Commit Graph

382 Commits (413cc2469fa7dacc4e0f07dbe87063771fbfb01e)

Author SHA1 Message Date
chrisr3d 61232ad93e
new: Expansion hover module to check spamhaus DBL for a domain name 2018-08-08 17:00:10 +02:00
chrisr3d 0666a60b3d
fix: [cleanup] Quick clean up on exception type 2018-08-07 18:15:15 +02:00
chrisr3d bb6002a3ff
fix: [cleanup] Quick clean up on yaml load function 2018-08-07 18:14:29 +02:00
chrisr3d 57af98720d
fix: [cleanup] Quick clean up on exception type 2018-08-07 18:13:25 +02:00
sebdraven d7fac002af
Merge branch 'master' into dnstrails 2018-07-18 11:07:44 +02:00
Sebdraven 804e59ed8d change type of status 2018-07-18 10:58:51 +02:00
Sebdraven c8e20d9087 remove print 2018-07-18 10:51:47 +02:00
Sebdraven f2df6dc538 last commit for release 2018-07-18 10:47:42 +02:00
Sebdraven 88859a0ba7 add logs 2018-07-17 18:43:52 +02:00
Sebdraven 8cbeda40a5 add searching_stats 2018-07-17 18:42:01 +02:00
Sebdraven 9d603344c2 add searching_stats 2018-07-17 18:32:50 +02:00
Sebdraven c785cae89b correct key 2018-07-17 17:22:48 +02:00
Sebdraven 2706c4a82a correct key 2018-07-17 17:21:38 +02:00
Sebdraven 431c1511a3 correct param 2018-07-17 17:20:30 +02:00
Sebdraven 999ae1f6f0 add searching domains 2018-07-17 17:09:01 +02:00
Sebdraven a41cf59e0c add searching domains 2018-07-17 15:05:15 +02:00
Sebdraven 966f9603a9 add return 2018-07-12 15:02:46 +02:00
Sebdraven 7f52a15d16 add logs 2018-07-12 14:59:50 +02:00
Sebdraven 3eda712193 add whois expand to test 2018-07-12 14:58:48 +02:00
Sebdraven 5a422c2e5b add whois expand to test 2018-07-12 14:57:37 +02:00
Sebdraven db35c9b091 correct index error 2018-07-12 14:55:56 +02:00
Sebdraven 0341bdc398 error call functions 2018-07-12 14:52:01 +02:00
Sebdraven 2f5381d7b2 add logs 2018-07-12 14:49:51 +02:00
Sebdraven 0b0137829a add logs 2018-07-12 14:48:15 +02:00
Sebdraven 86d236f859 add status_ok to true 2018-07-12 14:47:34 +02:00
Sebdraven aa89a7fc4d add logs 2018-07-12 14:44:19 +02:00
Sebdraven 86d9427816 add logs 2018-07-12 14:42:33 +02:00
Sebdraven a0cf9de590 add logs 2018-07-12 14:38:38 +02:00
Sebdraven 9de201375b add logs 2018-07-12 14:37:09 +02:00
Sebdraven d56bf55038 add logs 2018-07-12 14:33:52 +02:00
Sebdraven 844b25b4cd correct out of bound returns 2018-07-12 14:32:56 +02:00
Sebdraven 9063da88cd correct key and return of functions 2018-07-12 14:27:59 +02:00
Sebdraven 731c06a939 add logs 2018-07-12 14:17:16 +02:00
Sebdraven fb595c08aa add logs 2018-07-12 14:16:19 +02:00
Sebdraven 41587bd568 correct typo 2018-07-12 14:14:43 +02:00
Sebdraven 4b0daee6f1 test whois history 2018-07-12 14:04:37 +02:00
Sebdraven 576b3c9b9b history whois dns 2018-07-12 13:40:51 +02:00
chrisr3d 32419c398e Merge branch 'master' of github.com:MISP/misp-modules 2018-07-12 00:05:01 +02:00
chrisr3d a62078aad1
add: Experimental expansion module to display the SIEM signatures from a sigma rule 2018-07-11 23:43:42 +02:00
Sebdraven 51067039da correct typo 2018-07-11 13:03:47 +02:00
Sebdraven 3a2aab6d71 rename misp modules 2018-07-11 12:41:54 +02:00
Sebdraven a8ae6e06e9 add a test to check if the list is not empty 2018-07-11 12:09:34 +02:00
Sebdraven f0a4c71908 add a test to check if the list is not empty 2018-07-11 12:08:01 +02:00
