add: New expansion module to submit samples and urls to AssemblyLine

pull/352/head
chrisr3d 2019-11-19 15:41:35 -05:00
parent f08fc6d9a5
commit 58a4cb15a1
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
2 changed files with 89 additions and 1 deletions

View File

@ -14,4 +14,5 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c
'intel471', 'backscatter_io', 'btc_scam_check', 'hibp', 'greynoise', 'macvendors',
'qrcode', 'ocr_enrich', 'pdf_enrich', 'docx_enrich', 'xlsx_enrich', 'pptx_enrich',
'ods_enrich', 'odt_enrich', 'joesandbox_submit', 'joesandbox_query', 'urlhaus',
'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails']
'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails',
'assemblyline_submit']

View File

@ -0,0 +1,87 @@
import json
from assemblyline_client import Client, ClientError
from urllib.parse import urljoin
moduleinfo = {"version": 1, "author": "Christian Studer", "module-type": ["expansion"],
"description": "Submit files or URLs to AssemblyLine"}
moduleconfig = ["apiurl", "user_id", "apikey", "password"]
mispattributes = {"input": ["attachment", "malware-sample", "url", "domain"],
"output": ["link"]}
def parse_config(apiurl, user_id, config):
error = {"error": "Please provide your AssemblyLine API key or Password."}
if config.get('apikey'):
try:
return Client(apiurl, apikey=(user_id, config['apikey']))
except ClientError as e:
error['error'] = f'Error while initiating a connection with AssemblyLine: {e.__str__()}'
if config.get('password'):
try:
return Client(apiurl, auth=(user_id, config['password']))
except ClientError as e:
error['error'] = f'Error while initiating a connection with AssemblyLine: {e.__str__()}'
return error
def submit_content(client, filename, data):
try:
return client.submit(fname=filename, contents=data.encode())
except Exception as e:
return {'error': f'Error while submitting content to AssemblyLine: {e.__str__()}'}
def submit_request(client, request):
if 'attachment' in request:
return submit_content(client, request['attachment'], request['data'])
if 'malware-sample' in request:
return submit_content(client, request['malware-sample'].split('|')[0], request['data'])
for feature in ('url', 'domain'):
if feature in request:
return submit_url(client, request[feature])
return {"error": "No valid attribute type for this module has been provided."}
def submit_url(client, url):
try:
return client.submit(url=url)
except Exception as e:
return {'error': f'Error while submitting url to AssemblyLine: {e.__str__()}'}
def handler(q=False):
if q is False:
return q
request = json.loads(q)
if not request.get('config'):
return {"error": "Missing configuration."}
if not request['config'].get('apiurl'):
return {"error": "No AssemblyLine server address provided."}
apiurl = request['config']['apiurl']
if not request['config'].get('user_id'):
return {"error": "Please provide your AssemblyLine User ID."}
user_id = request['config']['user_id']
client = parse_config(apiurl, user_id, request['config'])
if isinstance(client, dict):
return client
submission = submit_request(client, request)
if 'error' in submission:
return submission
sid = submission['submission']['sid']
return {
"results": [{
"types": "link",
"categories": "External analysis",
"values": urljoin(apiurl, f'submission_detail.html?sid={sid}')
}]
}
def introspection():
return mispattributes
def version():
moduleinfo["config"] = moduleconfig
return moduleinfo