MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

updating "hibp" for API version 3

pull/480/head
Corsin Camichel 2021-03-13 17:44:27 +01:00 committed by GitHub
parent 35dc6c9d20
commit d913ae4b36
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
misp_modules/modules/expansion/hibp.py
View File

@ -1,14 +1,14 @@
# -*- coding: utf-8 -*-
import requests import requests
import json import json
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
mispattributes = {'input': ['email-dst', 'email-src'], 'output': ['text']} # All mails as input mispattributes = {'input': ['email-dst', 'email-src'],'output': ['text']}
moduleinfo = {'version': '0.1', 'author': 'Aurélien Schwab', 'description': 'Module to access haveibeenpwned.com API.', 'module-type': ['hover']} moduleinfo = {'version': '0.2', 'author': 'Corsin Camichel, Aurélien Schwab', 'description': 'Module to access haveibeenpwned.com API (v3).', 'module-type': ['hover']}
moduleconfig = ['user-agent'] # TODO take this into account in the code moduleconfig = ['api_key']
haveibeenpwned_api_url = 'https://api.haveibeenpwned.com/api/v2/breachedaccount/'
default_user_agent = 'MISP-Module' # User agent (must be set, requiered by API))
haveibeenpwned_api_url = 'https://haveibeenpwned.com/api/v3/breachedaccount/'
API_KEY = "" # details at https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/
def handler(q=False): def handler(q=False):
if q is False: if q is False:
@ -22,22 +22,26 @@ def handler(q=False):
misperrors['error'] = "Unsupported attributes type" misperrors['error'] = "Unsupported attributes type"
return misperrors return misperrors
r = requests.get(haveibeenpwned_api_url + email, headers={'user-agent': default_user_agent}) # Real request if (request['config'].get('api_key') is None):
if r.status_code == 200: # OK (record found) misperrors['error'] = 'Have I Been Pwned authentication is incomplete (no API key)'
return misperrors
else:
API_KEY = request['config'].get('api_key')
r = requests.get(haveibeenpwned_api_url + email, headers={'hibp-api-key': API_KEY})
if r.status_code == 200:
breaches = json.loads(r.text) breaches = json.loads(r.text)
if breaches: if breaches:
return {'results': [{'types': mispattributes['output'], 'values': breaches}]} return {'results': [{'types': mispattributes['output'], 'values': breaches}]}
elif r.status_code == 404: # Not found (not an error) elif r.status_code == 404:
return {'results': [{'types': mispattributes['output'], 'values': 'OK (Not Found)'}]} return {'results': [{'types': mispattributes['output'], 'values': 'OK (Not Found)'}]}
else: # Real error else:
misperrors['error'] = 'haveibeenpwned.com API not accessible (HTTP ' + str(r.status_code) + ')' misperrors['error'] = 'haveibeenpwned.com API not accessible (HTTP ' + str(r.status_code) + ')'
return misperrors['error'] return misperrors['error']
def introspection(): def introspection():
return mispattributes return mispattributes
def version(): def version():
moduleinfo['config'] = moduleconfig moduleinfo['config'] = moduleconfig
return moduleinfo return moduleinfo