Sebdraven dbeec4682e add logs 2018-07-11 12:02:31 +02:00
Sebdraven fb262b451f debug whois 2018-07-11 12:00:59 +02:00
Sebdraven 80e71f582c debug ipv4 or ipv6 2018-07-11 11:58:42 +02:00
Sebdraven 386d38c88f add debug 2018-07-11 11:55:59 +02:00
Sebdraven 45decc728d debug 2018-07-11 11:55:31 +02:00
Sebdraven 45c473aef5 change status 2018-07-11 11:52:10 +02:00
Sebdraven 64e7f9c8b6 change history dns 2018-07-11 11:47:10 +02:00
Sebdraven 560dacbf7e add logs to debug 2018-07-11 11:40:22 +02:00
Sebdraven 74c611d2fb correct call function 2018-07-11 11:37:07 +02:00
Sebdraven f47a64b364 add history mx and soa 2018-07-11 11:24:49 +02:00
Sebdraven 43a49dafc6 add history dns and handler exception 2018-07-11 09:48:14 +02:00
Sebdraven 54d996cb00 add history dns 2018-07-11 09:39:09 +02:00
Sebdraven dcdb6e5895 switch type ip 2018-07-11 09:02:47 +02:00
Sebdraven 42c362d2fd refactoring expand_whois 2018-07-11 09:00:23 +02:00
Sebdraven 41635d43c7 correct typo 2018-07-11 08:49:59 +02:00
Sebdraven 3a96e189ed add ipv6 and ipv4 2018-07-11 08:43:23 +02:00
Sebdraven f2333a4978 change type 2018-07-10 16:55:13 +02:00
Sebdraven 9e6162a434 change type 2018-07-10 16:53:06 +02:00
Sebdraven 26950ea7de change loop 2018-07-10 16:51:31 +02:00
Sebdraven e9747a3379 add time sleep in each request 2018-07-10 16:41:44 +02:00
Sebdraven 602da3d1a3 control return of records 2018-07-10 16:35:01 +02:00
Sebdraven 495c720d0f add history ipv4 2018-07-10 16:31:39 +02:00
Sebdraven 21794249d0 add logs 2018-07-10 15:17:37 +02:00
Sebdraven b677cd5fc7 change categories 2018-07-10 15:16:02 +02:00
Sebdraven 1d100833a4 concat results 2018-07-10 15:12:27 +02:00
Sebdraven 1223d93d52 change name keys 2018-07-10 15:07:54 +02:00
Sebdraven 714c15f079 change return value 2018-07-10 15:05:10 +02:00
Sebdraven e1a1648f14 add logs 2018-07-10 15:01:04 +02:00
Sebdraven f710162bed change errors 2018-07-10 14:59:39 +02:00
Sebdraven 2a8fb76e84 add logs 2018-07-10 14:56:20 +02:00
Steve Clement 562a6b1308 - Removed test modules from view
- Moved skeleton expansion module to it's proper place
2018-07-03 08:27:54 +02:00
chrisr3d 90e42c0305
fix: Put the stix2-pattern library import in a try statement
--> Error more easily caught
2018-07-02 12:14:21 +02:00
chrisr3d 08d8459e1a
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00
Sebdraven 34da5cdb76 add expand whois 2018-06-29 17:57:11 +02:00
Sebdraven f1c6095914 typo 2018-06-29 17:26:56 +02:00
Sebdraven 78d6de9b7a add categories and comments 2018-06-29 17:25:37 +02:00
Sebdraven 0965def6bf add expand subdomains 2018-06-29 17:22:19 +02:00
Sebdraven 64847a8a04 add expand subdomains 2018-06-29 17:19:21 +02:00
Sebdraven 2d1adf4aa9 change categories 2018-06-29 16:30:47 +02:00
Sebdraven 0275e3ecd8 changes keys 2018-06-29 16:20:35 +02:00
Sebdraven f3962d2d05 add status ! 2018-06-29 16:17:32 +02:00
Sebdraven 09c52788b8 add methods 2018-06-29 16:11:24 +02:00
Sebdraven cfe971a271 add expand domains 2018-06-29 15:50:26 +02:00
Sebdraven 60f772b905 add new module dnstrails 2018-06-29 11:27:36 +02:00
chrisr3d b1c90b411e
add: Sigma syntax validator expansion module
--> Checks sigma rules syntax
- Updated the expansion modules list as well
- Updated the requirements list
2018-06-28 10:41:32 +02:00
chrisr3d 7c691af807
Updated the list of expansion modules 2018-06-28 10:39:40 +02:00
Sebdraven 785aac3e6b add return handle domains 2018-06-22 16:18:23 +02:00
Sebdraven 87b07b89b5 add search 2018-06-22 16:15:34 +02:00
Sebdraven 396b71ef3b add domain to expand 2018-06-22 16:06:34 +02:00
Sebdraven de6a81d488 correct bugs 2018-06-22 16:04:14 +02:00
Sebdraven 83999d6402 add domain expansion 2018-06-22 15:57:52 +02:00
Sebdraven 96c829470d add comment 2018-06-22 15:14:44 +02:00
Sebdraven 8d03354399 correct bugs 2018-06-22 15:12:10 +02:00
Sebdraven e9c18b3d5f correct comments 2018-06-22 13:03:09 +02:00
Sebdraven e230c88c15 add threat list expansion 2018-06-22 11:59:09 +02:00
Sebdraven 1d1fd36569 change method to concat methods 2018-06-20 18:05:28 +02:00
Sebdraven e712a31760 set status after requests 2018-06-20 18:04:12 +02:00
Sebdraven a9b7a10c41 set status after requests 2018-06-20 18:03:34 +02:00
Sebdraven 4166475f9e add logs 2018-06-20 18:02:12 +02:00
Sebdraven fe00f099f6 add logs 2018-06-20 17:59:49 +02:00
Sebdraven 153d8bd340 add logs 2018-06-20 17:56:19 +02:00
Sebdraven 9195887f98 pep 8 2018-06-20 17:51:46 +02:00
Sebdraven 2afd2b8aaf correct bug 2018-06-20 17:50:28 +02:00
Sebdraven 04e932cce0 add datascan expansion 2018-06-20 17:47:11 +02:00
Sebdraven b56f8cfa36 add reverse infos 2018-06-20 16:30:56 +02:00
Sebdraven d4be9d9fda add reverse infos 2018-06-20 16:29:04 +02:00
Sebdraven 4a8a79c560 add reverse infos 2018-06-20 16:26:09 +02:00
Sebdraven 0d120af647 add reverse infos 2018-06-20 16:24:17 +02:00
Sebdraven a24b529868 add forward infos 2018-06-20 15:33:21 +02:00
Sebdraven d0f42c1772 add comment of attributes 2018-06-20 15:07:55 +02:00
Sebdraven 915747073a add comment of attributes 2018-06-20 15:05:00 +02:00
Sebdraven 7eba7c0386 error loops 2018-06-20 14:53:08 +02:00
Sebdraven d1e72676f1 error method 2018-06-20 14:50:48 +02:00
Sebdraven 3a4294391f error type 2018-06-20 14:48:18 +02:00
Sebdraven 9427c76603 error keys 2018-06-20 14:45:06 +02:00
Sebdraven e1bc67afad add expansion synscan 2018-06-20 14:41:57 +02:00
Sebdraven 5426ec5380 change key access domains 2018-06-20 12:40:52 +02:00
Sebdraven 7a3c4b1084 change add in results 2018-06-20 12:38:41 +02:00
Sebdraven e8aefde2ee add logs 2018-06-20 12:36:32 +02:00
Sebdraven 7195f33f5d correct error keys 2018-06-20 12:34:07 +02:00
Sebdraven c14d05adef test patries expansion 2018-06-20 12:32:54 +02:00
Sebdraven 8ae7210aef add onyphe full module 2018-06-20 11:07:33 +02:00
Sebdraven 023c35f5d8 add onyphe full module and code the stub 2018-06-14 16:47:11 +02:00
Sebdraven 14695bbeb9 correct codecov 2018-06-11 13:34:45 +02:00
Sebdraven 755d907580 pep 8 compliant 2018-06-11 13:21:21 +02:00
Sebdraven f6b8655f64 correct type of comments 2018-06-11 12:29:51 +02:00
Sebdraven 43402fde26 correct typo 2018-06-11 12:28:40 +02:00
Sebdraven e0631c9651 correct typo 2018-06-11 12:02:34 +02:00
Sebdraven 59b49f9d20 add domains forward 2018-06-11 12:00:46 +02:00
Sebdraven d9ee5286e3 add domains 2018-06-11 11:59:00 +02:00
Sebdraven 2e0e63fad6 add targeting os 2018-06-11 11:25:17 +02:00
