From 6eeca0fba1efda5605c8fabedc0c9cb2895c0229 Mon Sep 17 00:00:00 2001 From: Sebdraven Date: Fri, 8 Jun 2018 17:53:50 +0200 Subject: [PATCH] add pastebin url imports --- .idea/vcs.xml | 6 ++++++ misp_modules/modules/expansion/onyphe.py | 16 +++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 .idea/vcs.xml diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 0000000..94a25f7 --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/misp_modules/modules/expansion/onyphe.py b/misp_modules/modules/expansion/onyphe.py index 16a4e94..ace09ef 100644 --- a/misp_modules/modules/expansion/onyphe.py +++ b/misp_modules/modules/expansion/onyphe.py @@ -9,7 +9,7 @@ except ImportError: misperrors = {'error': 'Error'} -mispattributes = {'input': ['ip-src', 'ip-dst', 'hostname', 'domains'], 'output': ['freetext']} +mispattributes = {'input': ['ip-src', 'ip-dst', 'hostname', 'domains'], 'output': ['hostname', 'domain', 'ip-src', 'ip-dst','url']} # possible module-types: 'expansion', 'hover' or both moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven', 'description': 'Query on Onyphe', @@ -48,12 +48,22 @@ def handler(q=False): def handle_expansion(api, ip, misperrors): result = api.ip(ip) + if result['status'] == 'nok': misperrors['error'] = result['message'] return misperrors - return {'results': [{'types': mispattributes['output'], - 'values': json.dumps(result)}]} + categories = list(set([item['@category'] for item in result['results']])) + + result_filtered = [] + urls_pasties = [] + for r in result['results']: + if r['@category'] == 'pastries': + if r['@type'] == 'pastebin': + urls_pasties.append('https://pastebin.com/raw/%s' % r['key']) + result_filtered.append({'type': ['url'], 'values': urls_pasties}) + + return result_filtered def introspection():