.json b/documentation/website/expansion/censys_enrich.json
similarity index 76%
rename from doc/expansion/censys_enrich.json
rename to documentation/website/expansion/censys_enrich.json
index 83e6d5f..9f3a6f0 100644
--- a/doc/expansion/censys_enrich.json
+++ b/documentation/website/expansion/censys_enrich.json
@@ -1,8 +1,12 @@
{
"description": "An expansion module to enrich attributes in MISP by quering the censys.io API",
- "requirements": ["API credentials to censys.io"],
+ "requirements": [
+ "API credentials to censys.io"
+ ],
"input": "IP, domain or certificate fingerprint (md5, sha1 or sha256)",
"output": "MISP objects retrieved from censys, including open ports, ASN, Location of the IP, x509 details",
- "references": ["https://www.censys.io"],
+ "references": [
+ "https://www.censys.io"
+ ],
"features": "This module takes an IP, hostname or a certificate fingerprint and attempts to enrich it by querying the Censys API."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/circl_passivedns.json b/documentation/website/expansion/circl_passivedns.json
similarity index 61%
rename from doc/expansion/circl_passivedns.json
rename to documentation/website/expansion/circl_passivedns.json
index 024437c..b50136b 100644
--- a/doc/expansion/circl_passivedns.json
+++ b/documentation/website/expansion/circl_passivedns.json
@@ -1,9 +1,15 @@
{
"description": "Module to access CIRCL Passive DNS.",
- "logo": "logos/passivedns.png",
- "requirements": ["pypdns: Passive DNS python library", "A CIRCL passive DNS account with username & password"],
+ "logo": "passivedns.png",
+ "requirements": [
+ "pypdns: Passive DNS python library",
+ "A CIRCL passive DNS account with username & password"
+ ],
"input": "Hostname, domain, or ip-address attribute.",
"ouput": "Passive DNS objects related to the input attribute.",
"features": "This module takes a hostname, domain or ip-address (ip-src or ip-dst) attribute as input, and queries the CIRCL Passive DNS REST API to get the asssociated passive dns entries and return them as MISP objects.\n\nTo make it work a username and a password are thus required to authenticate to the CIRCL Passive DNS API.",
- "references": ["https://www.circl.lu/services/passive-dns/", "https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/"]
-}
+ "references": [
+ "https://www.circl.lu/services/passive-dns/",
+ "https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/"
+ ]
+}
\ No newline at end of file
diff --git a/doc/expansion/circl_passivessl.json b/documentation/website/expansion/circl_passivessl.json
similarity index 66%
rename from doc/expansion/circl_passivessl.json
rename to documentation/website/expansion/circl_passivessl.json
index f9792e1..4010297 100644
--- a/doc/expansion/circl_passivessl.json
+++ b/documentation/website/expansion/circl_passivessl.json
@@ -1,9 +1,14 @@
{
"description": "Modules to access CIRCL Passive SSL.",
- "logo": "logos/passivessl.png",
- "requirements": ["pypssl: Passive SSL python library", "A CIRCL passive SSL account with username & password"],
+ "logo": "passivessl.png",
+ "requirements": [
+ "pypssl: Passive SSL python library",
+ "A CIRCL passive SSL account with username & password"
+ ],
"input": "IP address attribute.",
"output": "x509 certificate objects seen by the IP address(es).",
"features": "This module takes an ip-address (ip-src or ip-dst) attribute as input, and queries the CIRCL Passive SSL REST API to gather the related certificates and return the corresponding MISP objects.\n\nTo make it work a username and a password are required to authenticate to the CIRCL Passive SSL API.",
- "references": ["https://www.circl.lu/services/passive-ssl/"]
-}
+ "references": [
+ "https://www.circl.lu/services/passive-ssl/"
+ ]
+}
\ No newline at end of file
diff --git a/doc/expansion/countrycode.json b/documentation/website/expansion/countrycode.json
similarity index 99%
rename from doc/expansion/countrycode.json
rename to documentation/website/expansion/countrycode.json
index c6214e5..110bdf7 100644
--- a/doc/expansion/countrycode.json
+++ b/documentation/website/expansion/countrycode.json
@@ -3,4 +3,4 @@
"input": "Hostname or domain attribute.",
"output": "Text with the country code the input belongs to.",
"features": "The module takes a domain or a hostname as input, and returns the country it belongs to.\n\nFor non country domains, a list of the most common possible extensions is used."
-}
+}
\ No newline at end of file
diff --git a/documentation/website/expansion/cpe.json b/documentation/website/expansion/cpe.json
new file mode 100644
index 0000000..0160d1c
--- /dev/null
+++ b/documentation/website/expansion/cpe.json
@@ -0,0 +1,10 @@
+{
+ "description": "An expansion module to query the CVE search API with a cpe code to get its related vulnerabilities.",
+ "logo": "cve.png",
+ "input": "CPE attribute.",
+ "output": "The vulnerabilities related to the CPE.",
+ "references": [
+ "https://cve.circl.lu/api/"
+ ],
+ "features": "The module takes a cpe attribute as input and queries the CVE search API to get its related vulnerabilities. \nThe list of vulnerabilities is then parsed and returned as vulnerability objects.\n\nUsers can use their own CVE search API url by defining a value to the custom_API_URL parameter. If no custom API url is given, the default cve.circl.lu api url is used.\n\nIn order to limit the amount of data returned by CVE serach, users can also the limit parameter. With the limit set, the API returns only the requested number of vulnerabilities, sorted from the highest cvss score to the lowest one."
+}
\ No newline at end of file
diff --git a/doc/expansion/crowdstrike_falcon.json b/documentation/website/expansion/crowdstrike_falcon.json
similarity index 83%
rename from doc/expansion/crowdstrike_falcon.json
rename to documentation/website/expansion/crowdstrike_falcon.json
index 07e9dbd..a2408b9 100644
--- a/doc/expansion/crowdstrike_falcon.json
+++ b/documentation/website/expansion/crowdstrike_falcon.json
@@ -1,9 +1,13 @@
{
"description": "Module to query Crowdstrike Falcon.",
- "logo": "logos/crowdstrike.png",
- "requirements": ["A CrowdStrike API access (API id & key)"],
+ "logo": "crowdstrike.png",
+ "requirements": [
+ "A CrowdStrike API access (API id & key)"
+ ],
"input": "A MISP attribute included in the following list:\n- domain\n- email-attachment\n- email-dst\n- email-reply-to\n- email-src\n- email-subject\n- filename\n- hostname\n- ip-src\n- ip-dst\n- md5\n- mutex\n- regkey\n- sha1\n- sha256\n- uri\n- url\n- user-agent\n- whois-registrant-email\n- x509-fingerprint-md5",
"output": "MISP attributes mapped after the CrowdStrike API has been queried, included in the following list:\n- hostname\n- email-src\n- email-subject\n- filename\n- md5\n- sha1\n- sha256\n- ip-dst\n- ip-dst\n- mutex\n- regkey\n- url\n- user-agent\n- x509-fingerprint-md5",
- "references": ["https://www.crowdstrike.com/products/crowdstrike-falcon-faq/"],
+ "references": [
+ "https://www.crowdstrike.com/products/crowdstrike-falcon-faq/"
+ ],
"features": "This module takes a MISP attribute as input to query a CrowdStrike Falcon API. The API returns then the result of the query with some types we map into compatible types we add as MISP attributes.\n\nPlease note that composite attributes composed by at least one of the input types mentionned below (domains, IPs, hostnames) are also supported."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/cuckoo_submit.json b/documentation/website/expansion/cuckoo_submit.json
similarity index 62%
rename from doc/expansion/cuckoo_submit.json
rename to documentation/website/expansion/cuckoo_submit.json
index 7fe8067..5c23218 100644
--- a/doc/expansion/cuckoo_submit.json
+++ b/documentation/website/expansion/cuckoo_submit.json
@@ -1,9 +1,14 @@
{
"description": "An expansion module to submit files and URLs to Cuckoo Sandbox.",
- "logo": "logos/cuckoo.png",
- "requirements": ["Access to a Cuckoo Sandbox API and an API key if the API requires it. (api_url and api_key)"],
+ "logo": "cuckoo.png",
+ "requirements": [
+ "Access to a Cuckoo Sandbox API and an API key if the API requires it. (api_url and api_key)"
+ ],
"input": "A malware-sample or attachment for files. A url or domain for URLs.",
"output": "A text field containing 'Cuckoo task id: '",
- "references": ["https://cuckoosandbox.org/", "https://cuckoo.sh/docs/"],
+ "references": [
+ "https://cuckoosandbox.org/",
+ "https://cuckoo.sh/docs/"
+ ],
"features": "The module takes a malware-sample, attachment, url or domain and submits it to Cuckoo Sandbox.\n The returned task id can be used to retrieve results when the analysis completed."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/cve.json b/documentation/website/expansion/cve.json
similarity index 77%
rename from doc/expansion/cve.json
rename to documentation/website/expansion/cve.json
index 04f131f..04f5733 100644
--- a/doc/expansion/cve.json
+++ b/documentation/website/expansion/cve.json
@@ -1,8 +1,11 @@
{
"description": "An expansion hover module to expand information about CVE id.",
- "logo": "logos/cve.png",
+ "logo": "cve.png",
"input": "Vulnerability attribute.",
"output": "Text giving information about the CVE related to the Vulnerability.",
- "references": ["https://cve.circl.lu/", "https://cve.mitre.org/"],
+ "references": [
+ "https://cve.circl.lu/",
+ "https://cve.mitre.org/"
+ ],
"features": "The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to get information about the vulnerability as it is described in the list of CVEs."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/cve_advanced.json b/documentation/website/expansion/cve_advanced.json
similarity index 87%
rename from doc/expansion/cve_advanced.json
rename to documentation/website/expansion/cve_advanced.json
index a4b2ac6..364fb32 100644
--- a/doc/expansion/cve_advanced.json
+++ b/documentation/website/expansion/cve_advanced.json
@@ -1,8 +1,11 @@
{
"description": "An expansion module to query the CIRCL CVE search API for more information about a vulnerability (CVE).",
- "logo": "logos/cve.png",
+ "logo": "cve.png",
"input": "Vulnerability attribute.",
"output": "Additional information about the vulnerability, such as its cvss score, some references, or the related weaknesses and attack patterns.",
- "references": ["https://cve.circl.lu", "https://cve/mitre.org/"],
+ "references": [
+ "https://cve.circl.lu",
+ "https://cve/mitre.org/"
+ ],
"features": "The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to gather additional information.\n\nThe result of the query is then parsed to return additional information about the vulnerability, like its cvss score or some references, as well as the potential related weaknesses and attack patterns.\n\nThe vulnerability additional data is returned in a vulnerability MISP object, and the related additional information are put into weakness and attack-pattern MISP objects."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/cytomic_orion.json b/documentation/website/expansion/cytomic_orion.json
similarity index 62%
rename from doc/expansion/cytomic_orion.json
rename to documentation/website/expansion/cytomic_orion.json
index 6f87657..8623670 100644
--- a/doc/expansion/cytomic_orion.json
+++ b/documentation/website/expansion/cytomic_orion.json
@@ -1,9 +1,14 @@
{
"description": "An expansion module to enrich attributes in MISP by quering the Cytomic Orion API",
- "logo": "logos/cytomic_orion.png",
- "requirements": ["Access (license) to Cytomic Orion"],
+ "logo": "cytomic_orion.png",
+ "requirements": [
+ "Access (license) to Cytomic Orion"
+ ],
"input": "MD5, hash of the sample / malware to search for.",
"output": "MISP objects with sightings of the hash in Cytomic Orion. Includes files and machines.",
- "references": ["https://www.vanimpe.eu/2020/03/10/integrating-misp-and-cytomic-orion/", "https://www.cytomicmodel.com/solutions/"],
+ "references": [
+ "https://www.vanimpe.eu/2020/03/10/integrating-misp-and-cytomic-orion/",
+ "https://www.cytomicmodel.com/solutions/"
+ ],
"features": "This module takes an MD5 hash and searches for occurrences of this hash in the Cytomic Orion database. Returns observed files and machines."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/dbl_spamhaus.json b/documentation/website/expansion/dbl_spamhaus.json
similarity index 76%
rename from doc/expansion/dbl_spamhaus.json
rename to documentation/website/expansion/dbl_spamhaus.json
index ea73dcb..6a33c8e 100644
--- a/doc/expansion/dbl_spamhaus.json
+++ b/documentation/website/expansion/dbl_spamhaus.json
@@ -1,9 +1,13 @@
{
"description": "Module to check Spamhaus DBL for a domain name.",
- "logo": "logos/spamhaus.jpg",
- "requirements": ["dnspython3: DNS python3 library"],
+ "logo": "spamhaus.jpg",
+ "requirements": [
+ "dnspython3: DNS python3 library"
+ ],
"input": "Domain or hostname attribute.",
"output": "Information about the nature of the input.",
- "references": ["https://www.spamhaus.org/faq/section/Spamhaus%20DBL"],
+ "references": [
+ "https://www.spamhaus.org/faq/section/Spamhaus%20DBL"
+ ],
"features": "This modules takes a domain or a hostname in input and queries the Domain Block List provided by Spamhaus to determine what kind of domain it is.\n\nDBL then returns a response code corresponding to a certain classification of the domain we display. If the queried domain is not in the list, it is also mentionned.\n\nPlease note that composite MISP attributes containing domain or hostname are supported as well."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/dns.json b/documentation/website/expansion/dns.json
similarity index 90%
rename from doc/expansion/dns.json
rename to documentation/website/expansion/dns.json
index dc43b64..a0fb4dd 100644
--- a/doc/expansion/dns.json
+++ b/documentation/website/expansion/dns.json
@@ -1,7 +1,9 @@
{
"description": "A simple DNS expansion service to resolve IP address from domain MISP attributes.",
- "requirements": ["dnspython3: DNS python3 library"],
+ "requirements": [
+ "dnspython3: DNS python3 library"
+ ],
"input": "Domain or hostname attribute.",
"output": "IP address resolving the input.",
"features": "The module takes a domain of hostname attribute as input, and tries to resolve it. If no error is encountered, the IP address that resolves the domain is returned, otherwise the origin of the error is displayed.\n\nThe address of the DNS resolver to use is also configurable, but if no configuration is set, we use the Google public DNS address (8.8.8.8).\n\nPlease note that composite MISP attributes containing domain or hostname are supported as well."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/docx_enrich.json b/documentation/website/expansion/docx_enrich.json
similarity index 82%
rename from doc/expansion/docx_enrich.json
rename to documentation/website/expansion/docx_enrich.json
index fccba57..55bd955 100644
--- a/doc/expansion/docx_enrich.json
+++ b/documentation/website/expansion/docx_enrich.json
@@ -1,9 +1,11 @@
{
"description": "Module to extract freetext from a .docx document.",
- "logo": "logos/docx.png",
- "requirements": ["docx python library"],
+ "logo": "docx.png",
+ "requirements": [
+ "docx python library"
+ ],
"input": "Attachment attribute containing a .docx document.",
"output": "Text and freetext parsed from the document.",
"references": [],
"features": "The module reads the text contained in a .docx document. The result is passed to the freetext import parser so IoCs can be extracted out of it."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/domaintools.json b/documentation/website/expansion/domaintools.json
similarity index 80%
rename from doc/expansion/domaintools.json
rename to documentation/website/expansion/domaintools.json
index 849028c..99c916b 100644
--- a/doc/expansion/domaintools.json
+++ b/documentation/website/expansion/domaintools.json
@@ -1,9 +1,14 @@
{
"description": "DomainTools MISP expansion module.",
- "logo": "logos/domaintools.png",
- "requirements": ["Domaintools python library", "A Domaintools API access (username & apikey)"],
+ "logo": "domaintools.png",
+ "requirements": [
+ "Domaintools python library",
+ "A Domaintools API access (username & apikey)"
+ ],
"input": "A MISP attribute included in the following list:\n- domain\n- hostname\n- email-src\n- email-dst\n- target-email\n- whois-registrant-email\n- whois-registrant-name\n- whois-registrant-phone\n- ip-src\n- ip-dst",
"output": "MISP attributes mapped after the Domaintools API has been queried, included in the following list:\n- whois-registrant-email\n- whois-registrant-phone\n- whois-registrant-name\n- whois-registrar\n- whois-creation-date\n- text\n- domain",
- "references": ["https://www.domaintools.com/"],
+ "references": [
+ "https://www.domaintools.com/"
+ ],
"features": "This module takes a MISP attribute as input to query the Domaintools API. The API returns then the result of the query with some types we map into compatible types we add as MISP attributes.\n\nPlease note that composite attributes composed by at least one of the input types mentionned below (domains, IPs, hostnames) are also supported."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/eql.json b/documentation/website/expansion/eql.json
similarity index 77%
rename from doc/expansion/eql.json
rename to documentation/website/expansion/eql.json
index 1a32adf..4af9df4 100644
--- a/doc/expansion/eql.json
+++ b/documentation/website/expansion/eql.json
@@ -1,9 +1,11 @@
{
"description": "EQL query generation for a MISP attribute.",
- "logo": "logos/eql.png",
+ "logo": "eql.png",
"requirements": [],
"input": "A filename or ip attribute.",
"output": "Attribute containing EQL for a network or file attribute.",
- "references": ["https://eql.readthedocs.io/en/latest/"],
+ "references": [
+ "https://eql.readthedocs.io/en/latest/"
+ ],
"features": "This module adds a new attribute to a MISP event containing an EQL query for a network or file attribute."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/eupi.json b/documentation/website/expansion/eupi.json
similarity index 71%
rename from doc/expansion/eupi.json
rename to documentation/website/expansion/eupi.json
index 02a16fb..07eb59e 100644
--- a/doc/expansion/eupi.json
+++ b/documentation/website/expansion/eupi.json
@@ -1,9 +1,14 @@
{
"description": "A module to query the Phishing Initiative service (https://phishing-initiative.lu).",
- "logo": "logos/eupi.png",
- "requirements": ["pyeupi: eupi python library", "An access to the Phishing Initiative API (apikey & url)"],
+ "logo": "eupi.png",
+ "requirements": [
+ "pyeupi: eupi python library",
+ "An access to the Phishing Initiative API (apikey & url)"
+ ],
"input": "A domain, hostname or url MISP attribute.",
"output": "Text containing information about the input, resulting from the query on Phishing Initiative.",
- "references": ["https://phishing-initiative.eu/?lang=en"],
+ "references": [
+ "https://phishing-initiative.eu/?lang=en"
+ ],
"features": "This module takes a domain, hostname or url MISP attribute as input to query the Phishing Initiative API. The API returns then the result of the query with some information about the value queried.\n\nPlease note that composite attributes containing domain or hostname are also supported."
