From 31d15056f9f85298eb95a5b0dac7ba0ddd8c19e7 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 3 Jun 2020 11:12:47 +0200 Subject: [PATCH] new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port --- misp_modules/modules/expansion/circl_passivedns.py | 10 ++++++---- misp_modules/modules/expansion/circl_passivessl.py | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/misp_modules/modules/expansion/circl_passivedns.py b/misp_modules/modules/expansion/circl_passivedns.py index 75ff6c6..2455be0 100755 --- a/misp_modules/modules/expansion/circl_passivedns.py +++ b/misp_modules/modules/expansion/circl_passivedns.py @@ -2,7 +2,7 @@ import json import pypdns from pymisp import MISPAttribute, MISPEvent, MISPObject -mispattributes = {'input': ['hostname', 'domain', 'ip-src', 'ip-dst'], 'format': 'misp_standard'} +mispattributes = {'input': ['hostname', 'domain', 'ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port'], 'format': 'misp_standard'} moduleinfo = {'version': '0.2', 'author': 'Alexandre Dulaunoy', 'description': 'Module to access CIRCL Passive DNS', 'module-type': ['expansion', 'hover']} @@ -24,9 +24,11 @@ class PassiveDNSParser(): results = {key: event[key] for key in ('Attribute', 'Object')} return {'results': results} - def parse(self, value): + def parse(self): + value = self.attribute.value.split('|')[0] if '|' in self.attribute.type else self.attribute.value + try: - results = self.pdns.query(self.attribute.value) + results = self.pdns.query(value) except Exception: self.result = {'error': 'There is an authentication error, please make sure you supply correct credentials.'} return @@ -57,7 +59,7 @@ def handler(q=False): if not any(input_type == attribute['type'] for input_type in mispattributes['input']): return {'error': 'Unsupported attributes type'} pdns_parser = PassiveDNSParser(attribute, authentication) - pdns_parser.parse(attribute['value']) + pdns_parser.parse() return pdns_parser.get_results() diff --git a/misp_modules/modules/expansion/circl_passivessl.py b/misp_modules/modules/expansion/circl_passivessl.py index 0c11106..e43defc 100755 --- a/misp_modules/modules/expansion/circl_passivessl.py +++ b/misp_modules/modules/expansion/circl_passivessl.py @@ -2,7 +2,7 @@ import json import pypssl from pymisp import MISPAttribute, MISPEvent, MISPObject -mispattributes = {'input': ['ip-src', 'ip-dst'], 'format': 'misp_standard'} +mispattributes = {'input': ['ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port'], 'format': 'misp_standard'} moduleinfo = {'version': '0.2', 'author': 'Raphaƫl Vinot', 'description': 'Module to access CIRCL Passive SSL', 'module-type': ['expansion', 'hover']} @@ -31,9 +31,11 @@ class PassiveSSLParser(): results = {key: event[key] for key in ('Attribute', 'Object')} return {'results': results} - def parse(self, value): + def parse(self): + value = self.attribute.value.split('|')[0] if '|' in self.attribute.type else self.attribute.value + try: - results = self.pssl.query(self.attribute.value) + results = self.pssl.query(value) except Exception: self.result = {'error': 'There is an authentication error, please make sure you supply correct credentials.'} return @@ -78,7 +80,7 @@ def handler(q=False): if not any(input_type == attribute['type'] for input_type in mispattributes['input']): return {'error': 'Unsupported attributes type'} pssl_parser = PassiveSSLParser(attribute, authentication) - pssl_parser.parse(attribute['value']) + pssl_parser.parse() return pssl_parser.get_results()