Sebdraven
f2df6dc538
last commit for release
2018-07-18 10:47:42 +02:00
Sebdraven
88859a0ba7
add logs
2018-07-17 18:43:52 +02:00
Sebdraven
8cbeda40a5
add searching_stats
2018-07-17 18:42:01 +02:00
Sebdraven
9d603344c2
add searching_stats
2018-07-17 18:32:50 +02:00
Sebdraven
c785cae89b
correct key
2018-07-17 17:22:48 +02:00
Sebdraven
2706c4a82a
correct key
2018-07-17 17:21:38 +02:00
Sebdraven
431c1511a3
correct param
2018-07-17 17:20:30 +02:00
Sebdraven
999ae1f6f0
add searching domains
2018-07-17 17:09:01 +02:00
Sebdraven
a41cf59e0c
add searching domains
2018-07-17 15:05:15 +02:00
Sebdraven
966f9603a9
add return
2018-07-12 15:02:46 +02:00
Sebdraven
7f52a15d16
add logs
2018-07-12 14:59:50 +02:00
Sebdraven
3eda712193
add whois expand to test
2018-07-12 14:58:48 +02:00
Sebdraven
5a422c2e5b
add whois expand to test
2018-07-12 14:57:37 +02:00
Sebdraven
db35c9b091
correct index error
2018-07-12 14:55:56 +02:00
Sebdraven
0341bdc398
error call functions
2018-07-12 14:52:01 +02:00
Sebdraven
2f5381d7b2
add logs
2018-07-12 14:49:51 +02:00
Sebdraven
0b0137829a
add logs
2018-07-12 14:48:15 +02:00
Sebdraven
86d236f859
add status_ok to true
2018-07-12 14:47:34 +02:00
Sebdraven
aa89a7fc4d
add logs
2018-07-12 14:44:19 +02:00
Sebdraven
86d9427816
add logs
2018-07-12 14:42:33 +02:00
Sebdraven
a0cf9de590
add logs
2018-07-12 14:38:38 +02:00
Sebdraven
9de201375b
add logs
2018-07-12 14:37:09 +02:00
Sebdraven
d56bf55038
add logs
2018-07-12 14:33:52 +02:00
Sebdraven
844b25b4cd
correct out of bound returns
2018-07-12 14:32:56 +02:00
Sebdraven
9063da88cd
correct key and return of functions
2018-07-12 14:27:59 +02:00
Sebdraven
731c06a939
add logs
2018-07-12 14:17:16 +02:00
Sebdraven
fb595c08aa
add logs
2018-07-12 14:16:19 +02:00
Sebdraven
41587bd568
correct typo
2018-07-12 14:14:43 +02:00
Sebdraven
4b0daee6f1
test whois history
2018-07-12 14:04:37 +02:00
Sebdraven
576b3c9b9b
history whois dns
2018-07-12 13:40:51 +02:00
chrisr3d
32419c398e
Merge branch 'master' of github.com:MISP/misp-modules
2018-07-12 00:05:01 +02:00
chrisr3d
a62078aad1
add: Experimental expansion module to display the SIEM signatures from a sigma rule
2018-07-11 23:43:42 +02:00
Sebdraven
51067039da
correct typo
2018-07-11 13:03:47 +02:00
Sebdraven
3a2aab6d71
rename misp modules
2018-07-11 12:41:54 +02:00
Sebdraven
a8ae6e06e9
add a test to check if the list is not empty
2018-07-11 12:09:34 +02:00
Sebdraven
f0a4c71908
add a test to check if the list is not empty
2018-07-11 12:08:01 +02:00
Sebdraven
dbeec4682e
add logs
2018-07-11 12:02:31 +02:00
Sebdraven
fb262b451f
debug whois
2018-07-11 12:00:59 +02:00
Sebdraven
80e71f582c
debug ipv4 or ipv6
2018-07-11 11:58:42 +02:00
Sebdraven
386d38c88f
add debug
2018-07-11 11:55:59 +02:00
Sebdraven
45decc728d
debug
2018-07-11 11:55:31 +02:00
Sebdraven
45c473aef5
change status
2018-07-11 11:52:10 +02:00
Sebdraven
64e7f9c8b6
change history dns
2018-07-11 11:47:10 +02:00
Sebdraven
560dacbf7e
add logs to debug
2018-07-11 11:40:22 +02:00
Sebdraven
74c611d2fb
correct call function
2018-07-11 11:37:07 +02:00
Sebdraven
f47a64b364
add history mx and soa
2018-07-11 11:24:49 +02:00
Sebdraven
43a49dafc6
add history dns and handler exception
2018-07-11 09:48:14 +02:00
Sebdraven
54d996cb00
add history dns
2018-07-11 09:39:09 +02:00
Sebdraven
dcdb6e5895
switch type ip
2018-07-11 09:02:47 +02:00
Sebdraven
42c362d2fd
refactoring expand_whois
2018-07-11 09:00:23 +02:00
Sebdraven
41635d43c7
correct typo
2018-07-11 08:49:59 +02:00
Sebdraven
3a96e189ed
add ipv6 and ipv4
2018-07-11 08:43:23 +02:00
Sebdraven
f2333a4978
change type
2018-07-10 16:55:13 +02:00
Sebdraven
9e6162a434
change type
2018-07-10 16:53:06 +02:00
Sebdraven
26950ea7de
change loop
2018-07-10 16:51:31 +02:00
Sebdraven
e9747a3379
add time sleep in each request
2018-07-10 16:41:44 +02:00
Sebdraven
602da3d1a3
control return of records
2018-07-10 16:35:01 +02:00
Sebdraven
495c720d0f
add history ipv4
2018-07-10 16:31:39 +02:00
Sebdraven
21794249d0
add logs
2018-07-10 15:17:37 +02:00
Sebdraven
b677cd5fc7
change categories
2018-07-10 15:16:02 +02:00
Sebdraven
1d100833a4
concat results
2018-07-10 15:12:27 +02:00
Sebdraven
1223d93d52
change name keys
2018-07-10 15:07:54 +02:00
Sebdraven
714c15f079
change return value
2018-07-10 15:05:10 +02:00
Sebdraven
e1a1648f14
add logs
2018-07-10 15:01:04 +02:00
Sebdraven
f710162bed
change errors
2018-07-10 14:59:39 +02:00
Sebdraven
2a8fb76e84
add logs
2018-07-10 14:56:20 +02:00
Steve Clement
562a6b1308
- Removed test modules from view
...
- Moved skeleton expansion module to it's proper place
2018-07-03 08:27:54 +02:00
chrisr3d
90e42c0305
fix: Put the stix2-pattern library import in a try statement
...
--> Error more easily caught
2018-07-02 12:14:21 +02:00
chrisr3d
08d8459e1a
add: STIX2 pattern syntax validator
2018-07-02 11:38:33 +02:00
Sebdraven
34da5cdb76
add expand whois
2018-06-29 17:57:11 +02:00
Sebdraven
f1c6095914
typo
2018-06-29 17:26:56 +02:00
Sebdraven
78d6de9b7a
add categories and comments
2018-06-29 17:25:37 +02:00
Sebdraven
0965def6bf
add expand subdomains
2018-06-29 17:22:19 +02:00
Sebdraven
64847a8a04
add expand subdomains
2018-06-29 17:19:21 +02:00
Sebdraven
2d1adf4aa9
change categories
2018-06-29 16:30:47 +02:00
Sebdraven
0275e3ecd8
changes keys
2018-06-29 16:20:35 +02:00
Sebdraven
f3962d2d05
add status !
2018-06-29 16:17:32 +02:00
Sebdraven
09c52788b8
add methods
2018-06-29 16:11:24 +02:00
Sebdraven
cfe971a271
add expand domains
2018-06-29 15:50:26 +02:00
Sebdraven
60f772b905
add new module dnstrails
2018-06-29 11:27:36 +02:00
chrisr3d
b1c90b411e
add: Sigma syntax validator expansion module
...
--> Checks sigma rules syntax
- Updated the expansion modules list as well
- Updated the requirements list
2018-06-28 10:41:32 +02:00
chrisr3d
7c691af807
Updated the list of expansion modules
2018-06-28 10:39:40 +02:00
Sebdraven
785aac3e6b
add return handle domains
2018-06-22 16:18:23 +02:00
Sebdraven
87b07b89b5
add search
2018-06-22 16:15:34 +02:00
Sebdraven
396b71ef3b
add domain to expand
2018-06-22 16:06:34 +02:00
Sebdraven
de6a81d488
correct bugs
2018-06-22 16:04:14 +02:00
Sebdraven
83999d6402
add domain expansion
2018-06-22 15:57:52 +02:00
Sebdraven
96c829470d
add comment
2018-06-22 15:14:44 +02:00
Sebdraven
8d03354399
correct bugs
2018-06-22 15:12:10 +02:00
Sebdraven
e9c18b3d5f
correct comments
2018-06-22 13:03:09 +02:00
Sebdraven
e230c88c15
add threat list expansion
2018-06-22 11:59:09 +02:00
Sebdraven
1d1fd36569
change method to concat methods
2018-06-20 18:05:28 +02:00
Sebdraven
e712a31760
set status after requests
2018-06-20 18:04:12 +02:00
Sebdraven
a9b7a10c41
set status after requests
2018-06-20 18:03:34 +02:00
Sebdraven
4166475f9e
add logs
2018-06-20 18:02:12 +02:00
Sebdraven
fe00f099f6
add logs
2018-06-20 17:59:49 +02:00
Sebdraven
153d8bd340
add logs
2018-06-20 17:56:19 +02:00
Sebdraven
9195887f98
pep 8
2018-06-20 17:51:46 +02:00
Sebdraven
2afd2b8aaf
correct bug
2018-06-20 17:50:28 +02:00
Sebdraven
04e932cce0
add datascan expansion
2018-06-20 17:47:11 +02:00
Sebdraven
b56f8cfa36
add reverse infos
2018-06-20 16:30:56 +02:00
Sebdraven
d4be9d9fda
add reverse infos
2018-06-20 16:29:04 +02:00
Sebdraven
4a8a79c560
add reverse infos
2018-06-20 16:26:09 +02:00
Sebdraven
0d120af647
add reverse infos
2018-06-20 16:24:17 +02:00
Sebdraven
a24b529868
add forward infos
2018-06-20 15:33:21 +02:00
Sebdraven
d0f42c1772
add comment of attributes
2018-06-20 15:07:55 +02:00
Sebdraven
915747073a
add comment of attributes
2018-06-20 15:05:00 +02:00
Sebdraven
7eba7c0386
error loops
2018-06-20 14:53:08 +02:00
Sebdraven
d1e72676f1
error method
2018-06-20 14:50:48 +02:00
Sebdraven
3a4294391f
error type
2018-06-20 14:48:18 +02:00
Sebdraven
9427c76603
error keys
2018-06-20 14:45:06 +02:00
Sebdraven
e1bc67afad
add expansion synscan
2018-06-20 14:41:57 +02:00
Sebdraven
5426ec5380
change key access domains
2018-06-20 12:40:52 +02:00
Sebdraven
7a3c4b1084
change add in results
2018-06-20 12:38:41 +02:00
Sebdraven
e8aefde2ee
add logs
2018-06-20 12:36:32 +02:00
Sebdraven
7195f33f5d
correct error keys
2018-06-20 12:34:07 +02:00
Sebdraven
c14d05adef
test patries expansion
2018-06-20 12:32:54 +02:00
Sebdraven
8ae7210aef
add onyphe full module
2018-06-20 11:07:33 +02:00
Sebdraven
023c35f5d8
add onyphe full module and code the stub
2018-06-14 16:47:11 +02:00
Sebdraven
14695bbeb9
correct codecov
2018-06-11 13:34:45 +02:00
Sebdraven
755d907580
pep 8 compliant
2018-06-11 13:21:21 +02:00
Sebdraven
f6b8655f64
correct type of comments
2018-06-11 12:29:51 +02:00
Sebdraven
43402fde26
correct typo
2018-06-11 12:28:40 +02:00
Sebdraven
e0631c9651
correct typo
2018-06-11 12:02:34 +02:00
Sebdraven
59b49f9d20
add domains forward
2018-06-11 12:00:46 +02:00
Sebdraven
d9ee5286e3
add domains
2018-06-11 11:59:00 +02:00
Sebdraven
2e0e63fad6
add targeting os
2018-06-11 11:25:17 +02:00
Sebdraven
7580c63433
add category for AS number
2018-06-11 10:59:06 +02:00
Sebdraven
f069cd9bf4
change keys
2018-06-11 10:56:40 +02:00
Sebdraven
0a543ca0d5
change type
2018-06-11 10:55:44 +02:00
Sebdraven
ef035d051b
add category
2018-06-11 10:54:06 +02:00
Sebdraven
735e626058
add as number with onyphe
2018-06-11 10:41:05 +02:00
Sebdraven
04032d110c
add as number with onyphe
2018-06-08 18:31:08 +02:00
Sebdraven
cad35b5332
error indentation
2018-06-08 18:11:04 +02:00
Sebdraven
3ec1535897
correct key in map result
2018-06-08 18:09:59 +02:00
Sebdraven
f18f8fe05a
correct a bug
2018-06-08 18:01:58 +02:00
Sebdraven
6eeca0fba1
add pastebin url imports
2018-06-08 17:53:50 +02:00
Sebdraven
e6bac113ba
add onyphe module
2018-06-08 16:38:41 +02:00
Andras Iklody
0b0f57b30c
Update countrycode.py
2018-06-06 08:31:41 +02:00
Alexandre Dulaunoy
2d9b0cd172
Merge branch 'master' of github.com:MISP/misp-modules
2018-05-29 21:59:25 +02:00
Alexandre Dulaunoy
9664127b85
add: new expansion module to check hashes against hashdd.com including NSLR dataset.
2018-05-29 21:54:22 +02:00
Nick Driver
252d190714
fix missing comma
...
fix ip-dst and vulnerability input
2018-03-30 14:27:37 -04:00
Fred Morris
d0f618b648
Add exception blocks for query errors.
2018-03-08 15:26:39 -08:00
x41\x43
0436118747
Improving regex (validating e-mail)
...
Line 48:
The previous regex ` ^[\w\.\+\-]+\@[\w]+\.[a-z]{2,3}$ ` matched only a small subset of valid e-mail address (e.g.: didn't match domain names longer than 3 chars or user@this-domain.de or user@multiple.level.dom ) and needed to be with start (^) and end ($).
This ` [a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])? ` is not perfect (e.g: can't match oriental chars), but imho is much more complete.
Regex tested with several e-mail addresses with Python 3.6.4 and Python 2.7.14 on Linux 4.14.
2018-03-06 18:12:36 +01:00
Andras Iklody
978903f911
Quick fix to the invalid hash types offered on all returned hashes, hopefully fixes #162
2018-02-20 14:08:14 +01:00
Dennis Rand
43db92dbe6
Added Yara syntax validation expansion module
2018-02-12 19:11:54 +00:00
Christophe Vandeplas
8a1a860cda
added CrowdStrike Falcon Intel Indicators expansion module
2018-01-19 14:42:25 +01:00
chrisr3d
d045cf7d5f
chg: Modified output format
2018-01-16 19:46:52 +01:00
chrisr3d
18523c4ada
Check an IPv4 address against known RBLs
2018-01-16 17:08:44 +01:00
Christophe Vandeplas
0be1886444
fix farsight_passivedns - rdata 404 not found
2018-01-16 15:13:17 +01:00
Christophe Vandeplas
4cdb143733
fixes missing init file in dnsdb library folder
2017-12-06 09:23:44 +01:00
Christophe Vandeplas
0ec8339d7a
New Farsight DNSDB Passive DNS expansion module
2017-12-05 16:41:41 +01:00
Jericho
32958324ca
minor touch-ups on error messages for user friendliness
2017-11-16 23:04:41 -07:00
Koen Van Impe
74e660d61b
VulnDB Queries
...
