MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Use the proper formatting method and not the horrible % one

Browse Source
pull/115/head
Hannah Ward 6 years ago
parent 9bf3346e88
commit 648c6414c3
No known key found for this signature in database
GPG Key ID: 6F3BAD60DE190290
1 changed files with 20 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 40
      misp_modules/modules/expansion/threatminer.py

40
misp_modules/modules/expansion/threatminer.py
Unescape View File

@ -10,11 +10,11 @@ mispattributes = {'input': ['hostname', 'domain', 'ip-src', 'ip-dst', 'md5', 'sh
}
# possible module-types: 'expansion', 'hover' or both
moduleinfo = {'version': '2', 'author': 'Hannah Ward',
'description': 'Get information from virustotal',
moduleinfo = {'version': '1', 'author': 'KX499',
'description': 'Get information from ThreatMiner',
'module-type': ['expansion']}
desc = '%s: Threatminer - %s'
desc = '{}: Threatminer - {}'
def handler(q=False):
@ -66,25 +66,25 @@ def get_domain(q):
if not emails:
continue
for em_type, email in emails.items():
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')})
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc.format(q, 'whois')})
if flag == 2: #pdns
ip = result.get('ip')
if ip:
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc % (q, 'pdns')})
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc.format(q, 'pdns')})
if flag == 3: #uri
uri = result.get('uri')
if uri:
ret.append({'types': ['url'], 'values': [uri], 'comment': desc % (q, 'uri')})
ret.append({'types': ['url'], 'values': [uri], 'comment': desc.format(q, 'uri')})
if flag == 4: #samples
if type(result) is str:
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'samples')})
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'samples')})
if flag == 5: #subdomains
if type(result) is str:
ret.append({'types': ['domain'], 'values': [result], 'comment': desc % (q, 'subdomain')})
ret.append({'types': ['domain'], 'values': [result], 'comment': desc.format(q, 'subdomain')})
if flag == 6: #reports
link = result.get('URL')
if link:
ret.append({'types': ['url'], 'values': [link], 'comment': desc % (q, 'report')})
ret.append({'types': ['url'], 'values': [link], 'comment': desc.format(q, 'report')})
return ret
@ -105,25 +105,25 @@ def get_ip(q):
if not emails:
continue
for em_type, email in emails.items():
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')})
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc.format(q, 'whois')})
if flag == 2: #pdns
ip = result.get('ip')
if ip:
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc % (q, 'pdns')})
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc.format(q, 'pdns')})
if flag == 3: #uri
uri = result.get('uri')
if uri:
ret.append({'types': ['url'], 'values': [uri], 'comment': desc % (q, 'uri')})
ret.append({'types': ['url'], 'values': [uri], 'comment': desc.format(q, 'uri')})
if flag == 4: #samples
if type(result) is str:
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'samples')})
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'samples')})
if flag == 5: #ssl
if type(result) is str:
ret.append({'types': ['x509-fingerprint-sha1'], 'values': [result], 'comment': desc % (q, 'ssl')})
ret.append({'types': ['x509-fingerprint-sha1'], 'values': [result], 'comment': desc.format(q, 'ssl')})
if flag == 6: #reports
link = result.get('URL')
if link:
ret.append({'types': ['url'], 'values': [link], 'comment': desc % (q, 'report')})
ret.append({'types': ['url'], 'values': [link], 'comment': desc.format(q, 'report')})
return ret
@ -142,25 +142,25 @@ def get_hash(q):
if flag == 1: #meta (filename)
name = result.get('file_name')
if name:
ret.append({'types': ['filename'], 'values': [name], 'comment': desc % (q, 'file')})
ret.append({'types': ['filename'], 'values': [name], 'comment': desc.format(q, 'file')})
if flag == 3: #network
domains = result.get('domains')
for dom in domains:
if dom.get('domain'):
ret.append({'types': ['domain'], 'values': [dom['domain']], 'comment': desc % (q, 'network')})
ret.append({'types': ['domain'], 'values': [dom['domain']], 'comment': desc.format(q, 'network')})
hosts = result.get('hosts')
for h in hosts:
if type(h) is str:
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [h], 'comment': desc % (q, 'network')})
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [h], 'comment': desc.format(q, 'network')})
if flag == 6: #detections
detections = result.get('av_detections')
for d in detections:
if d.get('detection'):
ret.append({'types': ['text'], 'values': [d['detection']], 'comment': desc % (q, 'detection')})
ret.append({'types': ['text'], 'values': [d['detection']], 'comment': desc.format(q, 'detection')})
if flag == 7: #report
if type(result) is str:
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'report')})
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'report')})
return ret

Write Preview
Loading…
Cancel
Save