add: new expansion module to check hashes against hashdd.com including NSLR dataset.

2018-05-29 21:54:22 +02:00 · 2018-05-29 21:54:22 +02:00 · 9664127b85
parent c3ac53a069
commit 9664127b85
4 changed files with 44 additions and 5 deletions
--- a/misp_modules/modules/expansion/init.py
+++ b/misp_modules/modules/expansion/init.py
@ -1,6 +1,3 @@
 from . import _vmray
-__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl',
+__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd']
           'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache',
           'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx',
           'threatcrowd', 'vulndb', 'crowdstrike_falcon','yara_syntax_validator']
--- a/misp_modules/modules/expansion/hashdd.py
+++ b/misp_modules/modules/expansion/hashdd.py
@ -0,0 +1,41 @@
 import json
 import requests
 misperrors = {'error': 'Error'}
 mispattributes = {'input': ['md5'], 'output': ['text']}
 moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', 'description': 'An expansion module to check hashes against hashdd.com including NSLR dataset.', 'module-type': ['hover']}
 moduleconfig = []
 hashddapi_url = 'https://api.hashdd.com/'
 def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)
    if not request.get('md5'):
        misperrors['error'] = 'MD5 hash value is missing missing'
        return misperrors
    v = request.get('md5').upper()
    r = requests.post(hashddapi_url, data={'hash':v})
    if r.status_code == 200:
        state = json.loads(r.text)
        if state:
            if state.get(v):
                summary = state[v]['known_level']
        else:
            summary = 'Unknown hash'
    else:
        misperrors['error'] = '{} API not accessible'.format(hashddapi_url)
        return misperrors['error']
    r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
    return r
 def introspection():
    return mispattributes
 def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo
--- a/tests/bodyhashdd.json
+++ b/tests/bodyhashdd.json
@ -0,0 +1 @@
 {"module": "hashdd", "md5": "838DE99E82C5B9753BAC96D82C1A8DCB"}
--- a/tests/query-hashdd.sh
+++ b/tests/query-hashdd.sh
@ -1 +1 @@
-curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @bodycve.json -X POST
+curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @bodyhashdd.json -X POST
		`@ -0,0 +1 @@`
							`{"module": "hashdd", "md5": "838DE99E82C5B9753BAC96D82C1A8DCB"}`
		`@ -1 +1 @@`
			`curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @bodycve.json -X POST`				`curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @bodyhashdd.json -X POST`