From 48635d8f1b11ff9cd23d8a1b4d2995ce1bf91971 Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Fri, 2 Oct 2020 17:01:02 +0200
Subject: [PATCH] add: Added documentation for the socialscan new module

- Also quick fix of the message for an invalid
  result or response concerning the queried email
  address or username
---
 README.md                                    |  3 ++-
 doc/README.md                                | 16 ++++++++++++++++
 doc/expansion/socialscan.json                |  8 ++++++++
 misp_modules/modules/expansion/socialscan.py |  2 +-
 4 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 doc/expansion/socialscan.json

diff --git a/README.md b/README.md
index 26dce03..ce9b57c 100644
--- a/README.md
+++ b/README.md
@@ -75,7 +75,8 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 * [shodan](misp_modules/modules/expansion/shodan.py) - a minimal [shodan](https://www.shodan.io/) expansion module.
 * [Sigma queries](misp_modules/modules/expansion/sigma_queries.py) - Experimental expansion module querying a sigma rule to convert it into all the available SIEM signatures.
 * [Sigma syntax validator](misp_modules/modules/expansion/sigma_syntax_validator.py) - Sigma syntax validator.
-* [SophosLabs Intelix](misp_modules/modules/expansion/sophoslabs_intelix.py) - SophosLabs Intelix is an API for Threat Intelligence and Analysis (free tier availible). [SophosLabs](https://aws.amazon.com/marketplace/pp/B07SLZPMCS)
+* [Socialscan](misp_modules/modules/expansion/socialscan.py) - a hover module to check if an email address or a username is used on different online platforms, using the [socialscan](https://github.com/iojw/socialscan) python library
+* [SophosLabs Intelix](misp_modules/modules/expansion/sophoslabs_intelix.py) - SophosLabs Intelix is an API for Threat Intelligence and Analysis (free tier available). [SophosLabs](https://aws.amazon.com/marketplace/pp/B07SLZPMCS)
 * [sourcecache](misp_modules/modules/expansion/sourcecache.py) - a module to cache a specific link from a MISP instance.
 * [STIX2 pattern syntax validator](misp_modules/modules/expansion/stix2_pattern_syntax_validator.py) - a module to check a STIX2 pattern syntax.
 * [ThreatCrowd](misp_modules/modules/expansion/threatcrowd.py) - an expansion module for [ThreatCrowd](https://www.threatcrowd.org/).
diff --git a/doc/README.md b/doc/README.md
index 1225780..1407ae7 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -1214,6 +1214,22 @@ An expansion hover module to perform a syntax check on sigma rules.
 
 -----
 
+#### [socialscan](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/socialscan.py)
+
+A hover module to get information on the availability of an email address or username on some online platforms.
+- **features**:
+>The module takes an email address or username as input and check its availability on some online platforms. The results for each platform are then returned to see if the email address or the username is used, available or if there is an issue with it.
+- **input**:
+>An email address or usename attribute.
+- **output**:
+>Text containing information about the availability of an email address or a username in some online platforms.
+- **references**:
+>https://github.com/iojw/socialscan
+- **requirements**:
+>The socialscan python library
+
+-----
+
 #### [sophoslabs_intelix](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sophoslabs_intelix.py)
 
 <img src=logos/sophoslabs_intelix.svg height=60>
diff --git a/doc/expansion/socialscan.json b/doc/expansion/socialscan.json
new file mode 100644
index 0000000..a1cf359
--- /dev/null
+++ b/doc/expansion/socialscan.json
@@ -0,0 +1,8 @@
+{
+    "description": "A hover module to get information on the availability of an email address or username on some online platforms.",
+    "requirements": ["The socialscan python library"],
+    "input": "An email address or usename attribute.",
+    "output": "Text containing information about the availability of an email address or a username in some online platforms.",
+    "references": ["https://github.com/iojw/socialscan"],
+    "features": "The module takes an email address or username as input and check its availability on some online platforms. The results for each platform are then returned to see if the email address or the username is used, available or if there is an issue with it."
+}
diff --git a/misp_modules/modules/expansion/socialscan.py b/misp_modules/modules/expansion/socialscan.py
index da30e4c..54f58f6 100644
--- a/misp_modules/modules/expansion/socialscan.py
+++ b/misp_modules/modules/expansion/socialscan.py
@@ -51,7 +51,7 @@ def parse_results(query_results, feature):
             results.append(f'Unable to retrieve the {feature} on {result.platform}.')
             continue
         if not result.valid:
-            results.append(f'Invalid response from {result.platform}.')
+            results.append(f'Invalid response from {result.platform}, or invalid {feature}.')
             continue
         statement = 'No account' if result.available else 'There is an account'
         results.append(f'{statement} linked to the {feature} on {result.platform}.')