add: new expansion module to check hashes against hashdd.com including NSLR dataset.

2018-05-29 21:54:22 +02:00 · 2018-05-29 21:54:22 +02:00 · 9664127b85
parent c3ac53a069
commit 9664127b85
4 changed files with 44 additions and 5 deletions
--- a/misp_modules/modules/expansion/init.py
+++ b/misp_modules/modules/expansion/init.py
@ -1,6 +1,3 @@
 from . import _vmray

-__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl',
-           'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache',
-           'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx',
-           'threatcrowd', 'vulndb', 'crowdstrike_falcon','yara_syntax_validator']
+__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd']
--- a/misp_modules/modules/expansion/hashdd.py
+++ b/misp_modules/modules/expansion/hashdd.py
@ -0,0 +1,41 @@
+import json
+import requests
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['md5'], 'output': ['text']}
+moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', 'description': 'An expansion module to check hashes against hashdd.com including NSLR dataset.', 'module-type': ['hover']}
+moduleconfig = []
+hashddapi_url = 'https://api.hashdd.com/'
+
+
+def handler(q=False):
+    if q is False:
+        return False
+    request = json.loads(q)
+    if not request.get('md5'):
+        misperrors['error'] = 'MD5 hash value is missing missing'
+        return misperrors
+    v = request.get('md5').upper()
+    r = requests.post(hashddapi_url, data={'hash':v})
+    if r.status_code == 200:
+        state = json.loads(r.text)
+        if state:
+            if state.get(v):
+                summary = state[v]['known_level']
+        else:
+            summary = 'Unknown hash'
+    else:
+        misperrors['error'] = '{} API not accessible'.format(hashddapi_url)
+        return misperrors['error']
+
+    r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
+    return r
+
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo
--- a/tests/bodyhashdd.json
+++ b/tests/bodyhashdd.json
@ -0,0 +1 @@
+{"module": "hashdd", "md5": "838DE99E82C5B9753BAC96D82C1A8DCB"}
--- a/tests/query-hashdd.sh
+++ b/tests/query-hashdd.sh
@ -1 +1 @@
-curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @bodycve.json -X POST
+curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @bodyhashdd.json -X POST
				`@ -0,0 +1 @@`
				`{"module": "hashdd", "md5": "838DE99E82C5B9753BAC96D82C1A8DCB"}`