def test_defang(self):
self.assertEqual(iocextract.defang('http://example.com/some/lo.ng/path.ext/'),
'hxxp://example[.]com/some/lo.ng/path.ext/')
self.assertEqual(iocextract.defang('http://example.com/path.ext'), 'hxxp://example[.]com/path.ext')
self.assertEqual(iocextract.defang('http://127.0.0.1/path.ext'), 'hxxp://127[.]0[.]0[.]1/path.ext')
self.assertEqual(iocextract.defang('http://example.com/'), 'hxxp://example[.]com/')
self.assertEqual(iocextract.defang('https://example.com/'), 'hxxps://example[.]com/')
self.assertEqual(iocextract.defang('ftp://example.com/'), 'fxp://example[.]com/')
self.assertEqual(iocextract.defang('example.com'), 'example[.]com')
self.assertEqual(iocextract.defang('example.com/'), 'example[.]com/')
self.assertEqual(iocextract.defang('example.com/some/lo.ng/path.ext/'), 'example[.]com/some/lo.ng/path.ext/')
self.assertEqual(iocextract.defang('127.0.0.1'), '127[.]0[.]0[.]1')
def extract_iocs():
file = input("File you want to extract IOCs from(full file path): ")
iocs = []
with open(file, "r") as f:
f = f.read()
print(f"{green}\nIOCs extracted:\n{reset}")
for everything in iocextract.extract_iocs(f):
iocs.append(iocextract.defang(everything))
print(f"{red}{iocextract.defang(everything)}{reset}")
iocs = "\n".join(iocs)
Files.mk_file("extract_iocs.txt", iocs)
def format_message(self, message: str, **kwargs):
"""Allow string interpolation with artifact contents.
Supported variables:
* {ipaddress}
* {defanged}
* All supported variables from Artifact.format_message
"""
return super().format_message(
message, ipaddress=str(self), defanged=iocextract.defang(str(self))
)
def format_message(self, message, **kwargs):
"""Allow string interpolation with artifact contents.
Supported variables:
* {url}
* {defanged}
* {domain}
* All supported variables from Artifact.format_message
"""
return super(URL, self).format_message(message,
url=str(self),
domain=self.domain(),
defanged=iocextract.defang(
str(self)))
def make_pdf_content(self, response, feed):
self.package_id = feed.package_id
self.tlp = feed.tlp
feed_pdf_stix = _get_feed_pdf_stix(feed)
# style変更
styles = getSampleStyleSheet()
for name in ('Normal', 'BodyText', 'Title', 'Heading1', 'Heading2',
'Heading3', 'Heading4', 'Heading5', 'Heading6', 'Bullet',
'Definition', 'Code'):
styles[name].wordWrap = 'CJK'
styles[name].fontName = 'meiryo'
# doc作成
doc = SimpleDocTemplate(response, pagesize=portrait(A4))
story = []
# Title
string = '<b>Title:</b> %s' % iocextract.defang(feed.title)
story.append(Paragraph(string, styles['Normal']))
# Author
if feed.administrative_code is None:
administrative_code = '-'
else:
administrative_code = feed.administrative_code
if feed.country_code is None:
country_code = '-'
else:
country_code = feed.country_code
string = '%s (%s - %s, %s)' % (feed.user.get_screen_name(),
feed.user.get_sector_display(),
administrative_code, country_code)
txt = '<b>Author:</b> %s' % (string)
story.append(Paragraph(txt, styles['Normal']))
# Produced Time
ts = feed_pdf_stix.get_timestamp()
txt = '<b>Produced Time:</b> %s' % (ts)
story.append(Paragraph(txt, styles['Normal']))
# STIX Package ID
string = str(feed.package_id)
txt = '<b>STIX Package ID:</b> %s' % (string)
story.append(Paragraph(txt, styles['Normal']))
# 空行
story.append(Spacer(1, 1.0 * cm))
# content
txt = '<b>Content:</b>'
story.append(Paragraph(txt, styles['Normal']))
txt = iocextract.defang(feed.post)
story.append(Paragraph(txt, styles['Normal']))
# 空行
story.append(Spacer(1, 1.0 * cm))
# テーブルのセルスタイル設定
style = ParagraphStyle(name='Normal',
fontName=self.FONT_MEIRYO,
fontSize=9,
leading=9)
# indicators
indicators = feed_pdf_stix.get_indicators()
if len(indicators) == 0:
txt = '<b>Indicators:</b> No Data'
story.append(Paragraph(txt, styles['Normal']))
else:
txt = '<b>Indicators:</b>'
story.append(Paragraph(txt, styles['Normal']))
# 空行
story.append(Spacer(1, 0.1 * cm))
# Table
d = [
# header
['Type', 'Indicators'],
]
# Sort(優先度は1列目、2列目の順で名前順)
indicators.sort(key=lambda x: x[1])
indicators.sort(key=lambda x: x[0])
# STIXからObservablesとIndicatorsを抽出
for item in indicators:
(type_, value, _) = item
item = []
item.append(Paragraph(type_, style))
# file_nameの場合は値がパイプで囲まれている
if type_ == 'file_name':
# 前後のパイプをトリミング
value = value[1:-1]
# defang
value = iocextract.defang(value)
item.append(Paragraph(value, style))
d.append(item)
# テーブル作成とスタイル設定
indicators_table = self._create_table(d, len(indicators),
(20 * mm, 135 * mm))
story.append(indicators_table)
# 空行
story.append(Spacer(1, 1.0 * cm))
# Exploit Targets
exploit_targets = feed_pdf_stix.get_exploit_targets()
if len(exploit_targets) == 0:
txt = '<b>Exploit Targets:</b> No Data'
story.append(Paragraph(txt, styles['Normal']))
else:
txt = '<b>Exploit Targets:</b>'
story.append(Paragraph(txt, styles['Normal']))
# 空行
story.append(Spacer(1, 0.1 * cm))
# Table
d = [
# header
['CVE', 'Description'],
]
# Description情報を抽出
for item in exploit_targets:
(_, cve, value) = item
item = []
value = self._html_text(value)
item.append(Paragraph(cve, style))
item.append(Paragraph(value, style))
d.append(item)
# テーブル作成とスタイル設定
cve_table = self._create_table(d, len(exploit_targets),
(35 * mm, 120 * mm))
story.append(cve_table)
# 空行
story.append(Spacer(1, 1.0 * cm))
# Threat Actors
threat_actors = feed_pdf_stix.get_threat_actors()
if len(threat_actors) == 0:
txt = '<b>Threat Actors:</b> No Data'
story.append(Paragraph(txt, styles['Normal']))
else:
txt = '<b>Threat Actors:</b>'
story.append(Paragraph(txt, styles['Normal']))
# 空行
story.append(Spacer(1, 0.1 * cm))
# Table
d = [
# header
['Name', 'Description'],
]
# Description情報を抽出
for item in threat_actors:
(_, actor, value) = item
item = []
item.append(Paragraph(actor, style))
item.append(Paragraph(str(value), style))
d.append(item)
# テーブル作成とスタイル設定
actors_table = self._create_table(d, len(threat_actors),
(30 * mm, 125 * mm))
story.append(actors_table)
# 改ページ
story.append(PageBreak())
# PDF 作成
doc.build(story,
onFirstPage=self._first_page,
onLaterPages=self._last_page)
