MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
2,270 Commits
6 Branches
54 Tags
18 MiB
Commit Graph

857 Commits (3082e3c46930c4125767d86271ccc08baa158a0b)

Author SHA1 Message Date
Alexandre Dulaunoy dec2494a0a
chg: [apiosintds] make flake8 happy 2019-10-29 09:33:39 +01:00
Alexandre Dulaunoy fdbb0717e0
Merge pull request #344 from davidonzo/master 
Added apiosintDS module to query OSINT.digitalside.it services
 2019-10-29 08:56:29 +01:00
chrisr3d 204e5a7de9
Merge branch 'master' of github.com:MISP/misp-modules 2019-10-28 16:45:50 +01:00
chrisr3d 7a56174c40
fix: Fixed Geoip with the supported python library + fixed Geolite db path management 2019-10-28 16:39:08 +01:00
milkmix bdc5282e09 updated to geoip2 to support mmdb format 2019-10-25 18:09:44 +02:00
Davide 56e16dbaf5 Added apiosintDS module to query OSINT.digitalside.it services 2019-10-24 12:49:29 +02:00
chrisr3d e1602fdca9
fix: Updates following the latest CVE-search version 
- Support of the new vulnerable configuration
  field for CPE version > 2.2
- Support of different 'unknown CWE' message
 2019-10-23 11:55:36 +02:00
chrisr3d 63dba29c52
fix: Fixed module names with - to avoid errors with python paths 2019-10-18 11:09:10 +02:00
chrisr3d d740abe74b
fix: Making pep8 happy 2019-10-17 10:45:51 +02:00
chrisr3d a228e2505d
fix: Avoiding empty values + Fixed empty types error + Fixed filename KeyError 2019-10-17 10:42:34 +02:00
chrisr3d 5f7b127713
chg: Avoids returning empty values + easier results parsing 2019-10-15 23:30:39 +02:00
chrisr3d 8aca19ba68
chg: Taking into consideration if a user agent is specified in the module configuration 2019-10-15 11:25:30 +02:00
chrisr3d 6d19549184
fix: Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true 2019-10-13 20:23:02 +02:00
chrisr3d b560347d5d
fix: Considering the case of empty results 2019-10-08 15:49:09 +02:00
chrisr3d 8bcb630340
fix: Catching results exceptions properly 2019-10-08 15:48:26 +02:00
chrisr3d 2850d6f690
fix: Catching exceptions and results properly depending on the cases 2019-10-08 15:45:06 +02:00
chrisr3d 5d4a0bff98
fix: Handling cases where there is no result from the query 2019-10-08 13:28:23 +02:00
chrisr3d 662e58da88
fix: Fixed pattern parsing + made the module hover only 2019-10-07 16:46:32 +02:00
chrisr3d b9b78d1606
fix: Travis tests should be happy now 2019-10-04 17:22:32 +02:00
chrisr3d 6801289175
fix: Returning results in text format 
- Makes the hover functionality display the full
  result instead of skipping the records list
 2019-10-04 15:54:25 +02:00
chrisr3d 09590ca451
fix: Making pep8 happy 2019-09-17 14:13:05 +02:00
Christian Studer 205342996a
Merge pull request #335 from FafnerKeyZee/patch-2 
Travis should not be complaining with the tests after the latest update on "test_cve"
 2019-09-17 14:11:03 +02:00
Fafner [_KeyZee_] dc84c9f972
adding custom API 
Adding the possibility to have our own API server.
 2019-09-17 11:07:23 +02:00
Fafner [_KeyZee_] 5c09b66706
Cleaning the error message 
The original message can be confusing is the user change to is own API.
 2019-09-17 10:42:29 +02:00
chrisr3d 8d33d6c18c
add: New parameter to specify a custom CVE API to query 
- Any API specified here must return the same
  format as the CIRCL CVE search one in order to
  be supported by the parsing functions, and
  ideally provide response to the same kind of
  requests (so the CWE search works as well)
 2019-09-16 14:19:20 +02:00
chrisr3d 415fa55fff
fix: Avoiding issues when no CWE id is provided 2019-08-06 15:55:50 +02:00
chrisr3d 0b603fc5d3
fix: Fixed unnecessary dictionary field call 
- No longer necessary to go under 'Event' field
  since PyMISP does not contain it since the
  latest update
 2019-08-05 11:33:04 +02:00
chrisr3d 4df528c331
add: Added initial event to reference it from the vulnerability object created out of it 2019-08-02 15:35:33 +02:00
chrisr3d 034222d7b3
fix: Using the attack-pattern object template (copy-paste typo) 2019-08-02 10:10:44 +02:00
chrisr3d 7eb4f034c0
fix: Making pep8 happy 2019-08-01 17:17:16 +02:00
chrisr3d 5c15c0ff93
add: Making vulnerability object reference to its related capec & cwe objects 2019-08-01 15:37:10 +02:00
chrisr3d c4302aa35e
add: Parsing CAPEC information related to the CVE 2019-08-01 15:21:18 +02:00
chrisr3d 7445d7336e
add: Parsing CWE related to the CVE 2019-08-01 14:55:53 +02:00
chrisr3d 7b1c35d583
fix: Fixed cvss-score object relation name 2019-07-30 09:55:36 +02:00
chrisr3d 27f5c9ceeb Merge branch 'master' of github.com:MISP/misp-modules 2019-07-24 12:08:28 +02:00
chrisr3d 4ee0cbe4c5
add: Added virustotal_public to the list of available modules 2019-07-24 11:10:25 +02:00
Raphaël Vinot 80ce0a58b5 fix: Skip tests on haveibeenpwned.com if 403. Make pep8 happy. 2019-07-24 09:49:05 +02:00
chrisr3d 92d90e8e1c
add: TODO comment for the next improvement 2019-07-23 09:42:10 +02:00
chrisr3d 14cf39d8b6
chg: Updated the module to work with the updated VirusTotal API 
- Parsing functions updated to support the updated
  format of the VirusTotal API responses
- The module can now return objects
- /!\ This module requires a high number of