Search on CVE at https://vulndb.cyberriskanalytics.com/
https://www.riskbasedsecurity.com/
Get extended CVE info, links + CPE
2017-11-06 14:23:03 +01:00
Alexandre Dulaunoy
03baa0b84d
fix : #137 when a CVE is not found, a return message is given
2017-10-21 19:52:19 +02:00
Chris Doman
c4fe78b39d
Add AlienVault OTX and ThreatCrowd Expansions
2017-07-11 18:16:45 +01:00
Hannah Ward
648c6414c3
fix: Use the proper formatting method and not the horrible % one
2017-03-08 16:35:03 +00:00
kx499
aa3a11cd5f
bug fixes
2017-03-08 04:08:23 +01:00
kx499
31a8fb0fe4
threatminer initial commit
2017-03-06 21:36:00 -05:00
Raphaël Vinot
44867b2adc
Cosmetic changes
2017-03-05 18:59:36 +01:00
kx499
3ecd095d1e
bug fixes, tweaks, and python3 learning curve :)
2017-03-04 03:10:45 +01:00
kx499
01fdf3e52b
Initial commit of IPRep module
2017-03-03 15:55:52 -05:00
kx499
bc1eab3520
fixed spacing, addressed error handling for public api, added subdomains, and added context comment
2017-02-28 22:04:24 -05:00
rmarsollier
b5b7e09ef4
Some improvements of virustotal plugin
2017-02-10 14:16:39 +01:00
Joerg Stephan
de3495ea6c
passed local run check
2017-02-01 14:05:29 +01:00
Joerg Stephan
68250094ff
v1
2017-01-31 16:57:16 +01:00
Joerg Stephan
dad73feaa4
python3 changes
2017-01-31 16:34:41 +01:00
Joerg Stephan
3590504821
XForce Exchange v1 (alpha)
2017-01-21 23:31:19 +01:00
Hannah Ward
727f302dd1
Standardised key checking
2017-01-07 10:38:28 -05:00
Hannah Ward
20fd05a231
Fixed checking for submission_names in VT JSON
2017-01-07 10:37:57 -05:00
CheYenBzh
d7b33532eb
Update virustotal.py
2017-01-07 10:37:47 -05:00
Raphaël Vinot
9bf1c936cf
Do not crash if the dat file is not available
2016-12-16 15:22:16 +01:00
Raphaël Vinot
064c3e3649
Fix path to config file
2016-12-16 15:14:48 +01:00
Raphaël Vinot
29bedc7faa
Merge branch 'master' of https://github.com/amuehlem/misp-modules into amuehlem-master
2016-12-16 15:05:45 +01:00
Raphaël Vinot
60d3e0a1ac
Better error reporting
2016-12-16 12:02:28 +01:00
Raphaël Vinot
ffc0a97126
Catch exception
2016-12-16 11:52:51 +01:00
Raphaël Vinot
467e50327d
Add reverse lookup
2016-12-16 11:22:22 +01:00
Raphaël Vinot
4a8ccb54fb
Refactoring of domaintools expansion module
2016-12-15 16:49:56 +01:00
Andreas Muehlemann
cc58b05d6e
added empty line to end of config file
2016-12-07 17:28:16 +01:00
Andreas Muehlemann
98a27ac3ff
removed DEFAULT section from configfile
2016-12-07 16:36:02 +01:00
Andreas Muehlemann
6853d67a43
fixed more typos
2016-12-07 16:13:46 +01:00
Andreas Muehlemann
6dcc77ba5d
fixed typo
2016-12-07 15:48:08 +01:00
Andreas Muehlemann
a95af26424
changed configparser from python2 to python3
2016-12-07 15:30:49 +01:00
Andreas Muehlemann
1e1796b414
updated missing parenthesis
2016-12-07 15:19:54 +01:00
Andreas Muehlemann
bb62394c1e
Merge branch 'geoip_country'
2016-12-07 14:54:33 +01:00
Andreas Muehlemann
d09c2f3d44
removed unneeded config option for misp
2016-12-07 14:29:11 +01:00
Andreas Muehlemann
6ea7acc5e4
removed debug message
2016-12-07 14:28:27 +01:00
Andreas Muehlemann
f8c7271467
added config option to geoip_country.py
2016-12-07 14:18:21 +01:00
Raphaël Vinot
2e3119b5f4
Add domaintools to the import list
2016-12-01 17:36:40 +01:00
Raphaël Vinot
0f8fa4aaec
Fix Typo
2016-12-01 16:44:29 +01:00
Raphaël Vinot
17205a1913
Add domain profile and reputation
2016-12-01 16:41:50 +01:00
Raphaël Vinot
7db1216efb
Add more comments
2016-12-01 13:45:14 +01:00
Raphaël Vinot
9dbd241e63
fix typo
2016-12-01 12:14:16 +01:00
Raphaël Vinot
6db5436c62
remove json.dumps
2016-12-01 11:54:04 +01:00
Raphaël Vinot
afd8b71349
Avoid passing None in comments
2016-12-01 10:26:40 +01:00
Raphaël Vinot
7c6153478e
Add comments to fields when possible
2016-11-30 18:09:11 +01:00
Raphaël Vinot
48d38c2821
Add initial Domain Tools module
2016-11-28 18:12:31 +01:00
Koen Van Impe
3253d92b42
Submit malware samples
...