Sebdraven 7580c63433 add category for AS number 2018-06-11 10:59:06 +02:00
Sebdraven f069cd9bf4 change keys 2018-06-11 10:56:40 +02:00
Sebdraven 0a543ca0d5 change type 2018-06-11 10:55:44 +02:00
Sebdraven ef035d051b add category 2018-06-11 10:54:06 +02:00
Sebdraven 735e626058 add as number with onyphe 2018-06-11 10:41:05 +02:00
Sebdraven 04032d110c add as number with onyphe 2018-06-08 18:31:08 +02:00
Sebdraven cad35b5332 error indentation 2018-06-08 18:11:04 +02:00
Sebdraven 3ec1535897 correct key in map result 2018-06-08 18:09:59 +02:00
Sebdraven f18f8fe05a correct a bug 2018-06-08 18:01:58 +02:00
Sebdraven 6eeca0fba1 add pastebin url imports 2018-06-08 17:53:50 +02:00
Sebdraven e6bac113ba add onyphe module 2018-06-08 16:38:41 +02:00
Andras Iklody 0b0f57b30c
Update countrycode.py 2018-06-06 08:31:41 +02:00
Alexandre Dulaunoy 2d9b0cd172
Merge branch 'master' of github.com:MISP/misp-modules 2018-05-29 21:59:25 +02:00
Alexandre Dulaunoy 9664127b85
add: new expansion module to check hashes against hashdd.com including NSLR dataset. 2018-05-29 21:54:22 +02:00
Nick Driver 252d190714
fix missing comma
fix ip-dst and vulnerability input
2018-03-30 14:27:37 -04:00
Fred Morris d0f618b648 Add exception blocks for query errors. 2018-03-08 15:26:39 -08:00
x41\x43 0436118747
Improving regex (validating e-mail)
Line 48:
The previous regex ` ^[\w\.\+\-]+\@[\w]+\.[a-z]{2,3}$ ` matched only a small subset of valid e-mail address (e.g.: didn't match domain names longer than 3 chars or user@this-domain.de or user@multiple.level.dom) and needed to be with start (^) and end ($).
This ` [a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])? ` is not perfect (e.g: can't match oriental chars), but imho is much more complete. 

Regex tested with several e-mail addresses with Python 3.6.4 and Python 2.7.14 on Linux 4.14.
2018-03-06 18:12:36 +01:00
Andras Iklody 978903f911
Quick fix to the invalid hash types offered on all returned hashes, hopefully fixes #162 2018-02-20 14:08:14 +01:00
Dennis Rand 43db92dbe6 Added Yara syntax validation expansion module 2018-02-12 19:11:54 +00:00
Christophe Vandeplas 8a1a860cda added CrowdStrike Falcon Intel Indicators expansion module 2018-01-19 14:42:25 +01:00
chrisr3d d045cf7d5f
chg: Modified output format 2018-01-16 19:46:52 +01:00
chrisr3d 18523c4ada
Check an IPv4 address against known RBLs 2018-01-16 17:08:44 +01:00
Christophe Vandeplas 0be1886444
fix farsight_passivedns - rdata 404 not found 2018-01-16 15:13:17 +01:00
Christophe Vandeplas 4cdb143733 fixes missing init file in dnsdb library folder 2017-12-06 09:23:44 +01:00
Christophe Vandeplas 0ec8339d7a New Farsight DNSDB Passive DNS expansion module 2017-12-05 16:41:41 +01:00
Jericho 32958324ca
minor touch-ups on error messages for user friendliness 2017-11-16 23:04:41 -07:00
Koen Van Impe 74e660d61b VulnDB Queries
Search on CVE at https://vulndb.cyberriskanalytics.com/
    https://www.riskbasedsecurity.com/
Get extended CVE info, links + CPE
2017-11-06 14:23:03 +01:00
Alexandre Dulaunoy 03baa0b84d
fix: #137 when a CVE is not found, a return message is given 2017-10-21 19:52:19 +02:00
Chris Doman c4fe78b39d Add AlienVault OTX and ThreatCrowd Expansions 2017-07-11 18:16:45 +01:00
Hannah Ward 648c6414c3
fix: Use the proper formatting method and not the horrible % one 2017-03-08 16:35:03 +00:00
kx499 aa3a11cd5f bug fixes 2017-03-08 04:08:23 +01:00
kx499 31a8fb0fe4 threatminer initial commit 2017-03-06 21:36:00 -05:00
Raphaël Vinot 44867b2adc Cosmetic changes 2017-03-05 18:59:36 +01:00
kx499 3ecd095d1e bug fixes, tweaks, and python3 learning curve :) 2017-03-04 03:10:45 +01:00
kx499 01fdf3e52b Initial commit of IPRep module 2017-03-03 15:55:52 -05:00
kx499 bc1eab3520 fixed spacing, addressed error handling for public api, added subdomains, and added context comment 2017-02-28 22:04:24 -05:00
rmarsollier b5b7e09ef4 Some improvements of virustotal plugin 2017-02-10 14:16:39 +01:00
Joerg Stephan de3495ea6c passed local run check 2017-02-01 14:05:29 +01:00
Joerg Stephan 68250094ff v1 2017-01-31 16:57:16 +01:00
Joerg Stephan dad73feaa4 python3 changes 2017-01-31 16:34:41 +01:00
Joerg Stephan 3590504821 XForce Exchange v1 (alpha) 2017-01-21 23:31:19 +01:00
Hannah Ward 727f302dd1 Standardised key checking 2017-01-07 10:38:28 -05:00
Hannah Ward 20fd05a231 Fixed checking for submission_names in VT JSON 2017-01-07 10:37:57 -05:00
CheYenBzh d7b33532eb Update virustotal.py 2017-01-07 10:37:47 -05:00
Raphaël Vinot 9bf1c936cf Do not crash if the dat file is not available 2016-12-16 15:22:16 +01:00
Raphaël Vinot 064c3e3649 Fix path to config file 2016-12-16 15:14:48 +01:00
Raphaël Vinot 29bedc7faa Merge branch 'master' of https://github.com/amuehlem/misp-modules into amuehlem-master 2016-12-16 15:05:45 +01:00
Raphaël Vinot 60d3e0a1ac Better error reporting 2016-12-16 12:02:28 +01:00
Raphaël Vinot ffc0a97126 Catch exception 2016-12-16 11:52:51 +01:00
Raphaël Vinot 467e50327d Add reverse lookup 2016-12-16 11:22:22 +01:00
Raphaël Vinot 4a8ccb54fb Refactoring of domaintools expansion module 2016-12-15 16:49:56 +01:00
Andreas Muehlemann cc58b05d6e added empty line to end of config file 2016-12-07 17:28:16 +01:00
Andreas Muehlemann 98a27ac3ff removed DEFAULT section from configfile 2016-12-07 16:36:02 +01:00
Andreas Muehlemann 6853d67a43 fixed more typos 2016-12-07 16:13:46 +01:00
Andreas Muehlemann 6dcc77ba5d fixed typo 2016-12-07 15:48:08 +01:00
Andreas Muehlemann a95af26424 changed configparser from python2 to python3 2016-12-07 15:30:49 +01:00
Andreas Muehlemann 1e1796b414 updated missing parenthesis 2016-12-07 15:19:54 +01:00
Andreas Muehlemann bb62394c1e Merge branch 'geoip_country' 2016-12-07 14:54:33 +01:00
Andreas Muehlemann d09c2f3d44 removed unneeded config option for misp 2016-12-07 14:29:11 +01:00
Andreas Muehlemann 6ea7acc5e4 removed debug message 2016-12-07 14:28:27 +01:00
Andreas Muehlemann f8c7271467 added config option to geoip_country.py 2016-12-07 14:18:21 +01:00
Raphaël Vinot 2e3119b5f4 Add domaintools to the import list 2016-12-01 17:36:40 +01:00
Raphaël Vinot 0f8fa4aaec Fix Typo 2016-12-01 16:44:29 +01:00
Raphaël Vinot 17205a1913 Add domain profile and reputation 2016-12-01 16:41:50 +01:00
Raphaël Vinot 7db1216efb Add more comments 2016-12-01 13:45:14 +01:00
Raphaël Vinot 9dbd241e63 fix typo 2016-12-01 12:14:16 +01:00