seamus tuohy
83a9d695ea
Email import no longer unzips major compressed text document formats.
...
Let this commit serve as a warning about the perils of duck typing.
Word documents (docx,odt,etc) were being uncompressed when they were
attached to emails. The email importer now checks a list of well known
extensions and will not attempt to unzip them.
It is stuck using a list of extensions instead of using file magic because
many of these formats produce an application/zip mimetype when scanned.
2017-01-10 09:55:33 -05:00
Raphaël Vinot
1051e2210b
Keep zip content as binary
2017-01-07 19:30:00 -05:00
Raphaël Vinot
9f84db3659
Fix tests, cleanup
2017-01-07 18:36:08 -05:00
Raphaël Vinot
2db845c45c
Improve support of email attachments
...
Related to #90
2017-01-07 14:39:52 -05:00
Raphaël Vinot
b51806ac9f
Improve support of email importer if headers are missing
...
Fix #88
2017-01-07 10:25:38 -05:00
Raphaël Vinot
02f5e95a98
Fix python 3.6 support
2017-01-06 20:36:09 -05:00
Raphaël Vinot
329586768b
Make PEP8 happy
2017-01-06 20:10:44 -05:00
Raphaël Vinot
7a9774bff7
Add email_import in the modules loaded by default
2017-01-06 19:23:23 -05:00
Raphaël Vinot
93a49c3c1d
Make PEP8 happy
2017-01-06 19:01:19 -05:00
Raphaël Vinot
3f83357a2d
Fix failing test (bug in the mail parser?)
2017-01-06 18:56:29 -05:00
seamus tuohy
1a7973bc06
Add additional email parsing and tests
...
Added additional attribute parsing and corresponding unit-tests.
E-mail attachment and url extraction added in this commit. This includes
unpacking zipfiles and simple password cracking of encrypted zipfiles.
2017-01-04 10:21:36 -08:00
seamus tuohy
0ff270a3be
Fixed basic errors
2016-12-26 14:33:10 -08:00
seamus tuohy
08261366b7
Merged with current master
2016-12-26 14:17:20 -08:00
seamus tuohy
86ae72c444
Added attachment and url support
2016-12-26 13:55:54 -08:00
Ubuntu
b76f59edcb
Added cuckooimport.py
2016-12-07 16:36:31 +00:00
Koen Van Impe
077470b8ed
Merge remote-tracking branch 'MISP/master'
2016-11-30 13:06:43 +01:00
Koen Van Impe
cb29506640
Extra VTI detections
2016-11-27 22:42:43 +01:00
Raphaël Vinot
79a0b9e667
Merge pull request #73 from FloatingGhost/master
...
Use SpooledTemp, not NamedTemp file
2016-11-21 16:37:11 +01:00
Hannah Ward
1f49f36205
Removed unneeded modules
2016-11-21 13:05:07 +00:00
Hannah Ward
0dfea44001
Use SpooledTemp, not NamedTemp file
2016-11-21 11:57:04 +00:00
Raphaël Vinot
e78e008aa3
Merge pull request #72 from FloatingGhost/master
...
Migrated stiximport to use misp-stix-converter
2016-11-21 12:06:16 +01:00
Hannah Ward
c567d1e6f2
Moved to misp_stix_converter
2016-11-21 10:59:30 +00:00
Koen Van Impe
3253d92b42
Submit malware samples
...
_submit now includes malware samples (zipped content from misp)
_import checks when no vti_results are returned + bugfix
2016-11-18 18:23:52 +01:00
Raphaël Vinot
5624104b77
Fix STIX import module
2016-11-15 16:47:17 +01:00
Raphaël Vinot
c676587461
Multiple clanges in the vmray modules.
...
* Generic fix to load modules requiring a local library
* Fix python3 support
* PEP8 related cleanups
2016-11-15 16:43:11 +01:00
Koen Van Impe
adda9562c0
VMRay Import & Submit module
...
* First commit
* No support for archives (yet) submit
2016-11-13 21:43:59 +01:00
seamus tuohy
5033b1a9ca
Added email meta-data import module.
...
This email meta-data import module collects basic meta-data from an e-mail
and populates an event with it. It populates the email subject, source
addresses, destination addresses, subject, and any attachment file names.
This commit also contains unit-tests for this module as well as updates to
the readme. Readme updates are additions aimed to make it easier for
outsiders to build modules.
2016-10-22 17:13:20 -04:00
Hannah Ward
0521833c65
Removed useless pickle storage of stiximport
2016-09-06 14:12:09 +01:00
Hannah Ward
a492d975c4
Now searches within observable_compositions
2016-08-19 17:21:12 +01:00
Hannah Ward
6db269f965
stiximport now uses temporary files to store stix data.
...
Set max size in config, in bytes
2016-08-12 13:53:23 +01:00
Raphaël Vinot
c6fccf1b7e
Make PEP8 happy \o/
2016-08-12 14:09:59 +02:00
Raphaël Vinot
91675a635c
Move stiximport.py to misp_modules/modules/import_mod/
2016-08-12 14:08:47 +02:00
Raphaël Vinot
59b16950f7
Remove bin script, use cleaner way. Fix last commit.
2016-08-12 12:35:33 +02:00