From f72534c785fc5b5e1f9400560493ebcd9798b611 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 4 Aug 2016 17:23:23 +0200
Subject: [PATCH] Add whois module

---
 REQUIREMENTS                            |  1 +
 misp_modules/modules/expansion/whois.py | 49 +++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100755 misp_modules/modules/expansion/whois.py

diff --git a/REQUIREMENTS b/REQUIREMENTS
index bde8f24..7656078 100644
--- a/REQUIREMENTS
+++ b/REQUIREMENTS
@@ -9,3 +9,4 @@ redis
 pyeupi
 ipasn-redis
 asnhistory
+git+https://github.com/Rafiot/uwhoisd.git@testing#egg=uwhois&subdirectory=client
diff --git a/misp_modules/modules/expansion/whois.py b/misp_modules/modules/expansion/whois.py
new file mode 100755
index 0000000..245551b
--- /dev/null
+++ b/misp_modules/modules/expansion/whois.py
@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+
+import json
+from uwhois import Uwhois
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['domain', 'ip-src', 'ip-dst'], 'output': ['freetext']}
+moduleinfo = {'version': '0.1', 'author': 'Raphaël Vinot',
+              'description': 'Query a local instance of uwhois (https://github.com/rafiot/uwhoisd)',
+              'module-type': ['expansion']}
+
+moduleconfig = ['server', 'port']
+
+
+def handler(q=False):
+    if q is False:
+        return False
+    request = json.loads(q)
+    if request.get('domain'):
+        toquery = request['domain']
+    elif request.get('ip-src'):
+        toquery = request['ip-src']
+    elif request.get('ip-dst'):
+        toquery = request['ip-dst']
+    else:
+        misperrors['error'] = "Unsupported attributes type"
+        return misperrors
+
+    if not request.get('config') and not (request['config'].get('apikey') and request['config'].et('url')):
+        misperrors['error'] = 'EUPI authentication is missing'
+        return misperrors
+
+    uwhois = Uwhois(request['config']['server'], request['config']['port'])
+
+    if 'event_id' in request:
+        return handle_expansion(uwhois, toquery)
+
+
+def handle_expansion(w, domain):
+    return {'results': [{'types': mispattributes['output'], 'values': w.query(domain)}]}
+
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo