def run(self): Analyzer.run(self) if self.service == 'domainsearch' and (self.data_type == 'domain' or self.data_type == 'fqdn'): try: offset = 0 firstResponse = requests.get( "{}domain-search?domain={}&api_key={}&limit=100&offset={}". format(self.URI, self.get_data(), self.key, offset)) firstResponse = firstResponse.json() if firstResponse.get('meta'): meta = firstResponse.get('meta') while meta.get('results') > offset: offset = meta.get('limit') + meta.get('offset') additionalResponse = requests.get( "{}domain-search?domain={}&api_key={}&limit=100&offset={}" .format(self.URI, self.get_data(), self.key, offset)) additionalResponse = additionalResponse.json() meta = additionalResponse.get('meta') firstResponse['data']['emails'] += additionalResponse[ 'data']['emails'] self.report(firstResponse) except Exception as e: self.unexpectedError(e) else: self.notSupported()
class TestTlpConfig(unittest.TestCase): def setUp(self): load_test_fixture('fixtures/test-tlp-config.json') self.analyzer = Analyzer() def test_check_tlp_disabled(self): self.analyzer.enable_check_tlp = False # Using the _Analyzer__check_tlp notation to access managed method # __check_tlp self.assertEqual(self.analyzer._Analyzer__check_tlp(), True) def test_check_tlp_ko(self): self.analyzer.enable_check_tlp = True self.analyzer.max_tlp = 1 self.analyzer.tlp = 3 # Using the _Analyzer__check_tlp notation to access managed method # __check_tlp self.assertEqual(self.analyzer._Analyzer__check_tlp(), False) def test_check_tlp_ok(self): self.analyzer.enable_check_tlp = True self.analyzer.max_tlp = 3 self.analyzer.tlp = 3 # Using the _Analyzer__check_tlp notation to access managed method # __check_tlp self.assertEqual(self.analyzer._Analyzer__check_tlp(), True)
def __init__(self): Analyzer.__init__(self) self.pdns = pypdns.PyPDNS( basic_auth=(self.get_param('config.user', None, 'No passiveDNS username given.'), self.get_param('config.password', None, 'No passiveDNS password given.')))
def __init__(self): Analyzer.__init__(self) self.service = self.get_param("config.service", None, "Service parameter is missing") self.raw = "" self.pivot_count_threshold = int( self.get_param("config.pivot_count_threshold", 500))
def __init__(self): Analyzer.__init__(self) self.basic_url = 'https://www.hybrid-analysis.com/api/' self.headers = {'User-Agent': 'VxStream'} self.secret = self.get_param('config.secret', None, 'VxStream Sandbox secret key is missing') self.api_key = self.get_param('config.key', None, 'VxStream Sandbox API key is missing')
def run(self): Analyzer.run(self) try: self.onyphe_client = Onyphe(self.onyphe_key) if self.service == 'threats': ip = self.get_param('data', None, 'Data is missing') results = {'threats': self.onyphe_client.threatlist(ip)} self.report(results) if self.service == 'ports': ip = self.get_param('data', None, 'Data is missing') results = {'ports': self.onyphe_client.synscan(ip)} self.report(results) if self.service == 'geolocate': ip = self.get_param('data', None, 'Data is missing') results = {'location': self.onyphe_client.geolocate(ip)} self.report(results) if self.service == 'reverse': ip = self.get_param('data', None, 'Data is missing') results = {'reverses': self.onyphe_client.reverse(ip)} self.report(results) if self.service == 'forward': ip = self.get_param('data', None, 'Data is missing') results = {'forwards': self.onyphe_client.forward(ip)} self.report(results) if self.service == 'inetnum': ip = self.get_param('data', None, 'Data is missing') results = {'inetnum': self.onyphe_client.inetnum(ip)} self.report(results) if self.service == 'datascan': ip = self.get_param('data', None, 'Data is missing') results = {'datascan': self.onyphe_client.datascan(ip)} self.report(results) except Exception: pass
def run(self): Analyzer.run(self) if self.data_type == 'ip': try: data = self.getData() city = geoip2.database.Reader(os.path.dirname(__file__) + '/GeoLite2-City.mmdb').city(data) country = geoip2.database.Reader(os.path.dirname(__file__) + '/GeoLite2-Country.mmdb').country(data) self.report({ 'city': self.dumpCity(city.city), 'continent': self.dumpContinent(city.continent), 'country': self.dumpCountry(city.country), 'location': self.dumpLocation(city.location), 'registered_country': self.dumpCountry(city.registered_country), 'represented_country': self.dumpCountry(city.represented_country), 'subdivisions': self.dumpCountry(city.subdivisions.most_specific), 'traits': self.dumpTraits(city.traits) }) except ValueError as e: self.error('Invalid IP address') except AddressNotFoundError as e: self.error('Unknown IP address') except Exception as e: self.unexpectedError(type(e)) else: self.notSupported()
def __init__(self): Analyzer.__init__(self) self.service = self.get_param( 'config.service', None, 'Service parameter is missing') self.url = self.get_param('config.url', None, 'Missing API url') self.key = self.get_param('config.key', None, 'Missing API key') self.pwd = self.get_param('config.pwd', None, 'Missing API password')
def __init__(self): Analyzer.__init__(self) self.service = self.get_param( 'config.service', None, 'Service parameter is missing') self.key = self.get_param('config.key', None, 'Missing API key') self.pwd = self.get_param('config.pwd', None, 'Missing API password') self.request_handler = APIRequestHandler(self.key, self.pwd)
def run(self): Analyzer.run(self) if self.data_type == 'file': hashes = self.get_param('attachment.hashes', None) if hashes is None: filepath = self.get_param('file', None, 'File is missing') sha256 = hashlib.sha256() with io.open(filepath, 'rb') as fh: while True: data = fh.read(4096) if not data: break sha256.update(data) hash = sha256.hexdigest() else: # find SHA256 hash hash = next(h for h in hashes if len(h) == 64) self.otx_query_file(hash) elif self.data_type == 'url': data = self.get_param('data', None, 'Data is missing') self.otx_query_url(data) elif self.data_type == 'domain': data = self.get_param('data', None, 'Data is missing') self.otx_query_domain(data) elif self.data_type == 'ip': data = self.get_param('data', None, 'Data is missing') self.otx_query_ip(data) elif self.data_type == 'hash': data = self.get_param('data', None, 'Data is missing') self.otx_query_file(data) else: self.error('Invalid data type')
def __init__(self): Analyzer.__init__(self) # Fixes #94. Instead of None, the string Unnamed should be passed to MISPClient constructor name = self.get_param('config.name', None) if not name or len(name) == 0: name = 'Unnamed' if self.get_param('config.cert_check', True): ssl_path = self.get_param('config.cert_path', None) if not ssl_path or ssl_path == '': ssl = True else: ssl = ssl_path else: ssl = False try: self.misp = MISPClient(url=self.get_param('config.url', None, 'No MISP url given.'), key=self.get_param('config.key', None, 'No MISP api key given.'), ssl=ssl, name=name, proxies={'http': self.http_proxy, 'https': self.https_proxy}) except MISPClientError as e: self.error(str(e)) except TypeError as te: self.error(str(te))
def __init__(self): Analyzer.__init__(self) self.service = self.getParam("config.service", None, "VxStream Sandbox service is missing") self.url = self.getParam("config.url", None, "VxStream Sandbox URL is missing") self.api = self.getParam("config.api", None, "VxStream Sandbox API URL is missing") self.apikey = self.getParam("config.key", None, "VxStream Sandbox API key is missing") self.secret = self.getParam("config.secret", None, "VxStream Sandbox API secret is missing") self.environmentid = self.getParam("config.environmentid", 100, None) self.graceperiod = self.getParam("config.graceperiod", 60 * 5, None) self.interval = self.getParam("config.interval", 30, None) self.timeout = self.getParam("config.timeout", 60 * 10, None) self.hybridanalysis = self.getParam("config.hybridanalysis", True, None) self.nosharevt = self.getParam("config.nosharevt", False, None) self.torenabledanalysis = self.getParam("config.torenabledanalysis", False, None) self.headers = { "User-agent": "Cortex (https://github.com/CERT-BDF/Cortex) " "VxStream Sandbox Analyzer" }
