mirror of https://github.com/MISP/misp-modules
Update urlscan.py
Added hash to the search so you can take advantage of the new file down load function on urlscan.io. You can use this to pivot on file hashes and find out domains that hosting the same malicious file.pull/218/head
parent
7deeb95820
commit
b0be965e57
|
@ -22,8 +22,8 @@ moduleinfo = {
|
||||||
moduleconfig = ['apikey']
|
moduleconfig = ['apikey']
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {
|
mispattributes = {
|
||||||
'input': ['hostname', 'domain', 'url'],
|
'input': ['hostname', 'domain', 'url', 'hash'],
|
||||||
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'url', 'text', 'link']
|
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'url', 'text', 'link', 'hash']
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -49,6 +49,8 @@ def handler(q=False):
|
||||||
r['results'] += lookup_indicator(client, request['hostname'])
|
r['results'] += lookup_indicator(client, request['hostname'])
|
||||||
if 'url' in request:
|
if 'url' in request:
|
||||||
r['results'] += lookup_indicator(client, request['url'])
|
r['results'] += lookup_indicator(client, request['url'])
|
||||||
|
f 'hash' in request:
|
||||||
|
r['results'] += lookup_indicator(client, request['hash'])
|
||||||
|
|
||||||
# Return any errors generated from lookup to the UI and remove duplicates
|
# Return any errors generated from lookup to the UI and remove duplicates
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue