MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
371 Commits
24 Branches
47 Tags
23 MiB
Commit Graph

371 Commits (40c71af637bfeeff26c3936ea29b93077c093618)

Author SHA1 Message Date
seamus tuohy 40c71af637 Added support for malformed internationalized email headers 
When an emails contains headers that use Unicode without properly crafing
them to comform to RFC-6323 the email import module would crash.
(See issue #119 & issue #93)

To address this I have added additional layers of encoding/decoding to
any possibly internationalized email headers. This decodes properly
formed and malformed UTF-8, UTF-16, and UTF-32 headers appropriately.
When an unknown encoding is encountered it is returned as an 'encoded-word'
per RFC2047.

This commit also adds unit-tests that tests properly formed and malformed
UTF-8, UTF-16, UTF-32, and CJK encoded strings in all header fields; UTF-8,
UTF-16, and UTF-32 encoded message bodies; and emoji testing for headers
and attachment file names.
 2017-07-02 18:03:14 -04:00
seamus tuohy 3eecf9afe5 Merge branch 'master' into utf_hate 2017-07-01 18:23:01 -04:00
Raphaël Vinot 8ed344778c Use proper version of PyMISP 2017-05-24 07:52:31 +02:00
Raphaël Vinot c42c8a800e Update travis, fix open ioc import 2017-05-24 07:39:18 +02:00
Alexandre Dulaunoy a510098b10 Merge pull request #122 from truckydev/master 
Add tags on import with ioc import module
 2017-05-11 10:27:42 +02:00
Tristan METAYER 75c02058e6 replace tab by space 2017-05-11 09:56:43 +02:00
Tristan METAYER ba1d715ad1 Add a field for user to add tag for this import 2017-05-11 09:54:25 +02:00
Andras Iklody abf8b8989a Merge pull request #121 from truckydev/master 
If filename add iocfilename as attachment
 2017-05-02 15:14:49 +02:00
Tristan METAYER 96f9cb4699 typo correction 2017-05-02 15:07:33 +02:00
Tristan METAYER 4ef7261168 Add user config to not add file as attachement in a box 2017-05-02 15:04:40 +02:00
Tristan METAYER 79f48eccfe If filename add iocfilename as attachment 2017-05-02 14:41:22 +02:00
Alexandre Dulaunoy 3cb12d6962 Merge pull request #118 from truckydev/master 
Add indent field for export
 2017-04-23 12:21:16 +02:00
Tristan METAYER 24c51a6e21 Add indent field for export 2017-04-21 15:53:48 +02:00
Alexandre Dulaunoy eda88c5b1f Merge pull request #115 from FloatingGhost/master 
fix: Use the proper formatting method and not the horrible % one
 2017-03-08 17:43:37 +01:00
Alexandre Dulaunoy cdc61c34bd Missing expansion modules added in README 2017-03-08 17:37:28 +01:00
Hannah Ward 648c6414c3
fix: Use the proper formatting method and not the horrible % one 2017-03-08 16:35:03 +00:00
Alexandre Dulaunoy 9bf3346e88 ThreatMiner added 2017-03-08 17:25:11 +01:00
Alexandre Dulaunoy 166d871c5e Merge pull request #114 from kx499/master 
ThreatMiner Expansion module
 2017-03-08 17:18:40 +01:00
kx499 aa3a11cd5f bug fixes 2017-03-08 04:08:23 +01:00
kx499 31a8fb0fe4 threatminer initial commit 2017-03-06 21:36:00 -05:00
Raphaël Vinot 44867b2adc Cosmetic changes 2017-03-05 18:59:36 +01:00
Raphaël Vinot ad49fd3819 Merge pull request #111 from kx499/master 
Handful of changes to VirusTotal module
 2017-03-05 18:31:50 +01:00
kx499 3ecd095d1e bug fixes, tweaks, and python3 learning curve :) 2017-03-04 03:10:45 +01:00
