MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Add EUPI module

pull/12/head
Raphaël Vinot 2016-04-28 14:21:39 +02:00
parent e3fad8be20
commit 33fc5503a3
2 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
REQUIREMENTS
View File

@ -6,3 +6,4 @@ passivetotal
PyPDNS PyPDNS
pypssl pypssl
redis redis
pyeupi

53
modules/expansion/eupi.py Executable file
View File

@ -0,0 +1,53 @@
# -*- coding: utf-8 -*-
import json
from pyeupi import PyEUPI
misperrors = {'error': 'Error'}
mispattributes = {'input': ['hostname', 'domain', 'url'], 'output': ['freetext']}
moduleinfo = {'version': '0.1', 'author': 'Raphaël Vinot',
'description': 'Query the Phishing Initiative service (https://phishing-initiative.lu)',
'module-type': ['expansion', 'hover']}
moduleconfig = ['apikey', 'url']
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if request.get('hostname'):
toquery = request['hostname']
elif request.get('domain'):
toquery = request['domain']
elif request.get('url'):
toquery = request['url']
else:
misperrors['error'] = "Unsupported attributes type"
return misperrors
if not request.get('config') and not (request['config'].get('apikey') and request['config'].et('url')):
misperrors['error'] = 'Phishing Initiative authentication is missing'
return misperrors
p = PyEUPI(request['config']['apikey'], request['config']['url'])
results = p.search_url(url=toquery)
if results.get('results'):
to_return = ''
for r in results['results']:
if r['tag_label'] != 'phishing':
continue
to_return += ' {} {} {} '.format(r['url'], r['domain'], r['ip'])
r = {'results': [{'types': mispattributes['output'], 'values': to_return}]}
return r
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo