chg: [misp-modules] web interface

pull/25/head
David Cruciani 2024-07-08 16:03:26 +02:00
parent 757796c12f
commit f3814ee7a5
No known key found for this signature in database
GPG Key ID: 8690CDE1E3994B9B
5 changed files with 88 additions and 30 deletions

View File

@ -124,7 +124,7 @@
\begin{frame}[fragile] \begin{frame}[fragile]
\frametitle{Finding available MISP modules} \frametitle{Finding available MISP modules}
\begin{itemize} \begin{itemize}
\item curl -s http://127.0.0.1:6666/modules \item curl -s http://127.0.0.1:6666/modules | jq .
\end{itemize} \end{itemize}
\begin{adjustbox}{width=\textwidth,height=6cm,keepaspectratio} \begin{adjustbox}{width=\textwidth,height=6cm,keepaspectratio}
\begin{lstlisting}[language=json,firstnumber=1] \begin{lstlisting}[language=json,firstnumber=1]
@ -305,10 +305,12 @@
\begin{lstlisting}[language=python] \begin{lstlisting}[language=python]
import json import json
import dns.resolver import dns.resolver
misperrors = {'error' : 'Error'} misperrors = {'error': 'Error'}
mispattributes = {'input': ['hostname', 'domain'], 'output': ['ip-src', 'ip-dst']} mispattributes = {'input': ['hostname', 'domain', 'domain|ip'], 'output': ['ip-src','ip-dst']}
moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', moduleinfo = {'version': '0.3', 'author': 'Alexandre Dulaunoy','description': 'Simple DNS expansion service to resolve IP address from MISP attributes',
'description': 'Simple DNS expansion service to resolve IP address from MISP attributes', 'module-type': ['expansion','hover']} 'module-type': ['expansion', 'hover']}
moduleconfig = ['nameserver']
def handler(q=False): def handler(q=False):
if q is False: if q is False:
return False return False
@ -317,30 +319,36 @@
toquery = request['hostname'] toquery = request['hostname']
elif request.get('domain'): elif request.get('domain'):
toquery = request['domain'] toquery = request['domain']
elif request.get('domain|ip'):
toquery = request['domain|ip'].split('|')[0]
else: else:
return False return False
r = dns.resolver.Resolver() r = dns.resolver.Resolver()
r.timeout = 2 r.timeout = 2
r.lifetime = 2 r.lifetime = 2
if request.get('config'):
if request['config'].get('nameserver'):
nameservers = []
nameservers.append(request['config'].get('nameserver'))
r.nameservers = nameservers
else:
r.nameservers = ['8.8.8.8'] r.nameservers = ['8.8.8.8']
try: try:
answer = r.query(toquery, 'A') answer = r.resolve(toquery, 'A')
except dns.resolver.NXDOMAIN: except dns.resolver.NXDOMAIN:
misperrors['error'] = "NXDOMAIN" misperrors['error'] = "NXDOMAIN"
return misperrors return misperrors
except dns.exception.Timeout: except ...
misperrors['error'] = "Timeout"
return misperrors return {'results': [{'types': mispattributes['output'], 'values':[str(answer[0])]}]}
except:
misperrors['error'] = "DNS resolving error"
return misperrors
r = {'results': [{'types': mispattributes['output'], 'values':[str(answer[0])]}]}
return r
def introspection(): def introspection():
return mispattributes return mispattributes
def version(): def version():
moduleinfo['config'] = moduleconfig
return moduleinfo return moduleinfo
\end{lstlisting} \end{lstlisting}
\end{adjustbox} \end{adjustbox}
@ -375,13 +383,20 @@
\begin{lstlisting}[language=python] \begin{lstlisting}[language=python]
# Configuration at the top # Configuration at the top
moduleconfig = ['username', 'password'] moduleconfig = ['username', 'password']
# Code block in the handler # Code block in the handler
if request.get('config'): if not request.get('config'):
if (request['config'].get('username') is None) or (request['config'].get('password') is None): return {'error': 'CIRCL Passive SSL authentication is missing.'}
misperrors['error'] = 'CIRCL Passive SSL authentication is missing'
return misperrors if not request['config'].get('username') or not request['config'].get('password'):
return {'error': 'CIRCL Passive SSL authentication is incomplete, please provide your username and password.'}
authentication = (request['config']['username'], request['config']['password'])
if not request.get('attribute') or not check_input_attribute(request['attribute']):
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
attribute = request['attribute']
- -
x = pypssl.PyPSSL(basic_auth=(request['config']['username'], request['config']['password'])) pssl_parser = PassiveSSLParser(attribute, authentication)
\end{lstlisting} \end{lstlisting}
\end{adjustbox} \end{adjustbox}
@ -398,12 +413,12 @@
\item DNS resolver \item DNS resolver
\item DomainTools \item DomainTools
\item eupi (checking url in phishing database) \item eupi (checking url in phishing database)
\item IntelMQ (experimental)
\item ipasn \item ipasn
\item PassiveTotal - http://blog.passivetotal.org/misp-sharing-done-differently \item PassiveTotal - http://blog.passivetotal.org/misp-sharing-done-differently
\item sourcecache \item sourcecache
\item Virustotal \item Virustotal
\item Whois \item Whois
\item ...
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -660,10 +675,53 @@
\end{frame} \end{frame}
\begin{frame}[fragile] \begin{frame}[fragile]
\frametitle{New expansion \& import modules view (MISP 2.4.110} \frametitle{New expansion \& import modules view (MISP 2.4.110)}
\includegraphics[scale=0.2]{new_format_view.png} \includegraphics[scale=0.2]{new_format_view.png}
\end{frame} \end{frame}
\begin{frame}[fragile]
\frametitle{New - Standalone Functionality}
\begin{itemize}
\item Flexibility, no need to install MISP
\item User friendly interface
\item Easiest way to test new modules
\end{itemize}
\end{frame}
\begin{frame}[fragile]
\frametitle{Web interface - Query}
\begin{itemize}
\item Add multiple entries
\item Choose different modules
\end{itemize}
\includegraphics[scale=0.23]{screenshots/misp_module_index.png}
\end{frame}
\begin{frame}[fragile]
\frametitle{Web interface - Results}
\begin{itemize}
\item Multiple tabs for visualization in different formats
\end{itemize}
\includegraphics[scale=0.23]{screenshots/misp_module_results.png}
\end{frame}
\begin{frame}[fragile]
\frametitle{Web interface - History}
\begin{itemize}
\item Save your researches and pivot from them
\end{itemize}
\includegraphics[scale=0.23]{screenshots/misp_module_history.png}
\end{frame}
\begin{frame}[fragile]
\begin{itemize}
\item Export results to other tools. (Still in dev)
\end{itemize}
\frametitle{Web interface - External tools (Dev)}
\includegraphics[scale=0.23]{screenshots/misp_module_external_tools.png}
\end{frame}
\begin{frame}[fragile] \begin{frame}[fragile]
\frametitle{Future of the modules system} \frametitle{Future of the modules system}
\begin{itemize} \begin{itemize}

Binary file not shown.

After

Width:  |  Height:  |  Size: 52 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 42 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 50 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 105 KiB