misp-modules

Commit Graph

Author	SHA1	Message	Date
chrisr3d	479e66cc9b	fix: Removed STIX related libraries, files, documentation, etc.	2018-06-11 17:03:23 +02:00
seamus tuohy	40c71af637	Added support for malformed internationalized email headers When an emails contains headers that use Unicode without properly crafing them to comform to RFC-6323 the email import module would crash. (See issue #119 & issue #93) To address this I have added additional layers of encoding/decoding to any possibly internationalized email headers. This decodes properly formed and malformed UTF-8, UTF-16, and UTF-32 headers appropriately. When an unknown encoding is encountered it is returned as an 'encoded-word' per RFC2047. This commit also adds unit-tests that tests properly formed and malformed UTF-8, UTF-16, UTF-32, and CJK encoded strings in all header fields; UTF-8, UTF-16, and UTF-32 encoded message bodies; and emoji testing for headers and attachment file names.	2017-07-02 18:03:14 -04:00
seamus tuohy	3eecf9afe5	Merge branch 'master' into utf_hate	2017-07-01 18:23:01 -04:00
Raphaël Vinot	c508e60f65	Add OpenIOC import module	2017-02-27 13:32:31 +01:00
seamus tuohy	0566049c63	Added unit tests for UTF emails	2017-01-11 17:53:54 -05:00
seamus tuohy	83a9d695ea	Email import no longer unzips major compressed text document formats. Let this commit serve as a warning about the perils of duck typing. Word documents (docx,odt,etc) were being uncompressed when they were attached to emails. The email importer now checks a list of well known extensions and will not attempt to unzip them. It is stuck using a list of extensions instead of using file magic because many of these formats produce an application/zip mimetype when scanned.	2017-01-10 09:55:33 -05:00
Raphaël Vinot	9f84db3659	Fix tests, cleanup	2017-01-07 18:36:08 -05:00
seamus tuohy	1a7973bc06	Add additional email parsing and tests Added additional attribute parsing and corresponding unit-tests. E-mail attachment and url extraction added in this commit. This includes unpacking zipfiles and simple password cracking of encrypted zipfiles.	2017-01-04 10:21:36 -08:00
seamus tuohy	0ff270a3be	Fixed basic errors	2016-12-26 14:33:10 -08:00
seamus tuohy	08261366b7	Merged with current master	2016-12-26 14:17:20 -08:00
seamus tuohy	6ec307b911	Adding basic test mockup	2016-12-26 14:09:52 -08:00
Raphaël Vinot	f8bedd4554	Remove domaintools tests	2016-12-02 16:16:25 +01:00
Raphaël Vinot	2b020c55ba	Add test for domaintools	2016-12-02 15:29:44 +01:00
Hannah Ward	c567d1e6f2	Moved to misp_stix_converter	2016-11-21 10:59:30 +00:00
Raphaël Vinot	5624104b77	Fix STIX import module	2016-11-15 16:47:17 +01:00
seamus tuohy	5033b1a9ca	Added email meta-data import module. This email meta-data import module collects basic meta-data from an e-mail and populates an event with it. It populates the email subject, source addresses, destination addresses, subject, and any attachment file names. This commit also contains unit-tests for this module as well as updates to the readme. Readme updates are additions aimed to make it easier for outsiders to build modules.	2016-10-22 17:13:20 -04:00
Alexandre Dulaunoy	2df8bf970e	Merge pull request #47 from FloatingGhost/CEF_Export CEF export, fixes in CountryCode, virustotal	2016-09-01 19:39:16 +02:00
Raphaël Vinot	c69fae087c	Add timeout for the modules, cleanup.	2016-08-25 17:36:28 +02:00
Hannah Ward	232014f221	Added virustotal tests	2016-08-17 13:01:11 +01:00
Alexandre Dulaunoy	d499ac0ce6	Merge pull request #44 from Rafiot/travis Add coverage, update logging	2016-08-12 15:20:26 +02:00
Raphaël Vinot	b24b16b30a	Add coverage, update logging	2016-08-12 15:15:38 +02:00
Hannah Ward	6db269f965	stiximport now uses temporary files to store stix data. Set max size in config, in bytes	2016-08-12 13:53:23 +01:00
Hannah Ward	c02a452c05	added tests, also disregards related_observables. Because they're useless	2016-08-12 12:16:49 +01:00
Raphaël Vinot	ef6e3b27f8	Proper testcases	2016-06-18 15:09:42 +09:00

24 Commits (52dadd2df32b19241fdd978e50b717f1967e264b)