MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #370 from JakubOnderka/vt-query-sha512 

fix: [VT] Disable SHA512 query for VT
pull/374/head
Alexandre Dulaunoy 2020-02-09 00:17:20 +01:00 committed by GitHub
parent b65237a0cb acdc4b9d03
commit 2a137f1631
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
misp_modules/modules/expansion/virustotal.py
View File

@ -3,12 +3,12 @@ import json
import requests
misperrors = {'error': 'Error'}
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "sha512", "url"],
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"],
'format': 'misp_standard'}
# possible module-types: 'expansion', 'hover' or both
moduleinfo = {'version': '4', 'author': 'Hannah Ward',
'description': 'Get information from virustotal',
'description': 'Get information from VirusTotal',
'module-type': ['expansion']}
# config fields that your code expects from the site admin
@ -25,8 +25,7 @@ class VirusTotalParser(object):
self.input_types_mapping = {'ip-src': self.parse_ip, 'ip-dst': self.parse_ip,
'domain': self.parse_domain, 'hostname': self.parse_domain,
'md5': self.parse_hash, 'sha1': self.parse_hash,
'sha256': self.parse_hash, 'sha512': self.parse_hash,
'url': self.parse_url}
'sha256': self.parse_hash, 'url': self.parse_url}
def query_api(self, attribute):
self.attribute = MISPAttribute()

6
misp_modules/modules/expansion/virustotal_public.py
View File

@ -3,10 +3,10 @@ import json
import requests
misperrors = {'error': 'Error'}
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "sha512", "url"],
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"],
'format': 'misp_standard'}
moduleinfo = {'version': '1', 'author': 'Christian Studer',
'description': 'Get information from virustotal public API v2.',
'description': 'Get information from VirusTotal public API v2.',
'module-type': ['expansion', 'hover']}
moduleconfig = ['apikey']
@ -155,7 +155,7 @@ ip = ('ip', IpQuery)
file = ('resource', HashQuery)
misp_type_mapping = {'domain': domain, 'hostname': domain, 'ip-src': ip,
'ip-dst': ip, 'md5': file, 'sha1': file, 'sha256': file,
'sha512': file, 'url': ('resource', UrlQuery)}
'url': ('resource', UrlQuery)}
def parse_error(status_code):