MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add: Update to include composite attributes in the supported input types

composite_attributes_proposal
chrisr3d 2018-11-16 17:12:38 +01:00
parent a02811cdbe
commit d127865139
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 25 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
misp_modules/modules/expansion/domaintools.py
View File

@ -15,8 +15,9 @@ log.addHandler(ch)
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
mispattributes = { mispattributes = {
'input': ['domain', 'email-src', 'email-dst', 'target-email', 'whois-registrant-email', 'input': ['domain', 'domain|ip', 'email-src', 'email-dst', 'target-email', 'whois-registrant-email',
'whois-registrant-name', 'whois-registrant-phone', 'ip-src', 'ip-dst'], 'whois-registrant-name', 'whois-registrant-phone', 'ip-src', 'ip-dst', 'hostname',
'hostname|port', 'ip-src|port', 'ip-dst|port'],
'output': ['whois-registrant-email', 'whois-registrant-phone', 'whois-registrant-name', 'output': ['whois-registrant-email', 'whois-registrant-phone', 'whois-registrant-name',
'whois-registrar', 'whois-creation-date', 'freetext', 'domain'] 'whois-registrar', 'whois-creation-date', 'freetext', 'domain']
} }
@ -31,9 +32,9 @@ moduleinfo = {
moduleconfig = ['username', 'api_key'] moduleconfig = ['username', 'api_key']
query_profiles = [ query_profiles = [
{'inputs': ['domain'], 'services': ['parsed_whois', 'domain_profile', 'reputation', 'reverse_ip']}, {'inputs': ['domain', 'hostname'], 'services': ['parsed_whois', 'domain_profile', 'reputation', 'reverse_ip']},
{'inputs': ['email-src', 'email-dst', 'target-email', 'whois-registrant-email', 'whois-registrant-name', 'whois-registrant-phone'], 'services': ['reverse_whois']}, {'inputs': ['email-src', 'email-dst', 'target-email', 'whois-registrant-email', 'whois-registrant-name', 'whois-registrant-phone'], 'services': ['reverse_whois']},
{'inputs': ['ip-src', 'ip-dst'], 'services': ['host_domains']} {'inputs': ['ip', 'ip-src', 'ip-dst'], 'services': ['host_domains']}
] ]
@ -223,15 +224,20 @@ def reverse_ip_whois(domtools, to_query, values):
# values.add_domain(d, 'Reverse domain related to {}.'.format(to_query)) # values.add_domain(d, 'Reverse domain related to {}.'.format(to_query))
return values return values
def get_services(type_):
for p in query_profiles:
if type_ in p['inputs']:
return p['services']
def get_services(request):
for t in mispattributes['input']: def process_query(type_, domtools, to_query, values):
to_query = request.get(t) services = get_services(type_)
if not to_query: if services:
continue try:
for p in query_profiles: for s in services:
if t in p['inputs']: globals()[s](domtools, to_query, values)
return p['services'] except Exception as e:
print(to_query, type(e), e)
def handler(q=False): def handler(q=False):
@ -243,6 +249,7 @@ def handler(q=False):
for t in mispattributes['input']: for t in mispattributes['input']:
to_query = request.get(t) to_query = request.get(t)
if to_query: if to_query:
input_type = t
break break
if not to_query: if not to_query:
misperrors['error'] = "Unsupported attributes type" misperrors['error'] = "Unsupported attributes type"
@ -259,13 +266,12 @@ def handler(q=False):
return misperrors return misperrors
values = DomainTools() values = DomainTools()
services = get_services(request) if '|' in input_type:
if services: to_query, query = to_query.split('|')
try: input_type, type_ = input_type.split('|')
for s in services: if type_ != 'port':
globals()[s](domtools, to_query, values) process_query(type_, domtools, query, values)
except Exception as e: process_query(input_type, domtools, to_query, values)
print(to_query, type(e), e)
return {'results': values.dump()} return {'results': values.dump()}