chg: Use pipenv, update bgpranking/ipasn modules

Raphaël Vinot 2019-01-21 13:31:52 +01:00
parent 623a871c64
commit 55f05e0524
14 changed files with 896 additions and 121 deletions

View File

@ -11,25 +11,24 @@ python:
- "3.7-dev" - "3.7-dev"
install: install:
- pip install -U nose codecov pytest flake8 - pip install pipenv
- pip install -U -r REQUIREMENTS - pipenv install --dev
- pip install .
script: script:
- coverage run -m --parallel-mode --source=misp_modules misp_modules.__init__ -l & - pipenv run coverage run -m --parallel-mode --source=misp_modules misp_modules.__init__ -l &
- pid=$! - pid=$!
- sleep 5 - sleep 5
- nosetests --with-coverage --cover-package=misp_modules - pipenv run nosetests --with-coverage --cover-package=misp_modules
- kill -s INT $pid - kill -s INT $pid
- pushd ~/ - pushd ~/
- coverage run -m --parallel-mode --source=misp_modules misp_modules.__init__ -s -l & - pipenv run coverage run -m --parallel-mode --source=misp_modules misp_modules.__init__ -s -l &
- pid=$! - pid=$!
- popd - popd
- sleep 5 - sleep 5
- nosetests --with-coverage --cover-package=misp_modules - pipenv run nosetests --with-coverage --cover-package=misp_modules
- kill -s INT $pid - kill -s INT $pid
- flake8 --ignore=E501,W503 misp_modules - pipenv run flake8 --ignore=E501,W503 misp_modules
after_success: after_success:
- coverage combine .coverage* - pipenv run coverage combine .coverage*
- codecov - pipenv run codecov

Pipfile Normal file
View File

@ -0,0 +1,45 @@
name = "pypi"
url = ""
verify_ssl = true
nose = "*"
codecov = "*"
pytest = "*"
flake8 = "*"
dnspython = "*"
requests = "*"
urlarchiver = "*"
passivetotal = "*"
pypdns = "*"
pypssl = "*"
pyeupi = "*"
uwhois = {editable = true,git = "",ref = "testing",subdirectory = "client"}
pymisp = {editable = true,git = ""}
pyonyphe = {editable = true,git = ""}
pydnstrails = {editable = true,git = ""}
pytesseract = "*"
pygeoip = "*"
beautifulsoup4 = "*"
oauth2 = "*"
yara-python = ">=3.8.0"
sigmatools = "*"
stix2-patterns = "*"
maclookup = "*"
vulners = "*"
blockchain = "*"
pyintel471 = {editable = true,git = ""}
shodan = "*"
Pillow = "*"
Wand = "*"
SPARQLWrapper = "*"
domaintools_api = "*"
misp-modules = {editable = true,path = "."}
pybgpranking = {editable = true,git = "",subdirectory = "client"}
pyipasnhistory = {editable = true,git = "",subdirectory = "client"}
python_version = "3.6"

Pipfile.lock generated Normal file
View File

@ -0,0 +1,735 @@
"_meta": {
"hash": {
"sha256": "f501a84bdd41ca21a2af020278ce030985cccd5f2f5683cd075797be4523587d"
"pipfile-spec": 6,
"requires": {
"python_version": "3.6"
"sources": [
"name": "pypi",
"url": "",
"verify_ssl": true
"default": {
"aiohttp": {
"hashes": [
"version": "==3.4.4"
"antlr4-python3-runtime": {
"hashes": [
"markers": "python_version >= '3'",
"version": "==4.7.2"
"async-timeout": {
"hashes": [
"version": "==3.0.1"
"attrs": {
"hashes": [
"version": "==18.2.0"
"beautifulsoup4": {
"hashes": [
"index": "pypi",
"version": "==4.7.1"
"blockchain": {
"hashes": [
"index": "pypi",
"version": "==1.4.4"
"certifi": {
"hashes": [
"version": "==2018.11.29"
"chardet": {
"hashes": [
"version": "==3.0.4"
"click": {
"hashes": [
"version": "==7.0"
"click-plugins": {
"hashes": [
"version": "==1.0.4"
"colorama": {
"hashes": [
"version": "==0.4.1"
"dnspython": {
"hashes": [
"index": "pypi",
"version": "==1.16.0"
"domaintools-api": {
"hashes": [
"index": "pypi",
"version": "==0.3.3"
"enum-compat": {
"hashes": [
"version": "==0.0.2"
"ez-setup": {
"hashes": [
"version": "==0.9"
"future": {
"hashes": [
"version": "==0.17.1"
"httplib2": {
"hashes": [
"version": "==0.12.0"
"idna": {
"hashes": [
"version": "==2.8"
"idna-ssl": {
"hashes": [
"markers": "python_version < '3.7'",
"version": "==1.1.0"
"isodate": {
"hashes": [
"version": "==0.6.0"
"jsonschema": {
"hashes": [
"version": "==2.6.0"
"maclookup": {
"hashes": [
"index": "pypi",
"version": "==1.0.3"
"misp-modules": {
"editable": true,
"path": "."
"multidict": {
"hashes": [
"version": "==4.5.2"
"oauth2": {
"hashes": [
"index": "pypi",
"version": "==1.9.0.post1"
"passivetotal": {
"hashes": [
"index": "pypi",
"version": "==1.0.30"
"pillow": {
"hashes": [
"index": "pypi",
"version": "==5.4.1"
"psutil": {
"hashes": [
"version": "==5.4.8"
"pybgpranking": {
"editable": true,
"git": "",
"ref": "7e698f87366e6f99b4d0d11852737db28e3ddc62",
"subdirectory": "client"
"pydnstrails": {
"editable": true,
"git": "",
"ref": "48c1f740025c51289f43a24863d1845ff12fd21a"
"pyeupi": {
"hashes": [
"index": "pypi",
"version": "==1.0"
"pygeoip": {
"hashes": [
"index": "pypi",
"version": "==0.3.2"
"pyintel471": {
"editable": true,
"git": "",
"ref": "0df8d51f1c1425de66714b3a5a45edb69b8cc2fc"
"pyipasnhistory": {
"editable": true,
"git": "",
"ref": "e846cd36fe1ed6b22f60890bba89f84e61b62e59",
"subdirectory": "client"
"pymisp": {
"editable": true,
"git": "",
"ref": "d4934cdf5f537c9f42ae37be7878de1848961de0"
"pyonyphe": {
"editable": true,
"git": "",
"ref": "66329baeee7cab844f2203c047c2551828eaf14d"
"pyparsing": {
"hashes": [
"version": "==2.3.1"
"pypdns": {
"hashes": [
"index": "pypi",
"version": "==1.3"
"pypssl": {
"hashes": [
"index": "pypi",
"version": "==2.1"
"pytesseract": {
"hashes": [
"index": "pypi",
"version": "==0.2.6"
"python-dateutil": {
"hashes": [
"version": "==2.7.5"
"pyyaml": {
"hashes": [
"version": "==3.13"
"rdflib": {
"hashes": [
"version": "==4.2.2"
"redis": {
"hashes": [
"version": "==3.0.1"
"requests": {
"hashes": [
"index": "pypi",
"version": "==2.21.0"
"requests-cache": {
"hashes": [
"version": "==0.4.13"
"shodan": {
"hashes": [
"index": "pypi",
"version": "==1.10.4"
"sigmatools": {
"hashes": [
"index": "pypi",
"version": "==0.7.1"
"six": {
"hashes": [
"version": "==1.12.0"
"soupsieve": {
"hashes": [
"version": "==1.7.2"
"sparqlwrapper": {
"hashes": [
"index": "pypi",
"version": "==1.8.2"
"stix2-patterns": {
"hashes": [
"index": "pypi",
"version": "==1.1.0"
"tornado": {
"hashes": [
"version": "==5.1.1"
"url-normalize": {
"hashes": [
"version": "==1.4.1"
"urlarchiver": {
"hashes": [
"index": "pypi",
"version": "==0.2"
"urllib3": {
"hashes": [
"version": "==1.24.1"
"uwhois": {
"editable": true,
"git": "",
"ref": "f6f035e52213c8abc20f2084d28cfffb399457cb",
"subdirectory": "client"
"vulners": {
"hashes": [
"index": "pypi",
"version": "==1.3.6"
"wand": {
"hashes": [
"index": "pypi",
"version": "==0.5.0"
"xlsxwriter": {
"hashes": [
"version": "==1.1.2"
"yara-python": {
"hashes": [
"index": "pypi",
"version": "==3.8.1"
"yarl": {
"hashes": [
"version": "==1.3.0"
"develop": {
"atomicwrites": {
"hashes": [
"version": "==1.2.1"
"attrs": {
"hashes": [
"version": "==18.2.0"
"certifi": {
"hashes": [
"version": "==2018.11.29"
"chardet": {
"hashes": [
"version": "==3.0.4"
"codecov": {
"hashes": [
"index": "pypi",
"version": "==2.0.15"
"coverage": {
"hashes": [
"version": "==4.5.2"
"flake8": {
"hashes": [
"index": "pypi",
"version": "==3.6.0"
"idna": {
"hashes": [
"version": "==2.8"
"mccabe": {
"hashes": [
"version": "==0.6.1"
"more-itertools": {
"hashes": [
"version": "==5.0.0"
"nose": {
"hashes": [
"index": "pypi",
"version": "==1.3.7"
"pluggy": {
"hashes": [
"version": "==0.8.1"
"py": {
"hashes": [
"version": "==1.7.0"
"pycodestyle": {
"hashes": [
"version": "==2.4.0"
"pyflakes": {
"hashes": [
"version": "==2.0.0"
"pytest": {
"hashes": [
"index": "pypi",
"version": "==4.1.1"
"requests": {
"hashes": [
"index": "pypi",
"version": "==2.21.0"
"six": {
"hashes": [
"version": "==1.12.0"
"urllib3": {
"hashes": [
"version": "==1.24.1"

View File

@ -17,7 +17,7 @@ For more information: [Extending MISP with Python modules](
### Expansion modules ### Expansion modules
* [ASN History](misp_modules/modules/expansion/ - a hover and expansion module to expand an AS number with the ASN description and its history. * [BGP Ranking](misp_modules/modules/expansion/ - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking.
* [BTC transactions](misp_modules/modules/expansion/ - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP. * [BTC transactions](misp_modules/modules/expansion/ - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP.
* [CIRCL Passive DNS](misp_modules/modules/expansion/ - a hover and expansion module to expand hostname and IP addresses with passive DNS information. * [CIRCL Passive DNS](misp_modules/modules/expansion/ - a hover and expansion module to expand hostname and IP addresses with passive DNS information.
* [CIRCL Passive SSL](misp_modules/modules/expansion/ - a hover and expansion module to expand IP addresses with the X.509 certificate seen. * [CIRCL Passive SSL](misp_modules/modules/expansion/ - a hover and expansion module to expand IP addresses with the X.509 certificate seen.

View File

@ -1,31 +1,63 @@
tornado -i
dnspython -e .
requests -e git+
urlarchiver -e git+
passivetotal -e git+
PyPDNS -e git+
pypssl -e git+
redis -e git+
pyeupi -e git+
ipasn-redis aiohttp==3.4.4
asnhistory antlr4-python3-runtime==4.7.2 ; python_version >= '3'
git+ async-timeout==3.0.1
git+ attrs==18.2.0
git+ beautifulsoup4==4.7.1
git+ blockchain==1.4.4
pillow certifi==2018.11.29
pytesseract chardet==3.0.4
wand click-plugins==1.0.4
SPARQLWrapper click==7.0
domaintools_api colorama==0.4.1
pygeoip dnspython==1.16.0
bs4 domaintools-api==0.3.3
oauth2 enum-compat==0.0.2
yara-python==3.8.0 ez-setup==0.9
sigmatools future==0.17.1
stix2-patterns httplib2==0.12.0
maclookup idna-ssl==1.1.0 ; python_version < '3.7'
vulners idna==2.8
psutil isodate==0.6.0
blockchain jsonschema==2.6.0
git+ maclookup==1.0.3

View File

@ -2,25 +2,21 @@
## Expansion Modules ## Expansion Modules
#### [asn_history]( #### [bgpranking](
Query an ASN description history service ( Query BGP Ranking (
- **features**: - **features**:
>The module takes an AS number attribute as input and displays its description and history. >The module takes an AS number attribute as input and displays its description and history, and position in BGP Ranking.
> >
>For a proper working, a communication with a redis database is needed, thus 3 parameters are needed:
>- host, the address of the redis server
>- port, the port used by redis
>- db, the index of the database used
> >
- **input**: - **input**:
>Autonomous system number. >Autonomous system number.
- **output**: - **output**:
>Text containing a description of the ASN and its history. >Text containing a description of the ASN, its history, and the position in BGP Ranking.
- **references**: - **references**:
> >
- **requirements**: - **requirements**:
>asnhistory python library >pybgpranking python library
----- -----
@ -331,17 +327,17 @@ Module to access intelmqs eventdb.
#### [ipasn]( #### [ipasn](
Module to query an IP ASN history service ( Module to query an IP ASN history service (
- **features**: - **features**:
>This module takes an IP address attribute as input and queries the CIRCL IP ASN service to get additional information about the input. >This module takes an IP address attribute as input and queries the CIRCL IPASN service to get additional information about the input.
- **input**: - **input**:
>An IP address MISP attribute. >An IP address MISP attribute.
- **output**: - **output**:
>Text describing additional information about the input after a query on the IP-ASN-history database. >Text describing additional information about the input after a query on the IPASN-history database.
- **references**: - **references**:
> >
- **requirements**: - **requirements**:
>ipasn_redis: Python library to access IP-ASN-history instance via redis, An IP-ASN-history instance information (host, port and database index) >pyipasnhistory: Python library to access IPASN-history instance
----- -----

View File

@ -1,8 +0,0 @@
"description": "Query an ASN description history service (",
"requirements": ["asnhistory python library"],
"features": "The module takes an AS number attribute as input and displays its description and history.\n\nFor a proper working, a communication with a redis database is needed, thus 3 parameters are needed:\n- host, the address of the redis server\n- port, the port used by redis\n- db, the index of the database used\n",
"references": [""],
"input": "Autonomous system number.",
"output": "Text containing a description of the ASN and its history."

View File

@ -0,0 +1,8 @@
"description": "Query BGP Ranking (",
"requirements": ["pybgpranking python library"],
"features": "The module takes an AS number attribute as input and displays its description and history, and position in BGP Ranking.\n\n",
"references": [""],
"input": "Autonomous system number.",
"output": "Text containing a description of the ASN, its history, and the position in BGP Ranking."

View File

@ -1,8 +1,8 @@
{ {
"description": "Module to query an IP ASN history service (", "description": "Module to query an IP ASN history service (",
"requirements": ["ipasn_redis: Python library to access IP-ASN-history instance via redis", "An IP-ASN-history instance information (host, port and database index)"], "requirements": ["pyipasnhistory: Python library to access IPASN-history instance"],
"input": "An IP address MISP attribute.", "input": "An IP address MISP attribute.",
"output": "Text describing additional information about the input after a query on the IP-ASN-history database.", "output": "Text describing additional information about the input after a query on the IPASN-history database.",
"references": [""], "references": [""],
"features": "This module takes an IP address attribute as input and queries the CIRCL IP ASN service to get additional information about the input." "features": "This module takes an IP address attribute as input and queries the CIRCL IPASN service to get additional information about the input."
} }

