import json import requests import re misperrors = {'error': 'Error'} mispattributes = {'input': ["hostname", "domain", "ip-src", "ip-dst", "md5", "sha1", "sha256", "sha512", "whois-registrant-email"], 'output': ["domain", "ip-src", "ip-dst", "text", "md5", "sha1", "sha256", "sha512", "hostname", "whois-registrant-email"] } # possible module-types: 'expansion', 'hover' or both moduleinfo = {'version': '1', 'author': 'chrisdoman', 'description': 'Get information from ThreatCrowd', 'module-type': ['expansion']} moduleconfig = [] # Avoid adding windows update to enrichment etc. def isBlacklisted(value): blacklist = ['8.8.8.8', '255.255.255.255', '192.168.56.' , 'time.windows.com'] for b in blacklist: if value in b: return True return False def valid_ip(ip): m = re.match(r"^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$", ip) return bool(m) and all(map(lambda n: 0 <= int(n) <= 255, m.groups())) def valid_domain(hostname): if len(hostname) > 255: return False if hostname[-1] == ".": hostname = hostname[:-1] # strip exactly one dot from the right, if present allowed = re.compile("(?!-)[A-Z\d-]{1,63}(?