-}
+}
\ No newline at end of file
diff --git a/documentation/website/expansion/farsight_passivedns.json b/documentation/website/expansion/farsight_passivedns.json
new file mode 100644
index 0000000..ec33026
--- /dev/null
+++ b/documentation/website/expansion/farsight_passivedns.json
@@ -0,0 +1,14 @@
+{
+ "description": "Module to access Farsight DNSDB Passive DNS.",
+ "logo": "farsight.png",
+ "requirements": [
+ "An access to the Farsight Passive DNS API (apikey)"
+ ],
+ "input": "A domain, hostname or IP address MISP attribute.",
+ "output": "Passive-dns objects, resulting from the query on the Farsight Passive DNS API.",
+ "references": [
+ "https://www.farsightsecurity.com/",
+ "https://docs.dnsdb.info/dnsdb-api/"
+ ],
+ "features": "This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API.\n The results of rdata and rrset lookups are then returned and parsed into passive-dns objects.\n\nAn API key is required to submit queries to the API.\n It is also possible to define a custom server URL, and to set a limit of results to get.\n This limit is set for each lookup, which means we can have an up to the limit number of passive-dns objects resulting from an rdata query about an IP address, but an up to the limit number of passive-dns objects for each lookup queries about a domain or a hostname (== twice the limit)."
+}
\ No newline at end of file
diff --git a/doc/expansion/geoip_asn.json b/documentation/website/expansion/geoip_asn.json
similarity index 72%
rename from doc/expansion/geoip_asn.json
rename to documentation/website/expansion/geoip_asn.json
index 98189c7..9a7b1dd 100644
--- a/doc/expansion/geoip_asn.json
+++ b/documentation/website/expansion/geoip_asn.json
@@ -1,9 +1,13 @@
{
"descrption": "An expansion module to query a local copy of Maxmind's Geolite database with an IP address, in order to get information about its related AS number.",
- "logo": "logos/maxmind.png",
- "requirements": ["A local copy of Maxmind's Geolite database"],
+ "logo": "maxmind.png",
+ "requirements": [
+ "A local copy of Maxmind's Geolite database"
+ ],
"input": "An IP address MISP attribute.",
"output": "Text containing information about the AS number of the IP address.",
- "references": ["https://www.maxmind.com/en/home"],
+ "references": [
+ "https://www.maxmind.com/en/home"
+ ],
"features": "The module takes an IP address attribute as input and queries a local copy of the Maxmind's Geolite database to get information about the related AS number."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/geoip_city.json b/documentation/website/expansion/geoip_city.json
similarity index 74%
rename from doc/expansion/geoip_city.json
rename to documentation/website/expansion/geoip_city.json
index bf6d8fa..24d286b 100644
--- a/doc/expansion/geoip_city.json
+++ b/documentation/website/expansion/geoip_city.json
@@ -1,9 +1,13 @@
{
"description": "An expansion module to query a local copy of Maxmind's Geolite database with an IP address, in order to get information about the city where it is located.",
- "logo": "logos/maxmind.png",
- "requirements": ["A local copy of Maxmind's Geolite database"],
+ "logo": "maxmind.png",
+ "requirements": [
+ "A local copy of Maxmind's Geolite database"
+ ],
"input": "An IP address MISP attribute.",
"output": "Text containing information about the city where the IP address is located.",
- "references": ["https://www.maxmind.com/en/home"],
+ "references": [
+ "https://www.maxmind.com/en/home"
+ ],
"features": "The module takes an IP address attribute as input and queries a local copy of the Maxmind's Geolite database to get information about the city where this IP address is located."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/geoip_country.json b/documentation/website/expansion/geoip_country.json
similarity index 72%
rename from doc/expansion/geoip_country.json
rename to documentation/website/expansion/geoip_country.json
index 9db49a2..ec84282 100644
--- a/doc/expansion/geoip_country.json
+++ b/documentation/website/expansion/geoip_country.json
@@ -1,9 +1,13 @@
{
"description": "Module to query a local copy of Maxmind's Geolite database.",
- "logo": "logos/maxmind.png",
- "requirements": ["A local copy of Maxmind's Geolite database"],
+ "logo": "maxmind.png",
+ "requirements": [
+ "A local copy of Maxmind's Geolite database"
+ ],
"input": "An IP address MISP Attribute.",
"output": "Text containing information about the location of the IP address.",
- "references": ["https://www.maxmind.com/en/home"],
+ "references": [
+ "https://www.maxmind.com/en/home"
+ ],
"features": "This module takes an IP address MISP attribute as input and queries a local copy of the Maxmind's Geolite database to get information about the location of this IP address.\n\nPlease note that composite attributes domain|ip are also supported."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/google_search.json b/documentation/website/expansion/google_search.json
similarity index 64%
rename from doc/expansion/google_search.json
rename to documentation/website/expansion/google_search.json
index a3caddf..8772d21 100644
--- a/doc/expansion/google_search.json
+++ b/documentation/website/expansion/google_search.json
@@ -1,9 +1,13 @@
{
"descrption": "A hover module to get information about an url using a Google search.",
- "logo": "logos/google.png",
- "requirements": ["The python Google Search API library"],
+ "logo": "google.png",
+ "requirements": [
+ "The python Google Search API library"
+ ],
"input": "An url attribute.",
"output": "Text containing the result of a Google search on the input url.",
- "references": ["https://github.com/abenassi/Google-Search-API"],
+ "references": [
+ "https://github.com/abenassi/Google-Search-API"
+ ],
"features": "The module takes an url as input to query the Google search API. The result of the query is then return as raw text."
-}
+}
\ No newline at end of file
diff --git a/documentation/website/expansion/greynoise.json b/documentation/website/expansion/greynoise.json
new file mode 100644
index 0000000..4c61727
--- /dev/null
+++ b/documentation/website/expansion/greynoise.json
@@ -0,0 +1,14 @@
+{
+ "description": "Module to access GreyNoise.io API",
+ "logo": "greynoise.png",
+ "requirements": [
+ "A Greynoise API key."
+ ],
+ "input": "An IP address.",
+ "output": "Additional information about the IP fetched from Greynoise API.",
+ "references": [
+ "https://greynoise.io/",
+ "https://github.com/GreyNoise-Intelligence/api.greynoise.io"
+ ],
+ "features": "The module takes an IP address as input and queries Greynoise for some additional information about it: basically it checks whether a given IP address is \u201cInternet background noise\u201d, or has been observed scanning or attacking devices across the Internet. The result is returned as text."
+}
\ No newline at end of file
diff --git a/doc/expansion/hashdd.json b/documentation/website/expansion/hashdd.json
similarity index 86%
rename from doc/expansion/hashdd.json
rename to documentation/website/expansion/hashdd.json
index d963820..2edc1d1 100644
--- a/doc/expansion/hashdd.json
+++ b/documentation/website/expansion/hashdd.json
@@ -2,6 +2,8 @@
"description": "A hover module to check hashes against hashdd.com including NSLR dataset.",
"input": "A hash MISP attribute (md5).",
"output": "Text describing the known level of the hash in the hashdd databases.",
- "references": ["https://hashdd.com/"],
+ "references": [
+ "https://hashdd.com/"
+ ],
"features": "This module takes a hash attribute as input to check its known level, using the hashdd API. This information is then displayed."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/hibp.json b/documentation/website/expansion/hibp.json
similarity index 83%
rename from doc/expansion/hibp.json
rename to documentation/website/expansion/hibp.json
index 3c3ee54..a2b7b09 100644
--- a/doc/expansion/hibp.json
+++ b/documentation/website/expansion/hibp.json
@@ -1,9 +1,11 @@
{
"description": "Module to access haveibeenpwned.com API.",
- "logo": "logos/hibp.png",
+ "logo": "hibp.png",
"requirements": [],
"input": "An email address",
"output": "Additional information about the email address.",
- "references": ["https://haveibeenpwned.com/"],
+ "references": [
+ "https://haveibeenpwned.com/"
+ ],
"features": "The module takes an email address as input and queries haveibeenpwned.com API to find additional information about it. This additional information actually tells if any account using the email address has already been compromised in a data breach."
-}
+}
\ No newline at end of file
diff --git a/documentation/website/expansion/html_to_markdown.json b/documentation/website/expansion/html_to_markdown.json
new file mode 100644
index 0000000..0864431
--- /dev/null
+++ b/documentation/website/expansion/html_to_markdown.json
@@ -0,0 +1,9 @@
+{
+ "description": "Expansion module to fetch the html content from an url and convert it into markdown.",
+ "input": "URL attribute.",
+ "output": "Markdown content converted from the HTML fetched from the url.",
+ "requirements": [
+ "The markdownify python library"
+ ],
+ "features": "The module take an URL as input and the HTML content is fetched from it. This content is then converted into markdown that is returned as text."
