From be27730fd34eaa58d154f2c967d45985803ea3a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Fri, 25 Mar 2016 17:38:03 +0100
Subject: [PATCH] Add CIRCL pssl module

---
 .gitignore                             |  3 ++
 modules/expansion/circl_passivessl.py  | 41 ++++++++++++++++++++++++++
 tests/bodycircl_passivessl.json.sample |  1 +
 tests/query-circl_passivessl.sh        |  1 +
 4 files changed, 46 insertions(+)
 create mode 100644 .gitignore
 create mode 100755 modules/expansion/circl_passivessl.py
 create mode 100644 tests/bodycircl_passivessl.json.sample
 create mode 100644 tests/query-circl_passivessl.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e69364e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+*.pyc
+*.swp
+__pycache__
diff --git a/modules/expansion/circl_passivessl.py b/modules/expansion/circl_passivessl.py
new file mode 100755
index 0000000..c6d5a3f
--- /dev/null
+++ b/modules/expansion/circl_passivessl.py
@@ -0,0 +1,41 @@
+import json
+import pypssl
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['ip-src', 'ip-dst'], 'output': ['freetext']}
+moduleinfo = {'version': '0.1', 'author': 'Raphaël Vinot', 'description': 'Module to access CIRCL Passive SSL', 'module-type': ['expansion', 'hover']}
+moduleconfig = ['username', 'password']
+
+
+def handler(q=False):
+    if q is False:
+        return False
+    request = json.loads(q)
+    if request.get('ip-src'):
+        toquery = request['ip-src']
+    elif request.get('ip-dst'):
+        toquery = request['ip-dst']
+    else:
+        misperrors['error'] = "Unsupported attributes type"
+        return misperrors
+
+    if request.get('config'):
+        if (request['config'].get('username') is None) or (request['config'].get('password') is None):
+            misperrors['error'] = 'CIRCL Passive SSL authentication is missing'
+            return misperrors
+
+    x = pypssl.PyPSSL(basic_auth=(request['config']['username'], request['config']['password']))
+    res = x.query(toquery)
+    out = res.get(toquery)
+
+    r = {'results': [{'types': mispattributes['output'], 'values': out}]}
+    return r
+
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo
diff --git a/tests/bodycircl_passivessl.json.sample b/tests/bodycircl_passivessl.json.sample
new file mode 100644
index 0000000..03294b8
--- /dev/null
+++ b/tests/bodycircl_passivessl.json.sample
@@ -0,0 +1 @@
+{"module": "circl_passivessl", "ip-src": "149.13.33.14", "config": {"username": "auser", "password": "somepass"} }
diff --git a/tests/query-circl_passivessl.sh b/tests/query-circl_passivessl.sh
new file mode 100644
index 0000000..9e06571
--- /dev/null
+++ b/tests/query-circl_passivessl.sh
@@ -0,0 +1 @@
+curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @bodycircl_passivessl.json -X POST