  requests limit rate to work as expected /!\
 2019-07-22 16:22:29 +02:00
chrisr3d 1fa37ea712
fix: Avoiding issues with non existing sample types 2019-07-22 11:43:35 +02:00
chrisr3d 675e0815ff
add: Parsing communicating samples returned by domain reports 2019-07-22 11:42:52 +02:00
chrisr3d c9c2027a57
fix: Undetected urls are represented in lists 2019-07-22 11:39:46 +02:00
chrisr3d 6fdfcb0a29
fix: Changed function name to avoid confusion with the same variable name 2019-07-22 09:53:19 +02:00
chrisr3d 729c86c336
fix: Quick fix on siblings & url parsing 2019-07-22 09:16:04 +02:00
chrisr3d 9aa721bc37
fix: typo 2019-07-19 16:20:24 +02:00
chrisr3d 641dda0103
add: Parsing downloaded samples as well as the referrer ones 2019-07-18 21:38:17 +02:00
chrisr3d 795edb7457
chg: Adding references between a domain and their siblings 2019-07-17 20:40:56 +02:00
chrisr3d 8de350744b
chg: Getting domain siblings attributes uuid for further references 2019-07-16 22:39:35 +02:00
chrisr3d a61d09db8b
fix: Parsing detected & undetected urls 2019-07-15 23:44:25 +02:00
chrisr3d d9b03a7aa5
fix: Various fixes about typo, variable names, data types and so on 2019-07-12 10:59:19 +02:00
chrisr3d f862a14ce6
add: Object for VirusTotal public API queries 
- Lighter analysis of the report to avoid reaching
  the limit of queries per minute while recursing
  on the different elements
 2019-07-11 22:59:07 +02:00
chrisr3d 3edc323836
fix: Making pep8 happy 2019-07-10 15:29:31 +02:00
chrisr3d 5703253961
new: First version of an advanced CVE parser module 
- Using cve.circl.lu as well as the initial module
- Going deeper into the CVE parsing
- More parsing to come with the CWE, CAPEC and so on
 2019-07-10 15:20:22 +02:00
chrisr3d 9e45d302b1
fix: Testing if an object is not empty before adding it the the event 2019-06-18 09:45:59 +02:00
chrisr3d 9fdd6c5e58
fix: Making travis happy 2019-06-15 08:17:29 +02:00
chrisr3d 2f3ce1b615
fix: Support of the latest version of sigmatools 2019-06-15 08:06:47 +02:00
Georg Schölly efb0a88eeb joesandbox_query.py: improve behavior in unexpected circumstances 2019-06-04 11:29:40 +02:00
chrisr3d aa3e873845
fix: Making pep8 happy + added joe_import module in the init list 2019-06-04 11:33:42 +10:00
chrisr3d 42bc6f8d2b
fix: Fixed variable name typo 2019-06-04 11:32:21 +10:00
chrisr3d ee48d99845
add: New expansion module to query Joe Sandbox API with a report link 2019-06-04 09:48:50 +10:00
chrisr3d f541b1f4ba Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-05-29 10:50:39 +10:00
Georg Schölly 1745d33ee4 add expansion for joe sandbox 2019-05-21 21:14:21 +02:00
chrisr3d d4bc85259d
fix: Removed unused library 2019-05-02 14:15:12 +02:00
chrisr3d a5ff849950 Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-05-02 13:23:24 +02:00
Steve Clement 553cf44337
fix: [pep8] Fixes 2019-05-02 10:37:48 +09:00
Koen Van Impe c8a4d8d76f New VMRay modules 
New JSON output format of VMRay
Prepare for automation (via PyMISP) with workflow taxonomy tags
 2019-05-01 22:44:24 +02:00
root 92351e6679
add: Added urlhaus in the expansion modules init list 2019-05-01 22:22:10 +02:00
root 9d3741aeb9 Merge branch 'master' of https://github.com/MISP/misp-modules into new_module 2019-04-30 08:59:05 +02:00
Alexandre Dulaunoy ec766f571c
chg: [init] cleanup for pep 2019-04-26 13:36:53 +02:00
Alexandre Dulaunoy 63c12f34e6
chg: [pdf-enrich] updated 2019-04-26 13:36:07 +02:00
Sascha Rommelfangen fc339c888d removed trailing whitespaces 2019-04-26 12:14:56 +02:00
Sascha Rommelfangen 1d4f8a6989 new modules added 2019-04-26 12:09:16 +02:00
Sascha Rommelfangen f55d7946df introduction of new modules 2019-04-26 12:07:55 +02:00
Sascha Rommelfangen 06036b7fe5 Merge branch 'master' of https://github.com/MISP/misp-modules 2019-04-24 15:01:03 +02:00
Sascha Rommelfangen 07f759b07a renamed file 2019-04-24 14:53:16 +02:00
Sascha Rommelfangen 5104bce451 renamed module 2019-04-24 14:53:03 +02:00
Alexandre Dulaunoy 81b0082ae5
chg: [init] removed trailing whitespace 2019-04-24 14:01:48 +02:00
Alexandre Dulaunoy 614fc1354b
chg: [ocr] re module not used - removed 2019-04-24 14:01:08 +02:00
Sascha Rommelfangen 7171c8ce92 initial version of OCR expansion module 2019-04-24 13:54:21 +02:00
Alexandre Dulaunoy 18a2370ae3
Merge pull request #291 from Evert0x/submitcuckoo 
Expansion module - File/URL submission to Cuckoo Sandbox
 2019-04-23 19:36:28 +02:00
Sascha Rommelfangen 2d8aaf09c2
brackets are difficult... 2019-04-23 15:40:22 +02:00
Alexandre Dulaunoy e55ae11a1e
chg: [qrcode] added to the __init__ 2019-04-23 14:45:12 +02:00
Alexandre Dulaunoy 44050ec4da
chg: [qrcode] flake8 needs some drugs 2019-04-23 14:44:00 +02:00
Alexandre Dulaunoy d5180e7e79
chg: [qrcode] various fixes to make it PEP compliant 2019-04-23 14:37:27 +02:00
Alexandre Dulaunoy a0fce1bc90
Merge branch 'qr-code-module' of https://github.com/rommelfs/misp-modules into rommelfs-qr-code-module 2019-04-23 14:33:06 +02:00
Sascha Rommelfangen c85ab8d93c
initial version of QR code reader 
Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code.
Identified values can be inserted into the event.
 2019-04-23 11:38:56 +02:00
Ricardo van Zutphen e6326185d5 Use double quotes and provide headers correctly 2019-04-19 16:24:30 +02:00
Ricardo van Zutphen 49acb53745 Update Cuckoo module to support files and URLs 2019-04-19 14:06:35 +02:00
Evert0x e243edb503
Update __init__.py 2019-04-18 14:25:05 +02:00
Evert0x eefa35c65d
Create cuckoo_submit.py 2019-04-18 00:23:38 +02:00
Raphaël Vinot f82933779f fix: pep8 foobar. 2019-04-02 16:01:36 +02:00
Raphaël Vinot 9cb21f98e1 fix: Add the new module sin the list of modules availables. 2019-04-02 15:46:17 +02:00
Raphaël Vinot c64f514a6f fix: Typos in variable names 2019-04-02 15:39:27 +02:00
Raphaël Vinot b89d068c04 new: Modules for greynoise, haveibeenpwned and macvendors 
Source: https://github.com/src7/misp-modules
 2019-04-02 15:30:11 +02:00
root 38fc479d12 Merge branch 'master' of https://github.com/MISP/misp-modules into new_module 2019-04-01 16:29:10 +02:00
root 2439d5f75d
fix: Fixed object_id variable name typo 2019-04-01 16:28:19 +02:00
Raphaël Vinot 1c0984eaec fix: Remove unused import 2019-03-15 11:06:11 +01:00
chrisr3d d87a67c6f3 Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-03-14 19:04:32 +01:00
chrisr3d 0b92fd5a53
fix: Making json_decode even happier with full json format 
- Using MISPEvent because it is cleaner & easier
- Also cleaner implementation globally
 2019-03-14 18:48:13 +01:00
Sascha Rommelfangen 5af667edff Merge branch 'master' of https://github.com/MISP/misp-modules 2019-03-14 14:41:24 +01:00
Sascha Rommelfangen eb2dcca12b fixed a bug when checking malformed BTC addresses 2019-03-14 14:39:58 +01:00
chrisr3d 62bc45e03a
fix: Using to_dict on attributes & objects instead of to_json to make json_decode happy in the core part 2019-03-14 14:31:38 +01:00
chrisr3d 9c8ee1f3d7
new: Expansion module to query urlhaus API 
- Using the next version of modules, taking a
  MISP attribute as input and able to return
  attributes and objects
- Work still in process in the core part
 2019-03-13 09:57:28 +01:00
Alexandre Dulaunoy 0bf27c1b69
chg: [btc_scam_check] fix spacing for making flake 8 happy 2019-02-11 14:23:18 +01:00
chrisr3d 74594f29aa
Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-02-11 09:28:49 +01:00
Alexandre Dulaunoy f0ccfd2027
chg: [backscatter.io] blind fix regarding undefined value 2019-02-10 16:56:01 +01:00
Alexandre Dulaunoy 7b1a837b10
chg: [backscatter.io] remove blank line at the end of the file 2019-02-10 16:40:06 +01:00
Alexandre Dulaunoy acc35e3a02
chg: [backscatter.io] Exception handler fixed for recent version of Python 2019-02-10 16:33:09 +01:00
9b c8b410161a Use the write var on return 2019-02-08 12:29:43 -05:00
9b e4c1468968 Stubbed module 2019-02-08 12:27:20 -05:00
chrisr3d 08fe0cbe09
fix: Description fixed 2019-02-05 14:54:22 +01:00
chrisr3d d1000d82c4
add: New module to check if a bitcoin address has been abused 
- Also related update of documentation
 2019-02-05 14:46:42 +01:00
Raphaël Vinot 454c9e0f43 fix: Pep8 related fixes. 2019-02-04 11:05:51 +01:00
Raphaël Vinot 3d47eb7420 fix: make flake8 happy 2019-01-25 10:45:07 +01:00
Sascha Rommelfangen c52b95cdbe sometimes server doesn't return expected values. fixed. 2019-01-24 09:51:46 +01:00
Raphaël Vinot 0189a117a3 fix: Change in the imports in other sigma module 2019-01-21 14:14:19 +01:00
Raphaël Vinot b791b177c3 fix: Change in the imports 2019-01-21 14:06:38 +01:00
Raphaël Vinot d5ec09fe4a fix: Change module name 2019-01-21 13:57:45 +01:00
Raphaël Vinot 55f05e0524 chg: Use pipenv, update bgpranking/ipasn modules 2019-01-21 13:31:52 +01:00
Raphaël Vinot 8fc5b1fd1f fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
Raphaël Vinot d0aec62f1a new: Intel471 module 2018-12-11 13:30:52 +01:00
Sascha Rommelfangen d5eb34270a Merge branch 'master' of https://github.com/MISP/misp-modules 2018-11-26 15:56:33 +01:00
Sascha Rommelfangen 96570caece cosmetic output change 2018-11-26 15:56:11 +01:00
chrisr3d e30a5d2502 fix: Removed not valid input type 2018-11-22 12:30:12 +01:00
chrisr3d 7cfc7a730b fix: Cleaned up not used variables 2018-11-22 12:27:45 +01:00
chrisr3d 627420ca43 fix: Updated rbl module result format 
- More readable as str than dumped json
 2018-11-22 12:27:16 +01:00
chrisr3d 547985b8ce fix: Added Macaddress.io module in the init list 2018-11-22 12:26:27 +01:00
chrisr3d be3063f3c6 fix: Typo on input type 2018-11-22 12:24:47 +01:00
chrisr3d 22173c249e add: Update to support sha1 & sha256 attributes 2018-11-22 12:23:40 +01:00
chrisr3d b778dd5e67 fix: Fixed type of the result in case of exception 
- Set as str since some exception types are not
  jsonable
 2018-11-21 16:06:22 +01:00
chrisr3d 1b44668094 fix: Added hostname attribute support as it is intended 2018-11-21 16:05:38 +01:00
chrisr3d 651f69126d Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch 2018-11-13 16:05:24 +01:00
chrisr3d 299e97d1ce
add: Added imphash to input attribute types 2018-11-13 15:40:47 +01:00
Sascha Rommelfangen 3e25428978 debug removed 2018-11-13 15:34:33 +01:00
Sascha Rommelfangen 8285ff324f API changes reflected 2018-11-13 15:30:06 +01:00
chrisr3d 58b3a069bf
fix: Updated yara import error message 
- Better to 'pip install -I -r REQUIREMENTS' to
  have the correct yara-python version working
  for all the modules, than having another one
  failing with yara hash & pe modules
 2018-11-12 16:22:14 +01:00
chrisr3d ad1ccdb9d0 Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch 2018-11-12 12:48:58 +01:00
Alexandre Dulaunoy 5d1583d88b
chg: [onyphe] fix #252 2018-11-11 15:49:14 +01:00
Sascha Rommelfangen 463d7ae874
bug fix regarding leftovers between runs 2018-11-07 14:57:19 +01:00
Steve Clement 91f922b5c4 chg: [btc] Removed simple PoC for btc expansion. 2018-11-07 22:53:21 +09:00
Sascha Rommelfangen 00b1b3214b added btc_steroids to the list 2018-11-07 14:28:28 +01:00
Sascha Rommelfangen b01cb28323 initial version of a Bitcoin module 2018-11-07 14:14:39 +01:00
Steve Clement 7bafa939b0 new: [btc] Very simple BTC expansion 
chg: [req] yara-python is preferred
 2018-11-06 00:48:36 +09:00
chrisr3d d1308f9924
chg: Validating yara rules after their creation 2018-11-02 21:35:02 +01:00
chrisr3d 1c10fd5e50
fix: Making yara query an expansion module for single attributes atm 2018-10-31 10:21:21 +01:00
chrisr3d 1d530a7fa6
new: First version of a yara rule creation expansion module 2018-10-18 14:44:57 +02:00
chrisr3d e2cebd6c3e
fix: Catching errors while parsing additional info in requests 2018-09-25 17:10:19 +02:00
Codelinefi-admin c19989e217 Fixed a bug with wrong dates conversion 2018-09-19 21:50:56 +03:00
isox f1325f4316 Fixed getting of the Vulners AI score. 2018-09-18 18:36:12 +03:00
Igor Ivanov 3e9589d0f4 code cleanup and formatting 2018-09-18 14:38:49 +02:00
Igor Ivanov 8d7d377464 added exploit information 2018-09-18 12:11:47 +02:00
Igor Ivanov 5dc05bfafc initial Vulners module PoC 2018-09-18 11:18:55 +02:00
Codelinefi-admin db7dbd6ed5 macaddress.io hover module added 2018-09-13 17:02:49 +03:00
chrisr3d 5c718c5379
fix: Making python 3.5 happy with the exception type ImportError 2018-09-08 02:53:15 +02:00
chrisr3d cfbd63f14e
fix: Fixed exception type for python 3.5 2018-09-07 18:06:01 +02:00
chrisr3d a18db2ed1d
fix: Fixed exception type 2018-09-07 17:56:25 +02:00
chrisr3d 48fcf9a85e
fix: Fixed syntax error 2018-09-07 17:49:28 +02:00
chrisr3d 26647a164b
fix: Fixed indentation error 2018-09-07 17:43:46 +02:00
chrisr3d 5c69f1d867 Merge branch 'master' of github.com:MISP/misp-modules 2018-09-07 16:59:21 +02:00
Sascha Rommelfangen ef781f59f8
fixed typo 
via #220
 2018-09-06 14:05:55 +02:00
chrisr3d ba728f7120
fix: Fixed 1 variable misuse + cleaned up variable names 
- Fixed use of 'domain' variable instead of 'email'
- Cleaned up variable names to avoid redefinition
  of built-in variables
 2018-09-03 14:43:51 +02:00
chrisr3d cdf2f434ce
fix: Avoiding adding attributes that are already in the event 2018-09-03 14:30:33 +02:00
chrisr3d 33181bc52b
fix: Fixed quick variable issue 2018-09-03 14:29:42 +02:00
chrisr3d 0ab38feade
fix: Cleaned up test function not used anymore 2018-09-03 13:17:48 +02:00
chrisr3d 936e30b15b
fix: Multiple attributes parsing support 
- Fixing one of my previous changes not processing
  multiple attributes parsing
 2018-09-03 12:03:42 +02:00
chrisr3d 2af947a2de
fix: Removed print 2018-09-03 10:23:05 +02:00
chrisr3d bc2a73c5cf Merge branch 'master' of github.com:MISP/misp-modules 2018-09-02 20:21:01 +02:00
chrisr3d 179430d69d
fix: Some cleanup and output types fixed 
- hashes types specified in output
 2018-08-31 21:38:53 +02:00
SuRb0 b0be965e57
Update urlscan.py 
Added hash to the search so you can take advantage of the new file down load function on urlscan.io.  You can use this to pivot on file hashes and find out domains that hosting the same malicious file.
 2018-08-30 19:41:34 -05:00
chrisr3d 35f3a5e43f
fix: Quick cleanup 2018-08-30 20:45:29 +02:00
chrisr3d 18bad54603 Merge branch 'master' of github.com:MISP/misp-modules 2018-08-30 09:11:25 +02:00
David J a697f65382
Add error handling for DNS failures, reduce imports, and simplify misp_comments 2018-08-14 10:51:15 -05:00
David J bdbf538893
Create urlscan.py 2018-08-10 16:00:01 -05:00
chrisr3d 3a57d11745 Merge branch 'chrisr3d_patch' of github.com:chrisr3d/misp-modules 2018-08-08 17:41:07 +02:00
chrisr3d 90baa1dd5a
add: Added DBL spamhaus module documentation and in expansion init file 2018-08-08 17:05:22 +02:00
chrisr3d 61232ad93e
new: Expansion hover module to check spamhaus DBL for a domain name 2018-08-08 17:00:10 +02:00
chrisr3d 0666a60b3d
fix: [cleanup] Quick clean up on exception type 2018-08-07 18:15:15 +02:00
chrisr3d bb6002a3ff
fix: [cleanup] Quick clean up on yaml load function 2018-08-07 18:14:29 +02:00
chrisr3d 57af98720d
fix: [cleanup] Quick clean up on exception type 2018-08-07 18:13:25 +02:00
sebdraven d7fac002af
Merge branch 'master' into dnstrails 2018-07-18 11:07:44 +02:00
Sebdraven 804e59ed8d change type of status 2018-07-18 10:58:51 +02:00
Sebdraven c8e20d9087 remove print 2018-07-18 10:51:47 +02:00
Sebdraven f2df6dc538 last commit for release 2018-07-18 10:47:42 +02:00
Sebdraven 88859a0ba7 add logs 2018-07-17 18:43:52 +02:00
Sebdraven 8cbeda40a5 add searching_stats 2018-07-17 18:42:01 +02:00
Sebdraven 9d603344c2 add searching_stats 2018-07-17 18:32:50 +02:00
Sebdraven c785cae89b correct key 2018-07-17 17:22:48 +02:00
Sebdraven 2706c4a82a correct key 2018-07-17 17:21:38 +02:00
Sebdraven 431c1511a3 correct param 2018-07-17 17:20:30 +02:00
Sebdraven 999ae1f6f0 add searching domains 2018-07-17 17:09:01 +02:00
Sebdraven a41cf59e0c add searching domains 2018-07-17 15:05:15 +02:00
Sebdraven 966f9603a9 add return 2018-07-12 15:02:46 +02:00
Sebdraven 7f52a15d16 add logs 2018-07-12 14:59:50 +02:00
Sebdraven 3eda712193 add whois expand to test 2018-07-12 14:58:48 +02:00
Sebdraven 5a422c2e5b add whois expand to test 2018-07-12 14:57:37 +02:00
Sebdraven db35c9b091 correct index error 2018-07-12 14:55:56 +02:00
Sebdraven 0341bdc398 error call functions 2018-07-12 14:52:01 +02:00
Sebdraven 2f5381d7b2 add logs 2018-07-12 14:49:51 +02:00
Sebdraven 0b0137829a add logs 2018-07-12 14:48:15 +02:00
Sebdraven 86d236f859 add status_ok to true 2018-07-12 14:47:34 +02:00
Sebdraven aa89a7fc4d add logs 2018-07-12 14:44:19 +02:00
Sebdraven 86d9427816 add logs 2018-07-12 14:42:33 +02:00
Sebdraven a0cf9de590 add logs 2018-07-12 14:38:38 +02:00
Sebdraven 9de201375b add logs 2018-07-12 14:37:09 +02:00
Sebdraven d56bf55038 add logs 2018-07-12 14:33:52 +02:00
Sebdraven 844b25b4cd correct out of bound returns 2018-07-12 14:32:56 +02:00
Sebdraven 9063da88cd correct key and return of functions 2018-07-12 14:27:59 +02:00
Sebdraven 731c06a939 add logs 2018-07-12 14:17:16 +02:00
Sebdraven fb595c08aa add logs 2018-07-12 14:16:19 +02:00
Sebdraven 41587bd568 correct typo 2018-07-12 14:14:43 +02:00
Sebdraven 4b0daee6f1 test whois history 2018-07-12 14:04:37 +02:00
Sebdraven 576b3c9b9b history whois dns 2018-07-12 13:40:51 +02:00
chrisr3d 32419c398e Merge branch 'master' of github.com:MISP/misp-modules 2018-07-12 00:05:01 +02:00
chrisr3d a62078aad1
add: Experimental expansion module to display the SIEM signatures from a sigma rule 2018-07-11 23:43:42 +02:00
Sebdraven 51067039da correct typo 2018-07-11 13:03:47 +02:00
Sebdraven 3a2aab6d71 rename misp modules 2018-07-11 12:41:54 +02:00
Sebdraven a8ae6e06e9 add a test to check if the list is not empty 2018-07-11 12:09:34 +02:00
Sebdraven f0a4c71908 add a test to check if the list is not empty 2018-07-11 12:08:01 +02:00
Sebdraven dbeec4682e add logs 2018-07-11 12:02:31 +02:00
Sebdraven fb262b451f debug whois 2018-07-11 12:00:59 +02:00
Sebdraven 80e71f582c debug ipv4 or ipv6 2018-07-11 11:58:42 +02:00
Sebdraven 386d38c88f add debug 2018-07-11 11:55:59 +02:00
Sebdraven 45decc728d debug 2018-07-11 11:55:31 +02:00
Sebdraven 45c473aef5 change status 2018-07-11 11:52:10 +02:00
Sebdraven 64e7f9c8b6 change history dns 2018-07-11 11:47:10 +02:00
Sebdraven 560dacbf7e add logs to debug 2018-07-11 11:40:22 +02:00
Sebdraven 74c611d2fb correct call function 2018-07-11 11:37:07 +02:00
Sebdraven f47a64b364 add history mx and soa 2018-07-11 11:24:49 +02:00
Sebdraven 43a49dafc6 add history dns and handler exception 2018-07-11 09:48:14 +02:00
Sebdraven 54d996cb00 add history dns 2018-07-11 09:39:09 +02:00
Sebdraven dcdb6e5895 switch type ip 2018-07-11 09:02:47 +02:00
Sebdraven 42c362d2fd refactoring expand_whois 2018-07-11 09:00:23 +02:00
Sebdraven 41635d43c7 correct typo 2018-07-11 08:49:59 +02:00
Sebdraven 3a96e189ed add ipv6 and ipv4 2018-07-11 08:43:23 +02:00
Sebdraven f2333a4978 change type 2018-07-10 16:55:13 +02:00
Sebdraven 9e6162a434 change type 2018-07-10 16:53:06 +02:00
