add forward infos

pull/197/head
Sebdraven 2018-06-20 15:33:21 +02:00
parent d0f42c1772
commit a24b529868
1 changed files with 38 additions and 15 deletions

View File

@ -9,7 +9,9 @@ except ImportError:
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
mispattributes = {'input': ['ip-src', 'ip-dst', 'hostname', 'domain'], 'output': ['hostname', 'domain', 'ip-src', 'ip-dst','url']} mispattributes = {'input': ['ip-src', 'ip-dst', 'hostname', 'domain'],
'output': ['hostname', 'domain', 'ip-src', 'ip-dst','url']}
# possible module-types: 'expansion', 'hover' or both # possible module-types: 'expansion', 'hover' or both
moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven', moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven',
'description': 'Query on Onyphe', 'description': 'Query on Onyphe',
@ -82,12 +84,13 @@ def handle_ip(api, ip, misperrors):
# else: # else:
# return r # return r
# #
# r, status_ok = expand_forward(api, ip, misperrors) r, status_ok = expand_forward(api, ip, misperrors)
#
# if status_ok: if status_ok:
# result_filtered['results'].append(r) result_filtered['results'].extend(r)
# else: else:
# return r misperrors['error'] = 'Error forward result'
return
# #
# r, status_ok = expand_reverse(api, ip, misperrors) # r, status_ok = expand_reverse(api, ip, misperrors)
# #
@ -119,14 +122,14 @@ def expand_syscan(api, ip, misperror):
os_list.append(elem['os']) os_list.append(elem['os'])
r.append({'types': ['target-machine'], r.append({'types': ['target-machine'],
'values': list(set(os_list)), 'values': list(set(os_list)),
'categories': ['Targeting data'], 'categories': ['Targeting data'],
'comment':'OS found on %s with synscan of Onyphe' % ip}) 'comment': 'OS found on %s with synscan of Onyphe' % ip})
r.append({'types': ['target-location'], r.append({'types': ['target-location'],
'values': list(set(geoloc)), 'values': list(set(geoloc)),
'categories': ['Targeting data'], 'categories': ['Targeting data'],
'comment': 'geolocalisation of %s found with synscan of Onyphe' 'comment': 'Geolocalisation of %s found with synscan of Onyphe'
% ip % ip
}) })
@ -149,7 +152,7 @@ def expand_datascan(api, misperror,**kwargs):
status_ok = False status_ok = False
r = None r = None
return r,status_ok return r, status_ok
def expand_reverse(api, ip, misperror): def expand_reverse(api, ip, misperror):
@ -161,8 +164,28 @@ def expand_reverse(api, ip, misperror):
def expand_forward(api, ip, misperror): def expand_forward(api, ip, misperror):
status_ok = False status_ok = False
r = None r = []
results = api.forward(ip)
domains_forward = []
domains = []
if results['status'] == 'ok':
status_ok = True
for elem in results['results']:
domains_forward.append(elem['forward'])
domains.append(elem['domain'])
r.append({'types': ['domain'],
'values': list(set(domains)),
'categories': ['Network activity'],
'comment': 'Domains of %s from forward service of Onyphe' % ip})
r.append({'types': ['domain'],
'values': list(set(domains_forward)),
'categories': ['Network activity'],
'comment': 'Forward Domains of %s from forward service of Onyphe' % ip})
return r, status_ok return r, status_ok