MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Update urlscan.py 

Added hash to the search so you can take advantage of the new file down load function on urlscan.io.  You can use this to pivot on file hashes and find out domains that hosting the same malicious file.
pull/218/head
SuRb0 2018-08-30 19:41:34 -05:00 committed by GitHub
parent 7deeb95820
commit b0be965e57
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
misp_modules/modules/expansion/urlscan.py
View File

@ -22,8 +22,8 @@ moduleinfo = {
moduleconfig = ['apikey']
misperrors = {'error': 'Error'}
mispattributes = {
'input': ['hostname', 'domain', 'url'],
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'url', 'text', 'link']
'input': ['hostname', 'domain', 'url', 'hash'],
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'url', 'text', 'link', 'hash']
}
@ -49,6 +49,8 @@ def handler(q=False):
r['results'] += lookup_indicator(client, request['hostname'])
if 'url' in request:
r['results'] += lookup_indicator(client, request['url'])
f 'hash' in request:
r['results'] += lookup_indicator(client, request['hash'])
# Return any errors generated from lookup to the UI and remove duplicates