MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Compare commits

base: MISP:v2.4.169
Branches Tags
MISP:main
MISP:gh-pages
MISP:master
MISP:new_module
MISP:new_features
MISP:training
MISP:tests
MISP:chrisr3d_patch
MISP:composite_attributes_proposal
MISP:new-html-to-markdown
MISP:features_csvimport
MISP:pipenv
MISP:rommelfs-patch-4
MISP:rommelfs-patch-3
MISP:rommelfs-patch-2
MISP:rommelfs-patch-1
MISP:pr/62
MISP:amuehlem-master
MISP:domtools
MISP:event_exp
MISP:Rafiot-patch-1
MISP:pr/41
MISP:alternate_response
MISP:v2.4.188
MISP:v2.4.187
MISP:v2.4.186
MISP:v2.4.185
MISP:v2.4.184
MISP:v2.4.182
MISP:v2.4.179
MISP:v2.4.176
MISP:v2.4.175
MISP:v2.4.174
MISP:v2.4.173
MISP:v2.4.172
MISP:v2.4.171
MISP:v2.4.170
MISP:v2.4.169
MISP:v2.4.165
MISP:v2.4.163
MISP:v2.4.162
MISP:v2.4.160
MISP:v2.4.159
MISP:v2.4.157
MISP:v2.4.156
MISP:v2.4.154
MISP:v2.4.153
MISP:v2.4.152
MISP:v2.4.151
MISP:v2.4.150
MISP:v2.4.148
MISP:v2.4.147
MISP:v2.4.145
MISP:v2.4.144
MISP:v2.4.143
MISP:v2.4.142
MISP:v2.4.141
MISP:v2.4.137
MISP:v2.4.136
MISP:v2.4.134
MISP:v2.4.121
MISP:v2.4.120
MISP:v2.4.119
MISP:v2.4.118
MISP:v2.4.116
MISP:v2.4.114
MISP:v2.4.113
MISP:v2.4.112
MISP:v2.4.110
MISP:v2.4.106
...
compare: MISP:master
Branches Tags
MISP:main
MISP:gh-pages
MISP:master
MISP:new_module
MISP:new_features
MISP:training
MISP:tests
MISP:chrisr3d_patch
MISP:composite_attributes_proposal
MISP:new-html-to-markdown
MISP:features_csvimport
MISP:pipenv
MISP:rommelfs-patch-4
MISP:rommelfs-patch-3
MISP:rommelfs-patch-2
MISP:rommelfs-patch-1
MISP:pr/62
MISP:amuehlem-master
MISP:domtools
MISP:event_exp
MISP:Rafiot-patch-1
MISP:pr/41
MISP:alternate_response
MISP:v2.4.188
MISP:v2.4.187
MISP:v2.4.186
MISP:v2.4.185
MISP:v2.4.184
MISP:v2.4.182
MISP:v2.4.179
MISP:v2.4.176
MISP:v2.4.175
MISP:v2.4.174
MISP:v2.4.173
MISP:v2.4.172
MISP:v2.4.171
MISP:v2.4.170
MISP:v2.4.169
MISP:v2.4.165
MISP:v2.4.163
MISP:v2.4.162
MISP:v2.4.160
MISP:v2.4.159
MISP:v2.4.157
MISP:v2.4.156
MISP:v2.4.154
MISP:v2.4.153
MISP:v2.4.152
MISP:v2.4.151
MISP:v2.4.150
MISP:v2.4.148
MISP:v2.4.147
MISP:v2.4.145
MISP:v2.4.144
MISP:v2.4.143
MISP:v2.4.142
MISP:v2.4.141
MISP:v2.4.137
MISP:v2.4.136
MISP:v2.4.134
MISP:v2.4.121
MISP:v2.4.120
MISP:v2.4.119
MISP:v2.4.118
MISP:v2.4.116
MISP:v2.4.114
MISP:v2.4.113
MISP:v2.4.112
MISP:v2.4.110
MISP:v2.4.106

7 Commits
v2.4.169 ... master

Author SHA1 Message Date
Alexandre Dulaunoy 0a01b382f4
Merge pull request #633 from amuehlem/master 
adding missing mispattributes
 2023-08-24 14:16:36 +02:00
Andreas Muehlemann 85af573a74 adding missing mispattributes 2023-08-24 13:02:31 +02:00
Alexandre Dulaunoy 53d4cb3860
Merge branch 'main' 2022-10-27 10:16:47 +02:00
Alexandre Dulaunoy 1c963d3482
Merge pull request #589 from amuehlem/master 
added ip-dst|port and ip-src|port to request
 2022-10-21 23:22:43 +02:00
Andreas Muehlemann 8d240e3541
added ip-dst|port and ip-src|port to request 2022-10-20 12:51:35 +02:00
Steve Clement af1739cec5
Merge pull request #531 from SteveClement/master 2021-11-09 23:01:10 +09:00
Steve Clement 70543820eb
chg: [py] updated requirements 2021-11-09 14:51:37 +01:00
2 changed files with 103 additions and 168 deletions
Show Stats Expand all files Collapse all files

263
REQUIREMENTS
View File

@ -1,181 +1,112 @@
-i https://pypi.org/simple -i https://pypi.org/simple
aiohttp==3.8.3 -e .
aiosignal==1.2.0 ; python_version >= '3.6' -e git+https://github.com/D4-project/BGP-Ranking.git/@fd9c0e03af9b61d4bf0b67ac73c7208a55178a54#egg=pybgpranking&subdirectory=client
antlr4-python3-runtime==4.9.3 -e git+https://github.com/D4-project/IPASN-History.git/@fc5e48608afc113e101ca6421bf693b7b9753f9e#egg=pyipasnhistory&subdirectory=client
anyio==3.6.1 ; python_full_version >= '3.6.2' -e git+https://github.com/MISP/PyIntel471.git@0df8d51f1c1425de66714b3a5a45edb69b8cc2fc#egg=pyintel471
-e git+https://github.com/MISP/PyMISP.git@b5b40ae2c5225a4b349c26294cfc012309a61352#egg=pymisp[fileobjects,openioc,virustotal,pdfexport]
-e git+https://github.com/Rafiot/uwhoisd.git@411572840eba4c72dc321c549b36a54ed5cea9de#egg=uwhois&subdirectory=client
-e git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader
-e git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails
-e git+https://github.com/sebdraven/pyonyphe@1ce15581beebb13e841193a08a2eb6f967855fcb#egg=pyonyphe
-e git+https://github.com/stricaud/faup.git#egg=pyfaup&subdirectory=src/lib/bindings/python
aiohttp==3.4.4
antlr4-python3-runtime==4.8 ; python_version >= '3'
apiosintds==1.8.3 apiosintds==1.8.3
appdirs==1.4.4
argparse==1.4.0 argparse==1.4.0
assemblyline-client==4.5.0 assemblyline-client==3.7.3
async-timeout==4.0.2 ; python_version >= '3.6' async-timeout==3.0.1
asynctest==0.13.0 ; python_version < '3.8' attrs==19.3.0
attrs==22.1.0 ; python_version >= '3.5'
backoff==2.1.2 ; python_version >= '3.7' and python_version < '4.0'
backports.zoneinfo==0.2.1 ; python_version < '3.9'
backscatter==0.2.4 backscatter==0.2.4
beautifulsoup4==4.11.1 beautifulsoup4==4.8.2
bidict==0.22.0 ; python_version >= '3.7'
blockchain==1.4.4 blockchain==1.4.4
censys==2.1.8 censys==0.0.8
certifi==2022.9.24 ; python_version >= '3.6' certifi==2019.11.28
cffi==1.15.1 cffi==1.14.0
chardet==5.0.0 chardet==3.0.4
charset-normalizer==2.1.1 ; python_full_version >= '3.6.0'
clamd==1.0.2
click==8.1.3 ; python_version >= '3.7'
click-plugins==1.1.1 click-plugins==1.1.1
colorama==0.4.5 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' click==7.1.1
colorclass==2.2.2 ; python_version >= '2.6' colorama==0.4.3
commonmark==0.9.1 cryptography==2.8
compressed-rtf==1.0.6 decorator==4.4.2
configparser==5.3.0 ; python_version >= '3.7' deprecated==1.2.7
crowdstrike-falconpy==1.2.2 dnspython==1.16.0
cryptography==38.0.1 ; python_version >= '3.6' domaintools-api==0.3.3
dateparser==1.1.1 ; python_version >= '3.5'
decorator==5.1.1 ; python_version >= '3.5'
deprecated==1.2.13 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
dnsdb2==1.1.4
dnspython==2.2.1
domaintools-api==1.0.1
easygui==0.98.3
ebcdic==1.1.1
enum-compat==0.0.3 enum-compat==0.0.3
et-xmlfile==1.1.0 ; python_version >= '3.6' ez-setup==0.9
extract-msg==0.36.3
ezodf==0.3.2 ezodf==0.3.2
filelock==3.8.0 ; python_version >= '3.7' future==0.18.2
frozenlist==1.3.1 ; python_version >= '3.7' futures==3.1.1
future==0.18.2 ; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' geoip2==3.0.0
geoip2==4.6.0 httplib2==0.17.0
h11==0.12.0 ; python_version >= '3.6' idna-ssl==1.1.0 ; python_version < '3.7'
httpcore==0.15.0 ; python_version >= '3.7' idna==2.9
httplib2==0.20.4 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' importlib-metadata==1.6.0 ; python_version < '3.8'
httpx==0.23.0 ; python_version >= '3.7' isodate==0.6.0
idna==3.4 ; python_version >= '3.5' jbxapi==3.4.0
imapclient==2.3.1 jsonschema==3.2.0
importlib-metadata==4.12.0 ; python_version < '3.8' lief==0.10.1
importlib-resources==5.9.0 ; python_version < '3.9' lxml==4.6.4
isodate==0.6.1
itsdangerous==2.1.2 ; python_version >= '3.7'
jaraco.classes==3.2.3 ; python_version >= '3.7'
jbxapi==3.18.0
jeepney==0.8.0 ; sys_platform == 'linux'
jinja2==3.1.2
json-log-formatter==0.5.1
jsonschema==4.16.0 ; python_version >= '3.7'
keyring==23.9.3 ; python_version >= '3.7'
lark-parser==0.12.0
lief==0.12.1
lxml==4.9.1
maclookup==1.0.3 maclookup==1.0.3
markdownify==0.5.3 maxminddb==1.5.2
markupsafe==2.1.1 ; python_version >= '3.7' multidict==4.7.5
mattermostdriver==7.3.2
maxminddb==2.2.0 ; python_version >= '3.6'
.
more-itertools==8.14.0 ; python_version >= '3.5'
msoffcrypto-tool==5.0.0 ; python_version >= '3' and platform_python_implementation != 'PyPy' or (platform_system != 'Windows' and platform_system != 'Darwin')
multidict==6.0.2 ; python_version >= '3.7'
mwdblib==4.3.1
ndjson==0.3.1
np==1.0.2 np==1.0.2
numpy==1.21.6 ; python_version < '3.10' and platform_machine == 'aarch64' numpy==1.21.4
oauth2==1.9.0.post1 oauth2==1.9.0.post1
git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader opencv-python==4.2.0.32
olefile==0.46 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' pandas-ods-reader==0.1.4
oletools==0.60.1 pandas==1.3.4
opencv-python==4.6.0.66 passivetotal==1.0.31
openpyxl==3.0.10 pdftotext==2.1.4
packaging==21.3 ; python_version >= '3.6' pillow==7.0.0
pandas==1.3.5 progressbar2==3.50.1
pandas-ods-reader==0.1.2 psutil==5.7.0
passivetotal==2.5.9 pycparser==2.20
pcodedmp==1.2.6 pycryptodome==3.9.7
pdftotext==2.2.2 pycryptodomex==3.9.7
pillow==9.2.0 pydeep==0.4
pkgutil-resolve-name==1.3.10 ; python_version < '3.9' pyeupi==1.0
progressbar2==4.0.0 ; python_full_version >= '3.7.0'
psutil==5.9.2 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
publicsuffixlist==0.8.0 ; python_version >= '2.6'
git+https://github.com/D4-project/BGP-Ranking.git/@68de39f6c5196f796055c1ac34504054d688aa59#egg=pybgpranking&subdirectory=client
pycparser==2.21
pycryptodome==3.15.0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
pycryptodomex==3.15.0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
pydeep2==0.5.1
git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails
pyeupi==1.1
pyfaup==1.2
pygeoip==0.3.2 pygeoip==0.3.2
pygments==2.13.0 ; python_version >= '3.6' pyopenssl==19.1.0
git+https://github.com/MISP/PyIntel471.git@917272fafa8e12102329faca52173e90c5256968#egg=pyintel471 pyparsing==2.4.6
git+https://github.com/D4-project/IPASN-History.git/@a2853c39265cecdd0c0d16850bd34621c0551b87#egg=pyipasnhistory&subdirectory=client pypdns==1.5.1
pymisp[email,fileobjects,openioc,pdfexport,url]==2.4.162 pypssl==2.1
git+https://github.com/sebdraven/pyonyphe@d1d6741f8ea4475f3bb77ff20c876f08839cabd1#egg=pyonyphe pyrsistent==0.16.0
pyparsing==2.4.7 ; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' pytesseract==0.3.3
pypdns==1.5.2 python-dateutil==2.8.2
pypssl==2.2 python-docx==0.8.10
pyrsistent==0.18.1 ; python_version >= '3.7' python-magic==0.4.15
pytesseract==0.3.10 python-pptx==0.6.18
python-baseconv==1.2.2 python-utils==2.4.0
python-dateutil==2.8.2 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' pytz==2021.3
python-docx==0.8.11 pyyaml==5.3.1
python-engineio==4.3.4 ; python_version >= '3.6' pyzbar==0.1.8
python-magic==0.4.27 pyzipper==0.3.1 ; python_version >= '3.5'
python-pptx==0.6.21 rdflib==4.2.2
python-socketio[client]==5.7.1 ; python_version >= '3.6' redis==3.4.1
python-utils==3.3.3 ; python_version >= '3.7' reportlab==3.5.42
pytz==2019.3 requests-cache==0.5.2
pytz-deprecation-shim==0.1.0.post0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' requests[security]==2.23.0
pyyaml==6.0 ; python_version >= '3.6' shodan==1.22.0
pyzbar==0.1.9 sigmatools==0.16.0
pyzipper==0.3.6 ; python_version >= '3.5' six==1.16.0
rdflib==6.2.0 ; python_version >= '3.7' socketio-client==0.5.6
redis==4.3.4 ; python_version >= '3.6' soupsieve==2.0
regex==2022.3.2 ; python_version >= '3.6' sparqlwrapper==1.8.5
reportlab==3.6.11 stix2-patterns==1.3.0
requests==2.28.1 tabulate==0.8.7
requests-cache==0.6.4 ; python_version >= '3.6' tornado==6.0.4
requests-file==1.5.1 trustar==0.3.28
rfc3986[idna2008]==1.5.0 url-normalize==1.4.1
rich==12.5.1 ; python_full_version >= '3.6.3' and python_full_version < '4.0.0'
rtfde==0.0.2
secretstorage==3.3.3 ; sys_platform == 'linux'
setuptools==65.4.0 ; python_version >= '3.7'
shodan==1.28.0
sigmatools==0.19.1
simplejson==3.17.6 ; python_version >= '2.5' and python_version not in '3.0, 3.1, 3.2, 3.3'
six==1.16.0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
sniffio==1.3.0 ; python_version >= '3.7'
socialscan==1.4.2
socketio-client==0.5.7.4
soupsieve==2.3.2.post1 ; python_version >= '3.6'
sparqlwrapper==2.0.0
stix2==3.0.1
stix2-patterns==2.0.0
tabulate==0.8.10 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
tau-clients==0.2.9
taxii2-client==2.3.0
tldextract==3.3.1 ; python_version >= '3.7'
tornado==6.2 ; python_version >= '3.7'
tqdm==4.64.1 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
git+https://github.com/SteveClement/trustar-python.git@6954eae38e0c77eaeef26084b6c5fd033925c1c7#egg=trustar
typing-extensions==4.3.0 ; python_version < '3.8'
tzdata==2022.4 ; python_version >= '3.6'
tzlocal==4.2 ; python_version >= '3.6'
unicodecsv==0.14.1
url-normalize==1.4.3 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'
urlarchiver==0.2 urlarchiver==0.2
urllib3==1.26.12 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' and python_version < '4' urllib3==1.25.8
validators==0.14.0 validators==0.14.0
vt-graph-api==2.2.0 vt-graph-api==1.0.1
vt-py==0.17.1 vulners==1.5.5
vulners==2.0.4 wand==0.5.9
wand==0.6.10 websocket-client==0.57.0
websocket-client==1.4.1 ; python_version >= '3.7' wrapt==1.12.1
websockets==10.3 ; python_version >= '3.7' xlrd==1.2.0
wrapt==1.14.1 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' xlsxwriter==1.2.8
xlrd==2.0.1
xlsxwriter==3.0.3 ; python_version >= '3.4'
yara-python==3.8.1 yara-python==3.8.1
yarl==1.8.1 ; python_version >= '3.7' yarl==1.4.2
zipp==3.8.1 ; python_version >= '3.7' zipp==3.1.0

8
misp_modules/modules/expansion/reversedns.py
View File

@ -2,10 +2,10 @@ import json
from dns import reversename, resolver, exception from dns import reversename, resolver, exception
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
mispattributes = {'input': ['ip-src', 'ip-dst', 'domain|ip'], 'output': ['hostname']} mispattributes = {'input': ['ip-src', 'ip-dst', 'domain|ip', 'ip-src|port', 'ip-dst|port'], 'output': ['hostname']}
# possible module-types: 'expansion', 'hover' or both # possible module-types: 'expansion', 'hover' or both
moduleinfo = {'version': '0.1', 'author': 'Andreas Muehlemann', moduleinfo = {'version': '0.3', 'author': 'Andreas Muehlemann',
'description': 'Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes', 'description': 'Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes',
'module-type': ['expansion', 'hover']} 'module-type': ['expansion', 'hover']}
@ -23,6 +23,10 @@ def handler(q=False):
toquery = request['ip-src'] toquery = request['ip-src']
elif request.get('domain|ip'): elif request.get('domain|ip'):
toquery = request['domain|ip'].split('|')[1] toquery = request['domain|ip'].split('|')[1]
elif request.get('ip-src|port'):
toquery = request['ip-src|port'].split('|')[0]
elif request.get('ip-dst|port'):
toquery = request['ip-dst|port'].split('|')[0]
else: else:
return False return False