Sebdraven 26950ea7de change loop 2018-07-10 16:51:31 +02:00
Sebdraven e9747a3379 add time sleep in each request 2018-07-10 16:41:44 +02:00
Sebdraven 602da3d1a3 control return of records 2018-07-10 16:35:01 +02:00
Sebdraven 495c720d0f add history ipv4 2018-07-10 16:31:39 +02:00
Sebdraven 21794249d0 add logs 2018-07-10 15:17:37 +02:00
Sebdraven b677cd5fc7 change categories 2018-07-10 15:16:02 +02:00
Sebdraven 1d100833a4 concat results 2018-07-10 15:12:27 +02:00
Sebdraven 1223d93d52 change name keys 2018-07-10 15:07:54 +02:00
Sebdraven 714c15f079 change return value 2018-07-10 15:05:10 +02:00
Sebdraven e1a1648f14 add logs 2018-07-10 15:01:04 +02:00
Sebdraven f710162bed change errors 2018-07-10 14:59:39 +02:00
Sebdraven 2a8fb76e84 add logs 2018-07-10 14:56:20 +02:00
Steve Clement 562a6b1308 - Removed test modules from view 
- Moved skeleton expansion module to it's proper place
 2018-07-03 08:27:54 +02:00
chrisr3d 90e42c0305
fix: Put the stix2-pattern library import in a try statement 
--> Error more easily caught
 2018-07-02 12:14:21 +02:00
chrisr3d 08d8459e1a
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00
Sebdraven 34da5cdb76 add expand whois 2018-06-29 17:57:11 +02:00
Sebdraven f1c6095914 typo 2018-06-29 17:26:56 +02:00
Sebdraven 78d6de9b7a add categories and comments 2018-06-29 17:25:37 +02:00
Sebdraven 0965def6bf add expand subdomains 2018-06-29 17:22:19 +02:00
Sebdraven 64847a8a04 add expand subdomains 2018-06-29 17:19:21 +02:00
Sebdraven 2d1adf4aa9 change categories 2018-06-29 16:30:47 +02:00
Sebdraven 0275e3ecd8 changes keys 2018-06-29 16:20:35 +02:00
Sebdraven f3962d2d05 add status ! 2018-06-29 16:17:32 +02:00
Sebdraven 09c52788b8 add methods 2018-06-29 16:11:24 +02:00
Sebdraven cfe971a271 add expand domains 2018-06-29 15:50:26 +02:00
Sebdraven 60f772b905 add new module dnstrails 2018-06-29 11:27:36 +02:00
chrisr3d b1c90b411e
add: Sigma syntax validator expansion module 
--> Checks sigma rules syntax
- Updated the expansion modules list as well
- Updated the requirements list
 2018-06-28 10:41:32 +02:00
chrisr3d 7c691af807
Updated the list of expansion modules 2018-06-28 10:39:40 +02:00
Sebdraven 785aac3e6b add return handle domains 2018-06-22 16:18:23 +02:00
Sebdraven 87b07b89b5 add search 2018-06-22 16:15:34 +02:00
Sebdraven 396b71ef3b add domain to expand 2018-06-22 16:06:34 +02:00
Sebdraven de6a81d488 correct bugs 2018-06-22 16:04:14 +02:00
Sebdraven 83999d6402 add domain expansion 2018-06-22 15:57:52 +02:00
Sebdraven 96c829470d add comment 2018-06-22 15:14:44 +02:00
Sebdraven 8d03354399 correct bugs 2018-06-22 15:12:10 +02:00
Sebdraven e9c18b3d5f correct comments 2018-06-22 13:03:09 +02:00
Sebdraven e230c88c15 add threat list expansion 2018-06-22 11:59:09 +02:00
Sebdraven 1d1fd36569 change method to concat methods 2018-06-20 18:05:28 +02:00
Sebdraven e712a31760 set status after requests 2018-06-20 18:04:12 +02:00
Sebdraven a9b7a10c41 set status after requests 2018-06-20 18:03:34 +02:00
Sebdraven 4166475f9e add logs 2018-06-20 18:02:12 +02:00
Sebdraven fe00f099f6 add logs 2018-06-20 17:59:49 +02:00
Sebdraven 153d8bd340 add logs 2018-06-20 17:56:19 +02:00
Sebdraven 9195887f98 pep 8 2018-06-20 17:51:46 +02:00
Sebdraven 2afd2b8aaf correct bug 2018-06-20 17:50:28 +02:00
Sebdraven 04e932cce0 add datascan expansion 2018-06-20 17:47:11 +02:00
Sebdraven b56f8cfa36 add reverse infos 2018-06-20 16:30:56 +02:00
Sebdraven d4be9d9fda add reverse infos 2018-06-20 16:29:04 +02:00
Sebdraven 4a8a79c560 add reverse infos 2018-06-20 16:26:09 +02:00
Sebdraven 0d120af647 add reverse infos 2018-06-20 16:24:17 +02:00
Sebdraven a24b529868 add forward infos 2018-06-20 15:33:21 +02:00
Sebdraven d0f42c1772 add comment of attributes 2018-06-20 15:07:55 +02:00
Sebdraven 915747073a add comment of attributes 2018-06-20 15:05:00 +02:00
Sebdraven 7eba7c0386 error loops 2018-06-20 14:53:08 +02:00
Sebdraven d1e72676f1 error method 2018-06-20 14:50:48 +02:00
Sebdraven 3a4294391f error type 2018-06-20 14:48:18 +02:00
Sebdraven 9427c76603 error keys 2018-06-20 14:45:06 +02:00
Sebdraven e1bc67afad add expansion synscan 2018-06-20 14:41:57 +02:00
Sebdraven 5426ec5380 change key access domains 2018-06-20 12:40:52 +02:00
Sebdraven 7a3c4b1084 change add in results 2018-06-20 12:38:41 +02:00
Sebdraven e8aefde2ee add logs 2018-06-20 12:36:32 +02:00
Sebdraven 7195f33f5d correct error keys 2018-06-20 12:34:07 +02:00
Sebdraven c14d05adef test patries expansion 2018-06-20 12:32:54 +02:00
Sebdraven 8ae7210aef add onyphe full module 2018-06-20 11:07:33 +02:00
Sebdraven 023c35f5d8 add onyphe full module and code the stub 2018-06-14 16:47:11 +02:00
Sebdraven 14695bbeb9 correct codecov 2018-06-11 13:34:45 +02:00
Sebdraven 755d907580 pep 8 compliant 2018-06-11 13:21:21 +02:00
Sebdraven f6b8655f64 correct type of comments 2018-06-11 12:29:51 +02:00
Sebdraven 43402fde26 correct typo 2018-06-11 12:28:40 +02:00
