MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #370 from JakubOnderka/vt-query-sha512

Browse Source 
fix: [VT] Disable SHA512 query for VT
pull/374/head
Alexandre Dulaunoy 3 years ago committed by GitHub
parent b65237a0cb acdc4b9d03
commit 2a137f1631
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      misp_modules/modules/expansion/virustotal.py
  2. 6
      misp_modules/modules/expansion/virustotal_public.py

7
misp_modules/modules/expansion/virustotal.py
Unescape View File

@ -3,12 +3,12 @@ import json
import requests
misperrors = {'error': 'Error'}
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "sha512", "url"],
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"],
'format': 'misp_standard'}
# possible module-types: 'expansion', 'hover' or both
moduleinfo = {'version': '4', 'author': 'Hannah Ward',
'description': 'Get information from virustotal',
'description': 'Get information from VirusTotal',
'module-type': ['expansion']}
# config fields that your code expects from the site admin
@ -25,8 +25,7 @@ class VirusTotalParser(object):
self.input_types_mapping = {'ip-src': self.parse_ip, 'ip-dst': self.parse_ip,
'domain': self.parse_domain, 'hostname': self.parse_domain,
'md5': self.parse_hash, 'sha1': self.parse_hash,
'sha256': self.parse_hash, 'sha512': self.parse_hash,
'url': self.parse_url}
'sha256': self.parse_hash, 'url': self.parse_url}
def query_api(self, attribute):
self.attribute = MISPAttribute()

6
misp_modules/modules/expansion/virustotal_public.py
Unescape View File

@ -3,10 +3,10 @@ import json
import requests
misperrors = {'error': 'Error'}
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "sha512", "url"],
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"],
'format': 'misp_standard'}
moduleinfo = {'version': '1', 'author': 'Christian Studer',
'description': 'Get information from virustotal public API v2.',
'description': 'Get information from VirusTotal public API v2.',
'module-type': ['expansion', 'hover']}
moduleconfig = ['apikey']
@ -155,7 +155,7 @@ ip = ('ip', IpQuery)
file = ('resource', HashQuery)
misp_type_mapping = {'domain': domain, 'hostname': domain, 'ip-src': ip,
'ip-dst': ip, 'md5': file, 'sha1': file, 'sha256': file,
'sha512': file, 'url': ('resource', UrlQuery)}
'url': ('resource', UrlQuery)}
def parse_error(status_code):

Write Preview
Loading…
Cancel
Save