Beispiel #1
0
    def fetch(observable, api_key):
        """
        :param observable: The extended observable klass
        :param api_key: The api key obtained from Malshare
        :return:  malshare json response or None if error
        """

        try:
            params = {
                'hash': observable.value,
                'api_key': api_key,
                'action': 'details'
            }
            response = requests.get('https://malshare.com/api.php',
                                    params=params)
            if response.ok:
                return response.json()
            else:
                raise GenericYetiError(
                    'Could not retrieve feed, HTTP response: {}'.format(
                        response.status_code))
        except Exception:
            # TODO(sebdraven): Catch a better exception
            raise GenericYetiError(
                'Could not retrieve feed, HTTP response: {}'.format(
                    response.status_code))
        return None
Beispiel #2
0
    def fetch(observable):

        types = {
            "Ip": 'ip:"{}"',
            "Hostname": 'domain:"{}"',
            "Url": 'url:"{}"',
            "Hash": 'hash:"{}"',
        }

        params = {"q": types[observable.type].format(observable.value)}
        try:
            response = requests.get(UrlScanIoApi.API_URL,
                                    params=params,
                                    proxies=yeti_config.proxy)
            if not response.ok:
                raise GenericYetiError("Status code: ".format(
                    response.status_code))

            if response.json().get("total", 0) > 0:
                return response.json()["results"]

            return None
        except Exception as e:
            raise GenericYetiError("Hit an error checking {},{}".format(
                observable.value, e))
Beispiel #3
0
    def fetch(observable):

        try:
            r = requests.get("https://emailrep.io/{}".format(observable.value))
            if r.ok:
                return r.json()
            raise GenericYetiError("{} - {}".format(r.status_code, r.content))
        except requests.exceptions.RequestException as e:
            logging.error(e)
            raise GenericYetiError("{} - {}".format(r.status_code, r.content))
Beispiel #4
0
 def fetch(observable, params, uri):
     try:
         url = ThreatMinerApi.API_URL + uri
         response = requests.get(
             url, params=params, proxies=yeti_config.proxy)
         if not response.ok:
             raise GenericYetiError("Status code: ".format(response.status_code))
         return response.json()
     except Exception as e:
         raise GenericYetiError("Hit an error checking {},{}".format(
             observable.value, e
         ))
Beispiel #5
0
    def _make_request(self, headers={}, auth=None, params={}, url=False):
        """Helper function. Performs an HTTP request on ``source`` and returns request object.

        Args:
            headers:    Optional headers to be added to the HTTP request.
            auth:       Username / password tuple to be sent along with the HTTP request.
            params:     Optional param to be added to the HTTP request.

        Returns:
            requests object.
        """

        if auth:
            r = requests.get(url or self.source,
                             headers=headers,
                             auth=auth,
                             proxies=yeti_config.proxy,
                             params=params)
        else:
            r = requests.get(url or self.source,
                             headers=headers,
                             proxies=yeti_config.proxy)

        if r.status_code != 200:
            raise GenericYetiError("{} returns code: {}".format(
                self.source, r.status_code))

        return r
Beispiel #6
0
    def _make_request(
        self,
        method="get",
        headers={},
        auth=None,
        params={},
        data={},
        url=False,
        verify=True,
        sort=True,
    ):
        """Helper function. Performs an HTTP request on ``source`` and returns request object.

        Args:
            method:     Optional HTTP method to use GET/POST/etc lowercase
            headers:    Optional headers to be added to the HTTP request.
            auth:       Username / password tuple to be sent along with the HTTP request.
            params:     Optional param to be added to the HTTP GET request.
            data:       Optional param to be added to the HTTP POST request.
            url:        Optional url to be fetched instead of self.source
            verify:     optional verify to verify domain certificate

        Returns:
            requests object.
        """
        if auth:
            r = getattr(requests, method)(
                url or self.source,
                headers=headers,
                auth=auth,
                proxies=yeti_config.proxy,
                params=params,
                data=data,
                verify=verify,
                stream=True,
            )
        else:
            r = getattr(requests, method)(
                url or self.source,
                headers=headers,
                proxies=yeti_config.proxy,
                params=params,
                data=data,
                verify=verify,
                stream=True,
            )

        if r.status_code != 200:
            raise GenericYetiError("{} returns code: {}".format(
                self.source, r.status_code))
        if sort:
            if self.last_run is not None and r.headers.get("Last-Modified"):
                last_mod = parser.parse(r.headers["Last-Modified"])
                if self.last_run and self.last_run > last_mod.replace(
                        tzinfo=None):
                    raise GenericYetiInfo(
                        "Last modified date: {} returns code: {}".format(
                            last_mod, r.status_code))

        return r
Beispiel #7
0
    def _make_request(self,
                      headers={},
                      auth=None,
                      params={},
                      url=False,
                      verify=True):
        """Helper function. Performs an HTTP request on ``source`` and returns request object.

        Args:
            headers:    Optional headers to be added to the HTTP request.
            auth:       Username / password tuple to be sent along with the HTTP request.
            params:     Optional param to be added to the HTTP request.
            url:        Optional url to be fetched instead of self.source
            verify:     optional verify to verify domain certificate

        Returns:
            requests object.
        """

        if auth:
            r = requests.get(url or self.source,
                             headers=headers,
                             auth=auth,
                             proxies=yeti_config.proxy,
                             params=params,
                             verify=verify)
        else:
            r = requests.get(url or self.source,
                             headers=headers,
                             proxies=yeti_config.proxy,
                             params=params,
                             verify=verify)

        if r.status_code != 200:
            raise GenericYetiError("{} returns code: {}".format(
                self.source, r.status_code))

        if self.last_run is not None and r.headers.get('Last-Modified'):
            since_last_run = datetime.utcnow() - self.frequency
            last_mod = parser.parse(r.headers['Last-Modified'])
            if since_last_run > last_mod.replace(tzinfo=None):
                raise GenericYetiError(
                    "Last modified date: {} returns code: {}".format(
                        last_mod, r.status_code))

        return r
Beispiel #8
0
    def subclass_from_name(cls, subclass_name):
        """Return an inherited class based on his Parent and the type given by the string
            `subclass_name`. This will raise `GenericYetiError` exception if no type matching the
            given name can be found
        """
        for subcls in cls.__subclasses__():
            if subcls.__name__ == subclass_name:
                return subcls

        raise GenericYetiError("{} is not a subclass of {}".format(
            subclass_name, cls.__name__))
Beispiel #9
0
def aux_checker(json_result):
    if not json_result or not json_result.get("results"):
        raise GenericYetiError("Results missed")

    json_string = json.dumps(json_result,
                             sort_keys=True,
                             indent=4,
                             separators=(",", ": "))

    result = {
        "raw": json_string,
        "source": "threatminer_query",
    }

    _results = json_result.get("results")

    return _results, result