def profile(): try: user = User.query.filter_by(user=current_user.user.lower()).first() imd = ImmutableMultiDict(request.form) records = helpers.convert(imd) if 'currentpw' in records: if hashlib.md5(records['currentpw'].encode( 'utf-8')).hexdigest() == user.password: if records['newpw'] == records['newpwvalidation']: user.password = hashlib.md5( records['newpw'].encode('utf-8')).hexdigest() db_session.commit() errormessage = "Password updated successfully." return render_template('profile.html', errormessage=errormessage) else: errormessage = "New passwords don't match." return render_template('profile.html', errormessage=errormessage) else: errormessage = "Current password is incorrect." return render_template('profile.html', errormessage=errormessage) return render_template('profile.html') except Exception as e: return render_template('error.html', error=e)
def addrelationship(): try: something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) row = Indicator.query.filter_by(object=records["id"]).first() row.relationships = records["indicator"] db_session.commit() if ( records["type"] == "IPv4" or records["type"] == "IPv6" or records["type"] == "Domain" or records["type"] == "Network" ): return redirect(url_for("objectsummary", uid=str(records["id"]))) elif records["type"] == "Hash": return redirect(url_for("filesobject", uid=str(records["id"]))) elif records["type"] == "Entity": return redirect(url_for("victimobject", uid=str(records["id"]))) elif records["type"] == "Threat Actor": return redirect(url_for("threatactorobject", uid=str(records["id"]))) except Exception as e: return render_template("error.html", error=e)
def addattack(): try: imd = ImmutableMultiDict(request.form) inputs = helpers.convert(imd) # attack = Attack(1, 'desc', 'note', None) # db.session.add(attack) # db.session.commit() except: print 'error adding attack' exit()
def insertnewfield(): try: something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) newdict = {} for i in records: if i == "inputnewfieldname": newdict[records[i]] = records['inputnewfieldvalue'] elif i == "inputnewfieldvalue": pass else: newdict[i] = records[i] return render_template('neweditobject.html', entry=newdict) except Exception as e: return render_template('error.html', error=e)
def updateobject(): try: # Updates entry information something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) # taglist = records['tags'].split(",") - Unused # indicator = Indicator.query.filter_by(object=records['object']).first() - Unused try: Indicator.query.filter_by(object=records["object"]).update(records) except Exception as e: # SQLAlchemy does not outright support altering tables. for k, v in records.iteritems(): if Indicator.query.group_by(k).first() is None: print "ALTER Table" # db_session.engine.execute("ALTER TABLE indicators ADD COLUMN " + k + " TEXT DEFAULT ''") db_session.commit() # db_session.execute('ALTER TABLE indicators ADD COLUMN') # con = helpers.db_connection() # with con: # cur = con.cursor() # cur.execute( # "ALTER TABLE indicators ADD COLUMN " + t + " TEXT DEFAULT ''") # cur.execute("UPDATE indicators SET " + t + "= '" + records[ # t] + "' WHERE id = '" + records['id'] + "'") if ( records["type"] == "IPv4" or records["type"] == "IPv6" or records["type"] == "Domain" or records["type"] == "Network" ): return redirect(url_for("objectsummary", uid=str(records["object"]))) elif records["type"] == "Hash": return redirect(url_for("filesobject", uid=str(records["object"]))) elif records["type"] == "Entity": return redirect(url_for("victimobject", uid=str(records["object"]))) elif records["type"] == "Threat Actor": return redirect(url_for("threatactorobject", uid=str(records["object"]))) except Exception as e: return render_template("error.html", error=e)
def updateobject(): try: # Updates entry information something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) # taglist = records['tags'].split(",") - Unused # indicator = Indicator.query.filter_by(object=records['object']).first() - Unused try: Indicator.query.filter_by(object=records['object']).update(records) except Exception as e: # SQLAlchemy does not outright support altering tables. for k, v in records.iteritems(): if Indicator.query.group_by(k).first() is None: print 'ALTER Table' # db_session.engine.execute("ALTER TABLE indicators ADD COLUMN " + k + " TEXT DEFAULT ''") db_session.commit() # db_session.execute('ALTER TABLE indicators ADD COLUMN') # con = helpers.db_connection() # with con: # cur = con.cursor() # cur.execute( # "ALTER TABLE indicators ADD COLUMN " + t + " TEXT DEFAULT ''") # cur.execute("UPDATE indicators SET " + t + "= '" + records[ # t] + "' WHERE id = '" + records['id'] + "'") if records['type'] == "IPv4" or records['type'] == "IPv6" or records['type'] == "Domain" or \ records['type'] == "Network": return redirect( url_for('objectsummary', uid=str(records['object']))) elif records['type'] == "Hash": return redirect(url_for('filesobject', uid=str(records['object']))) elif records['type'] == "Entity": return redirect(url_for('victimobject', uid=str(records['object']))) elif records['type'] == "Threat Actor": return redirect( url_for('threatactorobject', uid=str(records['object']))) except Exception as e: return render_template('error.html', error=e)
