mirror of https://github.com/MISP/misp-modules
bug fixes
parent
31a8fb0fe4
commit
aa3a11cd5f
|
@ -2,4 +2,4 @@ from . import _vmray
|
||||||
|
|
||||||
__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl',
|
__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl',
|
||||||
'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'ipasn', 'passivetotal', 'sourcecache',
|
'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'ipasn', 'passivetotal', 'sourcecache',
|
||||||
'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep']
|
'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer']
|
||||||
|
|
|
@ -14,7 +14,7 @@ moduleinfo = {'version': '2', 'author': 'Hannah Ward',
|
||||||
'description': 'Get information from virustotal',
|
'description': 'Get information from virustotal',
|
||||||
'module-type': ['expansion']}
|
'module-type': ['expansion']}
|
||||||
|
|
||||||
desc = '%s: %s Threatminer'
|
desc = '%s: Threatminer - %s'
|
||||||
|
|
||||||
|
|
||||||
def handler(q=False):
|
def handler(q=False):
|
||||||
|
@ -55,14 +55,16 @@ def get_domain(q):
|
||||||
for flag in [1, 2, 3, 4, 5, 6]:
|
for flag in [1, 2, 3, 4, 5, 6]:
|
||||||
req = requests.get('https://www.threatminer.org/domain.php', params={'q': q, 'api': 'True', 'rt': flag})
|
req = requests.get('https://www.threatminer.org/domain.php', params={'q': q, 'api': 'True', 'rt': flag})
|
||||||
if not req.status_code == 200:
|
if not req.status_code == 200:
|
||||||
return []
|
continue
|
||||||
results = req.json().get('results')
|
results = req.json().get('results')
|
||||||
if not results:
|
if not results:
|
||||||
return []
|
continue
|
||||||
|
|
||||||
for result in results:
|
for result in results:
|
||||||
if flag == 1: #whois
|
if flag == 1: #whois
|
||||||
emails = result.get('whois', {}).get('emails')
|
emails = result.get('whois', {}).get('emails')
|
||||||
|
if not emails:
|
||||||
|
continue
|
||||||
for em_type, email in emails.items():
|
for em_type, email in emails.items():
|
||||||
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')})
|
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')})
|
||||||
if flag == 2: #pdns
|
if flag == 2: #pdns
|
||||||
|
@ -92,14 +94,16 @@ def get_ip(q):
|
||||||
for flag in [1, 2, 3, 4, 5, 6]:
|
for flag in [1, 2, 3, 4, 5, 6]:
|
||||||
req = requests.get('https://www.threatminer.org/host.php', params={'q': q, 'api': 'True', 'rt': flag})
|
req = requests.get('https://www.threatminer.org/host.php', params={'q': q, 'api': 'True', 'rt': flag})
|
||||||
if not req.status_code == 200:
|
if not req.status_code == 200:
|
||||||
return []
|
continue
|
||||||
results = req.json().get('results')
|
results = req.json().get('results')
|
||||||
if not results:
|
if not results:
|
||||||
return []
|
continue
|
||||||
|
|
||||||
for result in results:
|
for result in results:
|
||||||
if flag == 1: #whois
|
if flag == 1: #whois
|
||||||
emails = result.get('whois', {}).get('emails')
|
emails = result.get('whois', {}).get('emails')
|
||||||
|
if not emails:
|
||||||
|
continue
|
||||||
for em_type, email in emails.items():
|
for em_type, email in emails.items():
|
||||||
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')})
|
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')})
|
||||||
if flag == 2: #pdns
|
if flag == 2: #pdns
|
||||||
|
@ -115,7 +119,7 @@ def get_ip(q):
|
||||||
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'samples')})
|
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'samples')})
|
||||||
if flag == 5: #ssl
|
if flag == 5: #ssl
|
||||||
if type(result) is str:
|
if type(result) is str:
|
||||||
ret.append({'types': ['x509-fingerprint-sha1'], 'values': [result], 'comment': desc % (q, 'subdomain')})
|
ret.append({'types': ['x509-fingerprint-sha1'], 'values': [result], 'comment': desc % (q, 'ssl')})
|
||||||
if flag == 6: #reports
|
if flag == 6: #reports
|
||||||
link = result.get('URL')
|
link = result.get('URL')
|
||||||
if link:
|
if link:
|
||||||
|
@ -129,10 +133,10 @@ def get_hash(q):
|
||||||
for flag in [1, 3, 6, 7]:
|
for flag in [1, 3, 6, 7]:
|
||||||
req = requests.get('https://www.threatminer.org/sample.php', params={'q': q, 'api': 'True', 'rt': flag})
|
req = requests.get('https://www.threatminer.org/sample.php', params={'q': q, 'api': 'True', 'rt': flag})
|
||||||
if not req.status_code == 200:
|
if not req.status_code == 200:
|
||||||
return []
|
continue
|
||||||
results = req.json().get('results')
|
results = req.json().get('results')
|
||||||
if not results:
|
if not results:
|
||||||
return []
|
continue
|
||||||
|
|
||||||
for result in results:
|
for result in results:
|
||||||
if flag == 1: #meta (filename)
|
if flag == 1: #meta (filename)
|
||||||
|
|
Loading…
Reference in New Issue