initial version of OCR expansion module

2019-04-24 13:54:21 +02:00 · 2019-04-24 13:54:21 +02:00 · 7171c8ce92
parent e893a17583
commit 7171c8ce92
2 changed files with 53 additions and 1 deletions
--- a/misp_modules/modules/expansion/init.py
+++ b/misp_modules/modules/expansion/init.py
@ -8,4 +8,5 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c
           'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl',
           'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator',
           'sigma_queries', 'dbl_spamhaus', 'vulners', 'yara_query', 'macaddress_io',
-           'intel471', 'backscatter_io', 'btc_scam_check', 'hibp', 'greynoise', 'macvendors', 'qrcode']
+           'intel471', 'backscatter_io', 'btc_scam_check', 'hibp', 'greynoise', 'macvendors', 
+           'qrcode', 'ocr']
--- a/misp_modules/modules/expansion/ocr.py
+++ b/misp_modules/modules/expansion/ocr.py
@ -0,0 +1,51 @@
+import json
+import re
+import binascii
+import cv2
+import np
+import pytesseract
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['attachment'],
+                  'output': ['freetext', 'text']}
+moduleinfo = {'version': '0.1', 'author': 'Sascha Rommelfangen',
+              'description': 'OCR decoder',
+              'module-type': ['expansion']}
+
+moduleconfig = []
+
+
+def handler(q=False):
+    if q is False:
+        return False
+    q = json.loads(q)
+    filename = q['attachment']
+    try:
+        img_array = np.frombuffer(binascii.a2b_base64(q['data']), np.uint8)
+    except Exception as e:
+        print(e)
+        err = "Couldn't fetch attachment (JSON 'data' is empty). Are you using the 'Query enrichment' action?"
+        misperrors['error'] = err
+        print(err)
+        return misperrors
+
+    image = img_array
+    image = cv2.imdecode(img_array, cv2.IMREAD_COLOR)
+    try:
+        decoded = pytesseract.image_to_string(image)
+        return {'results': [{'types': ['freetext'], 'values': decoded, 'comment': "OCR from file " + filename},
+                {'types': ['text'], 'values': decoded, 'comment': "ORC from file " + filename}]}
+    except Exception as e:
+        print(e)
+        err = "Couldn't analyze file type. Only images are supported right now."
+        misperrors['error'] = err
+        return misperrors
+
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo