MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Use the proper formatting method and not the horrible % one

pull/115/head
Hannah Ward 2017-03-08 16:35:03 +00:00
parent 9bf3346e88
commit 648c6414c3
No known key found for this signature in database
GPG Key ID: 6F3BAD60DE190290
1 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
misp_modules/modules/expansion/threatminer.py
View File

@ -10,11 +10,11 @@ mispattributes = {'input': ['hostname', 'domain', 'ip-src', 'ip-dst', 'md5', 'sh
} }
# possible module-types: 'expansion', 'hover' or both # possible module-types: 'expansion', 'hover' or both
moduleinfo = {'version': '2', 'author': 'Hannah Ward', moduleinfo = {'version': '1', 'author': 'KX499',
'description': 'Get information from virustotal', 'description': 'Get information from ThreatMiner',
'module-type': ['expansion']} 'module-type': ['expansion']}
desc = '%s: Threatminer - %s' desc = '{}: Threatminer - {}'
def handler(q=False): def handler(q=False):
@ -66,25 +66,25 @@ def get_domain(q):
if not emails: if not emails:
continue continue
for em_type, email in emails.items(): for em_type, email in emails.items():
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')}) ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc.format(q, 'whois')})
if flag == 2: #pdns if flag == 2: #pdns
ip = result.get('ip') ip = result.get('ip')
if ip: if ip:
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc % (q, 'pdns')}) ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc.format(q, 'pdns')})
if flag == 3: #uri if flag == 3: #uri
uri = result.get('uri') uri = result.get('uri')
if uri: if uri:
ret.append({'types': ['url'], 'values': [uri], 'comment': desc % (q, 'uri')}) ret.append({'types': ['url'], 'values': [uri], 'comment': desc.format(q, 'uri')})
if flag == 4: #samples if flag == 4: #samples
if type(result) is str: if type(result) is str:
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'samples')}) ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'samples')})
if flag == 5: #subdomains if flag == 5: #subdomains
if type(result) is str: if type(result) is str:
ret.append({'types': ['domain'], 'values': [result], 'comment': desc % (q, 'subdomain')}) ret.append({'types': ['domain'], 'values': [result], 'comment': desc.format(q, 'subdomain')})
if flag == 6: #reports if flag == 6: #reports
link = result.get('URL') link = result.get('URL')
if link: if link:
ret.append({'types': ['url'], 'values': [link], 'comment': desc % (q, 'report')}) ret.append({'types': ['url'], 'values': [link], 'comment': desc.format(q, 'report')})
return ret return ret
@ -105,25 +105,25 @@ def get_ip(q):
if not emails: if not emails:
continue continue
for em_type, email in emails.items(): for em_type, email in emails.items():
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')}) ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc.format(q, 'whois')})
if flag == 2: #pdns if flag == 2: #pdns
ip = result.get('ip') ip = result.get('ip')
if ip: if ip:
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc % (q, 'pdns')}) ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc.format(q, 'pdns')})
if flag == 3: #uri if flag == 3: #uri
uri = result.get('uri') uri = result.get('uri')
if uri: if uri:
ret.append({'types': ['url'], 'values': [uri], 'comment': desc % (q, 'uri')}) ret.append({'types': ['url'], 'values': [uri], 'comment': desc.format(q, 'uri')})
if flag == 4: #samples if flag == 4: #samples
if type(result) is str: if type(result) is str:
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'samples')}) ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'samples')})
if flag == 5: #ssl if flag == 5: #ssl
if type(result) is str: if type(result) is str:
ret.append({'types': ['x509-fingerprint-sha1'], 'values': [result], 'comment': desc % (q, 'ssl')}) ret.append({'types': ['x509-fingerprint-sha1'], 'values': [result], 'comment': desc.format(q, 'ssl')})
if flag == 6: #reports if flag == 6: #reports
link = result.get('URL') link = result.get('URL')
if link: if link:
ret.append({'types': ['url'], 'values': [link], 'comment': desc % (q, 'report')}) ret.append({'types': ['url'], 'values': [link], 'comment': desc.format(q, 'report')})
return ret return ret
@ -142,25 +142,25 @@ def get_hash(q):
if flag == 1: #meta (filename) if flag == 1: #meta (filename)
name = result.get('file_name') name = result.get('file_name')
if name: if name:
ret.append({'types': ['filename'], 'values': [name], 'comment': desc % (q, 'file')}) ret.append({'types': ['filename'], 'values': [name], 'comment': desc.format(q, 'file')})
if flag == 3: #network if flag == 3: #network
domains = result.get('domains') domains = result.get('domains')
for dom in domains: for dom in domains:
if dom.get('domain'): if dom.get('domain'):
ret.append({'types': ['domain'], 'values': [dom['domain']], 'comment': desc % (q, 'network')}) ret.append({'types': ['domain'], 'values': [dom['domain']], 'comment': desc.format(q, 'network')})
hosts = result.get('hosts') hosts = result.get('hosts')
for h in hosts: for h in hosts:
if type(h) is str: if type(h) is str:
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [h], 'comment': desc % (q, 'network')}) ret.append({'types': ['ip-src', 'ip-dst'], 'values': [h], 'comment': desc.format(q, 'network')})
if flag == 6: #detections if flag == 6: #detections
detections = result.get('av_detections') detections = result.get('av_detections')
for d in detections: for d in detections:
if d.get('detection'): if d.get('detection'):
ret.append({'types': ['text'], 'values': [d['detection']], 'comment': desc % (q, 'detection')}) ret.append({'types': ['text'], 'values': [d['detection']], 'comment': desc.format(q, 'detection')})
if flag == 7: #report if flag == 7: #report
if type(result) is str: if type(result) is str:
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'report')}) ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'report')})
return ret return ret