MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
Modules for expansion services, import and export in MISP http://misp.github.io/misp-modules
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1405 Commits
24 Branches
23 Tags
11 MiB
 
 
 
 
Tree: b2c8f79220
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b2c8f79220'
${ noResults }
misp-modules/misp_modules/modules/expansion/btc_scam_check.py

44 lines
1.2 KiB
Raw Blame History

import json
import sys
try:
from dns.resolver import Resolver, NXDOMAIN
from dns.name import LabelTooLong
resolver = Resolver()
resolver.timeout = 1
resolver.lifetime = 1
except ImportError:
sys.exit("dnspython3 in missing. use 'pip install dnspython3' to install it.")
misperrors = {'error': 'Error'}
mispattributes = {'input': ['btc'], 'output': ['text']}
moduleinfo = {'version': '0.1', 'author': 'Christian Studer',
'description': 'Checks if a BTC address has been abused.',
'module-type': ['hover']}
moduleconfig = []
url = 'bl.btcblack.it'
def handler(q=False):
if q is False:
return False
request = json.loads(q)
btc = request['btc']
query = f"{btc}.{url}"
try:
result = ' - '.join([str(r) for r in resolver.query(query, 'TXT')])[1:-1]
except NXDOMAIN:
result = f"{btc} is not known as a scam address."
except LabelTooLong:
result = f"{btc} is probably not a valid BTC address."
return {'results': [{'types': mispattributes['output'], 'values': result}]}
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo