Browse Source

initial version of QR code reader

Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code.
Identified values can be inserted into the event.
pull/294/head
Sascha Rommelfangen 3 years ago committed by GitHub
parent
commit
c85ab8d93c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 86
      misp_modules/modules/expansion/qrcode.py

86
misp_modules/modules/expansion/qrcode.py

@ -0,0 +1,86 @@ @@ -0,0 +1,86 @@
import json
from pyzbar import pyzbar
import cv2
import re
import binascii
import np
misperrors = {'error': 'Error'}
mispattributes = {'input': ['attachment'],
'output': ['url', 'btc']}
moduleinfo = {'version': '0.1', 'author': 'Sascha Rommelfangen',
'description': 'QR code decoder',
'module-type': ['expansion', 'hover']}
debug = True
debug_prefix = "[DEBUG] QR Code module: "
# format example: bitcoin:1GXZ6v7FZzYBEnoRaG77SJxhu7QkvQmFuh?amount=0.15424
# format example: http://example.com
cryptocurrencies = {'bitcoin'}
schemas = {'http://', 'https://', 'ftp://'}
moduleconfig = []
def handler(q=False):
if q is False:
return False
q = json.loads(q)
filename = q['attachment']
try:
img_array = np.fromstring(binascii.a2b_base64(q['data']), np.uint8)
except:
err = "Couldn't fetch attachment (JSON 'data' is empty). Are you using the 'Query enrichment' action?"
misperrors['error'] = err
print(err)
return misperrors
image = cv2.imdecode(img_array, cv2.IMREAD_COLOR)
if q:
barcodes = pyzbar.decode(image)
for item in barcodes:
try:
result = item.data.decode()
except Exception as e:
print(e)
return
if debug:
print(debug_prefix + result)
for item in cryptocurrencies:
if item in result:
try:
currency, address, extra = re.split('\:|\?', result)
except Exception as e:
print(e)
if currency in cryptocurrencies:
try:
amount = re.split('=', extra)[1]
if debug:
print(debug_prefix + address)
print(debug_prefix + amount)
return {'results': [{'types': ['btc'], 'values': address, 'comment': "BTC: " + amount + " from file " + filename}]}
except Exception as e:
print(e)
else:
print(address)
for item in schemas:
if item in result:
try:
url = result
if debug:
print(debug_prefix + url)
return {'results': [{'types': ['url'], 'values': url, 'comment': "from QR code of file " + filename}]}
except Exception as e:
print(e)
else:
try:
return {'results': [{'types': ['text'], 'values': result, 'comment': "from QR code of file " + filename}]}
except Exception as e:
print(e)
misperrors['error'] = "Couldn't decode QR code in attachment."
return misperrors
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo
Loading…
Cancel
Save