Sebdraven e0631c9651 correct typo 2018-06-11 12:02:34 +02:00
Sebdraven 59b49f9d20 add domains forward 2018-06-11 12:00:46 +02:00
Sebdraven d9ee5286e3 add domains 2018-06-11 11:59:00 +02:00
Sebdraven 2e0e63fad6 add targeting os 2018-06-11 11:25:17 +02:00
Sebdraven 7580c63433 add category for AS number 2018-06-11 10:59:06 +02:00
Sebdraven f069cd9bf4 change keys 2018-06-11 10:56:40 +02:00
Sebdraven 0a543ca0d5 change type 2018-06-11 10:55:44 +02:00
Sebdraven ef035d051b add category 2018-06-11 10:54:06 +02:00
Sebdraven 735e626058 add as number with onyphe 2018-06-11 10:41:05 +02:00
Sebdraven 04032d110c add as number with onyphe 2018-06-08 18:31:08 +02:00
Sebdraven cad35b5332 error indentation 2018-06-08 18:11:04 +02:00
Sebdraven 3ec1535897 correct key in map result 2018-06-08 18:09:59 +02:00
Sebdraven f18f8fe05a correct a bug 2018-06-08 18:01:58 +02:00
Sebdraven 6eeca0fba1 add pastebin url imports 2018-06-08 17:53:50 +02:00
Sebdraven e6bac113ba add onyphe module 2018-06-08 16:38:41 +02:00
Andras Iklody 0b0f57b30c
Update countrycode.py 2018-06-06 08:31:41 +02:00
Alexandre Dulaunoy 2d9b0cd172
Merge branch 'master' of github.com:MISP/misp-modules 2018-05-29 21:59:25 +02:00
Alexandre Dulaunoy 9664127b85
add: new expansion module to check hashes against hashdd.com including NSLR dataset. 2018-05-29 21:54:22 +02:00
Nick Driver 252d190714
fix missing comma 
fix ip-dst and vulnerability input
 2018-03-30 14:27:37 -04:00
Fred Morris d0f618b648 Add exception blocks for query errors. 2018-03-08 15:26:39 -08:00
x41\x43 0436118747
Improving regex (validating e-mail) 
Line 48:
The previous regex ` ^[\w\.\+\-]+\@[\w]+\.[a-z]{2,3}$ ` matched only a small subset of valid e-mail address (e.g.: didn't match domain names longer than 3 chars or user@this-domain.de or user@multiple.level.dom) and needed to be with start (^) and end ($).
This ` [a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])? ` is not perfect (e.g: can't match oriental chars), but imho is much more complete. 

Regex tested with several e-mail addresses with Python 3.6.4 and Python 2.7.14 on Linux 4.14.
 2018-03-06 18:12:36 +01:00
Andras Iklody 978903f911
Quick fix to the invalid hash types offered on all returned hashes, hopefully fixes #162 2018-02-20 14:08:14 +01:00
Dennis Rand 43db92dbe6 Added Yara syntax validation expansion module 2018-02-12 19:11:54 +00:00
Christophe Vandeplas 8a1a860cda added CrowdStrike Falcon Intel Indicators expansion module 2018-01-19 14:42:25 +01:00
chrisr3d d045cf7d5f
chg: Modified output format 2018-01-16 19:46:52 +01:00
chrisr3d 18523c4ada
Check an IPv4 address against known RBLs 2018-01-16 17:08:44 +01:00
Christophe Vandeplas 0be1886444
fix farsight_passivedns - rdata 404 not found 2018-01-16 15:13:17 +01:00
Christophe Vandeplas 4cdb143733 fixes missing init file in dnsdb library folder 2017-12-06 09:23:44 +01:00
Christophe Vandeplas 0ec8339d7a New Farsight DNSDB Passive DNS expansion module 2017-12-05 16:41:41 +01:00
Jericho 32958324ca
minor touch-ups on error messages for user friendliness 2017-11-16 23:04:41 -07:00
Koen Van Impe 74e660d61b VulnDB Queries 
Search on CVE at https://vulndb.cyberriskanalytics.com/
    https://www.riskbasedsecurity.com/
Get extended CVE info, links + CPE
 2017-11-06 14:23:03 +01:00
Alexandre Dulaunoy 03baa0b84d
fix: #137 when a CVE is not found, a return message is given 2017-10-21 19:52:19 +02:00
Chris Doman c4fe78b39d Add AlienVault OTX and ThreatCrowd Expansions 2017-07-11 18:16:45 +01:00
Hannah Ward 648c6414c3
fix: Use the proper formatting method and not the horrible % one 2017-03-08 16:35:03 +00:00
kx499 aa3a11cd5f bug fixes 2017-03-08 04:08:23 +01:00
kx499 31a8fb0fe4 threatminer initial commit 2017-03-06 21:36:00 -05:00
Raphaël Vinot 44867b2adc Cosmetic changes 2017-03-05 18:59:36 +01:00
kx499 3ecd095d1e bug fixes, tweaks, and python3 learning curve :) 2017-03-04 03:10:45 +01:00
kx499 01fdf3e52b Initial commit of IPRep module 2017-03-03 15:55:52 -05:00
kx499 bc1eab3520 fixed spacing, addressed error handling for public api, added subdomains, and added context comment 2017-02-28 22:04:24 -05:00
rmarsollier b5b7e09ef4 Some improvements of virustotal plugin 2017-02-10 14:16:39 +01:00
Joerg Stephan de3495ea6c passed local run check 2017-02-01 14:05:29 +01:00
Joerg Stephan 68250094ff v1 2017-01-31 16:57:16 +01:00
Joerg Stephan dad73feaa4 python3 changes 2017-01-31 16:34:41 +01:00
Joerg Stephan 3590504821 XForce Exchange v1 (alpha) 2017-01-21 23:31:19 +01:00
Hannah Ward 727f302dd1 Standardised key checking 2017-01-07 10:38:28 -05:00
Hannah Ward 20fd05a231 Fixed checking for submission_names in VT JSON 2017-01-07 10:37:57 -05:00
CheYenBzh d7b33532eb Update virustotal.py 2017-01-07 10:37:47 -05:00
Raphaël Vinot 9bf1c936cf Do not crash if the dat file is not available 2016-12-16 15:22:16 +01:00
