Update ip2locationiopy and add documentations

pull/645/head
ip2location 2023-12-08 10:01:14 +08:00
parent 58265dc925
commit f0b610907d
7 changed files with 27 additions and 16 deletions

View File

@ -49,6 +49,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
* [html_to_markdown](misp_modules/modules/expansion/html_to_markdown.py) - Simple HTML to markdown converter * [html_to_markdown](misp_modules/modules/expansion/html_to_markdown.py) - Simple HTML to markdown converter
* [HYAS Insight](misp_modules/modules/expansion/hyasinsight.py) - a hover and expansion module to get information from [HYAS Insight](https://www.hyas.com/hyas-insight). * [HYAS Insight](misp_modules/modules/expansion/hyasinsight.py) - a hover and expansion module to get information from [HYAS Insight](https://www.hyas.com/hyas-insight).
* [intel471](misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com). * [intel471](misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
* [IP2Location.io](misp_modules/modules/expansion/ip2locationio.py) - an expansion module to get additional information on an IP address using the IP2Location.io API
* [IPASN](misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address. * [IPASN](misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
* [ipinfo.io](misp_modules/modules/expansion/ipinfo.py) - an expansion module to get additional information on an IP address using the ipinfo.io API * [ipinfo.io](misp_modules/modules/expansion/ipinfo.py) - an expansion module to get additional information on an IP address using the ipinfo.io API
* [iprep](misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net. * [iprep](misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.

View File

@ -42,6 +42,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
* [hashdd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset. * [hashdd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset.
* [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py) - a hover module to lookup against Have I Been Pwned? * [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py) - a hover module to lookup against Have I Been Pwned?
* [intel471](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com). * [intel471](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
* [IP2Location.io](misp_modules/modules/expansion/ip2locationio.py) - an expansion module to get additional information on an IP address using the IP2Location.io API
* [IPASN](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address. * [IPASN](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
* [iprep](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net. * [iprep](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
* [Joe Sandbox submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/joesandbox_submit.py) - Submit files and URLs to Joe Sandbox. * [Joe Sandbox submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/joesandbox_submit.py) - Submit files and URLs to Joe Sandbox.

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.0 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.0 KiB

View File

@ -0,0 +1,13 @@
{
"description": "An expansion module to query IP2Location.io to gather more information on a given IP address.",
"logo": "ip2locationio.png",
"requirements": [
"An IP2Location.io token"
],
"input": "IP address attribute.",
"output": "Additional information on the IP address, such as geolocation, proxy and so on. Refer to the Response Format section in https://www.ip2location.io/ip2location-documentation to find out the full format of the data returned.",
"references": [
"https://www.ip2location.io/ip2location-documentation"
],
"features": "The module takes an IP address attribute as input and queries the IP2Location.io API. \nFree plan user will get the basic geolocation informaiton, and different subsription plan will get more information on the IP address. \n Refer to [pricing page](https://www.ip2location.io/pricing) for more information on data available for each plan. \n\nMore information on the responses content is available in the [documentation](https://www.ip2location.io/ip2location-documentation)."
}

View File

@ -497,6 +497,14 @@ class JoeParser():
self.misp_event.add_attribute(**attribute) self.misp_event.add_attribute(**attribute)
reference = dict(referenced_uuid=attribute.uuid, relationship_type='contacts') reference = dict(referenced_uuid=attribute.uuid, relationship_type='contacts')
self.add_process_reference(ip['@targetid'], ip['@currentpath'], reference) self.add_process_reference(ip['@targetid'], ip['@currentpath'], reference)
ip2locationio = self.data['ip2locationio']
if ip2locationio:
for ip in ip2locationio['ip']:
attribute = MISPAttribute()
attribute.from_dict(**{'type': 'ip-dst', 'value': ip['@ip'], 'to_ids': False})
self.misp_event.add_attribute(**attribute)
reference = dict(referenced_uuid=attribute.uuid, relationship_type='contacts')
self.add_process_reference(ip['@targetid'], ip['@currentpath'], reference)
urlinfo = self.data['urlinfo'] urlinfo = self.data['urlinfo']
if urlinfo: if urlinfo:
for url in urlinfo['url']: for url in urlinfo['url']:

View File

@ -17,8 +17,8 @@ moduleconfig = ['key']
_GEOLOCATION_OBJECT_MAPPING = { _GEOLOCATION_OBJECT_MAPPING = {
'country_code': 'countrycode', 'country_code': 'countrycode',
'country_name': 'country name', 'country_name': 'country',
'region_name': 'region name', 'region_name': 'region',
'city_name': 'city', 'city_name': 'city',
'zip_code': 'zipcode', 'zip_code': 'zipcode',
'latitude': 'latitude', 'latitude': 'latitude',
@ -43,7 +43,7 @@ def handler(q=False):
# Query ip2location.io # Query ip2location.io
query = requests.get( query = requests.get(
f"https://api.ip2location.io/json?key={request['config']['key']&ip={attribute['value']}" f"https://api.ip2location.io/json?key={request['config']['key']}&ip={attribute['value']}"
) )
if query.status_code != 200: if query.status_code != 200:
return {'error': f'Error while querying ip2location.io - {query.status_code}: {query.reason}'} return {'error': f'Error while querying ip2location.io - {query.status_code}: {query.reason}'}
@ -67,18 +67,6 @@ def handler(q=False):
geolocation.add_reference(input_attribute.uuid, 'locates') geolocation.add_reference(input_attribute.uuid, 'locates')
misp_event.add_object(geolocation) misp_event.add_object(geolocation)
# Parse proxy information
proxy = MISPObject('proxy')
proxy.add_reference(input_attribute.uuid, 'related-to')
if iplio_result.get('proxy') is not None:
proxy_info = iplio_result['proxy']
proxy.add_attribute('proxy_type', proxy_info['proxy_type'])
proxy.add_attribute('threat', proxy_info['threat'])
proxy.add_attribute('provider', proxy_info['provider'])
proxy.add_attribute('last_seen', proxy_info['last_seen'])
misp_event.add_object(proxy)
# Return the results in MISP format # Return the results in MISP format
event = json.loads(misp_event.to_json()) event = json.loads(misp_event.to_json())
return { return {