Thomas Gardner
529719d9d8
added threat_connect_export.py
2017-08-03 16:21:26 -06:00
Raphaël Vinot
4c2cda9903
Merge pull request #129 from seamustuohy/utf_hate
...
Added support for malformed internationalized email headers
2017-07-18 10:06:08 +02:00
Chris Doman
c4fe78b39d
Add AlienVault OTX and ThreatCrowd Expansions
2017-07-11 18:16:45 +01:00
seamus tuohy
40c71af637
Added support for malformed internationalized email headers
...
When an emails contains headers that use Unicode without properly crafing
them to comform to RFC-6323 the email import module would crash.
(See issue #119 & issue #93 )
To address this I have added additional layers of encoding/decoding to
any possibly internationalized email headers. This decodes properly
formed and malformed UTF-8, UTF-16, and UTF-32 headers appropriately.
When an unknown encoding is encountered it is returned as an 'encoded-word'
per RFC2047.
This commit also adds unit-tests that tests properly formed and malformed
UTF-8, UTF-16, UTF-32, and CJK encoded strings in all header fields; UTF-8,
UTF-16, and UTF-32 encoded message bodies; and emoji testing for headers
and attachment file names.
2017-07-02 18:03:14 -04:00
Raphaël Vinot
c42c8a800e
Update travis, fix open ioc import
2017-05-24 07:39:18 +02:00
Tristan METAYER
75c02058e6
replace tab by space
2017-05-11 09:56:43 +02:00
Tristan METAYER
ba1d715ad1
Add a field for user to add tag for this import
2017-05-11 09:54:25 +02:00
Tristan METAYER
96f9cb4699
typo correction
2017-05-02 15:07:33 +02:00
Tristan METAYER
4ef7261168
Add user config to not add file as attachement in a box
2017-05-02 15:04:40 +02:00
Tristan METAYER
79f48eccfe
If filename add iocfilename as attachment
2017-05-02 14:41:22 +02:00
Alexandre Dulaunoy
3cb12d6962
Merge pull request #118 from truckydev/master
...
Add indent field for export
2017-04-23 12:21:16 +02:00
Tristan METAYER
24c51a6e21
Add indent field for export
2017-04-21 15:53:48 +02:00
Hannah Ward
648c6414c3
fix: Use the proper formatting method and not the horrible % one
2017-03-08 16:35:03 +00:00
kx499
aa3a11cd5f
bug fixes
2017-03-08 04:08:23 +01:00
kx499
31a8fb0fe4
threatminer initial commit
2017-03-06 21:36:00 -05:00
Raphaël Vinot
44867b2adc
Cosmetic changes
2017-03-05 18:59:36 +01:00
Raphaël Vinot
ad49fd3819
Merge pull request #111 from kx499/master
...
Handful of changes to VirusTotal module
2017-03-05 18:31:50 +01:00
kx499
3ecd095d1e
bug fixes, tweaks, and python3 learning curve :)
2017-03-04 03:10:45 +01:00
kx499
01fdf3e52b
Initial commit of IPRep module
2017-03-03 15:55:52 -05:00
kx499
bc1eab3520
fixed spacing, addressed error handling for public api, added subdomains, and added context comment
2017-02-28 22:04:24 -05:00
Raphaël Vinot
c508e60f65
Add OpenIOC import module
2017-02-27 13:32:31 +01:00
Tristan METAYER
20cb534203
Exclude internal reference
2017-02-21 17:12:17 +01:00
Tristan METAYER
dd2646a0f4
Add lite Export module
2017-02-21 16:48:09 +01:00
rmarsollier
b5b7e09ef4
Some improvements of virustotal plugin
2017-02-10 14:16:39 +01:00
Joerg Stephan
de3495ea6c
passed local run check
2017-02-01 14:05:29 +01:00
Joerg Stephan
68250094ff
v1
2017-01-31 16:57:16 +01:00
Joerg Stephan
dad73feaa4
python3 changes
2017-01-31 16:34:41 +01:00
Joerg Stephan
3590504821
XForce Exchange v1 (alpha)
2017-01-21 23:31:19 +01:00
Richard van den Berg
3a4c540a81
Updated description to reflect merging use case
2017-01-11 10:08:35 +01:00
Richard van den Berg
50bae1f549
Simple import module to import MISP JSON format
2017-01-11 10:08:35 +01:00
seamus tuohy
83a9d695ea
Email import no longer unzips major compressed text document formats.
...
Let this commit serve as a warning about the perils of duck typing.
Word documents (docx,odt,etc) were being uncompressed when they were
attached to emails. The email importer now checks a list of well known
extensions and will not attempt to unzip them.
It is stuck using a list of extensions instead of using file magic because
many of these formats produce an application/zip mimetype when scanned.
2017-01-10 09:55:33 -05:00
Raphaël Vinot
1051e2210b
Keep zip content as binary
2017-01-07 19:30:00 -05:00
Raphaël Vinot
9f84db3659
Fix tests, cleanup
2017-01-07 18:36:08 -05:00
Raphaël Vinot
2db845c45c
Improve support of email attachments
...
Related to #90
2017-01-07 14:39:52 -05:00
Hannah Ward
727f302dd1
Standardised key checking
2017-01-07 10:38:28 -05:00
Hannah Ward
20fd05a231
Fixed checking for submission_names in VT JSON
2017-01-07 10:37:57 -05:00
CheYenBzh
d7b33532eb
Update virustotal.py
2017-01-07 10:37:47 -05:00
Raphaël Vinot
b51806ac9f
Improve support of email importer if headers are missing
...
Fix #88
2017-01-07 10:25:38 -05:00
Raphaël Vinot
02f5e95a98
Fix python 3.6 support
2017-01-06 20:36:09 -05:00
Raphaël Vinot
329586768b
Make PEP8 happy
2017-01-06 20:10:44 -05:00
Raphaël Vinot
7a9774bff7
Add email_import in the modules loaded by default
2017-01-06 19:23:23 -05:00
Raphaël Vinot
93a49c3c1d
Make PEP8 happy
2017-01-06 19:01:19 -05:00
Raphaël Vinot
3f83357a2d
Fix failing test (bug in the mail parser?)
2017-01-06 18:56:29 -05:00
seamus tuohy
1a7973bc06
Add additional email parsing and tests
...
Added additional attribute parsing and corresponding unit-tests.
E-mail attachment and url extraction added in this commit. This includes
unpacking zipfiles and simple password cracking of encrypted zipfiles.
2017-01-04 10:21:36 -08:00
seamus tuohy
0ff270a3be
Fixed basic errors
2016-12-26 14:33:10 -08:00
seamus tuohy
08261366b7
Merged with current master
2016-12-26 14:17:20 -08:00
seamus tuohy
86ae72c444
Added attachment and url support
2016-12-26 13:55:54 -08:00
Raphaël Vinot
9bf1c936cf
Do not crash if the dat file is not available
2016-12-16 15:22:16 +01:00
Raphaël Vinot
064c3e3649
Fix path to config file
2016-12-16 15:14:48 +01:00
Raphaël Vinot
29bedc7faa
Merge branch 'master' of https://github.com/amuehlem/misp-modules into amuehlem-master
2016-12-16 15:05:45 +01:00