kx499 01fdf3e52b Initial commit of IPRep module 2017-03-03 15:55:52 -05:00
kx499 bc1eab3520 fixed spacing, addressed error handling for public api, added subdomains, and added context comment 2017-02-28 22:04:24 -05:00
Alexandre Dulaunoy 312f792b22 OpenIOC import module added 2017-02-27 14:10:11 +01:00
Raphaël Vinot c508e60f65 Add OpenIOC import module 2017-02-27 13:32:31 +01:00
Alexandre Dulaunoy 8bd9b46713 Merge pull request #109 from truckydev/master 
add information about offline installation
 2017-02-24 15:21:08 +01:00
truckydev 6953b847e5 add information about offline installation 2017-02-24 15:09:18 +01:00
Alexandre Dulaunoy 57ec8baba8 Merge pull request #106 from truckydev/master 
Lite export of an event
 2017-02-21 17:24:05 +01:00
Tristan METAYER 20cb534203 Exclude internal reference 2017-02-21 17:12:17 +01:00
Tristan METAYER dd2646a0f4 Add lite Export module 2017-02-21 16:48:09 +01:00
Alexandre Dulaunoy 6f378578dc fix: misp-modules are by default installed in /bin 2017-02-21 11:27:59 +01:00
Alexandre Dulaunoy 09bf2f918f Merge pull request #100 from rmarsollier/master 
Some improvements of virustotal plugin
 2017-02-10 17:47:51 +01:00
rmarsollier b5b7e09ef4 Some improvements of virustotal plugin 2017-02-10 14:16:39 +01:00
Raphaël Vinot fb3624451d Merge pull request #96 from johestephan/master 
XForce Exchange v1 (alpha)
 2017-02-06 17:40:49 +01:00
Joerg Stephan de3495ea6c passed local run check 2017-02-01 14:05:29 +01:00
Joerg Stephan 68250094ff v1 2017-01-31 16:57:16 +01:00
Joerg Stephan 2651e68238 removed urrlib2 2017-01-31 16:54:53 +01:00
Joerg Stephan dad73feaa4 python3 changes 2017-01-31 16:34:41 +01:00
Joerg Stephan 03044e1e6a merged xforce exchange 2017-01-22 00:00:15 +01:00
Joerg Stephan 3590504821 XForce Exchange v1 (alpha) 2017-01-21 23:31:19 +01:00
seamus tuohy 0566049c63 Added unit tests for UTF emails 2017-01-11 17:53:54 -05:00
Alexandre Dulaunoy 8bdb0fcdc9 Merge pull request #56 from RichieB2B/ncsc-nl/mispjson 
Simple import module to import MISP JSON format
 2017-01-11 10:16:33 +01:00
Richard van den Berg 3a4c540a81 Updated description to reflect merging use case 2017-01-11 10:08:35 +01:00
Richard van den Berg 50bae1f549 Simple import module to import MISP JSON format 2017-01-11 10:08:35 +01:00
Alexandre Dulaunoy bf5ed3d032 Merge pull request #92 from seamustuohy/duck_typing_failure 
Email import no longer unzips major compressed text document formats.
 2017-01-10 16:04:28 +01:00
seamus tuohy 83a9d695ea Email import no longer unzips major compressed text document formats. 
Let this commit serve as a warning about the perils of duck typing.
Word documents (docx,odt,etc) were being uncompressed when they were
attached to emails. The email importer now checks a list of well known
extensions and will not attempt to unzip them.

It is stuck using a list of extensions instead of using file magic because
many of these formats produce an application/zip mimetype when scanned.
 2017-01-10 09:55:33 -05:00
Raphaël Vinot 7ec6e3dc8e Merge branch 'master' of github.com:MISP/misp-modules 2017-01-07 19:30:36 -05:00
Raphaël Vinot 1051e2210b Keep zip content as binary 2017-01-07 19:30:00 -05:00