+}
\ No newline at end of file
diff --git a/doc/expansion/intel471.json b/documentation/website/expansion/intel471.json
similarity index 79%
rename from doc/expansion/intel471.json
rename to documentation/website/expansion/intel471.json
index 72dbaba..8935276 100644
--- a/doc/expansion/intel471.json
+++ b/documentation/website/expansion/intel471.json
@@ -1,9 +1,13 @@
{
"descrption": "An expansion module to query Intel471 in order to get additional information about a domain, ip address, email address, url or hash.",
- "logo": "logos/intel471.png",
- "requirements": ["The intel471 python library"],
+ "logo": "intel471.png",
+ "requirements": [
+ "The intel471 python library"
+ ],
"input": "A MISP attribute whose type is included in the following list:\n- hostname\n- domain\n- url\n- ip-src\n- ip-dst\n- email-src\n- email-dst\n- target-email\n- whois-registrant-email\n- whois-registrant-name\n- md5\n- sha1\n- sha256",
"output": "Freetext",
- "references": ["https://public.intel471.com/"],
+ "references": [
+ "https://public.intel471.com/"
+ ],
"features": "The module uses the Intel471 python library to query the Intel471 API with the value of the input attribute. The result of the query is then returned as freetext so the Freetext import parses it."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/intelmq_eventdb.json b/documentation/website/expansion/intelmq_eventdb.json
similarity index 57%
rename from doc/expansion/intelmq_eventdb.json
rename to documentation/website/expansion/intelmq_eventdb.json
index bc48414..ce2b12a 100644
--- a/doc/expansion/intelmq_eventdb.json
+++ b/documentation/website/expansion/intelmq_eventdb.json
@@ -1,9 +1,15 @@
{
"description": "Module to access intelmqs eventdb.",
- "logo": "logos/intelmq.png",
- "requirements": ["psycopg2: Python library to support PostgreSQL", "An access to the IntelMQ database (username, password, hostname and database reference)"],
+ "logo": "intelmq.png",
+ "requirements": [
+ "psycopg2: Python library to support PostgreSQL",
+ "An access to the IntelMQ database (username, password, hostname and database reference)"
+ ],
"input": "A hostname, domain, IP address or AS attribute.",
"output": "Text giving information about the input using IntelMQ database.",
- "references": ["https://github.com/certtools/intelmq", "https://intelmq.readthedocs.io/en/latest/Developers-Guide/"],
+ "references": [
+ "https://github.com/certtools/intelmq",
+ "https://intelmq.readthedocs.io/en/latest/Developers-Guide/"
+ ],
"features": "/!\\ EXPERIMENTAL MODULE, some features may not work /!\\\n\nThis module takes a domain, hostname, IP address or Autonomous system MISP attribute as input to query the IntelMQ database. The result of the query gives then additional information about the input."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/ipasn.json b/documentation/website/expansion/ipasn.json
similarity index 70%
rename from doc/expansion/ipasn.json
rename to documentation/website/expansion/ipasn.json
index 8caed92..5f30608 100644
--- a/doc/expansion/ipasn.json
+++ b/documentation/website/expansion/ipasn.json
@@ -1,8 +1,12 @@
{
"description": "Module to query an IP ASN history service (https://github.com/D4-project/IPASN-History).",
- "requirements": ["pyipasnhistory: Python library to access IPASN-history instance"],
+ "requirements": [
+ "pyipasnhistory: Python library to access IPASN-history instance"
+ ],
"input": "An IP address MISP attribute.",
"output": "Asn object(s) objects related to the IP address used as input.",
- "references": ["https://github.com/D4-project/IPASN-History"],
+ "references": [
+ "https://github.com/D4-project/IPASN-History"
+ ],
"features": "This module takes an IP address attribute as input and queries the CIRCL IPASN service. The result of the query is the latest asn related to the IP address, that is returned as a MISP object."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/iprep.json b/documentation/website/expansion/iprep.json
similarity index 71%
rename from doc/expansion/iprep.json
rename to documentation/website/expansion/iprep.json
index 95250e0..2e27304 100644
--- a/doc/expansion/iprep.json
+++ b/documentation/website/expansion/iprep.json
@@ -1,8 +1,12 @@
{
"description": "Module to query IPRep data for IP addresses.",
- "requirements": ["An access to the packetmail API (apikey)"],
+ "requirements": [
+ "An access to the packetmail API (apikey)"
+ ],
"input": "An IP address MISP attribute.",
"output": "Text describing additional information about the input after a query on the IPRep API.",
- "references": ["https://github.com/mahesh557/packetmail"],
+ "references": [
+ "https://github.com/mahesh557/packetmail"
+ ],
"features": "This module takes an IP address attribute as input and queries the database from packetmail.net to get some information about the reputation of the IP."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/joesandbox_query.json b/documentation/website/expansion/joesandbox_query.json
similarity index 84%
rename from doc/expansion/joesandbox_query.json
rename to documentation/website/expansion/joesandbox_query.json
index 1a94edb..12f2853 100644
--- a/doc/expansion/joesandbox_query.json
+++ b/documentation/website/expansion/joesandbox_query.json
@@ -1,9 +1,14 @@
{
"description": "Query Joe Sandbox API with a submission url to get the json report and extract its data that is parsed and converted into MISP attributes and objects.\n\nThis url can by the way come from the result of the [joesandbox_submit expansion module](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_submit.py).",
- "logo": "logos/joesandbox.png",
- "requirements": ["jbxapi: Joe Sandbox API python3 library"],
+ "logo": "joesandbox.png",
+ "requirements": [
+ "jbxapi: Joe Sandbox API python3 library"
+ ],
"input": "Link of a Joe Sandbox sample or url submission.",
"output": "MISP attributes & objects parsed from the analysis report.",
- "references": ["https://www.joesecurity.org", "https://www.joesandbox.com/"],
+ "references": [
+ "https://www.joesecurity.org",
+ "https://www.joesandbox.com/"
+ ],
"features": "Module using the new format of modules able to return attributes and objects.\n\nThe module returns the same results as the import module [joe_import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/joe_import.py) taking directly the json report as input.\n\nEven if the introspection will allow all kinds of links to call this module, obviously only the ones presenting a sample or url submission in the Joe Sandbox API will return results.\n\nTo make it work you will need to fill the 'apikey' configuration with your Joe Sandbox API key and provide a valid link as input."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/joesandbox_submit.json b/documentation/website/expansion/joesandbox_submit.json
similarity index 77%
rename from doc/expansion/joesandbox_submit.json
rename to documentation/website/expansion/joesandbox_submit.json
index ad59239..0ac454f 100644
--- a/doc/expansion/joesandbox_submit.json
+++ b/documentation/website/expansion/joesandbox_submit.json
@@ -1,9 +1,14 @@
{
"description": "A module to submit files or URLs to Joe Sandbox for an advanced analysis, and return the link of the submission.",
- "logo": "logos/joesandbox.png",
- "requirements": ["jbxapi: Joe Sandbox API python3 library"],
+ "logo": "joesandbox.png",
+ "requirements": [
+ "jbxapi: Joe Sandbox API python3 library"
+ ],
"input": "Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.",
"output": "Link of the report generated in Joe Sandbox.",
- "references": ["https://www.joesecurity.org", "https://www.joesandbox.com/"],
+ "references": [
+ "https://www.joesecurity.org",
+ "https://www.joesandbox.com/"
+ ],
"features": "The module requires a Joe Sandbox API key to submit files or URL, and returns the link of the submitted analysis.\n\nIt is then possible, when the analysis is completed, to query the Joe Sandbox API to get the data related to the analysis, using the [joesandbox_query module](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) directly on this submission link."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/lastline_query.json b/documentation/website/expansion/lastline_query.json
similarity index 89%
rename from doc/expansion/lastline_query.json
rename to documentation/website/expansion/lastline_query.json
index 6165890..611b514 100644
--- a/doc/expansion/lastline_query.json
+++ b/documentation/website/expansion/lastline_query.json
@@ -1,9 +1,11 @@
{
"description": "Query Lastline with an analysis link and parse the report into MISP attributes and objects.\nThe analysis link can also be retrieved from the output of the [lastline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_submit.py) expansion module.",
- "logo": "logos/lastline.png",
+ "logo": "lastline.png",
"requirements": [],
"input": "Link to a Lastline analysis.",
"output": "MISP attributes and objects parsed from the analysis report.",
- "references": ["https://www.lastline.com"],
+ "references": [
+ "https://www.lastline.com"
+ ],
"features": "The module requires a Lastline Portal `username` and `password`.\nThe module uses the new format and it is able to return MISP attributes and objects.\nThe module returns the same results as the [lastline_import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/lastline_import.py) import module."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/lastline_submit.json b/documentation/website/expansion/lastline_submit.json
similarity index 85%
rename from doc/expansion/lastline_submit.json
rename to documentation/website/expansion/lastline_submit.json
index d053f55..7c4387f 100644
--- a/doc/expansion/lastline_submit.json
+++ b/documentation/website/expansion/lastline_submit.json
@@ -1,9 +1,11 @@
{
"description": "Module to submit a file or URL to Lastline.",
- "logo": "logos/lastline.png",
+ "logo": "lastline.png",
"requirements": [],
"input": "File or URL to submit to Lastline.",
"output": "Link to the report generated by Lastline.",
- "references": ["https://www.lastline.com"],
+ "references": [
+ "https://www.lastline.com"
+ ],
"features": "The module requires a Lastline Analysis `api_token` and `key`.\nWhen the analysis is completed, it is possible to import the generated report by feeding the analysis link to the [lastline_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_query.py) module."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/macaddress_io.json b/documentation/website/expansion/macaddress_io.json
similarity index 60%
rename from doc/expansion/macaddress_io.json
rename to documentation/website/expansion/macaddress_io.json
index 6bd2658..013564a 100644
--- a/doc/expansion/macaddress_io.json
+++ b/documentation/website/expansion/macaddress_io.json
@@ -1,9 +1,15 @@
{
"description": "MISP hover module for macaddress.io",
- "logo": "logos/macaddress_io.png",
- "requirements": ["maclookup: macaddress.io python library", "An access to the macaddress.io API (apikey)"],
+ "logo": "macaddress_io.png",
+ "requirements": [
+ "maclookup: macaddress.io python library",
+ "An access to the macaddress.io API (apikey)"
+ ],
"input": "MAC address MISP attribute.",
"output": "Text containing information on the MAC address fetched from a query on macaddress.io.",
- "references": ["https://macaddress.io/", "https://github.com/CodeLineFi/maclookup-python"],
+ "references": [
+ "https://macaddress.io/",
+ "https://github.com/CodeLineFi/maclookup-python"
+ ],
"features": "This module takes a MAC address attribute as input and queries macaddress.io for additional information.\n\nThis information contains data about:\n- MAC address details\n- Vendor details\n- Block details"
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/macvendors.json b/documentation/website/expansion/macvendors.json
similarity index 73%
rename from doc/expansion/macvendors.json
rename to documentation/website/expansion/macvendors.json
index cc10475..38c3588 100644
--- a/doc/expansion/macvendors.json
+++ b/documentation/website/expansion/macvendors.json
@@ -1,9 +1,12 @@
{
"description": "Module to access Macvendors API.",
- "logo": "logos/macvendors.png",
+ "logo": "macvendors.png",
"requirements": [],
"input": "A MAC address.",
"output": "Additional information about the MAC address.",
- "references": ["https://macvendors.com/", "https://macvendors.com/api"],
+ "references": [
+ "https://macvendors.com/",
+ "https://macvendors.com/api"
+ ],
"features": "The module takes a MAC address as input and queries macvendors.com for some information about it. The API returns the name of the vendor related to the address."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/malwarebazaar.json b/documentation/website/expansion/malwarebazaar.json
similarity index 91%
rename from doc/expansion/malwarebazaar.json
rename to documentation/website/expansion/malwarebazaar.json
index 2db6ad5..8c8228c 100644
--- a/doc/expansion/malwarebazaar.json
+++ b/documentation/website/expansion/malwarebazaar.json
@@ -3,6 +3,8 @@
"requirements": [],
"input": "A hash attribute (md5, sha1 or sha256).",
"output": "File object(s) related to the input attribute found on MALWAREbazaar databases.",
- "references": ["https://bazaar.abuse.ch/"],
+ "references": [
+ "https://bazaar.abuse.ch/"
+ ],
"features": "The module takes a hash attribute as input and queries MALWAREbazaar's API to fetch additional data about it. The result, if the payload is known on the databases, is at least one file object describing the file the input hash is related to.\n\nThe module is using the new format of modules able to return object since the result is one or multiple MISP object(s)."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/ocr_enrich.json b/documentation/website/expansion/ocr_enrich.json
similarity index 85%
rename from doc/expansion/ocr_enrich.json
rename to documentation/website/expansion/ocr_enrich.json
index 8765b22..0e8f627 100644
--- a/doc/expansion/ocr_enrich.json
+++ b/documentation/website/expansion/ocr_enrich.json
@@ -1,8 +1,10 @@
{
"description": "Module to process some optical character recognition on pictures.",
- "requirements": ["cv2: The OpenCV python library."],
+ "requirements": [
+ "cv2: The OpenCV python library."
+ ],
"input": "A picture attachment.",
"output": "Text and freetext fetched from the input picture.",
"references": [],
"features": "The module takes an attachment attributes as input and process some optical character recognition on it. The text found is then passed to the Freetext importer to extract potential IoCs."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/ods_enrich.json b/documentation/website/expansion/ods_enrich.json
similarity index 65%
rename from doc/expansion/ods_enrich.json
rename to documentation/website/expansion/ods_enrich.json
index dda4281..ade4105 100644
--- a/doc/expansion/ods_enrich.json
+++ b/documentation/website/expansion/ods_enrich.json
@@ -1,10 +1,12 @@
{
"description": "Module to extract freetext from a .ods document.",
- "logo": "logos/ods.png",
- "requirements": ["ezodf: Python package to create/manipulate OpenDocumentFormat files.",
- "pandas_ods_reader: Python library to read in ODS files."],
+ "logo": "ods.png",
+ "requirements": [
+ "ezodf: Python package to create/manipulate OpenDocumentFormat files.",
+ "pandas_ods_reader: Python library to read in ODS files."
+ ],
"input": "Attachment attribute containing a .ods document.",
"output": "Text and freetext parsed from the document.",
"references": [],
"features": "The module reads the text contained in a .ods document. The result is passed to the freetext import parser so IoCs can be extracted out of it."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/odt_enrich.json b/documentation/website/expansion/odt_enrich.json
similarity index 80%
rename from doc/expansion/odt_enrich.json
rename to documentation/website/expansion/odt_enrich.json
index e201c77..8922a9b 100644
--- a/doc/expansion/odt_enrich.json
+++ b/documentation/website/expansion/odt_enrich.json
@@ -1,9 +1,11 @@
{
"description": "Module to extract freetext from a .odt document.",
- "logo": "logos/odt.png",
- "requirements": ["ODT reader python library."],
+ "logo": "odt.png",
+ "requirements": [
+ "ODT reader python library."
+ ],
"input": "Attachment attribute containing a .odt document.",
"output": "Text and freetext parsed from the document.",
"references": [],
"features": "The module reads the text contained in a .odt document. The result is passed to the freetext import parser so IoCs can be extracted out of it."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/onyphe.json b/documentation/website/expansion/onyphe.json
similarity index 61%
rename from doc/expansion/onyphe.json
rename to documentation/website/expansion/onyphe.json
index 04ebdd3..f38ea25 100644
--- a/doc/expansion/onyphe.json
+++ b/documentation/website/expansion/onyphe.json
@@ -1,9 +1,15 @@
{
"description": "Module to process a query on Onyphe.",
- "logo": "logos/onyphe.jpg",
- "requirements": ["onyphe python library", "An access to the Onyphe API (apikey)"],
+ "logo": "onyphe.jpg",
+ "requirements": [
+ "onyphe python library",
+ "An access to the Onyphe API (apikey)"
+ ],
"input": "A domain, hostname or IP address MISP attribute.",
"output": "MISP attributes fetched from the Onyphe query.",
- "references": ["https://www.onyphe.io/", "https://github.com/sebdraven/pyonyphe"],
+ "references": [
+ "https://www.onyphe.io/",
+ "https://github.com/sebdraven/pyonyphe"
+ ],
"features": "This module takes a domain, hostname, or IP address attribute as input in order to query the Onyphe API. Data fetched from the query is then parsed and MISP attributes are extracted."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/onyphe_full.json b/documentation/website/expansion/onyphe_full.json
similarity index 69%
rename from doc/expansion/onyphe_full.json
rename to documentation/website/expansion/onyphe_full.json
index 4b722fa..e1a040a 100644
--- a/doc/expansion/onyphe_full.json
+++ b/documentation/website/expansion/onyphe_full.json
@@ -1,9 +1,15 @@
{
"description": "Module to process a full query on Onyphe.",
- "logo": "logos/onyphe.jpg",
- "requirements": ["onyphe python library", "An access to the Onyphe API (apikey)"],
+ "logo": "onyphe.jpg",
+ "requirements": [
+ "onyphe python library",
+ "An access to the Onyphe API (apikey)"
+ ],
"input": "A domain, hostname or IP address MISP attribute.",
"output": "MISP attributes fetched from the Onyphe query.",
- "references": ["https://www.onyphe.io/", "https://github.com/sebdraven/pyonyphe"],
+ "references": [
+ "https://www.onyphe.io/",
+ "https://github.com/sebdraven/pyonyphe"
+ ],
"features": "This module takes a domain, hostname, or IP address attribute as input in order to query the Onyphe API. Data fetched from the query is then parsed and MISP attributes are extracted.\n\nThe parsing is here more advanced than the one on onyphe module, and is returning more attributes, since more fields of the query result are watched and parsed."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/otx.json b/documentation/website/expansion/otx.json
similarity index 77%
rename from doc/expansion/otx.json
rename to documentation/website/expansion/otx.json
index c6032cc..a17e2ff 100644
--- a/doc/expansion/otx.json
+++ b/documentation/website/expansion/otx.json
@@ -1,9 +1,13 @@
{
"description": "Module to get information from AlienVault OTX.",
- "logo": "logos/otx.png",
- "requirements": ["An access to the OTX API (apikey)"],
+ "logo": "otx.png",
+ "requirements": [
+ "An access to the OTX API (apikey)"
+ ],
"input": "A MISP attribute included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- sha512",
"output": "MISP attributes mapped from the result of the query on OTX, included in the following list:\n- domain\n- ip-src\n- ip-dst\n- text\n- md5\n- sha1\n- sha256\n- sha512\n- email",
- "references": ["https://www.alienvault.com/open-threat-exchange"],
+ "references": [
+ "https://www.alienvault.com/open-threat-exchange"
+ ],
"features": "This module takes a MISP attribute as input to query the OTX Alienvault API. The API returns then the result of the query with some types we map into compatible types we add as MISP attributes."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/passivetotal.json b/documentation/website/expansion/passivetotal.json
similarity index 82%
rename from doc/expansion/passivetotal.json
rename to documentation/website/expansion/passivetotal.json
index ef8b044..26835d5 100644
--- a/doc/expansion/passivetotal.json
+++ b/documentation/website/expansion/passivetotal.json
@@ -1,9 +1,14 @@
{
"description": "",
- "logo": "logos/passivetotal.png",
- "requirements": ["Passivetotal python library", "An access to the PassiveTotal API (apikey)"],
+ "logo": "passivetotal.png",
+ "requirements": [
+ "Passivetotal python library",
+ "An access to the PassiveTotal API (apikey)"
+ ],
"input": "A MISP attribute included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- x509-fingerprint-sha1\n- email-src\n- email-dst\n- target-email\n- whois-registrant-email\n- whois-registrant-phone\n- text\n- whois-registrant-name\n- whois-registrar\n- whois-creation-date",
"output": "MISP attributes mapped from the result of the query on PassiveTotal, included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- x509-fingerprint-sha1\n- email-src\n- email-dst\n- target-email\n- whois-registrant-email\n- whois-registrant-phone\n- text\n- whois-registrant-name\n- whois-registrar\n- whois-creation-date\n- md5\n- sha1\n- sha256\n- link",
- "references": ["https://www.passivetotal.org/register"],
+ "references": [
+ "https://www.passivetotal.org/register"
+ ],
"features": "The PassiveTotal MISP expansion module brings the datasets derived from Internet scanning directly into your MISP instance. This module supports passive DNS, historic SSL, WHOIS, and host attributes. In order to use the module, you must have a valid PassiveTotal account username and API key. Registration is free and can be done by visiting https://www.passivetotal.org/register"
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/pdf_enrich.json b/documentation/website/expansion/pdf_enrich.json
similarity index 76%
rename from doc/expansion/pdf_enrich.json
rename to documentation/website/expansion/pdf_enrich.json
index 5b3f0a8..a17ef51 100644
--- a/doc/expansion/pdf_enrich.json
+++ b/documentation/website/expansion/pdf_enrich.json
@@ -1,9 +1,11 @@
{
"description": "Module to extract freetext from a PDF document.",
- "logo": "logos/pdf.jpg",
- "requirements": ["pdftotext: Python library to extract text from PDF."],
+ "logo": "pdf.jpg",
+ "requirements": [
+ "pdftotext: Python library to extract text from PDF."
+ ],
"input": "Attachment attribute containing a PDF document.",
"output": "Text and freetext parsed from the document.",
"references": [],
"features": "The module reads the text contained in a PDF document. The result is passed to the freetext import parser so IoCs can be extracted out of it."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/pptx_enrich.json b/documentation/website/expansion/pptx_enrich.json
similarity index 77%
rename from doc/expansion/pptx_enrich.json
rename to documentation/website/expansion/pptx_enrich.json
index aff0d8d..664c70a 100644
--- a/doc/expansion/pptx_enrich.json
+++ b/documentation/website/expansion/pptx_enrich.json
@@ -1,9 +1,11 @@
{
"description": "Module to extract freetext from a .pptx document.",
- "logo": "logos/pptx.png",
- "requirements": ["pptx: Python library to read PowerPoint files."],
+ "logo": "pptx.png",
+ "requirements": [
+ "pptx: Python library to read PowerPoint files."
+ ],
"input": "Attachment attribute containing a .pptx document.",
"output": "Text and freetext parsed from the document.",
"references": [],
"features": "The module reads the text contained in a .pptx document. The result is passed to the freetext import parser so IoCs can be extracted out of it."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/qrcode.json b/documentation/website/expansion/qrcode.json
similarity index 72%
rename from doc/expansion/qrcode.json
rename to documentation/website/expansion/qrcode.json
index 38ed77c..f585511 100644
--- a/doc/expansion/qrcode.json
+++ b/documentation/website/expansion/qrcode.json
@@ -1,9 +1,11 @@
{
"description": "Module to decode QR codes.",
- "requirements": ["cv2: The OpenCV python library.",
- "pyzbar: Python library to read QR codes."],
+ "requirements": [
+ "cv2: The OpenCV python library.",
+ "pyzbar: Python library to read QR codes."
+ ],
"input": "A QR code stored as attachment attribute.",
"output": "The URL or bitcoin address the QR code is pointing to.",
"references": [],
"features": "The module reads the QR code and returns the related address, which can be an URL or a bitcoin address."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/ransomcoindb.json b/documentation/website/expansion/ransomcoindb.json
similarity index 82%
rename from doc/expansion/ransomcoindb.json
rename to documentation/website/expansion/ransomcoindb.json
index bc4e2ab..26c3c55 100644
--- a/doc/expansion/ransomcoindb.json
+++ b/documentation/website/expansion/ransomcoindb.json
@@ -1,8 +1,12 @@
{
"descrption": "Module to access the ransomcoinDB with a hash or btc address attribute and get the associated btc address of hashes.",
- "requirements": ["A ransomcoinDB API key."],
+ "requirements": [
+ "A ransomcoinDB API key."
+ ],
"input": "A hash (md5, sha1 or sha256) or btc attribute.",
"output": "Hashes associated to a btc address or btc addresses associated to a hash.",
- "references": ["https://ransomcoindb.concinnity-risks.com"],
+ "references": [
+ "https://ransomcoindb.concinnity-risks.com"
+ ],
"features": "The module takes either a hash attribute or a btc attribute as input to query the ransomcoinDB API for some additional data.\n\nIf the input is a btc address, we will get the associated hashes returned in a file MISP object. If we query ransomcoinDB with a hash, the response contains the associated btc addresses returned as single MISP btc attributes."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/rbl.json b/documentation/website/expansion/rbl.json
similarity index 65%
rename from doc/expansion/rbl.json
rename to documentation/website/expansion/rbl.json
index 9700eca..942daa7 100644
--- a/doc/expansion/rbl.json
+++ b/documentation/website/expansion/rbl.json
@@ -1,8 +1,12 @@
{
"description": "Module to check an IPv4 address against known RBLs.",
- "requirements": ["dnspython3: DNS python3 library"],
+ "requirements": [
+ "dnspython3: DNS python3 library"
+ ],
"input": "IP address attribute.",
"output": "Text with additional data from Real-time Blackhost Lists about the IP address.",
- "references": ["[RBLs list](https://github.com/MISP/misp-modules/blob/8817de476572a10a9c9d03258ec81ca70f3d926d/misp_modules/modules/expansion/rbl.py#L20)"],
+ "references": [
+ "[RBLs list](https://github.com/MISP/misp-modules/blob/8817de476572a10a9c9d03258ec81ca70f3d926d/misp_modules/modules/expansion/rbl.py#L20)"
+ ],
"features": "This module takes an IP address attribute as input and queries multiple know Real-time Blackhost Lists to check if they have already seen this IP address.\n\nWe display then all the information we get from those different sources."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/recordedfuture.json b/documentation/website/expansion/recordedfuture.json
similarity index 85%
rename from doc/expansion/recordedfuture.json
rename to documentation/website/expansion/recordedfuture.json
index 2fec7eb..91cf23e 100644
--- a/doc/expansion/recordedfuture.json
+++ b/documentation/website/expansion/recordedfuture.json
@@ -1,9 +1,13 @@
{
"description": "Module to enrich attributes with threat intelligence from Recorded Future.",
- "logo": "logos/recordedfuture.png",
- "requirements": ["A Recorded Future API token."],
+ "logo": "recordedfuture.png",
+ "requirements": [
+ "A Recorded Future API token."
+ ],
"input": "A MISP attribute of one of the following types: ip, ip-src, ip-dst, domain, hostname, md5, sha1, sha256, uri, url, vulnerability, weakness.",
"output": "A MISP object containing a copy of the enriched attribute with added tags from Recorded Future and a list of new attributes related to the enriched attribute.",
- "references": ["https://www.recordedfuture.com/"],
+ "references": [
+ "https://www.recordedfuture.com/"
+ ],
"features": "Enrich an attribute to add a custom enrichment object to the event. The object contains a copy of the enriched attribute with added tags presenting risk score and triggered risk rules from Recorded Future. Malware and Threat Actors related to the enriched indicator in Recorded Future is matched against MISP's galaxy clusters and applied as galaxy tags. The custom enrichment object also includes a list of related indicators from Recorded Future (IP's, domains, hashes, URL's and vulnerabilities) added as additional attributes."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/reversedns.json b/documentation/website/expansion/reversedns.json
similarity index 90%
rename from doc/expansion/reversedns.json
rename to documentation/website/expansion/reversedns.json
index 6934462..cdd3419 100644
--- a/doc/expansion/reversedns.json
+++ b/documentation/website/expansion/reversedns.json
@@ -1,7 +1,9 @@
{
"description": "Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes.",
- "requirements": ["DNS python library"],
+ "requirements": [
+ "DNS python library"
+ ],
"input": "An IP address attribute.",
"output": "Hostname attribute the input is resolved into.",
"features": "The module takes an IP address as input and tries to find the hostname this IP address is resolved into.\n\nThe address of the DNS resolver to use is also configurable, but if no configuration is set, we use the Google public DNS address (8.8.8.8).\n\nPlease note that composite MISP attributes containing IP addresses are supported as well."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/securitytrails.json b/documentation/website/expansion/securitytrails.json
similarity index 77%
rename from doc/expansion/securitytrails.json
rename to documentation/website/expansion/securitytrails.json
index 8541e4e..97f81b4 100644
--- a/doc/expansion/securitytrails.json
+++ b/documentation/website/expansion/securitytrails.json
@@ -1,9 +1,14 @@
{
"description": "An expansion modules for SecurityTrails.",
- "logo": "logos/securitytrails.png",
- "requirements": ["dnstrails python library", "An access to the SecurityTrails API (apikey)"],
+ "logo": "securitytrails.png",
+ "requirements": [
+ "dnstrails python library",
+ "An access to the SecurityTrails API (apikey)"
+ ],
"input": "A domain, hostname or IP address attribute.",
"output": "MISP attributes resulting from the query on SecurityTrails API, included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- dns-soa-email\n- whois-registrant-email\n- whois-registrant-phone\n- whois-registrant-name\n- whois-registrar\n- whois-creation-date\n- domain",
- "references": ["https://securitytrails.com/"],
+ "references": [
+ "https://securitytrails.com/"
+ ],
"features": "The module takes a domain, hostname or IP address attribute as input and queries the SecurityTrails API with it.\n\nMultiple parsing operations are then processed on the result of the query to extract a much information as possible.\n\nFrom this data extracted are then mapped MISP attributes."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/shodan.json b/documentation/website/expansion/shodan.json
similarity index 61%
rename from doc/expansion/shodan.json
rename to documentation/website/expansion/shodan.json
index 57241f0..703a084 100644
--- a/doc/expansion/shodan.json
+++ b/documentation/website/expansion/shodan.json
@@ -1,9 +1,14 @@
{
"description": "Module to query on Shodan.",
- "logo": "logos/shodan.png",
- "requirements": ["shodan python library", "An access to the Shodan API (apikey)"],
+ "logo": "shodan.png",
+ "requirements": [
+ "shodan python library",
+ "An access to the Shodan API (apikey)"
+ ],
"input": "An IP address MISP attribute.",
"output": "Text with additional data about the input, resulting from the query on Shodan.",
- "references": ["https://www.shodan.io/"],
+ "references": [
+ "https://www.shodan.io/"
+ ],
"features": "The module takes an IP address as input and queries the Shodan API to get some additional data about it."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/sigma_queries.json b/documentation/website/expansion/sigma_queries.json
similarity index 69%
rename from doc/expansion/sigma_queries.json
rename to documentation/website/expansion/sigma_queries.json
index f127ba4..c967112 100644
--- a/doc/expansion/sigma_queries.json
+++ b/documentation/website/expansion/sigma_queries.json
@@ -1,9 +1,13 @@
{
"description": "An expansion hover module to display the result of sigma queries.",
- "logo": "logos/sigma.png",
- "requirements": ["Sigma python library"],
+ "logo": "sigma.png",
+ "requirements": [
+ "Sigma python library"
+ ],
"input": "A Sigma attribute.",
"output": "Text displaying results of queries on the Sigma attribute.",
- "references": ["https://github.com/Neo23x0/sigma/wiki"],
+ "references": [
+ "https://github.com/Neo23x0/sigma/wiki"
+ ],
"features": "This module takes a Sigma rule attribute as input and tries all the different queries available to convert it into different formats recognized by SIEMs."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/sigma_syntax_validator.json b/documentation/website/expansion/sigma_syntax_validator.json
similarity index 67%
rename from doc/expansion/sigma_syntax_validator.json
rename to documentation/website/expansion/sigma_syntax_validator.json
index 8e17ae0..b90c931 100644
--- a/doc/expansion/sigma_syntax_validator.json
+++ b/documentation/website/expansion/sigma_syntax_validator.json
@@ -1,9 +1,14 @@
{
"description": "An expansion hover module to perform a syntax check on sigma rules.",
- "logo": "logos/sigma.png",
- "requirements": ["Sigma python library", "Yaml python library"],
+ "logo": "sigma.png",
+ "requirements": [
+ "Sigma python library",
+ "Yaml python library"
+ ],
"input": "A Sigma attribute.",
"output": "Text describing the validity of the Sigma rule.",
- "references": ["https://github.com/Neo23x0/sigma/wiki"],
+ "references": [
+ "https://github.com/Neo23x0/sigma/wiki"
+ ],
"features": "This module takes a Sigma rule attribute as input and performs a syntax check on it.\n\nIt displays then that the rule is valid if it is the case, and the error related to the rule otherwise."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/socialscan.json b/documentation/website/expansion/socialscan.json
similarity index 100%
rename from doc/expansion/socialscan.json
rename to documentation/website/expansion/socialscan.json
diff --git a/doc/expansion/sophoslabs_intelix.json b/documentation/website/expansion/sophoslabs_intelix.json
similarity index 70%
rename from doc/expansion/sophoslabs_intelix.json
rename to documentation/website/expansion/sophoslabs_intelix.json
index 18dd7c1..8871192 100644
--- a/doc/expansion/sophoslabs_intelix.json
+++ b/documentation/website/expansion/sophoslabs_intelix.json
@@ -1,9 +1,13 @@
{
"description": "An expansion module to query the Sophoslabs intelix API to get additional information about an ip address, url, domain or sha256 attribute.",
- "logo": "logos/sophoslabs_intelix.svg",
- "requirements": ["A client_id and client_secret pair to authenticate to the SophosLabs Intelix API"],
+ "logo": "sophoslabs_intelix.svg",
+ "requirements": [
+ "A client_id and client_secret pair to authenticate to the SophosLabs Intelix API"
+ ],
"input": "An ip address, url, domain or sha256 attribute.",
"output": "SophosLabs Intelix report and lookup objects",
- "references": ["https://aws.amazon.com/marketplace/pp/B07SLZPMCS"],
+ "references": [
+ "https://aws.amazon.com/marketplace/pp/B07SLZPMCS"
+ ],
"features": "The module takes an ip address, url, domain or sha256 attribute and queries the SophosLabs Intelix API with the attribute value. The result of this query is a SophosLabs Intelix hash report, or an ip or url lookup, that is then parsed and returned in a MISP object."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/sourcecache.json b/documentation/website/expansion/sourcecache.json
similarity index 67%
rename from doc/expansion/sourcecache.json
rename to documentation/website/expansion/sourcecache.json
index ab4669c..4340f2c 100644
--- a/doc/expansion/sourcecache.json
+++ b/documentation/website/expansion/sourcecache.json
@@ -1,8 +1,12 @@
{
"description": "Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.",
- "requirements": ["urlarchiver: python library to fetch and archive URL on the file-system"],
+ "requirements": [
+ "urlarchiver: python library to fetch and archive URL on the file-system"
+ ],
"input": "A link or url attribute.",
"output": "A malware-sample attribute describing the cached page.",
- "references": ["https://github.com/adulau/url_archiver"],
+ "references": [
+ "https://github.com/adulau/url_archiver"
+ ],
"features": "This module takes a link or url attribute as input and caches the related web page. It returns then a link of the cached page."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/stix2_pattern_syntax_validator.json b/documentation/website/expansion/stix2_pattern_syntax_validator.json
similarity index 60%
rename from doc/expansion/stix2_pattern_syntax_validator.json
rename to documentation/website/expansion/stix2_pattern_syntax_validator.json
index 2ea43b5..0ac079d 100644
--- a/doc/expansion/stix2_pattern_syntax_validator.json
+++ b/documentation/website/expansion/stix2_pattern_syntax_validator.json
@@ -1,9 +1,13 @@
{
"description": "An expansion hover module to perform a syntax check on stix2 patterns.",
- "logo": "logos/stix.png",
- "requirements": ["stix2patterns python library"],
+ "logo": "stix.png",
+ "requirements": [
+ "stix2patterns python library"
+ ],
"input": "A STIX2 pattern attribute.",
"output": "Text describing the validity of the STIX2 pattern.",
- "references": ["[STIX2.0 patterning specifications](http://docs.oasis-open.org/cti/stix/v2.0/cs01/part5-stix-patterning/stix-v2.0-cs01-part5-stix-patterning.html)"],
+ "references": [
+ "[STIX2.0 patterning specifications](http://docs.oasis-open.org/cti/stix/v2.0/cs01/part5-stix-patterning/stix-v2.0-cs01-part5-stix-patterning.html)"
+ ],
"features": "This module takes a STIX2 pattern attribute as input and performs a syntax check on it.\n\nIt displays then that the rule is valid if it is the case, and the error related to the rule otherwise."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/threatcrowd.json b/documentation/website/expansion/threatcrowd.json
similarity index 87%
rename from doc/expansion/threatcrowd.json
rename to documentation/website/expansion/threatcrowd.json
