mirror of https://github.com/MISP/misp-modules
Modules for expansion services, import and export in MISP
http://misp.github.io/misp-modules
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
86 lines
2.9 KiB
86 lines
2.9 KiB
import json |
|
from pyzbar import pyzbar |
|
import cv2 |
|
import re |
|
import binascii |
|
import np |
|
|
|
misperrors = {'error': 'Error'} |
|
mispattributes = {'input': ['attachment'], |
|
'output': ['url', 'btc']} |
|
moduleinfo = {'version': '0.1', 'author': 'Sascha Rommelfangen', |
|
'description': 'QR code decoder', |
|
'module-type': ['expansion', 'hover']} |
|
|
|
debug = True |
|
debug_prefix = "[DEBUG] QR Code module: " |
|
# format example: bitcoin:1GXZ6v7FZzYBEnoRaG77SJxhu7QkvQmFuh?amount=0.15424 |
|
# format example: http://example.com |
|
cryptocurrencies = {'bitcoin'} |
|
schemas = {'http://', 'https://', 'ftp://'} |
|
moduleconfig = [] |
|
|
|
def handler(q=False): |
|
if q is False: |
|
return False |
|
q = json.loads(q) |
|
filename = q['attachment'] |
|
try: |
|
img_array = np.fromstring(binascii.a2b_base64(q['data']), np.uint8) |
|
except: |
|
err = "Couldn't fetch attachment (JSON 'data' is empty). Are you using the 'Query enrichment' action?" |
|
misperrors['error'] = err |
|
print(err) |
|
return misperrors |
|
image = cv2.imdecode(img_array, cv2.IMREAD_COLOR) |
|
if q: |
|
barcodes = pyzbar.decode(image) |
|
for item in barcodes: |
|
try: |
|
result = item.data.decode() |
|
except Exception as e: |
|
print(e) |
|
return |
|
if debug: |
|
print(debug_prefix + result) |
|
for item in cryptocurrencies: |
|
if item in result: |
|
try: |
|
currency, address, extra = re.split('\:|\?', result) |
|
except Exception as e: |
|
print(e) |
|
if currency in cryptocurrencies: |
|
try: |
|
amount = re.split('=', extra)[1] |
|
if debug: |
|
print(debug_prefix + address) |
|
print(debug_prefix + amount) |
|
return {'results': [{'types': ['btc'], 'values': address, 'comment': "BTC: " + amount + " from file " + filename}]} |
|
except Exception as e: |
|
print(e) |
|
else: |
|
print(address) |
|
for item in schemas: |
|
if item in result: |
|
try: |
|
url = result |
|
if debug: |
|
print(debug_prefix + url) |
|
return {'results': [{'types': ['url'], 'values': url, 'comment': "from QR code of file " + filename}]} |
|
except Exception as e: |
|
print(e) |
|
else: |
|
try: |
|
return {'results': [{'types': ['text'], 'values': result, 'comment': "from QR code of file " + filename}]} |
|
except Exception as e: |
|
print(e) |
|
misperrors['error'] = "Couldn't decode QR code in attachment." |
|
return misperrors |
|
|
|
def introspection(): |
|
return mispattributes |
|
|
|
|
|
def version(): |
|
moduleinfo['config'] = moduleconfig |
|
return moduleinfo
|
|
|