def run(self): Analyzer.run(self) if self.data_type == 'file': hashes = self.get_param('attachment.hashes', None) if hashes is None: filepath = self.get_param('file', None, 'File is missing') hash = hashlib.sha256(open(filepath, 'r').read()).hexdigest(); else: # find SHA256 hash hash = next(h for h in hashes if len(h) == 64) self.otx_query_file(hash) elif self.data_type == 'url': data = self.get_param('data', None, 'Data is missing') self.otx_query_url(data) elif self.data_type == 'domain': data = self.get_param('data', None, 'Data is missing') self.otx_query_domain(data) elif self.data_type == 'ip': data = self.get_param('data', None, 'Data is missing') self.otx_query_ip(data) elif self.data_type == 'hash': data = self.get_param('data', None, 'Data is missing') self.otx_query_file(data) else: self.error('Invalid data type')
def run(self): Analyzer.run(self) if self.data_type == 'ip': try: data = self.get_data() city = geoip2.database.Reader(os.path.dirname(__file__) + '/GeoLite2-City.mmdb').city(data) self.report({ 'city': self.dump_city(city.city), 'continent': self.dump_continent(city.continent), 'country': self.dump_country(city.country), 'location': self.dump_location(city.location), 'registered_country': self.dump_country(city.registered_country), 'represented_country': self.dump_country(city.represented_country), 'subdivisions': self.dump_country(city.subdivisions.most_specific), 'traits': self.dump_traits(city.traits) }) except ValueError as e: self.error('Invalid IP address') except AddressNotFoundError as e: self.error('Unknown IP address') except Exception as e: self.unexpectedError(type(e)) else: self.notSupported()
def __init__(self): Analyzer.__init__(self) self.service = self.get_param( "config.service", None, "SecurityTrails service is missing") self.api_key = self.get_param( "config.api_key", None, "SecurityTrails API key is missing")
def run(self): Analyzer.run(self) if self.service == 'domainsearch' and (self.data_type == 'domain' or self.data_type == 'fqdn'): try: offset = 0 firstResponse = requests.get("{}domain-search?domain={}&api_key={}&limit=100&offset={}".format(self.URI, self.get_data(), self.key, offset)) firstResponse = firstResponse.json() if firstResponse.get('meta'): meta = firstResponse.get('meta') while meta.get('results') > offset: offset = meta.get('limit') + meta.get('offset') additionalResponse = requests.get("{}domain-search?domain={}&api_key={}&limit=100&offset={}".format( self.URI, self.get_data(), self.key, offset)) additionalResponse = additionalResponse.json() meta = additionalResponse.get('meta') firstResponse['data']['emails'] += additionalResponse['data']['emails'] self.report(firstResponse) except Exception as e: self.unexpectedError(e) else: self.notSupported()
def __init__(self): Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'Service parameter is missing') self.api_key = self.get_param('config.api_key', None, 'api_key is missing') self.api_secret = self.get_param('config.api_secret', None, 'api_secret is missing') self.organization_id = self.get_param('config.organization_id', None, 'organization_id is missing') self.query_limit = str(self.get_param('config.query_limit', None, 20))
def __init__(self): Analyzer.__init__(self) self.filepath = self.get_param('file', None, 'File parameter is missing.') self.filename = self.get_param('filename', None, 'Filename is missing.') self.filetype = pyexifinfo.fileType(self.filepath) self.mimetype = magic.Magic(mime=True).from_file(self.filepath) # Check if manalyze submodule is enabled if self.get_param('config.manalyze_enable', False, 'Parameter manalyze_enable not given.' 'Please enable or disable manalyze submodule explicitly.'): binary_path = self.get_param('config.manalyze_binary_path', '/opt/Cortex-Analyzers/utils/manalyze/bin/manalyze') if self.get_param('config.manalyze_enable_docker', False): available_submodules.append( ManalyzeSubmodule( use_docker=True ) ) elif self.get_param('config.manalyze_enable_binary', False) \ and os.path.isfile(binary_path): available_submodules.append( ManalyzeSubmodule( use_binary=True, binary_path=binary_path ) ) else: self.error('Manalyze submodule is enabled, but either there is no method allowed (docker or binary)' 'or the path to binary is not correct.')