index 99725b8..e279ece 100644
--- a/doc/expansion/threatcrowd.json
+++ b/documentation/website/expansion/threatcrowd.json
@@ -1,8 +1,10 @@
{
"description": "Module to get information from ThreatCrowd.",
- "logo": "logos/threatcrowd.png",
+ "logo": "threatcrowd.png",
"input": "A MISP attribute included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- sha512\n- whois-registrant-email",
"output": "MISP attributes mapped from the result of the query on ThreatCrowd, included in the following list:\n- domain\n- ip-src\n- ip-dst\n- text\n- md5\n- sha1\n- sha256\n- sha512\n- hostname\n- whois-registrant-email",
- "references": ["https://www.threatcrowd.org/"],
+ "references": [
+ "https://www.threatcrowd.org/"
+ ],
"features": "This module takes a MISP attribute as input and queries ThreatCrowd with it.\n\nThe result of this query is then parsed and some data is mapped into MISP attributes in order to enrich the input attribute."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/threatminer.json b/documentation/website/expansion/threatminer.json
similarity index 87%
rename from doc/expansion/threatminer.json
rename to documentation/website/expansion/threatminer.json
index d2f26bd..0b0d641 100644
--- a/doc/expansion/threatminer.json
+++ b/documentation/website/expansion/threatminer.json
@@ -1,8 +1,10 @@
{
"description": "Module to get information from ThreatMiner.",
- "logo": "logos/threatminer.png",
+ "logo": "threatminer.png",
"input": "A MISP attribute included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- sha512",
"output": "MISP attributes mapped from the result of the query on ThreatMiner, included in the following list:\n- domain\n- ip-src\n- ip-dst\n- text\n- md5\n- sha1\n- sha256\n- sha512\n- ssdeep\n- authentihash\n- filename\n- whois-registrant-email\n- url\n- link",
- "references": ["https://www.threatminer.org/"],
+ "references": [
+ "https://www.threatminer.org/"
+ ],
"features": "This module takes a MISP attribute as input and queries ThreatMiner with it.\n\nThe result of this query is then parsed and some data is mapped into MISP attributes in order to enrich the input attribute."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/trustar_enrich.json b/documentation/website/expansion/trustar_enrich.json
similarity index 81%
rename from doc/expansion/trustar_enrich.json
rename to documentation/website/expansion/trustar_enrich.json
index 294419d..415f52d 100644
--- a/doc/expansion/trustar_enrich.json
+++ b/documentation/website/expansion/trustar_enrich.json
@@ -1,8 +1,10 @@
{
"description": "Module to get enrich indicators with TruSTAR.",
- "logo": "logos/trustar.png",
+ "logo": "trustar.png",
"input": "Any of the following MISP attributes:\n- btc\n- domain\n- email-src\n- filename\n- hostname\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- url",
"output": "MISP attributes enriched with indicator summary data from the TruSTAR API. Data includes a severity level score and additional source and scoring info.",
- "references": ["https://docs.trustar.co/api/v13/indicators/get_indicator_summaries.html"],
+ "references": [
+ "https://docs.trustar.co/api/v13/indicators/get_indicator_summaries.html"
+ ],
"features": "This module enriches MISP attributes with scoring and metadata from TruSTAR.\n\nThe TruSTAR indicator summary is appended to the attributes along with links to any associated reports."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/urlhaus.json b/documentation/website/expansion/urlhaus.json
similarity index 86%
rename from doc/expansion/urlhaus.json
rename to documentation/website/expansion/urlhaus.json
index 8e5cef3..cd59661 100644
--- a/doc/expansion/urlhaus.json
+++ b/documentation/website/expansion/urlhaus.json
@@ -1,9 +1,11 @@
{
"description": "Query of the URLhaus API to get additional information about the input attribute.",
- "logo": "logos/urlhaus.png",
+ "logo": "urlhaus.png",
"requirements": [],
"input": "A domain, hostname, url, ip, md5 or sha256 attribute.",
"output": "MISP attributes & objects fetched from the result of the URLhaus API query.",
- "references": ["https://urlhaus.abuse.ch/"],
+ "references": [
+ "https://urlhaus.abuse.ch/"
+ ],
"features": "Module using the new format of modules able to return attributes and objects.\n\nThe module takes one of the attribute type specified as input, and query the URLhaus API with it. If any result is returned by the API, attributes and objects are created accordingly."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/urlscan.json b/documentation/website/expansion/urlscan.json
similarity index 73%
rename from doc/expansion/urlscan.json
rename to documentation/website/expansion/urlscan.json
index d847761..3aab2ab 100644
--- a/doc/expansion/urlscan.json
+++ b/documentation/website/expansion/urlscan.json
@@ -1,9 +1,13 @@
{
"description": "An expansion module to query urlscan.io.",
- "logo": "logos/urlscan.jpg",
- "requirements": ["An access to the urlscan.io API"],
+ "logo": "urlscan.jpg",
+ "requirements": [
+ "An access to the urlscan.io API"
+ ],
"input": "A domain, hostname or url attribute.",
"output": "MISP attributes mapped from the result of the query on urlscan.io.",
- "references": ["https://urlscan.io/"],
+ "references": [
+ "https://urlscan.io/"
+ ],
"features": "This module takes a MISP attribute as input and queries urlscan.io with it.\n\nThe result of this query is then parsed and some data is mapped into MISP attributes in order to enrich the input attribute."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/virustotal.json b/documentation/website/expansion/virustotal.json
similarity index 80%
rename from doc/expansion/virustotal.json
rename to documentation/website/expansion/virustotal.json
index 31fd6ac..85c036f 100644
--- a/doc/expansion/virustotal.json
+++ b/documentation/website/expansion/virustotal.json
@@ -1,9 +1,14 @@
{
"description": "Module to get advanced information from virustotal.",
- "logo": "logos/virustotal.png",
- "requirements": ["An access to the VirusTotal API (apikey), with a high request rate limit."],
+ "logo": "virustotal.png",
+ "requirements": [
+ "An access to the VirusTotal API (apikey), with a high request rate limit."
+ ],
"input": "A domain, hash (md5, sha1, sha256 or sha512), hostname or IP address attribute.",
"output": "MISP attributes and objects resulting from the parsing of the VirusTotal report concerning the input attribute.",
- "references": ["https://www.virustotal.com/", "https://developers.virustotal.com/reference"],
+ "references": [
+ "https://www.virustotal.com/",
+ "https://developers.virustotal.com/reference"
+ ],
"features": "New format of modules able to return attributes and objects.\n\nA module to take a MISP attribute as input and query the VirusTotal API to get additional data about it.\n\nCompared to the [standard VirusTotal expansion module](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/virustotal_public.py), this module is made for advanced parsing of VirusTotal report, with a recursive analysis of the elements found after the first request.\n\nThus, it requires a higher request rate limit to avoid the API to return a 204 error (Request rate limit exceeded), and the data parsed from the different requests are returned as MISP attributes and objects, with the corresponding relations between each one of them."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/virustotal_public.json b/documentation/website/expansion/virustotal_public.json
similarity index 78%
rename from doc/expansion/virustotal_public.json
rename to documentation/website/expansion/virustotal_public.json
index 242c734..2b9df12 100644
--- a/doc/expansion/virustotal_public.json
+++ b/documentation/website/expansion/virustotal_public.json
@@ -1,9 +1,14 @@
{
"description": "Module to get information from VirusTotal.",
- "logo": "logos/virustotal.png",
- "requirements": ["An access to the VirusTotal API (apikey)"],
+ "logo": "virustotal.png",
+ "requirements": [
+ "An access to the VirusTotal API (apikey)"
+ ],
"input": "A domain, hostname, ip, url or hash (md5, sha1, sha256 or sha512) attribute.",
"output": "MISP attributes and objects resulting from the parsing of the VirusTotal report concerning the input attribute.",
- "references": ["https://www.virustotal.com", "https://developers.virustotal.com/reference"],
+ "references": [
+ "https://www.virustotal.com",
+ "https://developers.virustotal.com/reference"
+ ],
"features": "New format of modules able to return attributes and objects.\n\nA module to take a MISP attribute as input and query the VirusTotal API to get additional data about it.\n\nCompared to the [more advanced VirusTotal expansion module](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/virustotal.py), this module is made for VirusTotal users who have a low request rate limit.\n\nThus, it only queries the API once and returns the results that is parsed into MISP attributes and objects."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/vmray_submit.json b/documentation/website/expansion/vmray_submit.json
similarity index 74%
rename from doc/expansion/vmray_submit.json
rename to documentation/website/expansion/vmray_submit.json
index ea6cf3f..2b38792 100644
--- a/doc/expansion/vmray_submit.json
+++ b/documentation/website/expansion/vmray_submit.json
@@ -1,9 +1,13 @@
{
"description": "Module to submit a sample to VMRay.",
- "logo": "logos/vmray.png",
- "requirements": ["An access to the VMRay API (apikey & url)"],
+ "logo": "vmray.png",
+ "requirements": [
+ "An access to the VMRay API (apikey & url)"
+ ],
"input": "An attachment or malware-sample attribute.",
"output": "MISP attributes mapped from the result of the query on VMRay API, included in the following list:\n- text\n- sha1\n- sha256\n- md5\n- link",
- "references": ["https://www.vmray.com/"],
+ "references": [
+ "https://www.vmray.com/"
+ ],
"features": "This module takes an attachment or malware-sample attribute as input to query the VMRay API.\n\nThe sample contained within the attribute in then enriched with data from VMRay mapped into MISP attributes."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/vulndb.json b/documentation/website/expansion/vulndb.json
similarity index 71%
rename from doc/expansion/vulndb.json
rename to documentation/website/expansion/vulndb.json
index 330a3eb..e1dd869 100644
--- a/doc/expansion/vulndb.json
+++ b/documentation/website/expansion/vulndb.json
@@ -1,9 +1,13 @@
{
"description": "Module to query VulnDB (RiskBasedSecurity.com).",
- "logo": "logos/vulndb.png",
- "requirements": ["An access to the VulnDB API (apikey, apisecret)"],
+ "logo": "vulndb.png",
+ "requirements": [
+ "An access to the VulnDB API (apikey, apisecret)"
+ ],
"input": "A vulnerability attribute.",
"output": "Additional data enriching the CVE input, fetched from VulnDB.",
- "references": ["https://vulndb.cyberriskanalytics.com/"],
+ "references": [
+ "https://vulndb.cyberriskanalytics.com/"
+ ],
"features": "This module takes a vulnerability attribute as input and queries VulnDB in order to get some additional data about it.\n\nThe API gives the result of the query which can be displayed in the screen, and/or mapped into MISP attributes to add in the event."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/vulners.json b/documentation/website/expansion/vulners.json
similarity index 69%
rename from doc/expansion/vulners.json
rename to documentation/website/expansion/vulners.json
index f3f3026..ab5a778 100644
--- a/doc/expansion/vulners.json
+++ b/documentation/website/expansion/vulners.json
@@ -1,9 +1,14 @@
{
"description": "An expansion hover module to expand information about CVE id using Vulners API.",
- "logo": "logos/vulners.png",
- "requirements": ["Vulners python library", "An access to the Vulners API"],
+ "logo": "vulners.png",
+ "requirements": [
+ "Vulners python library",
+ "An access to the Vulners API"
+ ],
"input": "A vulnerability attribute.",
"output": "Text giving additional information about the CVE in input.",
- "references": ["https://vulners.com/"],
+ "references": [
+ "https://vulners.com/"
+ ],
"features": "This module takes a vulnerability attribute as input and queries the Vulners API in order to get some additional data about it.\n\nThe API then returns details about the vulnerability."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/whois.json b/documentation/website/expansion/whois.json
similarity index 77%
rename from doc/expansion/whois.json
rename to documentation/website/expansion/whois.json
index 938bad5..bba0828 100644
--- a/doc/expansion/whois.json
+++ b/documentation/website/expansion/whois.json
@@ -1,8 +1,12 @@
{
"description": "Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).",
- "requirements": ["uwhois: A whois python library"],
+ "requirements": [
+ "uwhois: A whois python library"
+ ],
"input": "A domain or IP address attribute.",
"output": "Text describing the result of a whois request for the input value.",
- "references": ["https://github.com/rafiot/uwhoisd"],
+ "references": [
+ "https://github.com/rafiot/uwhoisd"
+ ],
"features": "This module takes a domain or IP address attribute as input and queries a 'Univseral Whois proxy server' to get the correct details of the Whois query on the input value (check the references for more details about this whois server)."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/wiki.json b/documentation/website/expansion/wiki.json
similarity index 72%
rename from doc/expansion/wiki.json
rename to documentation/website/expansion/wiki.json
index d6de62b..36bb009 100644
--- a/doc/expansion/wiki.json
+++ b/documentation/website/expansion/wiki.json
@@ -1,9 +1,13 @@
{
"description": "An expansion hover module to extract information from Wikidata to have additional information about particular term for analysis.",
- "logo": "logos/wikidata.png",
- "requirements": ["SPARQLWrapper python library"],
+ "logo": "wikidata.png",
+ "requirements": [
+ "SPARQLWrapper python library"
+ ],
"input": "Text attribute.",
"output": "Text attribute.",
- "references": ["https://www.wikidata.org"],
+ "references": [
+ "https://www.wikidata.org"
+ ],
"features": "This module takes a text attribute as input and queries the Wikidata API. If the text attribute is clear enough to define a specific term, the API returns a wikidata link in response."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/xforceexchange.json b/documentation/website/expansion/xforceexchange.json
similarity index 73%
rename from doc/expansion/xforceexchange.json
rename to documentation/website/expansion/xforceexchange.json
index bbe3c86..fe6fcbb 100644
--- a/doc/expansion/xforceexchange.json
+++ b/documentation/website/expansion/xforceexchange.json
@@ -1,9 +1,13 @@
{
"description": "An expansion module for IBM X-Force Exchange.",
- "logo": "logos/xforce.png",
- "requirements": ["An access to the X-Force API (apikey)"],
+ "logo": "xforce.png",
+ "requirements": [
+ "An access to the X-Force API (apikey)"
+ ],
"input": "A MISP attribute included in the following list:\n- ip-src\n- ip-dst\n- vulnerability\n- md5\n- sha1\n- sha256",
"output": "MISP attributes mapped from the result of the query on X-Force Exchange.",
- "references": ["https://exchange.xforce.ibmcloud.com/"],
+ "references": [
+ "https://exchange.xforce.ibmcloud.com/"
+ ],
"features": "This module takes a MISP attribute as input to query the X-Force API. The API returns then additional information known in their threats data, that is mapped into MISP attributes."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/xlsx_enrich.json b/documentation/website/expansion/xlsx_enrich.json
similarity index 73%
rename from doc/expansion/xlsx_enrich.json
rename to documentation/website/expansion/xlsx_enrich.json
index c41f17c..dff623d 100644
--- a/doc/expansion/xlsx_enrich.json
+++ b/documentation/website/expansion/xlsx_enrich.json
@@ -1,9 +1,11 @@
{
"description": "Module to extract freetext from a .xlsx document.",
- "logo": "logos/xlsx.png",
- "requirements": ["pandas: Python library to perform data analysis, time series and statistics."],
+ "logo": "xlsx.png",
+ "requirements": [
+ "pandas: Python library to perform data analysis, time series and statistics."
+ ],
"input": "Attachment attribute containing a .xlsx document.",
"output": "Text and freetext parsed from the document.",
"references": [],
"features": "The module reads the text contained in a .xlsx document. The result is passed to the freetext import parser so IoCs can be extracted out of it."
-}
+}
\ No newline at end of file
diff --git a/doc/expansion/yara_query.json b/documentation/website/expansion/yara_query.json
similarity index 77%
rename from doc/expansion/yara_query.json
rename to documentation/website/expansion/yara_query.json
index 408353d..453e599 100644
--- a/doc/expansion/yara_query.json
+++ b/documentation/website/expansion/yara_query.json
@@ -1,9 +1,14 @@
{
"description": "An expansion & hover module to translate any hash attribute into a yara rule.",
- "logo": "logos/yara.png",
- "requirements": ["yara-python python library"],
+ "logo": "yara.png",
+ "requirements": [
+ "yara-python python library"
+ ],
"features": "The module takes a hash attribute (md5, sha1, sha256, imphash) as input, and is returning a YARA rule from it. This YARA rule is also validated using the same method as in 'yara_syntax_validator' module.\nBoth hover and expansion functionalities are supported with this module, where the hover part is displaying the resulting YARA rule and the expansion part allows you to add the rule as a new attribute, as usual with expansion modules.",
"input": "MISP Hash attribute (md5, sha1, sha256, imphash, or any of the composite attribute with filename and one of the previous hash type).",
"output": "YARA rule.",
- "references": ["https://virustotal.github.io/yara/", "https://github.com/virustotal/yara-python"]
-}
+ "references": [
+ "https://virustotal.github.io/yara/",
+ "https://github.com/virustotal/yara-python"
+ ]
+}
\ No newline at end of file
diff --git a/doc/expansion/yara_syntax_validator.json b/documentation/website/expansion/yara_syntax_validator.json
similarity index 70%
rename from doc/expansion/yara_syntax_validator.json
rename to documentation/website/expansion/yara_syntax_validator.json
index 93a96ee..72550b2 100644
--- a/doc/expansion/yara_syntax_validator.json
+++ b/documentation/website/expansion/yara_syntax_validator.json
@@ -1,9 +1,13 @@
{
"description": "An expansion hover module to perform a syntax check on if yara rules are valid or not.",
- "logo": "logos/yara.png",
- "requirements": ["yara_python python library"],
+ "logo": "yara.png",
+ "requirements": [
+ "yara_python python library"
+ ],
"input": "YARA rule attribute.",
"output": "Text to inform users if their rule is valid.",
- "references": ["http://virustotal.github.io/yara/"],
+ "references": [
+ "http://virustotal.github.io/yara/"
+ ],
"features": "This modules simply takes a YARA rule as input, and checks its syntax. It returns then a confirmation if the syntax is valid, otherwise the syntax error is displayed."
-}
+}
\ No newline at end of file
diff --git a/documentation/website/export_mod/cef_export.json b/documentation/website/export_mod/cef_export.json
new file mode 100644
index 0000000..cd247a7
--- /dev/null
+++ b/documentation/website/export_mod/cef_export.json
@@ -0,0 +1,10 @@
+{
+ "description": "Module to export a MISP event in CEF format.",
+ "requirements": [],
+ "features": "The module takes a MISP event in input, to look every attribute. Each attribute matching with some predefined types is then exported in Common Event Format.\nThus, there is no particular feature concerning MISP Events since any event can be exported. However, 4 configuration parameters recognized by CEF format are required and should be provided by users before exporting data: the device vendor, product and version, as well as the default severity of data.",
+ "references": [
+ "https://community.softwaregrp.com/t5/ArcSight-Connectors/ArcSight-Common-Event-Format-CEF-Guide/ta-p/1589306?attachment-id=65537"
+ ],
+ "input": "MISP Event attributes",
+ "output": "Common Event Format file"
+}
\ No newline at end of file
diff --git a/doc/export_mod/cisco_firesight_manager_ACL_rule_export.json b/documentation/website/export_mod/cisco_firesight_manager_ACL_rule_export.json
similarity index 79%
rename from doc/export_mod/cisco_firesight_manager_ACL_rule_export.json
rename to documentation/website/export_mod/cisco_firesight_manager_ACL_rule_export.json
index 6d1d0dd..b9c72f9 100644
--- a/doc/export_mod/cisco_firesight_manager_ACL_rule_export.json
+++ b/documentation/website/export_mod/cisco_firesight_manager_ACL_rule_export.json
@@ -1,9 +1,11 @@
{
"description": "Module to export malicious network activity attributes to Cisco fireSIGHT manager block rules.",
- "logo": "logos/cisco.png",
- "requirements": ["Firesight manager console credentials"],
+ "logo": "cisco.png",
+ "requirements": [
+ "Firesight manager console credentials"
+ ],
"input": "Network activity attributes (IPs, URLs).",
"output": "Cisco fireSIGHT manager block rules.",
"references": [],
"features": "The module goes through the attributes to find all the network activity ones in order to create block rules for the Cisco fireSIGHT manager."
-}
+}
\ No newline at end of file
diff --git a/documentation/website/export_mod/goamlexport.json b/documentation/website/export_mod/goamlexport.json
new file mode 100644
index 0000000..aaab295
--- /dev/null
+++ b/documentation/website/export_mod/goamlexport.json
@@ -0,0 +1,14 @@
+{
+ "description": "This module is used to export MISP events containing transaction objects into GoAML format.",
+ "logo": "goAML.jpg",
+ "requirements": [
+ "PyMISP",
+ "MISP objects"
+ ],
+ "features": "The module works as long as there is at least one transaction object in the Event.\n\nThen in order to have a valid GoAML document, please follow these guidelines:\n- For each transaction object, use either a bank-account, person, or legal-entity object to describe the origin of the transaction, and again one of them to describe the target of the transaction.\n- Create an object reference for both origin and target objects of the transaction.\n- A bank-account object needs a signatory, which is a person object, put as object reference of the bank-account.\n- A person can have an address, which is a geolocation object, put as object reference of the person.\n\nSupported relation types for object references that are recommended for each object are the folowing:\n- transaction:\n\t- 'from', 'from_my_client': Origin of the transaction - at least one of them is required.\n\t- 'to', 'to_my_client': Target of the transaction - at least one of them is required.\n\t- 'address': Location of the transaction - optional.\n- bank-account:\n\t- 'signatory': Signatory of a bank-account - the reference from bank-account to a signatory is required, but the relation-type is optional at the moment since this reference will always describe a signatory.\n\t- 'entity': Entity owning the bank account - optional.\n- person:\n\t- 'address': Address of a person - optional.",
+ "references": [
+ "http://goaml.unodc.org/"
+ ],
+ "input": "MISP objects (transaction, bank-account, person, legal-entity, geolocation), with references, describing financial transactions and their origin and target.",
+ "output": "GoAML format file, describing financial transactions, with their origin and target (bank accounts, persons or entities)."
+}
\ No newline at end of file
diff --git a/documentation/website/export_mod/liteexport.json b/documentation/website/export_mod/liteexport.json
new file mode 100644
index 0000000..1f91039
--- /dev/null
+++ b/documentation/website/export_mod/liteexport.json
@@ -0,0 +1,8 @@
+{
+ "description": "Lite export of a MISP event.",
+ "requirements": [],
+ "features": "This module is simply producing a json MISP event format file, but exporting only Attributes from the Event. Thus, MISP Events exported with this module should have attributes that are not internal references, otherwise the resulting event would be empty.",
+ "references": [],
+ "input": "MISP Event attributes",
+ "output": "Lite MISP Event"
+}
\ No newline at end of file
diff --git a/doc/export_mod/mass_eql_export.json b/documentation/website/export_mod/mass_eql_export.json
similarity index 74%
rename from doc/export_mod/mass_eql_export.json
rename to documentation/website/export_mod/mass_eql_export.json
index 5eadd23..30b12a9 100644
--- a/doc/export_mod/mass_eql_export.json
+++ b/documentation/website/export_mod/mass_eql_export.json
@@ -1,9 +1,11 @@
{
"description": "Mass EQL query export for a MISP event.",
- "logo": "logos/eql.png",
+ "logo": "eql.png",
"requirements": [],
"features": "This module produces EQL queries for all relevant attributes in a MISP event.",
- "references": ["https://eql.readthedocs.io/en/latest/"],
+ "references": [
+ "https://eql.readthedocs.io/en/latest/"
+ ],
"input": "MISP Event attributes",
"output": "Text file containing one or more EQL queries"
- }
+}
\ No newline at end of file
diff --git a/documentation/website/export_mod/nexthinkexport.json b/documentation/website/export_mod/nexthinkexport.json
new file mode 100644
index 0000000..0c06f9e
--- /dev/null
+++ b/documentation/website/export_mod/nexthinkexport.json
@@ -0,0 +1,11 @@
+{
+ "description": "Nexthink NXQL query export module",
+ "requirements": [],
+ "features": "This module export an event as Nexthink NXQL queries that can then be used in your own python3 tool or from wget/powershell",
+ "references": [
+ "https://doc.nexthink.com/Documentation/Nexthink/latest/APIAndIntegrations/IntroducingtheWebAPIV2"
+ ],
+ "input": "MISP Event attributes",
+ "output": "Nexthink NXQL queries",
+ "logo": "nexthink.svg"
+}
\ No newline at end of file
diff --git a/documentation/website/export_mod/osqueryexport.json b/documentation/website/export_mod/osqueryexport.json
new file mode 100644
index 0000000..5b563c0
--- /dev/null
+++ b/documentation/website/export_mod/osqueryexport.json
@@ -0,0 +1,9 @@
+{
+ "description": "OSQuery export of a MISP event.",
+ "requirements": [],
+ "features": "This module export an event as osquery queries that can be used in packs or in fleet management solution like Kolide.",
+ "references": [],
+ "input": "MISP Event attributes",
+ "output": "osquery SQL queries",
+ "logo": "osquery.png"
+}
\ No newline at end of file
diff --git a/documentation/website/export_mod/pdfexport.json b/documentation/website/export_mod/pdfexport.json
new file mode 100644
index 0000000..b23c681
--- /dev/null
+++ b/documentation/website/export_mod/pdfexport.json
@@ -0,0 +1,13 @@
+{
+ "description": "Simple export of a MISP event to PDF.",
+ "requirements": [
+ "PyMISP",
+ "reportlab"
+ ],
+ "features": "The module takes care of the PDF file building, and work with any MISP Event. Except the requirement of reportlab, used to create the file, there is no special feature concerning the Event. Some parameters can be given through the config dict. 'MISP_base_url_for_dynamic_link' is your MISP URL, to attach an hyperlink to your event on your MISP instance from the PDF. Keep it clear to avoid hyperlinks in the generated pdf.\n 'MISP_name_for_metadata' is your CERT or MISP instance name. Used as text in the PDF' metadata\n 'Activate_textual_description' is a boolean (True or void) to activate the textual description/header abstract of an event\n 'Activate_galaxy_description' is a boolean (True or void) to activate the description of event related galaxies.\n 'Activate_related_events' is a boolean (True or void) to activate the description of related event. Be aware this might leak information on confidential events linked to the current event !\n 'Activate_internationalization_fonts' is a boolean (True or void) to activate Noto fonts instead of default fonts (Helvetica). This allows the support of CJK alphabet. Be sure to have followed the procedure to download Noto fonts (~70Mo) in the right place (/tools/pdf_fonts/Noto_TTF), to allow PyMisp to find and use them during PDF generation.\n 'Custom_fonts_path' is a text (path or void) to the TTF file of your choice, to create the PDF with it. Be aware the PDF won't support bold/italic/special style anymore with this option ",
+ "references": [
+ "https://acrobat.adobe.com/us/en/acrobat/about-adobe-pdf.html"
+ ],
+ "input": "MISP Event",
+ "output": "MISP Event in a PDF file."
+}
\ No newline at end of file
diff --git a/doc/export_mod/testexport.json b/documentation/website/export_mod/testexport.json
similarity index 95%
rename from doc/export_mod/testexport.json
rename to documentation/website/export_mod/testexport.json
index 213ea92..884ccbe 100644
--- a/doc/export_mod/testexport.json
+++ b/documentation/website/export_mod/testexport.json
@@ -1,3 +1,3 @@
{
"description": "Skeleton export module."
-}
+}
\ No newline at end of file
diff --git a/documentation/website/export_mod/threatStream_misp_export.json b/documentation/website/export_mod/threatStream_misp_export.json
new file mode 100644
index 0000000..b096f41
--- /dev/null
+++ b/documentation/website/export_mod/threatStream_misp_export.json
@@ -0,0 +1,14 @@
+{
+ "description": "Module to export a structured CSV file for uploading to threatStream.",
+ "logo": "threatstream.png",
+ "requirements": [
+ "csv"
+ ],
+ "features": "The module takes a MISP event in input, to look every attribute. Each attribute matching with some predefined types is then exported in a CSV format recognized by ThreatStream.",
+ "references": [
+ "https://www.anomali.com/platform/threatstream",
+ "https://github.com/threatstream"
+ ],
+ "input": "MISP Event attributes",
+ "output": "ThreatStream CSV format file"
+}
\ No newline at end of file
diff --git a/documentation/website/export_mod/threat_connect_export.json b/documentation/website/export_mod/threat_connect_export.json
new file mode 100644
index 0000000..23708dd
--- /dev/null
+++ b/documentation/website/export_mod/threat_connect_export.json
@@ -0,0 +1,13 @@
+{
+ "description": "Module to export a structured CSV file for uploading to ThreatConnect.",
+ "logo": "threatconnect.png",
+ "requirements": [
+ "csv"
+ ],
+ "features": "The module takes a MISP event in input, to look every attribute. Each attribute matching with some predefined types is then exported in a CSV format recognized by ThreatConnect.\nUsers should then provide, as module configuration, the source of data they export, because it is required by the output format.",
+ "references": [
+ "https://www.threatconnect.com"
+ ],
+ "input": "MISP Event attributes",
+ "output": "ThreatConnect CSV format file"
+}
\ No newline at end of file
diff --git a/doc/export_mod/vt_graph.json b/documentation/website/export_mod/vt_graph.json
similarity index 66%
rename from doc/export_mod/vt_graph.json
rename to documentation/website/export_mod/vt_graph.json
index e317730..993c791 100644
--- a/doc/export_mod/vt_graph.json
+++ b/documentation/website/export_mod/vt_graph.json
@@ -1,9 +1,13 @@
{
"description": "This module is used to create a VirusTotal Graph from a MISP event.",
- "logo": "logos/virustotal.png",
- "requirements": ["vt_graph_api, the python library to query the VirusTotal graph API"],
+ "logo": "virustotal.png",
+ "requirements": [
+ "vt_graph_api, the python library to query the VirusTotal graph API"
+ ],
"features": "The module takes the MISP event as input and queries the VirusTotal Graph API to create a new graph out of the event.\n\nOnce the graph is ready, we get the url of it, which is returned so we can view it on VirusTotal.",
- "references": ["https://www.virustotal.com/gui/graph-overview"],
+ "references": [
+ "https://www.virustotal.com/gui/graph-overview"
+ ],
"input": "A MISP event.",
"output": "Link of the VirusTotal Graph created for the event."