Raphaël Vinot 064c3e3649 Fix path to config file 2016-12-16 15:14:48 +01:00
Raphaël Vinot 29bedc7faa Merge branch 'master' of https://github.com/amuehlem/misp-modules into amuehlem-master 2016-12-16 15:05:45 +01:00
Raphaël Vinot 60d3e0a1ac Better error reporting 2016-12-16 12:02:28 +01:00
Raphaël Vinot ffc0a97126 Catch exception 2016-12-16 11:52:51 +01:00
Raphaël Vinot 467e50327d Add reverse lookup 2016-12-16 11:22:22 +01:00
Raphaël Vinot 4a8ccb54fb Refactoring of domaintools expansion module 2016-12-15 16:49:56 +01:00
Andreas Muehlemann cc58b05d6e added empty line to end of config file 2016-12-07 17:28:16 +01:00
Andreas Muehlemann 98a27ac3ff removed DEFAULT section from configfile 2016-12-07 16:36:02 +01:00
Andreas Muehlemann 6853d67a43 fixed more typos 2016-12-07 16:13:46 +01:00
Andreas Muehlemann 6dcc77ba5d fixed typo 2016-12-07 15:48:08 +01:00
Andreas Muehlemann a95af26424 changed configparser from python2 to python3 2016-12-07 15:30:49 +01:00
Andreas Muehlemann 1e1796b414 updated missing parenthesis 2016-12-07 15:19:54 +01:00
Andreas Muehlemann bb62394c1e Merge branch 'geoip_country' 2016-12-07 14:54:33 +01:00
Andreas Muehlemann d09c2f3d44 removed unneeded config option for misp 2016-12-07 14:29:11 +01:00
Andreas Muehlemann 6ea7acc5e4 removed debug message 2016-12-07 14:28:27 +01:00
Andreas Muehlemann f8c7271467 added config option to geoip_country.py 2016-12-07 14:18:21 +01:00
Raphaël Vinot 2e3119b5f4 Add domaintools to the import list 2016-12-01 17:36:40 +01:00
Raphaël Vinot 0f8fa4aaec Fix Typo 2016-12-01 16:44:29 +01:00
Raphaël Vinot 17205a1913 Add domain profile and reputation 2016-12-01 16:41:50 +01:00
Raphaël Vinot 7db1216efb Add more comments 2016-12-01 13:45:14 +01:00
Raphaël Vinot 9dbd241e63 fix typo 2016-12-01 12:14:16 +01:00
Raphaël Vinot 6db5436c62 remove json.dumps 2016-12-01 11:54:04 +01:00
Raphaël Vinot afd8b71349 Avoid passing None in comments 2016-12-01 10:26:40 +01:00
Raphaël Vinot 7c6153478e Add comments to fields when possible 2016-11-30 18:09:11 +01:00
Raphaël Vinot 48d38c2821 Add initial Domain Tools module 2016-11-28 18:12:31 +01:00
Koen Van Impe 3253d92b42 Submit malware samples 
_submit now includes malware samples (zipped content from misp)
_import checks when no vti_results are returned + bugfix
 2016-11-18 18:23:52 +01:00
Raphaël Vinot c676587461 Multiple clanges in the vmray modules. 
* Generic fix to load modules requiring a local library
* Fix python3 support
* PEP8 related cleanups
 2016-11-15 16:43:11 +01:00
Koen Van Impe adda9562c0 VMRay Import & Submit module 
* First commit
* No support for archives (yet) submit
 2016-11-13 21:43:59 +01:00
Roman Graf 03b6fd7b74 label replaced by text, which is existing attribute 2016-10-11 14:48:59 +02:00
Alexandre Dulaunoy d7137221db Chg: wikidata module added 2016-10-07 16:21:54 +02:00
Roman Graf d4370fc0e3 Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. 2016-10-07 12:57:01 +02:00
Andreas Muehlemann a568d1a1b3 updated geoip_country to __init__.py 2016-09-28 14:06:18 +02:00
Andreas Muehlemann 4bc76acd37 added geoip_country.py 2016-09-28 14:05:43 +02:00
Andreas Muehlemann 985f9de800 added new module reversedns.py, added reversedns to __init__.py 2016-09-22 11:42:52 +02:00
Raphaël Vinot a0cce11964 Dump host info as text 2016-09-15 15:59:08 +02:00
Raphaël Vinot ea2f106b00 Fix typo 2016-09-15 15:32:13 +02:00
Raphaël Vinot 43834b6d51 Add simple Shodan module 2016-09-15 15:11:04 +02:00
Alexandre Dulaunoy 2df8bf970e Merge pull request #47 from FloatingGhost/CEF_Export 
CEF export, fixes in CountryCode, virustotal
 2016-09-01 19:39:16 +02:00
Hannah Ward 4f923d6606
Removed silly subdomain module 2016-09-01 16:14:25 +01:00
Hannah Ward a492d975c4
Now searches within observable_compositions 2016-08-19 17:21:12 +01:00
Hannah Ward 9db9247e55
Removed calls to print 2016-08-17 13:04:30 +01:00
Hannah Ward 232014f221
Added virustotal tests 2016-08-17 13:01:11 +01:00
Alexandre Dulaunoy 062f2dfd30 New modules added to __init__ 2016-08-17 11:27:07 +02:00
Hannah Ward 4ba86d4fa3
CountryCode JSON now is only grabbed once per server run 2016-08-17 09:51:16 +01:00
Hannah Ward 042bf2bb2f
Added virustotal module 2016-08-17 09:30:15 +01:00
Hannah Ward 0f9221229a
Improved virustotal module 2016-08-15 11:09:40 +01:00
Hannah Ward 917c95cad5
Added countrycode, working on virustotal 2016-08-12 17:40:00 +01:00
Hannah Ward 4f5059fca4
Added lookup by country code 2016-08-12 14:45:28 +01:00
Raphaël Vinot 59b16950f7 Remove bin script, use cleaner way. Fix last commit. 2016-08-12 12:35:33 +02:00
iglocska 6116c017c1 Update to the DNS module to support domain|ip 2016-08-10 17:11:46 +02:00
Raphaël Vinot b3a322a178 Pass the server port as integer to the uwhois client 2016-08-04 17:44:40 +02:00
Raphaël Vinot f72534c785 Add whois module 2016-08-04 17:23:23 +02:00
Raphaël Vinot 22eaba6ab6 Make sure misp-modules can be launched from anywhere 2016-06-23 19:51:13 +09:00