Merge pull request #250 from davidonzo/main
Added DigitalSide.IT warninglist (false positive detection)pull/251/head
commit
a345cc1f7d
|
@ -89,7 +89,7 @@ are reused in many other open source projects.
|
||||||
- [vpn-ipv6/list.json](./lists/vpn-ipv6/list.json) - **Specialized list of IPv6 addresses belonging to common VPN providers and datacenters** - _Specialized list of IPv6 addresses belonging to common VPN providers and datacenters_
|
- [vpn-ipv6/list.json](./lists/vpn-ipv6/list.json) - **Specialized list of IPv6 addresses belonging to common VPN providers and datacenters** - _Specialized list of IPv6 addresses belonging to common VPN providers and datacenters_
|
||||||
- [whats-my-ip/list.json](./lists/whats-my-ip/list.json) - **List of known domains to know external IP** - _Event contains one or more entries of known 'what's my ip' domains_
|
- [whats-my-ip/list.json](./lists/whats-my-ip/list.json) - **List of known domains to know external IP** - _Event contains one or more entries of known 'what's my ip' domains_
|
||||||
- [wikimedia/list.json](./lists/wikimedia/list.json) - **List of known Wikimedia address ranges** - _Wikimedia address ranges (http://noc.wikimedia.org/conf/reverse-proxy.php.txt)_
|
- [wikimedia/list.json](./lists/wikimedia/list.json) - **List of known Wikimedia address ranges** - _Wikimedia address ranges (http://noc.wikimedia.org/conf/reverse-proxy.php.txt)_
|
||||||
|
- [digitalside/list.json](./lists/digitalside/list.json) - **List of known domains to be marked as false positive** - _Malicious urls are spread using legitimate domains. File sharing services, CDN hosts and social netowrks are common examples._
|
||||||
# Format of a warning list
|
# Format of a warning list
|
||||||
|
|
||||||
~~~~json
|
~~~~json
|
||||||
|
|
|
@ -35,6 +35,7 @@ python3 generate-smtp.py
|
||||||
python3 generate-tenable.py
|
python3 generate-tenable.py
|
||||||
python3 generate-microsoft-azure-appid.py
|
python3 generate-microsoft-azure-appid.py
|
||||||
python3 generate-chrome-crux-1m.py
|
python3 generate-chrome-crux-1m.py
|
||||||
|
python3 generate-digitalside.py
|
||||||
popd
|
popd
|
||||||
|
|
||||||
./jq_all_the_things.sh
|
./jq_all_the_things.sh
|
||||||
|
|
|
@ -0,0 +1,47 @@
|
||||||
|
{
|
||||||
|
"description": "\"OSINT DigitalSide Threat-Intel Repository - MISP Warninglist - List of domains should be marked as false positive in the related MISP event with IDS attribute not flagged",
|
||||||
|
"list": [
|
||||||
|
"amazonaws.com",
|
||||||
|
"backblaze.com",
|
||||||
|
"backblazeb2.com",
|
||||||
|
"bitbucket.org",
|
||||||
|
"box.com",
|
||||||
|
"cdn.discordapp.com",
|
||||||
|
"codeberg.org",
|
||||||
|
"codeload.github.com",
|
||||||
|
"deac-ams.dl.sourceforge.net",
|
||||||
|
"dl.dropboxusercontent.com",
|
||||||
|
"drive.google.com",
|
||||||
|
"dropbox.com",
|
||||||
|
"dropboxusercontent.com",
|
||||||
|
"files.catbox.moe",
|
||||||
|
"files.slack.com",
|
||||||
|
"github.com",
|
||||||
|
"gitlab.com",
|
||||||
|
"google.com",
|
||||||
|
"i.imgur.com",
|
||||||
|
"icloud.com",
|
||||||
|
"link.storjshare.io",
|
||||||
|
"media.discordapp.net",
|
||||||
|
"pastebin.com",
|
||||||
|
"raw.githubusercontent.com",
|
||||||
|
"s3.amazonaws.com",
|
||||||
|
"s3.eu-central-2.wasabisys.com",
|
||||||
|
"sptrack.trello.com",
|
||||||
|
"static.wixstatic.com",
|
||||||
|
"storage.googleapis.com",
|
||||||
|
"transfer.sh",
|
||||||
|
"trello.com",
|
||||||
|
"vk.com",
|
||||||
|
"www.dl.dropboxusercontent.com",
|
||||||
|
"www.zipshare.com",
|
||||||
|
"zipshare.com"
|
||||||
|
],
|
||||||
|
"matching_attributes": [
|
||||||
|
"hostname",
|
||||||
|
"domain"
|
||||||
|
],
|
||||||
|
"name": "OSINT.DigitalSide.IT Warning List",
|
||||||
|
"type": "hostname",
|
||||||
|
"version": 20230622
|
||||||
|
}
|
|
@ -0,0 +1,26 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
from generator import download, get_version, write_to_file
|
||||||
|
|
||||||
|
|
||||||
|
def process(url, dst):
|
||||||
|
DSList = download(url).text.strip().split("\n")
|
||||||
|
|
||||||
|
warninglist = {
|
||||||
|
'name': 'OSINT.DigitalSide.IT Warning List',
|
||||||
|
'version': get_version(),
|
||||||
|
'description': '"OSINT DigitalSide Threat-Intel Repository - MISP Warninglist - List of domains should be marked as false positive in the related MISP event with IDS attribute not flagged',
|
||||||
|
'type': 'hostname',
|
||||||
|
'list': DSList,
|
||||||
|
'matching_attributes': ["hostname", "domain"]
|
||||||
|
}
|
||||||
|
|
||||||
|
write_to_file(warninglist, dst)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
digitalside_url = 'https://raw.githubusercontent.com/davidonzo/Threat-Intel-Domain-WL/main/OSINT.DigitalSide-Threat-Intel-Domain-WL.txt'
|
||||||
|
digitalside_dst = 'digitalside'
|
||||||
|
|
||||||
|
process(digitalside_url, digitalside_dst)
|
Loading…
Reference in New Issue