add: new expansion module to check hashes against including NSLR dataset.

Alexandre Dulaunoy 2018-05-29 21:54:22 +02:00
parent c3ac53a069
commit 9664127b85
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
4 changed files with 44 additions and 5 deletions

View File

@ -1,6 +1,3 @@
from . import _vmray
__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl',
'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache',
'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx',
'threatcrowd', 'vulndb', 'crowdstrike_falcon','yara_syntax_validator']
__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd']

View File

@ -0,0 +1,41 @@
import json
import requests
misperrors = {'error': 'Error'}
mispattributes = {'input': ['md5'], 'output': ['text']}
moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', 'description': 'An expansion module to check hashes against including NSLR dataset.', 'module-type': ['hover']}
moduleconfig = []
hashddapi_url = ''
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if not request.get('md5'):
misperrors['error'] = 'MD5 hash value is missing missing'
return misperrors
v = request.get('md5').upper()
r =, data={'hash':v})
if r.status_code == 200:
state = json.loads(r.text)
if state:
if state.get(v):
summary = state[v]['known_level']
summary = 'Unknown hash'
misperrors['error'] = '{} API not accessible'.format(hashddapi_url)
return misperrors['error']
r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
return r
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo

tests/bodyhashdd.json Normal file
View File

@ -0,0 +1 @@
{"module": "hashdd", "md5": "838DE99E82C5B9753BAC96D82C1A8DCB"}

View File

@ -1 +1 @@
curl -s -H "Content-Type: application/json" --data @bodycve.json -X POST
curl -s -H "Content-Type: application/json" --data @bodyhashdd.json -X POST