-}
+}
\ No newline at end of file
diff --git a/documentation/website/import_mod/csvimport.json b/documentation/website/import_mod/csvimport.json
new file mode 100644
index 0000000..61bc6cc
--- /dev/null
+++ b/documentation/website/import_mod/csvimport.json
@@ -0,0 +1,13 @@
+{
+ "description": "Module to import MISP attributes from a csv file.",
+ "requirements": [
+ "PyMISP"
+ ],
+ "features": "In order to parse data from a csv file, a header is required to let the module know which column is matching with known attribute fields / MISP types.\n\nThis header either comes from the csv file itself or is part of the configuration of the module and should be filled out in MISP plugin settings, each field separated by COMMAS. Fields that do not match with any type known in MISP or are not MISP attribute fields should be ignored in import, using a space or simply nothing between two separators (example: 'ip-src, , comment, ').\n\nIf the csv file already contains a header that does not start by a '#', you should tick the checkbox 'has_header' to avoid importing it and have potential issues. You can also redefine the header even if it is already contained in the file, by following the rules for headers explained earlier. One reason why you would redefine a header is for instance when you want to skip some fields, or some fields are not valid types.",
+ "references": [
+ "https://tools.ietf.org/html/rfc4180",
+ "https://tools.ietf.org/html/rfc7111"
+ ],
+ "input": "CSV format file.",
+ "output": "MISP Event attributes"
+}
\ No newline at end of file
diff --git a/documentation/website/import_mod/cuckooimport.json b/documentation/website/import_mod/cuckooimport.json
new file mode 100644
index 0000000..2e51ea8
--- /dev/null
+++ b/documentation/website/import_mod/cuckooimport.json
@@ -0,0 +1,12 @@
+{
+ "description": "Module to import Cuckoo JSON.",
+ "logo": "cuckoo.png",
+ "requirements": [],
+ "features": "The module simply imports MISP Attributes from a Cuckoo JSON format file. There is thus no special feature to make it work.",
+ "references": [
+ "https://cuckoosandbox.org/",
+ "https://github.com/cuckoosandbox/cuckoo"
+ ],
+ "input": "Cuckoo JSON file",
+ "output": "MISP Event attributes"
+}
\ No newline at end of file
diff --git a/documentation/website/import_mod/email_import.json b/documentation/website/import_mod/email_import.json
new file mode 100644
index 0000000..95ec3c7
--- /dev/null
+++ b/documentation/website/import_mod/email_import.json
@@ -0,0 +1,8 @@
+{
+ "description": "Module to import emails in MISP.",
+ "requirements": [],
+ "features": "This module can be used to import e-mail text as well as attachments and urls.\n3 configuration parameters are then used to unzip attachments, guess zip attachment passwords, and extract urls: set each one of them to True or False to process or not the respective corresponding actions.",
+ "references": [],
+ "input": "E-mail file",
+ "output": "MISP Event attributes"
+}
\ No newline at end of file
diff --git a/documentation/website/import_mod/goamlimport.json b/documentation/website/import_mod/goamlimport.json
new file mode 100644
index 0000000..e8f12cf
--- /dev/null
+++ b/documentation/website/import_mod/goamlimport.json
@@ -0,0 +1,11 @@
+{
+ "description": "Module to import MISP objects about financial transactions from GoAML files.",
+ "logo": "goAML.jpg",
+ "requirements": [
+ "PyMISP"
+ ],
+ "features": "Unlike the GoAML export module, there is here no special feature to import data from GoAML external files, since the module will import MISP Objects with their References on its own, as it is required for the export module to rebuild a valid GoAML document.",
+ "references": "http://goaml.unodc.org/",
+ "input": "GoAML format file, describing financial transactions, with their origin and target (bank accounts, persons or entities).",
+ "output": "MISP objects (transaction, bank-account, person, legal-entity, geolocation), with references, describing financial transactions and their origin and target."
+}
\ No newline at end of file
diff --git a/doc/import_mod/joe_import.json b/documentation/website/import_mod/joe_import.json
similarity index 78%
rename from doc/import_mod/joe_import.json
rename to documentation/website/import_mod/joe_import.json
index ceba4ab..f60d1dd 100644
--- a/doc/import_mod/joe_import.json
+++ b/documentation/website/import_mod/joe_import.json
@@ -1,9 +1,12 @@
{
"description": "A module to import data from a Joe Sandbox analysis json report.",
- "logo": "logos/joesandbox.png",
+ "logo": "joesandbox.png",
"requirements": [],
"input": "Json report of a Joe Sandbox analysis.",
"output": "MISP attributes & objects parsed from the analysis report.",
- "references": ["https://www.joesecurity.org", "https://www.joesandbox.com/"],
- "features": "Module using the new format of modules able to return attributes and objects.\n\nThe module returns the same results as the expansion module [joesandbox_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) using the submission link of the analysis to get the json report.\n\n"
+ "references": [
+ "https://www.joesecurity.org",
+ "https://www.joesandbox.com/"
+ ],
+ "features": "Module using the new format of modules able to return attributes and objects.\n\nThe module returns the same results as the expansion module [joesandbox_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) using the submission link of the analysis to get the json report."
}
diff --git a/doc/import_mod/lastline_import.json b/documentation/website/import_mod/lastline_import.json
similarity index 86%
rename from doc/import_mod/lastline_import.json
rename to documentation/website/import_mod/lastline_import.json
index 99414e0..d89a433 100644
--- a/doc/import_mod/lastline_import.json
+++ b/documentation/website/import_mod/lastline_import.json
@@ -1,9 +1,11 @@
{
"description": "Module to import and parse reports from Lastline analysis links.",
- "logo": "logos/lastline.png",
+ "logo": "lastline.png",
"requirements": [],
"input": "Link to a Lastline analysis.",
"output": "MISP attributes and objects parsed from the analysis report.",
- "references": ["https://www.lastline.com"],
+ "references": [
+ "https://www.lastline.com"
+ ],
"features": "The module requires a Lastline Portal `username` and `password`.\nThe module uses the new format and it is able to return MISP attributes and objects.\nThe module returns the same results as the [lastline_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_query.py) expansion module."
-}
+}
\ No newline at end of file
diff --git a/documentation/website/import_mod/mispjson.json b/documentation/website/import_mod/mispjson.json
new file mode 100644
index 0000000..7ba47bd
--- /dev/null
+++ b/documentation/website/import_mod/mispjson.json
@@ -0,0 +1,8 @@
+{
+ "description": "Module to import MISP JSON format for merging MISP events.",
+ "requirements": [],
+ "features": "The module simply imports MISP Attributes from an other MISP Event in order to merge events together. There is thus no special feature to make it work.",
+ "references": [],
+ "input": "MISP Event",
+ "output": "MISP Event attributes"
+}
\ No newline at end of file
diff --git a/documentation/website/import_mod/ocr.json b/documentation/website/import_mod/ocr.json
new file mode 100644
index 0000000..a33c7e2
--- /dev/null
+++ b/documentation/website/import_mod/ocr.json
@@ -0,0 +1,8 @@
+{
+ "description": "Optical Character Recognition (OCR) module for MISP.",
+ "requirements": [],
+ "features": "The module tries to recognize some text from an image and import the result as a freetext attribute, there is then no special feature asked to users to make it work.",
+ "references": [],
+ "input": "Image",
+ "output": "freetext MISP attribute"
+}
\ No newline at end of file
diff --git a/documentation/website/import_mod/openiocimport.json b/documentation/website/import_mod/openiocimport.json
new file mode 100644
index 0000000..3e00baf
--- /dev/null
+++ b/documentation/website/import_mod/openiocimport.json
@@ -0,0 +1,12 @@
+{
+ "description": "Module to import OpenIOC packages.",
+ "requirements": [
+ "PyMISP"
+ ],
+ "features": "The module imports MISP Attributes from OpenIOC packages, there is then no special feature for users to make it work.",
+ "references": [
+ "https://www.fireeye.com/blog/threat-research/2013/10/openioc-basics.html"
+ ],
+ "input": "OpenIOC packages",
+ "output": "MISP Event attributes"
+}
\ No newline at end of file
diff --git a/documentation/website/import_mod/threatanalyzer_import.json b/documentation/website/import_mod/threatanalyzer_import.json
new file mode 100644
index 0000000..5866e09
--- /dev/null
+++ b/documentation/website/import_mod/threatanalyzer_import.json
@@ -0,0 +1,10 @@
+{
+ "description": "Module to import ThreatAnalyzer archive.zip / analysis.json files.",
+ "requirements": [],
+ "features": "The module imports MISP Attributes from a ThreatAnalyzer format file. This file can be either ZIP, or JSON format.\nThere is by the way no special feature for users to make the module work.",
+ "references": [
+ "https://www.threattrack.com/malware-analysis.aspx"
+ ],
+ "input": "ThreatAnalyzer format file",
+ "output": "MISP Event attributes"
+}
\ No newline at end of file
diff --git a/documentation/website/import_mod/vmray_import.json b/documentation/website/import_mod/vmray_import.json
new file mode 100644
index 0000000..c80b237
--- /dev/null
+++ b/documentation/website/import_mod/vmray_import.json
@@ -0,0 +1,13 @@
+{
+ "description": "Module to import VMRay (VTI) results.",
+ "logo": "vmray.png",
+ "requirements": [
+ "vmray_rest_api"
+ ],
+ "features": "The module imports MISP Attributes from VMRay format, using the VMRay api.\nUsers should then provide as the module configuration the API Key as well as the server url in order to fetch their data to import.",
+ "references": [
+ "https://www.vmray.com/"
+ ],
+ "input": "VMRay format",
+ "output": "MISP Event attributes"
+}
\ No newline at end of file
diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py
index 10254e4..b6f05ef 100644
--- a/misp_modules/modules/expansion/__init__.py
+++ b/misp_modules/modules/expansion/__init__.py
@@ -5,8 +5,8 @@ import sys
sys.path.append('{}/lib'.format('/'.join((os.path.realpath(__file__)).split('/')[:-3])))
__all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'circl_passivessl',
- 'countrycode', 'cve', 'cve_advanced', 'dns', 'btc_steroids', 'domaintools', 'eupi', 'eql',
- 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',
+ 'countrycode', 'cve', 'cve_advanced', 'cpe', 'dns', 'btc_steroids', 'domaintools', 'eupi',
+ 'eql', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',
'whois', 'shodan', 'reversedns', 'geoip_asn', 'geoip_city', 'geoip_country', 'wiki', 'iprep',
'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon',
'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl',
@@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c
'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails', 'apivoid',
'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar',
'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich',
- 'trustar_enrich', 'recordedfuture', 'socialscan']
+ 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan']
minimum_required_fields = ('type', 'uuid', 'value')
diff --git a/misp_modules/modules/expansion/_dnsdb_query/dnsdb_query.py b/misp_modules/modules/expansion/_dnsdb_query/dnsdb_query.py
index af3f204..5df1207 100755
--- a/misp_modules/modules/expansion/_dnsdb_query/dnsdb_query.py
+++ b/misp_modules/modules/expansion/_dnsdb_query/dnsdb_query.py
@@ -119,7 +119,10 @@ class DnsdbClient(object):
break
yield json.loads(line.decode('ascii'))
except (HTTPError, URLError) as e:
- raise QueryError(str(e), sys.exc_traceback)
+ try:
+ raise QueryError(str(e), sys.exc_traceback)
+ except AttributeError:
+ raise QueryError(str(e), sys.exc_info)
def quote(path):
diff --git a/misp_modules/modules/expansion/cpe.py b/misp_modules/modules/expansion/cpe.py
new file mode 100644
index 0000000..600ff37
--- /dev/null
+++ b/misp_modules/modules/expansion/cpe.py
@@ -0,0 +1,133 @@
+import json
+import requests
+from . import check_input_attribute, standard_error_message
+from pymisp import MISPEvent, MISPObject
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['cpe'], 'format': 'misp_standard'}
+moduleinfo = {
+ 'version': '2',
+ 'author': 'Christian Studer',
+ 'description': 'An expansion module to enrich a CPE attribute with its related vulnerabilities.',
+ 'module-type': ['expansion', 'hover']
+}
+moduleconfig = ["custom_API_URL", "limit"]
+cveapi_url = 'https://cvepremium.circl.lu/api/query'
+DEFAULT_LIMIT = 10
+
+
+class VulnerabilitiesParser():
+ def __init__(self, attribute):
+ self.attribute = attribute
+ self.misp_event = MISPEvent()
+ self.misp_event.add_attribute(**attribute)
+ self.vulnerability_mapping = {
+ 'id': {
+ 'type': 'vulnerability',
+ 'object_relation': 'id'
+ },
+ 'summary': {
+ 'type': 'text',
+ 'object_relation': 'summary'
+ },
+ 'vulnerable_configuration': {
+ 'type': 'cpe',
+ 'object_relation': 'vulnerable-configuration'
+ },
+ 'vulnerable_configuration_cpe_2_2': {
+ 'type': 'cpe',
+ 'object_relation': 'vulnerable-configuration'
+ },
+ 'Modified': {
+ 'type': 'datetime',
+ 'object_relation': 'modified'
+ },
+ 'Published': {
+ 'type': 'datetime',
+ 'object_relation': 'published'
+ },
+ 'references': {
+ 'type': 'link',
+ 'object_relation': 'references'
+ },
+ 'cvss': {
+ 'type': 'float',
+ 'object_relation': 'cvss-score'
+ }
+ }
+
+ def parse_vulnerabilities(self, vulnerabilities):
+ for vulnerability in vulnerabilities:
+ vulnerability_object = MISPObject('vulnerability')
+ for feature in ('id', 'summary', 'Modified', 'Published', 'cvss'):
+ if vulnerability.get(feature):
+ attribute = {'value': vulnerability[feature]}
+ attribute.update(self.vulnerability_mapping[feature])
+ vulnerability_object.add_attribute(**attribute)
+ if vulnerability.get('Published'):
+ vulnerability_object.add_attribute(**{
+ 'type': 'text',
+ 'object_relation': 'state',
+ 'value': 'Published'
+ })
+ for feature in ('references', 'vulnerable_configuration', 'vulnerable_configuration_cpe_2_2'):
+ if vulnerability.get(feature):
+ for value in vulnerability[feature]:
+ if isinstance(value, dict):
+ value = value['title']
+ attribute = {'value': value}
+ attribute.update(self.vulnerability_mapping[feature])
+ vulnerability_object.add_attribute(**attribute)
+ vulnerability_object.add_reference(self.attribute['uuid'], 'related-to')
+ self.misp_event.add_object(vulnerability_object)
+
+ def get_result(self):
+ event = json.loads(self.misp_event.to_json())
+ results = {key: event[key] for key in ('Attribute', 'Object')}
+ return {'results': results}
+
+
+def check_url(url):
+ return url if url.endswith('/') else f"{url}/"
+
+
+def handler(q=False):
+ if q is False:
+ return False
+ request = json.loads(q)
+ if not request.get('attribute') or not check_input_attribute(request['attribute']):
+ return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
+ attribute = request['attribute']
+ if attribute.get('type') != 'cpe':
+ return {'error': 'Wrong input attribute type.'}
+ config = request['config']
+ url = check_url(config['custom_API_URL']) if config.get('custom_API_URL') else cveapi_url
+ limit = int(config['limit']) if config.get('limit') else DEFAULT_LIMIT
+ params = {
+ "retrieve": "cves",
+ "dict_filter": {
+ "vulnerable_configuration": attribute['value']
+ },
+ "limit": limit,
+ "sort": "cvss",
+ "sort_dir": "DESC"
+ }
+ response = requests.post(url, json=params)
+ if response.status_code == 200:
+ vulnerabilities = response.json()['data']
+ if not vulnerabilities:
+ return {'error': 'No related vulnerability for this CPE.'}
+ else:
+ return {'error': 'API not accessible.'}
+ parser = VulnerabilitiesParser(attribute)
+ parser.parse_vulnerabilities(vulnerabilities)
+ return parser.get_result()
+
+
+def introspection():
+ return mispattributes
+
+
+def version():
+ moduleinfo['config'] = moduleconfig
+ return moduleinfo
diff --git a/misp_modules/modules/expansion/cve_advanced.py b/misp_modules/modules/expansion/cve_advanced.py
index d15711f..9071ff9 100644
--- a/misp_modules/modules/expansion/cve_advanced.py
+++ b/misp_modules/modules/expansion/cve_advanced.py
@@ -23,9 +23,9 @@ class VulnerabilityParser():
self.references = defaultdict(list)
self.capec_features = ('id', 'name', 'summary', 'prerequisites', 'solutions')
self.vulnerability_mapping = {
- 'id': ('text', 'id'), 'summary': ('text', 'summary'),
- 'vulnerable_configuration': ('text', 'vulnerable_configuration'),
- 'vulnerable_configuration_cpe_2_2': ('text', 'vulnerable_configuration'),
+ 'id': ('vulnerability', 'id'), 'summary': ('text', 'summary'),
+ 'vulnerable_configuration': ('cpe', 'vulnerable_configuration'),
+ 'vulnerable_configuration_cpe_2_2': ('cpe', 'vulnerable_configuration'),
'Modified': ('datetime', 'modified'), 'Published': ('datetime', 'published'),
'references': ('link', 'references'), 'cvss': ('float', 'cvss-score')}
self.weakness_mapping = {'name': 'name', 'description_summary': 'description',
@@ -71,33 +71,39 @@ class VulnerabilityParser():
break
def __parse_capec(self, vulnerability_uuid):
- attribute_type = 'text'
for capec in self.vulnerability['capec']:
capec_object = MISPObject('attack-pattern')
for feature in self.capec_features:
- capec_object.add_attribute(feature, **dict(type=attribute_type, value=capec[feature]))
+ capec_object.add_attribute(feature, **{'type': 'text', 'value': capec[feature]})
for related_weakness in capec['related_weakness']:
- attribute = dict(type='weakness', value="CWE-{}".format(related_weakness))
+ attribute = {'type': 'weakness', 'value': f"CWE-{related_weakness}"}
capec_object.add_attribute('related-weakness', **attribute)
self.misp_event.add_object(capec_object)
- self.references[vulnerability_uuid].append(dict(referenced_uuid=capec_object.uuid,
- relationship_type='targeted-by'))
+ self.references[vulnerability_uuid].append(
+ {
+ 'referenced_uuid': capec_object.uuid,
+ 'relationship_type': 'targeted-by'
+ }
+ )
def __parse_weakness(self, vulnerability_uuid):
- attribute_type = 'text'
cwe_string, cwe_id = self.vulnerability['cwe'].split('-')
cwes = requests.get(self.api_url.replace('/cve/', '/cwe'))
if cwes.status_code == 200:
for cwe in cwes.json():
if cwe['id'] == cwe_id:
weakness_object = MISPObject('weakness')
- weakness_object.add_attribute('id', **dict(type=attribute_type, value='-'.join([cwe_string, cwe_id])))
+ weakness_object.add_attribute('id', {'type': 'weakness', 'value': f'{cwe_string}-{cwe_id}'})
for feature, relation in self.weakness_mapping.items():
if cwe.get(feature):
- weakness_object.add_attribute(relation, **dict(type=attribute_type, value=cwe[feature]))
+ weakness_object.add_attribute(relation, **{'type': 'text', 'value': cwe[feature]})
self.misp_event.add_object(weakness_object)
- self.references[vulnerability_uuid].append(dict(referenced_uuid=weakness_object.uuid,
- relationship_type='weakened-by'))
+ self.references[vulnerability_uuid].append(
+ {
+ 'referenced_uuid': weakness_object.uuid,
+ 'relationship_type': 'weakened-by'
+ }
+ )
break
diff --git a/misp_modules/modules/expansion/farsight_passivedns.py b/misp_modules/modules/expansion/farsight_passivedns.py
index 5d32ea8..a338bfb 100755
--- a/misp_modules/modules/expansion/farsight_passivedns.py
+++ b/misp_modules/modules/expansion/farsight_passivedns.py
@@ -1,15 +1,83 @@
import json
-from ._dnsdb_query.dnsdb_query import DnsdbClient, QueryError
-
+from ._dnsdb_query.dnsdb_query import DEFAULT_DNSDB_SERVER, DnsdbClient, QueryError
+from . import check_input_attribute, standard_error_message
+from pymisp import MISPEvent, MISPObject
misperrors = {'error': 'Error'}
-mispattributes = {'input': ['hostname', 'domain', 'ip-src', 'ip-dst'], 'output': ['freetext']}
-moduleinfo = {'version': '0.1', 'author': 'Christophe Vandeplas', 'description': 'Module to access Farsight DNSDB Passive DNS', 'module-type': ['expansion', 'hover']}
-moduleconfig = ['apikey']
+mispattributes = {
+ 'input': ['hostname', 'domain', 'ip-src', 'ip-dst'],
+ 'format': 'misp_standard'
+}
+moduleinfo = {
+ 'version': '0.2',
+ 'author': 'Christophe Vandeplas',
+ 'description': 'Module to access Farsight DNSDB Passive DNS',
+ 'module-type': ['expansion', 'hover']
+}
+moduleconfig = ['apikey', 'server', 'limit']
-server = 'https://api.dnsdb.info'
+DEFAULT_LIMIT = 10
-# TODO return a MISP object with the different attributes
+
+class FarsightDnsdbParser():
+ def __init__(self, attribute):
+ self.attribute = attribute
+ self.misp_event = MISPEvent()
+ self.misp_event.add_attribute(**attribute)
+ self.passivedns_mapping = {
+ 'bailiwick': {'type': 'text', 'object_relation': 'bailiwick'},
+ 'count': {'type': 'counter', 'object_relation': 'count'},
+ 'rdata': {'type': 'text', 'object_relation': 'rdata'},
+ 'rrname': {'type': 'text', 'object_relation': 'rrname'},
+ 'rrtype': {'type': 'text', 'object_relation': 'rrtype'},
+ 'time_first': {'type': 'datetime', 'object_relation': 'time_first'},
+ 'time_last': {'type': 'datetime', 'object_relation': 'time_last'},
+ 'zone_time_first': {'type': 'datetime', 'object_relation': 'zone_time_first'},
+ 'zone_time_last': {'type': 'datetime', 'object_relation': 'zone_time_last'}
+ }
+ self.type_to_feature = {
+ 'domain': 'domain name',
+ 'hostname': 'hostname',
+ 'ip-src': 'IP address',
+ 'ip-dst': 'IP address'
+ }
+ self.comment = 'Result from an %s lookup on DNSDB about the %s: %s'
+
+ def parse_passivedns_results(self, query_response):
+ default_fields = ('count', 'rrname', 'rrname')
+ optional_fields = (
+ 'bailiwick',
+ 'time_first',
+ 'time_last',
+ 'zone_time_first',
+ 'zone_time_last'
+ )
+ for query_type, results in query_response.items():
+ comment = self.comment % (query_type, self.type_to_feature[self.attribute['type']], self.attribute['value'])
+ for result in results:
+ passivedns_object = MISPObject('passive-dns')
+ for feature in default_fields:
+ passivedns_object.add_attribute(**self._parse_attribute(comment, feature, result[feature]))
+ for feature in optional_fields:
+ if result.get(feature):
+ passivedns_object.add_attribute(**self._parse_attribute(comment, feature, result[feature]))
+ if isinstance(result['rdata'], list):
+ for rdata in result['rdata']:
+ passivedns_object.add_attribute(**self._parse_attribute(comment, 'rdata', rdata))
+ else:
+ passivedns_object.add_attribute(**self._parse_attribute(comment, 'rdata', result['rdata']))
+ passivedns_object.add_reference(self.attribute['uuid'], 'related-to')
+ self.misp_event.add_object(passivedns_object)
+
+ def get_results(self):
+ event = json.loads(self.misp_event.to_json())
+ results = {key: event[key] for key in ('Attribute', 'Object')}
+ return {'results': results}
+
+ def _parse_attribute(self, comment, feature, value):
+ attribute = {'value': value, 'comment': comment}
+ attribute.update(self.passivedns_mapping[feature])
+ return attribute
def handler(q=False):
@@ -19,56 +87,47 @@ def handler(q=False):
if not request.get('config') or not request['config'].get('apikey'):
misperrors['error'] = 'Farsight DNSDB apikey is missing'
return misperrors
- client = DnsdbClient(server, request['config']['apikey'])
- if request.get('hostname'):
- res = lookup_name(client, request['hostname'])
- elif request.get('domain'):
- res = lookup_name(client, request['domain'])
- elif request.get('ip-src'):
- res = lookup_ip(client, request['ip-src'])
- elif request.get('ip-dst'):
- res = lookup_ip(client, request['ip-dst'])
- else:
- misperrors['error'] = "Unsupported attributes type"
- return misperrors
-
- out = ''
- for v in set(res): # uniquify entries
- out = out + "{} ".format(v)
- r = {'results': [{'types': mispattributes['output'], 'values': out}]}
- return r
+ if not request.get('attribute') or not check_input_attribute(request['attribute']):
+ return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
+ attribute = request['attribute']
+ if attribute['type'] not in mispattributes['input']:
+ return {'error': 'Unsupported attributes type'}
+ config = request['config']
+ args = {'apikey': config['apikey']}
+ for feature, default in zip(('server', 'limit'), (DEFAULT_DNSDB_SERVER, DEFAULT_LIMIT)):
+ args[feature] = config[feature] if config.get(feature) else default
+ client = DnsdbClient(**args)
+ to_query = lookup_ip if attribute['type'] in ('ip-src', 'ip-dst') else lookup_name
+ response = to_query(client, attribute['value'])
+ if not response:
+ return {'error': f"Empty results on Farsight DNSDB for the queries {attribute['type']}: {attribute['value']}."}
+ parser = FarsightDnsdbParser(attribute)
+ parser.parse_passivedns_results(response)
+ return parser.get_results()
def lookup_name(client, name):
+ response = {}
try:
res = client.query_rrset(name) # RRSET = entries in the left-hand side of the domain name related labels
- for item in res:
- if item.get('rrtype') in ['A', 'AAAA', 'CNAME']:
- for i in item.get('rdata'):
- yield(i.rstrip('.'))
- if item.get('rrtype') in ['SOA']:
- for i in item.get('rdata'):
- # grab email field and replace first dot by @ to convert to an email address
- yield(i.split(' ')[1].rstrip('.').replace('.', '@', 1))
+ response['rrset'] = list(res)
except QueryError:
pass
-
try:
res = client.query_rdata_name(name) # RDATA = entries on the right-hand side of the domain name related labels
- for item in res:
- if item.get('rrtype') in ['A', 'AAAA', 'CNAME']:
- yield(item.get('rrname').rstrip('.'))
+ response['rdata'] = list(res)
except QueryError:
pass
+ return response
def lookup_ip(client, ip):
try:
res = client.query_rdata_ip(ip)
- for item in res:
- yield(item['rrname'].rstrip('.'))
+ response = {'rdata': list(res)}
except QueryError:
- pass
+ response = {}
+ return response
def introspection():
diff --git a/misp_modules/modules/expansion/html_to_markdown.py b/misp_modules/modules/expansion/html_to_markdown.py
new file mode 100755
index 0000000..228b4bc
--- /dev/null
+++ b/misp_modules/modules/expansion/html_to_markdown.py
@@ -0,0 +1,53 @@
+import json
+import requests
+from markdownify import markdownify
+from bs4 import BeautifulSoup
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['url'], 'output': ['text']}
+moduleinfo = {'version': '0.1', 'author': 'Sami Mokaddem',
+ 'description': 'Simple HTML fetcher',
+ 'module-type': ['expansion']}
+
+
+def fetchHTML(url):
+ r = requests.get(url)
+ return r.text
+
+
+def stripUselessTags(html):
+ soup = BeautifulSoup(html, 'html.parser')
+ toRemove = ['script', 'head', 'header', 'footer', 'meta', 'link']
+ for tag in soup.find_all(toRemove):
+ tag.decompose()
+ return str(soup)
+
+
+def convertHTML(html):
+ toStrip = ['a', 'img']
+ return markdownify(html, heading_style='ATX', strip=toStrip)
+
+
+def handler(q=False):
+ if q is False:
+ return False
+ request = json.loads(q)
+ if request.get('url'):
+ url = request['url']
+ else:
+ return False
+ html = fetchHTML(url)
+ html = stripUselessTags(html)
+ markdown = convertHTML(html)
+
+ r = {'results': [{'types': mispattributes['output'],
+ 'values':[str(markdown)]}]}
+ return r
+
+
+def introspection():
+ return mispattributes
+
+
+def version():
+ return moduleinfo
diff --git a/misp_modules/modules/expansion/trustar_enrich.py b/misp_modules/modules/expansion/trustar_enrich.py
index ab472af..1724441 100644
--- a/misp_modules/modules/expansion/trustar_enrich.py
+++ b/misp_modules/modules/expansion/trustar_enrich.py
@@ -39,7 +39,7 @@ class TruSTARParser:
# Relevant fields from each TruSTAR endpoint
SUMMARY_FIELDS = ["severityLevel", "source", "score", "attributes"]
- METADATA_FIELDS = ["sightings", "first_seen", "last_seen", "tags"]
+ METADATA_FIELDS = ["sightings", "firstSeen", "lastSeen", "tags"]
REPORT_BASE_URL = "https://station.trustar.co/constellation/reports/{}"
diff --git a/tests/test_expansions.py b/tests/test_expansions.py
index 1aa0f7a..eb29332 100644
--- a/tests/test_expansions.py
+++ b/tests/test_expansions.py
@@ -221,7 +221,7 @@ class TestExpansions(unittest.TestCase):
try:
self.assertIn(result, self.get_values(response))
except Exception:
- self.assertTrue(self.get_errors(response).startwith('Something went wrong'))
+ self.assertTrue(self.get_errors(response).startswith('Something went wrong'))
else:
query = {"module": module_name, "ip-src": "8.8.8.8"}
response = self.misp_modules_post(query)
@@ -285,7 +285,7 @@ class TestExpansions(unittest.TestCase):
encoded = b64encode(f.read()).decode()
query = {"module": "ocr_enrich", "attachment": filename, "data": encoded}
response = self.misp_modules_post(query)
- self.assertEqual(self.get_values(response), 'Threat Sharing')
+ self.assertEqual(self.get_values(response).strip('\n'), 'Threat Sharing')
def test_ods(self):
filename = 'test.ods'