View File

@ -4,9 +4,10 @@ import json
module_types = ['expansion', 'export_mod', 'import_mod'] module_types = ['expansion', 'export_mod', 'import_mod']
titles = ['Expansion Modules', 'Export Modules', 'Import Modules'] titles = ['Expansion Modules', 'Export Modules', 'Import Modules']
markdown= ["# MISP modules documentation\n"] markdown = ["# MISP modules documentation\n"]
githublink = '' githublink = ''
def generate_doc(root_path): def generate_doc(root_path):
for _path, title in zip(module_types, titles): for _path, title in zip(module_types, titles):
markdown.append('\n## {}\n'.format(title)) markdown.append('\n## {}\n'.format(title))
@ -18,7 +19,7 @@ def generate_doc(root_path):
githubref = '{}/{}.py'.format(githubpath, modulename) githubref = '{}/{}.py'.format(githubpath, modulename)
markdown.append('\n#### [{}]({})\n'.format(modulename, githubref)) markdown.append('\n#### [{}]({})\n'.format(modulename, githubref))
filename = os.path.join(current_path, _file) filename = os.path.join(current_path, _file)
with open(filename, 'rt', encoding='utf-8') as f: with open(filename, 'rt') as f:
definition = json.loads( definition = json.loads(
if 'logo' in definition: if 'logo' in definition:
markdown.append('\n<img src={} height=60>\n'.format(definition.pop('logo'))) markdown.append('\n<img src={} height=60>\n'.format(definition.pop('logo')))
@ -32,6 +33,7 @@ def generate_doc(root_path):
with open('', 'w') as w: with open('', 'w') as w:
w.write(''.join(markdown)) w.write(''.join(markdown))
if __name__ == '__main__': if __name__ == '__main__':
root_path = os.path.dirname(os.path.realpath(__file__)) root_path = os.path.dirname(os.path.realpath(__file__))
generate_doc(root_path) generate_doc(root_path)

View File

@ -30,7 +30,7 @@ db = 5
def selftest(enable=True): def selftest(enable=True):
if not enable: if not enable:
return False return False
r = redis.StrictRedis(host=hostname, port=port, db=db) r = redis.Redis(host=hostname, port=port, db=db)
try: try:
except Exception: except Exception:
@ -40,11 +40,11 @@ def selftest(enable=True):
def get(modulename=None, query=None, value=None, debug=False): def get(modulename=None, query=None, value=None, debug=False):
if (modulename is None or query is None): if (modulename is None or query is None):
return False return False
r = redis.StrictRedis(host=hostname, port=port, db=db) r = redis.Redis(host=hostname, port=port, db=db, decode_responses=True)
h = hashlib.sha1() h = hashlib.sha1()
h.update(query.encode('UTF-8')) h.update(query.encode('UTF-8'))
hv = h.hexdigest() hv = h.hexdigest()
key = "m:" + modulename + ":" + hv key = "m:{}:{}".format(modulename, hv)
if not r.exists(key): if not r.exists(key):
if debug: if debug:
@ -58,7 +58,7 @@ def get(modulename=None, query=None, value=None, debug=False):
def flush(): def flush():
r = redis.StrictRedis(host=hostname, port=port, db=db) r = redis.StrictRedis(host=hostname, port=port, db=db, decode_responses=True)
returncode = r.flushdb() returncode = r.flushdb()
return returncode return returncode
@ -70,7 +70,7 @@ if __name__ == "__main__":
else: else:
print("Selftest ok") print("Selftest ok")
v = get(modulename="testmodule", query="abcdef", value="barfoo", debug=True) v = get(modulename="testmodule", query="abcdef", value="barfoo", debug=True)
if v == b'barfoo': if v == 'barfoo':
print("Cache ok") print("Cache ok")
v = get(modulename="testmodule", query="abcdef") v = get(modulename="testmodule", query="abcdef")
print(v) print(v)

