mirror of https://github.com/MISP/misp-modules
chg: [merge] updated
parent
208e1c9b0b
commit
e4a1072b53
|
@ -135,6 +135,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
|
||||||
* [Vulnerability Lookup](https://misp.github.io/misp-modules/expansion/#vulnerability-lookup) - An expansion module to query Vulnerability Lookup
|
* [Vulnerability Lookup](https://misp.github.io/misp-modules/expansion/#vulnerability-lookup) - An expansion module to query Vulnerability Lookup
|
||||||
* [Vulners Lookup](https://misp.github.io/misp-modules/expansion/#vulners-lookup) - An expansion hover module to expand information about CVE id using Vulners API.
|
* [Vulners Lookup](https://misp.github.io/misp-modules/expansion/#vulners-lookup) - An expansion hover module to expand information about CVE id using Vulners API.
|
||||||
* [Vysion Enrich](https://misp.github.io/misp-modules/expansion/#vysion-enrich) - Module to enrich the information by making use of the Vysion API.
|
* [Vysion Enrich](https://misp.github.io/misp-modules/expansion/#vysion-enrich) - Module to enrich the information by making use of the Vysion API.
|
||||||
|
* [Whois Lookup](https://misp.github.io/misp-modules/expansion/#whois-lookup) - Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).
|
||||||
* [WhoisFreaks Lookup](https://misp.github.io/misp-modules/expansion/#whoisfreaks-lookup) - An expansion module for https://whoisfreaks.com/ that will provide an enriched analysis of the provided domain, including WHOIS and DNS information.
|
* [WhoisFreaks Lookup](https://misp.github.io/misp-modules/expansion/#whoisfreaks-lookup) - An expansion module for https://whoisfreaks.com/ that will provide an enriched analysis of the provided domain, including WHOIS and DNS information.
|
||||||
* [Wikidata Lookup](https://misp.github.io/misp-modules/expansion/#wikidata-lookup) - An expansion hover module to extract information from Wikidata to have additional information about particular term for analysis.
|
* [Wikidata Lookup](https://misp.github.io/misp-modules/expansion/#wikidata-lookup) - An expansion hover module to extract information from Wikidata to have additional information about particular term for analysis.
|
||||||
* [IBM X-Force Exchange Lookup](https://misp.github.io/misp-modules/expansion/#ibm-x-force-exchange-lookup) - An expansion module for IBM X-Force Exchange.
|
* [IBM X-Force Exchange Lookup](https://misp.github.io/misp-modules/expansion/#ibm-x-force-exchange-lookup) - An expansion module for IBM X-Force Exchange.
|
||||||
|
|
|
@ -114,6 +114,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
|
||||||
* [Vulnerability Lookup](https://misp.github.io/misp-modules/expansion/#vulnerability-lookup) - An expansion module to query Vulnerability Lookup
|
* [Vulnerability Lookup](https://misp.github.io/misp-modules/expansion/#vulnerability-lookup) - An expansion module to query Vulnerability Lookup
|
||||||
* [Vulners Lookup](https://misp.github.io/misp-modules/expansion/#vulners-lookup) - An expansion hover module to expand information about CVE id using Vulners API.
|
* [Vulners Lookup](https://misp.github.io/misp-modules/expansion/#vulners-lookup) - An expansion hover module to expand information about CVE id using Vulners API.
|
||||||
* [Vysion Enrich](https://misp.github.io/misp-modules/expansion/#vysion-enrich) - Module to enrich the information by making use of the Vysion API.
|
* [Vysion Enrich](https://misp.github.io/misp-modules/expansion/#vysion-enrich) - Module to enrich the information by making use of the Vysion API.
|
||||||
|
* [Whois Lookup](https://misp.github.io/misp-modules/expansion/#whois-lookup) - Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).
|
||||||
* [WhoisFreaks Lookup](https://misp.github.io/misp-modules/expansion/#whoisfreaks-lookup) - An expansion module for https://whoisfreaks.com/ that will provide an enriched analysis of the provided domain, including WHOIS and DNS information.
|
* [WhoisFreaks Lookup](https://misp.github.io/misp-modules/expansion/#whoisfreaks-lookup) - An expansion module for https://whoisfreaks.com/ that will provide an enriched analysis of the provided domain, including WHOIS and DNS information.
|
||||||
* [Wikidata Lookup](https://misp.github.io/misp-modules/expansion/#wikidata-lookup) - An expansion hover module to extract information from Wikidata to have additional information about particular term for analysis.
|
* [Wikidata Lookup](https://misp.github.io/misp-modules/expansion/#wikidata-lookup) - An expansion hover module to extract information from Wikidata to have additional information about particular term for analysis.
|
||||||
* [IBM X-Force Exchange Lookup](https://misp.github.io/misp-modules/expansion/#ibm-x-force-exchange-lookup) - An expansion module for IBM X-Force Exchange.
|
* [IBM X-Force Exchange Lookup](https://misp.github.io/misp-modules/expansion/#ibm-x-force-exchange-lookup) - An expansion module for IBM X-Force Exchange.
|
||||||
|
|
|
@ -1,6 +1,3 @@
|
||||||
IMPORTANT NOTE: we will soon be publishing `misp-modules` on PyPI.
|
|
||||||
|
|
||||||
|
|
||||||
## Install from pip
|
## Install from pip
|
||||||
|
|
||||||
It is strongly recommended to use a virtual environment (see here for instructions https://docs.python.org/3/tutorial/venv.html).
|
It is strongly recommended to use a virtual environment (see here for instructions https://docs.python.org/3/tutorial/venv.html).
|
||||||
|
@ -11,6 +8,8 @@ Once the virtual environment is loaded just use the command:
|
||||||
pip install misp-modules
|
pip install misp-modules
|
||||||
~~~~
|
~~~~
|
||||||
|
|
||||||
|
Note: this install method might not yet be available.
|
||||||
|
|
||||||
|
|
||||||
## Install from cloned repository
|
## Install from cloned repository
|
||||||
|
|
||||||
|
@ -83,7 +82,7 @@ Inside you will find three targets:
|
||||||
|
|
||||||
- `test-docs`: run a local server exposing the newly built documentation.
|
- `test-docs`: run a local server exposing the newly built documentation.
|
||||||
|
|
||||||
Note that you can either run the targets using `poetry` (default), or using the `squidfunk/mkdocs-material` by setting the environment variable `USE_DOCKER=true`.
|
Note: you can either run the targets using `poetry` (default), or using the Docker image `squidfunk/mkdocs-material` by setting the environment variable `USE_DOCKER=true`.
|
||||||
|
|
||||||
|
|
||||||
## Run MISP modules
|
## Run MISP modules
|
||||||
|
@ -93,7 +92,7 @@ If you installed it using pip, you just need to execute the command `misp-module
|
||||||
|
|
||||||
## Run MISP modules in Docker
|
## Run MISP modules in Docker
|
||||||
|
|
||||||
You can find an up-to-date container image and related documentation at the following repository:m https://github.com/MISP/misp-docker
|
You can find an up-to-date container image and related documentation at the following repository: https://github.com/MISP/misp-docker .
|
||||||
|
|
||||||
|
|
||||||
## Install misp-module on an offline instance
|
## Install misp-module on an offline instance
|
||||||
|
@ -137,7 +136,13 @@ Just follow those instructions but replace the package `misp-modules` with `-r r
|
||||||
|
|
||||||
Before doing so you need to generate the `requirements.txt` file. Due to the fact we are still supporting Python 3.8 and that Poetry still has some limitations (soon to be resolved) you need to need to replace the line `python = ">=3.8.*,<3.13"` inside `pyproject.toml` with your exact version (just run `python --version`).
|
Before doing so you need to generate the `requirements.txt` file. Due to the fact we are still supporting Python 3.8 and that Poetry still has some limitations (soon to be resolved) you need to need to replace the line `python = ">=3.8.*,<3.13"` inside `pyproject.toml` with your exact version (just run `python --version`).
|
||||||
|
|
||||||
Once you have done that, run the following commands to generate your very own `requirements.txt`.
|
The following `sed` command does everything for you.
|
||||||
|
|
||||||
|
~~~~bash
|
||||||
|
sed -i "s/^python = .*/python = \"$(python -c 'import platform; print(platform.python_version())')\"/" pyproject.toml
|
||||||
|
~~~~
|
||||||
|
|
||||||
|
Then, run the following commands to generate your very own `requirements.txt`.
|
||||||
|
|
||||||
~~~~bash
|
~~~~bash
|
||||||
poetry lock
|
poetry lock
|
||||||
|
@ -145,3 +150,10 @@ poetry install
|
||||||
poetry self add poetry-plugin-export
|
poetry self add poetry-plugin-export
|
||||||
poetry export --without-hashes -f requirements.txt -o requirements.txt
|
poetry export --without-hashes -f requirements.txt -o requirements.txt
|
||||||
~~~~
|
~~~~
|
||||||
|
|
||||||
|
Note that `misp-modules` will not be part of the `requirements.txt` file and you will need to create the wheel yourself:
|
||||||
|
|
||||||
|
~~~~bash
|
||||||
|
poetry build --output ./wheels
|
||||||
|
~~~~
|
||||||
|
|
||||||
|
|
|
@ -2821,6 +2821,32 @@ Module to enrich the information by making use of the Vysion API.
