MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
Modules for expansion services, import and export in MISP http://misp.github.io/misp-modules
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
534 Commits
25 Branches
35 Tags
16 MiB
 
 
 
 
Tag: Branch: Tree: c14d05adef
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c14d05adef'
${ noResults }
misp-modules/misp_modules/modules/expansion/sourcecache.py

45 lines
1.5 KiB
Raw Blame History

import json
from url_archiver import url_archiver
misperrors = {'error': 'Error'}
mispattributes = {'input': ['link', 'url'], 'output': ['attachment', 'malware-sample']}
moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', 'description': 'Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.', 'module-type': ['expansion']}
moduleconfig = ['archivepath']
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if (request.get('config')):
archive_path = request['config']['archivepath']
else:
archive_path = '/tmp/'
if request.get('link'):
tocache = request['link']
data = __archiveLink(archive_path, tocache)
mispattributes['output'] = ['attachment']
elif request.get('url'):
tocache = request['url']
data = __archiveLink(archive_path, tocache)
mispattributes['output'] = ['malware-sample']
else:
misperrors['error'] = "Link is missing"
return misperrors
enc_data = data.decode('ascii')
r = {'results': [{'types': mispattributes['output'], 'values': tocache, 'data': enc_data}]}
return r
def __archiveLink(archive_path, tocache):
archiver = url_archiver.Archive(archive_path=archive_path)
return archiver.fetch(url=tocache, armor=True)
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo