MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Some changes to the sourcecache expansion 

- return attachment or malware sample
pull/2/head^2
Iglocska 2016-03-20 10:55:39 +01:00
parent b505f1bd32
commit 3d5b686f2f
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/misp-modules.py Normal file → Executable file
View File

@ -45,7 +45,7 @@ modulesdir = '../modules/expansion'
mhandlers = {} mhandlers = {}
modules = [] modules = []
for module in os.listdir(modulesdir): for module in os.listdir(modulesdir):
if ".py" not in module or ".pyc" in module: if ".py" not in module or ".pyc" in module or ".py~" in module:
continue continue
if re.match("^\.", module): if re.match("^\.", module):
continue continue

17
modules/expansion/sourcecache.py
View File

@ -2,7 +2,7 @@ import json
from url_archiver import url_archiver from url_archiver import url_archiver
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
mispattributes = {'input': ['link'], 'output': ['link']} mispattributes = {'input': ['link', 'url'], 'output': ['attachment', 'malware-sample']}
moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', 'description': 'Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.'} moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', 'description': 'Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.'}
moduleconfig = ['archivepath'] moduleconfig = ['archivepath']
@ -17,16 +17,23 @@ def handler(q=False):
archive_path = '/tmp/' archive_path = '/tmp/'
if request.get('link'): if request.get('link'):
tocache = request['link'] tocache = request['link']
archiver = url_archiver.Archive(archive_path=archive_path) data = __archiveLink(archive_path, tocache)
archiver.fetch(url=tocache) mispattributes['output'] = ['attachment']
mispattributes['output'] = ['link'] elif request.get('url'):
tocache = request['url']
data = __archiveLink(archive_path, tocache)
mispattributes['output'] = ['malware-sample']
else: else:
misperrors['error'] = "Link is missing" misperrors['error'] = "Link is missing"
return misperrors return misperrors
r = {'results': [{'types': mispattributes['output'], 'values': tocache}]} r = {'results': [{'types': mispattributes['output'], 'values': tocache, 'data': data}]}
return r return r
def __archiveLink(archive_path, tocache):
archiver = url_archiver.Archive(archive_path=archive_path)
return archiver.fetch(url=tocache)
def introspection(): def introspection():
return mispattributes return mispattributes