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
#### [Whois Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py)
|
||||||
|
|
||||||
|
Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).
|
||||||
|
[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py)]
|
||||||
|
|
||||||
|
- **features**:
|
||||||
|
>This module takes a domain or IP address attribute as input and queries a 'Univseral Whois proxy server' to get the correct details of the Whois query on the input value (check the references for more details about this whois server).
|
||||||
|
|
||||||
|
- **config**:
|
||||||
|
> - server
|
||||||
|
> - port
|
||||||
|
|
||||||
|
- **input**:
|
||||||
|
>A domain or IP address attribute.
|
||||||
|
|
||||||
|
- **output**:
|
||||||
|
>Text describing the result of a whois request for the input value.
|
||||||
|
|
||||||
|
- **references**:
|
||||||
|
>https://github.com/Lookyloo/uwhoisd
|
||||||
|
|
||||||
|
- **requirements**:
|
||||||
|
>uwhois: A whois python library
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
#### [WhoisFreaks Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whoisfreaks.py)
|
#### [WhoisFreaks Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whoisfreaks.py)
|
||||||
|
|
||||||
<img src=logos/whoisfreaks.png height=60>
|
<img src=logos/whoisfreaks.png height=60>
|
||||||
|
|
|
@ -2818,6 +2818,32 @@ Module to enrich the information by making use of the Vysion API.
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
#### [Whois Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py)
|
||||||
|
|
||||||
|
Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).
|
||||||
|
[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py)]
|
||||||
|
|
||||||
|
- **features**:
|
||||||
|
>This module takes a domain or IP address attribute as input and queries a 'Univseral Whois proxy server' to get the correct details of the Whois query on the input value (check the references for more details about this whois server).
|
||||||
|
|
||||||
|
- **config**:
|
||||||
|
> - server
|
||||||
|
> - port
|
||||||
|
|
||||||
|
- **input**:
|
||||||
|
>A domain or IP address attribute.
|
||||||
|
|
||||||
|
- **output**:
|
||||||
|
>Text describing the result of a whois request for the input value.
|
||||||
|
|
||||||
|
- **references**:
|
||||||
|
>https://github.com/Lookyloo/uwhoisd
|
||||||
|
|
||||||
|
- **requirements**:
|
||||||
|
>uwhois: A whois python library
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
#### [WhoisFreaks Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whoisfreaks.py)
|
#### [WhoisFreaks Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whoisfreaks.py)
|
||||||
|
|
||||||
<img src=../logos/whoisfreaks.png height=60>
|
<img src=../logos/whoisfreaks.png height=60>
|
||||||
|
|
|
@ -114,6 +114,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
|
||||||
* [Vulnerability Lookup](https://misp.github.io/misp-modules/expansion/#vulnerability-lookup) - An expansion module to query Vulnerability Lookup
|
* [Vulnerability Lookup](https://misp.github.io/misp-modules/expansion/#vulnerability-lookup) - An expansion module to query Vulnerability Lookup
|
||||||
* [Vulners Lookup](https://misp.github.io/misp-modules/expansion/#vulners-lookup) - An expansion hover module to expand information about CVE id using Vulners API.
|
* [Vulners Lookup](https://misp.github.io/misp-modules/expansion/#vulners-lookup) - An expansion hover module to expand information about CVE id using Vulners API.
|
||||||
* [Vysion Enrich](https://misp.github.io/misp-modules/expansion/#vysion-enrich) - Module to enrich the information by making use of the Vysion API.
|
* [Vysion Enrich](https://misp.github.io/misp-modules/expansion/#vysion-enrich) - Module to enrich the information by making use of the Vysion API.
|
||||||
|
* [Whois Lookup](https://misp.github.io/misp-modules/expansion/#whois-lookup) - Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).
|
||||||
* [WhoisFreaks Lookup](https://misp.github.io/misp-modules/expansion/#whoisfreaks-lookup) - An expansion module for https://whoisfreaks.com/ that will provide an enriched analysis of the provided domain, including WHOIS and DNS information.
|
* [WhoisFreaks Lookup](https://misp.github.io/misp-modules/expansion/#whoisfreaks-lookup) - An expansion module for https://whoisfreaks.com/ that will provide an enriched analysis of the provided domain, including WHOIS and DNS information.
|
||||||
* [Wikidata Lookup](https://misp.github.io/misp-modules/expansion/#wikidata-lookup) - An expansion hover module to extract information from Wikidata to have additional information about particular term for analysis.
|
* [Wikidata Lookup](https://misp.github.io/misp-modules/expansion/#wikidata-lookup) - An expansion hover module to extract information from Wikidata to have additional information about particular term for analysis.
|
||||||
* [IBM X-Force Exchange Lookup](https://misp.github.io/misp-modules/expansion/#ibm-x-force-exchange-lookup) - An expansion module for IBM X-Force Exchange.
|
* [IBM X-Force Exchange Lookup](https://misp.github.io/misp-modules/expansion/#ibm-x-force-exchange-lookup) - An expansion module for IBM X-Force Exchange.
|
||||||
|
|
Loading…
Reference in New Issue