View File

@ -1,7 +1,8 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import json import json
from asnhistory import ASNHistory from datetime import date, timedelta
from pybgpranking import BGPRanking
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
mispattributes = {'input': ['AS'], 'output': ['freetext']} mispattributes = {'input': ['AS'], 'output': ['freetext']}
@ -9,8 +10,6 @@ moduleinfo = {'version': '0.1', 'author': 'Raphaël Vinot',
'description': 'Query an ASN Description history service (', 'description': 'Query an ASN Description history service (',
'module-type': ['expansion', 'hover']} 'module-type': ['expansion', 'hover']}
moduleconfig = ['host', 'port', 'db']
def handler(q=False): def handler(q=False):
if q is False: if q is False:
@ -22,19 +21,11 @@ def handler(q=False):
misperrors['error'] = "Unsupported attributes type" misperrors['error'] = "Unsupported attributes type"
return misperrors return misperrors
if not request.get('config') and not (request['config'].get('host') bgpranking = BGPRanking()
and request['config'].get('port') values = bgpranking.query(toquery, date=( - timedelta(1)).isoformat())
and request['config'].get('db')):
misperrors['error'] = 'ASN description history configuration is missing'
return misperrors
asnhistory = ASNHistory(host=request['config'].get('host'),
port=request['config'].get('port'), db=request['config'].get('db'))
values = ['{} {}'.format(date.isoformat(), description) for date, description in asnhistory.get_all_descriptions(toquery)]
if not values: if not values:
misperrors['error'] = 'Unable to find descriptions for this ASN' misperrors['error'] = 'Unable to find the ASN in BGP Ranking'
return misperrors return misperrors
return {'results': [{'types': mispattributes['output'], 'values': values}]} return {'results': [{'types': mispattributes['output'], 'values': values}]}
@ -44,5 +35,4 @@ def introspection():
def version(): def version():
moduleinfo['config'] = moduleconfig
return moduleinfo return moduleinfo

View File

@ -1,7 +1,7 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import json import json
from ipasn_redis import IPASN from pyipasnhistory import IPASNHistory
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
mispattributes = {'input': ['ip-src', 'ip-dst'], 'output': ['freetext']} mispattributes = {'input': ['ip-src', 'ip-dst'], 'output': ['freetext']}
@ -9,8 +9,6 @@ moduleinfo = {'version': '0.1', 'author': 'Raphaël Vinot',
'description': 'Query an IP ASN history service (', 'description': 'Query an IP ASN history service (',
'module-type': ['expansion', 'hover']} 'module-type': ['expansion', 'hover']}
moduleconfig = ['host', 'port', 'db']
def handler(q=False): def handler(q=False):
if q is False: if q is False:
@ -24,18 +22,8 @@ def handler(q=False):
misperrors['error'] = "Unsupported attributes type" misperrors['error'] = "Unsupported attributes type"
return misperrors return misperrors
if not request.get('config') and not (request['config'].get('host') ipasn = IPASNHistory()
and request['config'].get('port') values = ipasn.query(toquery)
and request['config'].get('db')):
misperrors['error'] = 'IP ASN history configuration is missing'
return misperrors
ipasn = IPASN(host=request['config'].get('host'),
port=request['config'].get('port'), db=request['config'].get('db'))
values = []
for first_seen, last_seen, asn, block in ipasn.aggregate_history(toquery):
values.append('{} {} {} {}'.format(first_seen.decode(), last_seen.decode(), asn.decode(), block))
if not values: if not values:
misperrors['error'] = 'Unable to find the history of this IP' misperrors['error'] = 'Unable to find the history of this IP'
@ -48,5 +36,4 @@ def introspection():
def version(): def version():
moduleinfo['config'] = moduleconfig
return moduleinfo return moduleinfo

View File

@ -23,18 +23,7 @@ setup(
], ],
install_requires=[ install_requires=[
'tornado', 'tornado',
'dnspython3', 'psutil',
'requests', 'redis>=3'
], ],
) )