def __init__(self): Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'Service parameter is missing') self.virustotal_key = self.get_param('config.key', None, 'Missing VirusTotal API key') self.polling_interval = self.get_param('config.polling_interval', 60) self.proxies = self.get_param('config.proxy', None) self.vt = VirusTotalPublicApi(self.virustotal_key, self.proxies)
def run(self): Analyzer.run(self) data = self.getData() try: # enrichment service if self.service == 'enrichment': enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key) result = enrichment_request.get_enrichment(query=data) self.report(result) # malware service elif self.service == 'malware': enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key) result = enrichment_request.get_malware(query=data) self.report(result) # osint service elif self.service == 'osint': enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key) result = enrichment_request.get_osint(query=data) self.report(result) # passive dns service elif self.service == 'passive_dns': dns_request = DnsRequest(username=self.username, api_key=self.api_key) result = dns_request.get_passive_dns(query=data) self.report(result) # ssl certificate details service elif self.service == 'ssl_certificate_details': ssl_request = SslRequest(username=self.username, api_key=self.api_key) result = ssl_request.get_ssl_certificate_details(query=data) self.report(result) # ssl certificate history service elif self.service == 'ssl_certificate_history': ssl_request = SslRequest(username=self.username, api_key=self.api_key) result = ssl_request.get_ssl_certificate_history(query=data) self.report(result) # unique resolutions service elif self.service == 'unique_resolutions': dns_request = DnsRequest(username=self.username, api_key=self.api_key) result = dns_request.get_unique_resolutions(query=data) self.report(result) # whois details service elif self.service == 'whois_details': whois_request = WhoisRequest(username=self.username, api_key=self.api_key) result = whois_request.get_whois_details(query=data) self.report(result) else: self.error('Unknown PassiveTotal service') except Exception as e: self.unexpectedError(e)
def __init__(self): Analyzer.__init__(self) self.tid = self.get_param('config.tid', None, 'Tenant ID is missing') self.app_id = self.get_param('config.app_id', None, 'App_ID is missing') self.app_secret = self.get_param('config.app_secret', None, 'Secret is missing') self.polling_interval = self.get_param('config.polling_interval', 60) self.API = CyAPI(self.tid, self.app_id, self.app_secret) self.API.create_conn()
def __init__(self): Analyzer.__init__(self) self.service = self.get_param( 'config.service', None, 'Service parameter is missing') self.dnsdb_server = self.get_param( 'config.server', None, 'Missing DNSDB server name') self.dnsdb_key = self.get_param( 'config.key', None, 'Missing DNSDB API key')
def __init__(self): Analyzer.__init__(self) self.misp = MISPClient(url=self.getParam('config.url', None, 'No MISP url given.'), key=self.getParam('config.key', None, 'No MISP api key given.'), ssl=self.getParam('config.certpath', True), name=self.getParam('config.name', None))
def __init__(self): Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'PassiveTotal service is missing') self.username = self.get_param('config.username', None, 'PassiveTotal username is missing') self.api_key = self.get_param('config.key', None, 'PassiveTotal API key is missing')
def __init__(self): Analyzer.__init__(self) #filename of the observable self.filename = self.getParam('attachment.name', 'noname.ext') #filepath to the observable, looks like /tmp/cortex-4224850437865873235-datafile self.filepath = self.getParam('file', None, 'File is missing')
def __init__(self): Analyzer.__init__(self) self.url = "https://api.any.run/v1" self.token = self.get_param("config.token", None, "Service token is missing") self.verify_ssl = self.get_param("config.verify_ssl", True, None) if not self.verify_ssl: requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
def __init__(self): Analyzer.__init__(self) self.cortexURL = self.getParam('config.cortexURL', None, 'Cortex URL is missing') self.MISPSearch = self.getParam('config.MISPSearch', None, 'MISP Analyzer is missing') self.filename = self.getParam('attachment.name', 'noname.ext') self.filepath = self.getParam('file', None, 'File is missing')
def __init__(self): Analyzer.__init__(self) self.service = self.getParam('config.service', None, 'Service parameter is missing') self.virustotal_key = self.getParam('config.key', None, 'Missing VirusTotal API key') self.polling_interval = self.getParam('config.polling_interval', 60) self.proxies = self.getParam('config.proxy', None)
def __init__(self): Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'Service parameter is missing') self.onyphe_key = self.get_param('config.key', None, 'Missing Onyphe API key') self.onyphe_client = None self.polling_interval = self.get_param('config.polling_interval', 60)
def __init__(self): Analyzer.__init__(self) self.data = self.get_data() self.path = self.get_param('config.path', 'misp-warninglists') if not exists(self.path): self.error('Path to misp-warninglists does not exist.') self.warninglists = self.readwarninglists()
def __init__(self): Analyzer.__init__(self) self.cache_duration = self.getParam('config.cache.duration', 3600) self.cache_root = self.getParam('config.cache.root', '/tmp/cortex/tor_project') self.client = tor_blutmagie.TorBlutmagieClient( cache_duration=self.cache_duration, cache_root=self.cache_root)
def __init__(self): Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'Service parameter is missing') self.key = self.get_param('config.key', None, 'Missing Malware API key') self.polling_interval = self.get_param('config.polling_interval', 60) self.m_api = Api(self.key)
def __init__(self): Analyzer.__init__(self) self.filepath = self.get_param('file', None, 'File parameter is missing.') self.filename = self.get_param('filename', None, 'Filename is missing.') self.filetype = pyexifinfo.fileType(self.filepath) self.mimetype = magic.Magic(mime=True).from_file(self.filepath)
def run(self): Analyzer.run(self) info = {} try: if self.data_type != 'file': object_name = self.get_data() if self.data_type in ['domain', 'fqdn']: url = "https://api.emergingthreats.net/v1/domains/" features = { 'reputation', 'urls', 'samples', 'ips', 'events', 'nameservers', 'whois', 'geoloc' } elif self.data_type == 'ip': url = "https://api.emergingthreats.net/v1/ips/" features = { 'reputation', 'urls', 'samples', 'domains', 'events', 'geoloc' } elif self.data_type == 'hash': url = "https://api.emergingthreats.net/v1/samples/" features = {'', 'connections', 'dns', 'http', 'events'} elif self.data_type == 'file': url = "https://api.emergingthreats.net/v1/samples/" features = {'', 'connections', 'dns', 'http', 'events'} hashes = self.get_param('attachment.hashes', None) if hashes is None: filepath = self.get_param('file', None, 'File is missing') object_name = hashlib.md5(open(filepath, 'r').read()).hexdigest() else: # find MD5 hash object_name = next(h for h in hashes if len(h) == 32) else: self.error('Invalid data type !') for feature in features: end = '/' if feature else '' time.sleep(1) r = self.session.get(url + object_name + end + feature) if feature == '': feature = 'main' r_json = r.json() if r.status_code == 200 and r_json['response'] not in [{}, []]: info[feature] = r_json['response'] elif r.status_code != 200: info[feature] = "Error" else: info[feature] = "-" self.report(info) except Exception as e: self.unexpectedError(e)
def __init__(self): Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'Service parameter is missing') # self.username = self.get_param('config.username', None, 'Missing Maltiverse API Username') # self.password = self.get_param('config.password', None, 'Missing Maltiverse API Password') self.polling_interval = self.get_param('config.polling_interval', 60) self.proxies = self.get_param('config.proxy', None) self.m = Maltiverse()
def __init__(self): Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'Service parameter is missing') if self.service == "status": self.url = 'https://api.hashdd.com/' elif self.service == "detail": self.hashdd_key = self.get_param('config.api_key', None, 'Missing hashdd API key') self.url = 'https://api.hashdd.com/detail'
def __init__(self): Analyzer.__init__(self) if self.data_type != 'domain': self.error('DNSSinkhole Analyzer only usable with domain data type.') self.resolver = dns.resolver.Resolver() self.resolver.nameservers = [self.get_param('config.ip', None, 'Bind IP server needed for querying Sinkhole.')] self.data = self.get_data()
def __init__(self): Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'Service parameter is missing') self.client_id = self.get_param('config.client_id', None, 'Missing Client ID') self.secret = self.get_param('config.secret', None, 'Missing Secret') self.polling_interval = self.get_param('config.polling_interval', 60) self.api = Diario(self.client_id, self.secret)
def __init__(self): Analyzer.__init__(self) self.service = self.getParam('config.service', None, 'Cymon service is missing') self.key = self.getParam('config.key', None, 'Cymon API key is missing') self.con = CymonEngine(self.key)
def run(self): Analyzer.run(self) if self.data_type == 'ip': try: data = self.get_data() s = requests.Session() s.get( 'https://talosintelligence.com/reputation_center/lookup?search={}' .format(data)) headers = { 'Host': 'talosintelligence.com', 'Referer': 'https://talosintelligence.com/reputation_center/lookup?search={}' .format(data), 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36', 'Accept': 'application/json' } response_details = s.get( 'https://talosintelligence.com/sb_api/query_lookup', headers=headers, params={ 'query': '/api/v2/details/ip/', 'query_entry': data }) response_location = s.get( 'https://talosintelligence.com/sb_api/query_lookup', headers=headers, params={ 'query': '/api/v2/location/ip/', 'query_entry': data }) if response_details.status_code == 200 | 201: if response_location.status_code == 200 | 201: result = response_details.json() result['country'] = response_location.json().get( 'country', None) self.report(result if len(result) > 0 else {}) else: self.error( 'Failed to query Talos location. Status_code {}'. format(response_location.status_code)) else: self.error( 'Failed to query Talos details. Status_code {}'.format( response_details.status_code)) except Exception as e: self.unexpectedError(e) else: self.notSupported()
def __init__(self): """Initialize the Analyzer.""" Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'Patrowl service is missing') self.url = self.get_param('config.url', None, 'Patrowl URL is missing').rstrip('/') self.api_key = self.get_param('config.api_key', None, 'Patrowl API Key is missing')
def run(self): # get input data Analyzer.run(self) data = self.getParam('data', None, 'Data is missing') try: # send service if self.service == 'search': payload = {'ip': data} r = requests.post('http://www.ipvoid.com/ip-blacklist-check/', data=payload) response = r.content.decode() result = {} # ip adress information try: result['BlacklistStatus'] = re.findall( 'Blacklist Status.*<span[^>]*>(.*)<\/span>', response)[0] result['IPAddress'] = re.findall( 'IP Address.*<strong[^>]*>(.*)<\/strong>', response)[0] result['ReverseDNS'] = re.findall( 'Reverse DNS.*<td[^>]*>(.*)<\/td>', response)[0] result['ASN'] = re.findall('ASN.*<a[^>]*>(.*)<\/a>', response)[0] result['ASNOwner'] = re.findall( 'ASN Owner.*<td[^>]*>(.*)<\/td>', response)[0] result['ISP'] = re.findall('ISP.*<td[^>]*>(.*)<\/td>', response)[0] result['Continent'] = re.findall( 'Continent.*<td[^>]*>(.*)<\/td>', response)[0] result['CountryCode'] = re.findall( 'Country Code.*<td[^>]*>(.*)<\/td>', response)[0] result['Latitude/Longitude'] = re.findall( 'Latitude / Longitude.*<td[^>]*>(.*)<\/td>', response)[0] result['City'] = re.findall('City.*<td[^>]*>(.*)<\/td>', response)[0] result['Region'] = re.findall( 'Region.*<td[^>]*>(.*)<\/td>', response)[0] except: pass try: result['report'] = re.findall( '<td><i class=\"([^\"]*)\" aria-hidden=\"true\"><\/i> ([^>]*)<\/td>', response) except: pass self.report(result) else: self.error('Unknown ipvoid service') except Exception as e: self.unexpectedError(e)
def __init__(self): Analyzer.__init__(self) if self.data_type != 'ip': self.error('SinkDB Analyzer only usable with ip data type.') self.apikey = self.get_param('config.key', None, 'API Key needed for querying SinkDB.') self.data = self.get_data().split('.') self.data.reverse() self.data = '.'.join(self.data)
def __init__(self): Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'ProofPoint service is missing') self.url = self.get_param('config.url', 'https://tap-api-v2.proofpoint.com', None) self.apikey = self.get_param('config.apikey', None, 'ProofPoint apikey is missing') self.secret = self.get_param('config.secret', None, 'ProofPoint secret is missing') self.verify = self.get_param('config.verifyssl', True, None) if not self.verify: from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
def __init__(self): Analyzer.__init__(self) self.service = self.get_param('config.service', None, 'JoeSandbox service is missing') self.url = self.get_param('config.url', None, 'JoeSandbox url is missing') if self.get_param('config.key'): self.apikey = self.get_param('config.key') else: self.apikey = self.get_param('config.apikey', None, 'JoeSandbox API key is missing') self.analysistimeout = self.get_param('config.analysistimeout', 30*60, None) self.networktimeout = self.get_param('config.networktimeout', 30, None)
def __init__(self): Analyzer.__init__(self) self.url = 'https://pulsedive.com/api/' self.key = self.get_param('config.key', None, 'API-Key not given.') self.mapping = { 'high': 'malicious', 'medium': 'suspicious', 'low': 'info' }
def __init__(self): Analyzer.__init__(self) self.auth_url = self.get_param('config.auth_url', None, 'Missing URL for Staxx API auth') self.query_url = self.get_param('config.query_url', None, 'Missing URL for Staxx API query') self.username = self.get_param('config.username', None, 'Missing username for Staxx API') self.password = self.get_param('config.password', None, 'Missing password for Staxx API') if self.get_param('config.cert_check', True): self.ssl = self.get_param('config.cert_path', True) else: self.ssl = False
def __init__(self): Analyzer.__init__(self) self.proxies = self.get_param('config.proxy', None) self.malicious_confidence_level = self.get_param( 'config.malicious_confidence_level', StopforumspamAnalyzer._malicious_default_confidence_level) self.suspicious_confidence_level = self.get_param( 'config.suspicious_confidence_level', StopforumspamAnalyzer._suspicious_default_confidence_level) self.client = StopforumspamClient(proxies=self.proxies)
def __init__(self): Analyzer.__init__(self) self.url = self.get_param('config.url', None, 'PayloadSecurity url is missing') self.apikey = self.get_param('config.key', None, 'PayloadSecurity apikey is missing') self.secret = self.get_param('config.secret', None, 'PayloadSecurity secret is missing') self.environmentid = self.get_param('config.environmentId', None, 'PayloadSecurity environmentId is missing') self.timeout = self.get_param('config.timeout', 15, None) self.verify = self.get_param('config.verifyssl', True, None) if not self.verify: from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
def __init__(self): Analyzer.__init__(self) self.api_key = self.get_param('config.key', None, 'No Google API key provided.') self.client_id = self.get_param('config.client_id', 'Cortex') self.client_version = '0.1' self.sb = safebrowsing.SafebrowsingClient( key=self.api_key, client_id=self.client_id, client_version=self.client_version )
def run(self): Analyzer.run(self) if self.service == 'ThreatScore' and (self.data_type == 'domain' or self.data_type == 'ip'): try: response = requests.get("{}{}".format(self.URI, self.get_data())) result = response.json() self.report(result if len(result) > 0 else {}) except Exception as e: self.unexpectedError(e) else: self.notSupported()
def __init__(self): Analyzer.__init__(self) self.service = self.get_param( 'config.service', None, 'Service parameter is missing') self.url = self.get_param('config.url', None, 'Missing API url') self.key = self.get_param('config.key', None, 'Missing API key') self.pwd = self.get_param('config.pwd', None, 'Missing API password') self.verify = self.get_param('config.verify', True) if not self.verify: requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) self.proxies = self.get_param('config.proxy', None)
def __init__(self): Analyzer.__init__(self) self.__uid = self.get_param( 'config.uid', None, 'No UID for Censys given. Please add it to the cortex configuration.' ) self.__api_key = self.get_param( 'config.key', None, 'No API-Key for Censys given. Please add it to the cortex configuration.' )
def __init__(self): Analyzer.__init__(self) self.ttl = self.get_param('config.ttl', 86400) self.cache_duration = self.get_param('config.cache.duration', 3600) self.cache_root = self.get_param( 'config.cache.root', '/tmp/cortex/tor_project' ) self.client = tor_project.TorProjectClient( ttl=self.ttl, cache_duration=self.cache_duration, cache_root=self.cache_root )