_submit now includes malware samples (zipped content from misp)
_import checks when no vti_results are returned + bugfix
2016-11-18 18:23:52 +01:00
Raphaël Vinot
c676587461
Multiple clanges in the vmray modules.
...
* Generic fix to load modules requiring a local library
* Fix python3 support
* PEP8 related cleanups
2016-11-15 16:43:11 +01:00
Koen Van Impe
adda9562c0
VMRay Import & Submit module
...
* First commit
* No support for archives (yet) submit
2016-11-13 21:43:59 +01:00
Roman Graf
03b6fd7b74
label replaced by text, which is existing attribute
2016-10-11 14:48:59 +02:00
Alexandre Dulaunoy
d7137221db
Chg: wikidata module added
2016-10-07 16:21:54 +02:00
Roman Graf
d4370fc0e3
Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term.
2016-10-07 12:57:01 +02:00
Andreas Muehlemann
a568d1a1b3
updated geoip_country to __init__.py
2016-09-28 14:06:18 +02:00
Andreas Muehlemann
4bc76acd37
added geoip_country.py
2016-09-28 14:05:43 +02:00
Andreas Muehlemann
985f9de800
added new module reversedns.py, added reversedns to __init__.py
2016-09-22 11:42:52 +02:00
Raphaël Vinot
a0cce11964
Dump host info as text
2016-09-15 15:59:08 +02:00
Raphaël Vinot
ea2f106b00
Fix typo
2016-09-15 15:32:13 +02:00
Raphaël Vinot
43834b6d51
Add simple Shodan module
2016-09-15 15:11:04 +02:00
Alexandre Dulaunoy
2df8bf970e
Merge pull request #47 from FloatingGhost/CEF_Export
...
CEF export, fixes in CountryCode, virustotal
2016-09-01 19:39:16 +02:00
Hannah Ward
4f923d6606
Removed silly subdomain module
2016-09-01 16:14:25 +01:00
Hannah Ward
a492d975c4
Now searches within observable_compositions
2016-08-19 17:21:12 +01:00
Hannah Ward
9db9247e55
Removed calls to print
2016-08-17 13:04:30 +01:00
Hannah Ward
232014f221
Added virustotal tests
2016-08-17 13:01:11 +01:00
Alexandre Dulaunoy
062f2dfd30
New modules added to __init__
2016-08-17 11:27:07 +02:00
Hannah Ward
4ba86d4fa3
CountryCode JSON now is only grabbed once per server run
2016-08-17 09:51:16 +01:00
Hannah Ward
042bf2bb2f
Added virustotal module
2016-08-17 09:30:15 +01:00
Hannah Ward
0f9221229a
Improved virustotal module
2016-08-15 11:09:40 +01:00
Hannah Ward
917c95cad5
Added countrycode, working on virustotal
2016-08-12 17:40:00 +01:00
Hannah Ward
4f5059fca4
Added lookup by country code
2016-08-12 14:45:28 +01:00
Raphaël Vinot
59b16950f7
Remove bin script, use cleaner way. Fix last commit.
2016-08-12 12:35:33 +02:00
iglocska
6116c017c1
Update to the DNS module to support domain|ip
2016-08-10 17:11:46 +02:00
Raphaël Vinot
b3a322a178
Pass the server port as integer to the uwhois client
2016-08-04 17:44:40 +02:00
Raphaël Vinot
f72534c785
Add whois module
2016-08-04 17:23:23 +02:00
Raphaël Vinot
22eaba6ab6
Make sure misp-modules can be launched from anywhere
2016-06-23 19:51:13 +09:00