Browse Source

add forward infos

pull/197/head
Sebdraven 4 years ago
parent
commit
a24b529868
  1. 53
      misp_modules/modules/expansion/onyphe_full.py

53
misp_modules/modules/expansion/onyphe_full.py

@ -9,7 +9,9 @@ except ImportError:
misperrors = {'error': 'Error'}
mispattributes = {'input': ['ip-src', 'ip-dst', 'hostname', 'domain'], 'output': ['hostname', 'domain', 'ip-src', 'ip-dst','url']}
mispattributes = {'input': ['ip-src', 'ip-dst', 'hostname', 'domain'],
'output': ['hostname', 'domain', 'ip-src', 'ip-dst','url']}
# possible module-types: 'expansion', 'hover' or both
moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven',
'description': 'Query on Onyphe',
@ -82,12 +84,13 @@ def handle_ip(api, ip, misperrors):
# else:
# return r
#
# r, status_ok = expand_forward(api, ip, misperrors)
#
# if status_ok:
# result_filtered['results'].append(r)
# else:
# return r
r, status_ok = expand_forward(api, ip, misperrors)
if status_ok:
result_filtered['results'].extend(r)
else:
misperrors['error'] = 'Error forward result'
return
#
# r, status_ok = expand_reverse(api, ip, misperrors)
#
@ -119,14 +122,14 @@ def expand_syscan(api, ip, misperror):
os_list.append(elem['os'])
r.append({'types': ['target-machine'],
'values': list(set(os_list)),
'categories': ['Targeting data'],
'comment':'OS found on %s with synscan of Onyphe' % ip})
'values': list(set(os_list)),
'categories': ['Targeting data'],
'comment': 'OS found on %s with synscan of Onyphe' % ip})
r.append({'types': ['target-location'],
'values': list(set(geoloc)),
'categories': ['Targeting data'],
'comment': 'geolocalisation of %s found with synscan of Onyphe'
'values': list(set(geoloc)),
'categories': ['Targeting data'],
'comment': 'Geolocalisation of %s found with synscan of Onyphe'
% ip
})
@ -149,7 +152,7 @@ def expand_datascan(api, misperror,**kwargs):
status_ok = False
r = None
return r,status_ok
return r, status_ok
def expand_reverse(api, ip, misperror):
@ -161,8 +164,28 @@ def expand_reverse(api, ip, misperror):
def expand_forward(api, ip, misperror):
status_ok = False
r = None
r = []
results = api.forward(ip)
domains_forward = []
domains = []
if results['status'] == 'ok':
status_ok = True
for elem in results['results']:
domains_forward.append(elem['forward'])
domains.append(elem['domain'])
r.append({'types': ['domain'],
'values': list(set(domains)),
'categories': ['Network activity'],
'comment': 'Domains of %s from forward service of Onyphe' % ip})
r.append({'types': ['domain'],
'values': list(set(domains_forward)),
'categories': ['Network activity'],
'comment': 'Forward Domains of %s from forward service of Onyphe' % ip})
return r, status_ok

Loading…
Cancel
Save