MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:MISP/misp-modules into documentation

pull/233/head
chrisr3d 2018-03-11 22:25:19 +01:00
parent 68b20f2dd5 7a8aacb986
commit f9332c17ff
2 changed files with 28 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
misp_modules/modules/expansion/farsight_passivedns.py
View File

@ -1,5 +1,5 @@
import json import json
from ._dnsdb_query.dnsdb_query import DnsdbClient from ._dnsdb_query.dnsdb_query import DnsdbClient, QueryError
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
@ -41,26 +41,35 @@ def handler(q=False):
def lookup_name(client, name): def lookup_name(client, name):
res = client.query_rrset(name) # RRSET = entries in the left-hand side of the domain name related labels try:
for item in res: res = client.query_rrset(name) # RRSET = entries in the left-hand side of the domain name related labels
if item.get('rrtype') in ['A', 'AAAA', 'CNAME']: for item in res:
for i in item.get('rdata'): if item.get('rrtype') in ['A', 'AAAA', 'CNAME']:
yield(i.rstrip('.')) for i in item.get('rdata'):
if item.get('rrtype') in ['SOA']: yield(i.rstrip('.'))
for i in item.get('rdata'): if item.get('rrtype') in ['SOA']:
# grab email field and replace first dot by @ to convert to an email address for i in item.get('rdata'):
yield(i.split(' ')[1].rstrip('.').replace('.', '@', 1)) # grab email field and replace first dot by @ to convert to an email address
# res = client.query_rdata_name(name) # RDATA = entries on the right-hand side of the domain name related labels yield(i.split(' ')[1].rstrip('.').replace('.', '@', 1))
# for item in res: except QueryError as e:
# if item.get('rrtype') in ['A', 'AAAA', 'CNAME']: pass
# yield(item.get('rrname').rstrip('.'))
try:
res = client.query_rdata_name(name) # RDATA = entries on the right-hand side of the domain name related labels
for item in res:
if item.get('rrtype') in ['A', 'AAAA', 'CNAME']:
yield(item.get('rrname').rstrip('.'))
except QueryError as e:
pass
def lookup_ip(client, ip): def lookup_ip(client, ip):
res = client.query_rdata_ip(ip) try:
for item in res: res = client.query_rdata_ip(ip)
print(item) for item in res:
yield(item['rrname'].rstrip('.')) yield(item['rrname'].rstrip('.'))
except QueryError as e:
pass
def introspection(): def introspection():

2
misp_modules/modules/expansion/otx.py
View File

@ -45,7 +45,7 @@ def findAll(data, keys):
return a return a
def valid_email(email): def valid_email(email):
return bool(re.search(r"^[\w\.\+\-]+\@[\w]+\.[a-z]{2,3}$", email)) return bool(re.search(r"[a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?", email))
def handler(q=False): def handler(q=False):
if q is False: if q is False: