From e6bac113baaf27981aa431f1f9c218bda49d0e17 Mon Sep 17 00:00:00 2001
From: Sebdraven <slarinier@gmail.com>
Date: Fri, 8 Jun 2018 16:38:41 +0200
Subject: [PATCH] add onyphe module

---
 REQUIREMENTS                             |  1 +
 misp_modules/modules/expansion/onyphe.py | 65 ++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 misp_modules/modules/expansion/onyphe.py

diff --git a/REQUIREMENTS b/REQUIREMENTS
index 9e383d4..0a0c85a 100644
--- a/REQUIREMENTS
+++ b/REQUIREMENTS
@@ -14,6 +14,7 @@ asnhistory
 git+https://github.com/Rafiot/uwhoisd.git@testing#egg=uwhois&subdirectory=client
 git+https://github.com/MISP/MISP-STIX-Converter.git#egg=misp_stix_converter
 git+https://github.com/MISP/PyMISP.git#egg=pymisp
+git+https://github.com/sebdraven/pyonyphe#egg=pyonyphe
 pillow
 pytesseract
 SPARQLWrapper
diff --git a/misp_modules/modules/expansion/onyphe.py b/misp_modules/modules/expansion/onyphe.py
new file mode 100644
index 0000000..16a4e94
--- /dev/null
+++ b/misp_modules/modules/expansion/onyphe.py
@@ -0,0 +1,65 @@
+import json
+# -*- coding: utf-8 -*-
+
+import json
+try:
+    from onyphe import Onyphe
+except ImportError:
+    print("pyonyphe module not installed.")
+
+misperrors = {'error': 'Error'}
+
+mispattributes = {'input': ['ip-src', 'ip-dst', 'hostname', 'domains'], 'output': ['freetext']}
+# possible module-types: 'expansion', 'hover' or both
+moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven',
+              'description': 'Query on Onyphe',
+              'module-type': ['expansion', 'hover']}
+
+# config fields that your code expects from the site admin
+moduleconfig = ['apikey']
+
+
+
+def handler(q=False):
+    if q is False:
+        return False
+    request = json.loads(q)
+
+    if not request.get('config') and not (request['config'].get('apikey')):
+        misperrors['error'] = 'Onyphe authentication is missing'
+        return misperrors
+
+    api = Onyphe(request['config'].get('apikey'))
+
+    if not api:
+        misperrors['error'] = 'Onyphe Error instance api'
+
+    ip = ''
+    if request.get('ip-src'):
+        ip = request['ip-src']
+    elif request.get('ip-dst'):
+        ip = request['ip-dst']
+    else:
+        misperrors['error'] = "Unsupported attributes type"
+        return misperrors
+
+    return handle_expansion(api, ip, misperrors)
+
+
+def handle_expansion(api, ip, misperrors):
+    result = api.ip(ip)
+    if result['status'] == 'nok':
+        misperrors['error'] = result['message']
+        return misperrors
+
+    return {'results': [{'types': mispattributes['output'],
+                         'values': json.dumps(result)}]}
+
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo
\ No newline at end of file