def addrelationship(): try: something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) row = Indicator.query.filter_by(object=records['id']).first() row.relationships = records['indicator'] db_session.commit() if records['type'] == "IPv4" or records['type'] == "IPv6" or records['type'] == "Domain" or \ records['type'] == "Network": return redirect(url_for('objectsummary', uid=str(records['id']))) elif records['type'] == "Hash": return redirect(url_for('filesobject', uid=str(records['id']))) elif records['type'] == "Entity": return redirect(url_for('victimobject', uid=str(records['id']))) elif records['type'] == "Threat Actor": return redirect(url_for('threatactorobject', uid=str(records['id']))) except Exception as e: return render_template('error.html', error=e)
def profile(): try: user = User.query.filter_by(user=current_user.user.lower()).first() imd = ImmutableMultiDict(request.form) records = helpers.convert(imd) if 'currentpw' in records: if hashlib.md5(records['currentpw'].encode('utf-8')).hexdigest() == user.password: if records['newpw'] == records['newpwvalidation']: user.password = hashlib.md5(records['newpw'].encode('utf-8')).hexdigest() db_session.commit() errormessage = "Password updated successfully." return render_template('profile.html', errormessage=errormessage) else: errormessage = "New passwords don't match." return render_template('profile.html', errormessage=errormessage) else: errormessage = "Current password is incorrect." return render_template('profile.html', errormessage=errormessage) return render_template('profile.html') except Exception as e: return render_template('error.html', error=e)
def addrelationship(): try: something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) # Add Direct Relationship row = Indicator.query.filter_by(object=records['id']).first() if row.relationships: row.relationships = str(row.relationships) + ",{}".format(records['indicator']) else: row.relationships = str(records['indicator']) db_session.commit() # Add Reverse Relationship row = Indicator.query.filter_by(object=records['indicator']).first() if row.relationships: row.relationships = str(row.relationships) + ",{}".format(records['id']) else: row.relationships = str(records['id']) db_session.commit() if records['type'] == "IPv4" or records['type'] == "IPv6" or records['type'] == "Domain" or \ records['type'] == "Network": return redirect(url_for('objectsummary', uid=str(records['id']))) elif records['type'] == "Hash": return redirect(url_for('filesobject', uid=str(records['id']))) elif records['type'] == "Entity": return redirect(url_for('victimobject', uid=str(records['id']))) elif records['type'] == "Threat Actor": return redirect(url_for('threatactorobject', uid=str(records['id']))) except Exception as e: return render_template('error.html', error=e)
def updatesettings(): try: something = request.form imd = ImmutableMultiDict(something) newdict = helpers.convert(imd) # Query the first set of settings, could query custom settings for individual users settings = Setting.query.filter_by(_id=1).first() # Make sure we're updating the settings instead of overwriting them if 'threatcrowd' in newdict.keys(): settings.threatcrowd = 'on' else: settings.threatcrowd = 'off' for pt_type in ['pt_pdns', 'pt_whois', 'pt_pssl', 'pt_host_attr']: auth = [newdict['pt_username'], newdict['pt_api_key']] if pt_type in newdict.keys() and ('' not in auth): setattr(settings, pt_type, 'on') else: setattr(settings, pt_type, 'off') if 'cuckoo' in newdict.keys(): settings.cuckoo = 'on' else: settings.cuckoo = 'off' if 'vtinfo' in newdict.keys() and newdict['apikey'] is not '': settings.vtinfo = 'on' else: settings.vtinfo = 'off' if 'vtfile' in newdict.keys() and newdict['apikey'] is not '': settings.vtfile = 'on' else: settings.vtfile = 'off' if 'circlinfo' in newdict.keys() and newdict['circlusername'] is not '': settings.circlinfo = 'on' else: settings.circlinfo = 'off' if 'circlssl' in newdict.keys() and newdict['circlusername'] is not '': settings.circlssl = 'on' else: settings.circlssl = 'off' if 'whoisinfo' in newdict.keys(): settings.whoisinfo = 'on' else: settings.whoisinfo = 'off' if 'farsightinfo' in newdict.keys() and newdict['farsightkey'] is not '': settings.farsightinfo = 'on' else: settings.farsightinfo = 'off' if 'shodaninfo' in newdict.keys() and newdict['shodankey'] is not '': settings.shodaninfo = 'on' else: settings.shodaninfo = 'off' if 'odnsinfo' in newdict.keys() and newdict['odnskey'] is not '': settings.odnsinfo = 'on' else: settings.odnsinfo = 'off' settings.farsightkey = newdict['farsightkey'] settings.apikey = newdict['apikey'] settings.odnskey = newdict['odnskey'] settings.httpproxy = newdict['httpproxy'] settings.httpsproxy = newdict['httpsproxy'] settings.cuckoohost = newdict['cuckoohost'] settings.cuckooapiport = newdict['cuckooapiport'] settings.circlusername = newdict['circlusername'] settings.circlpassword = newdict['circlpassword'] settings.pt_username = newdict['pt_username'] settings.pt_api_key = newdict['pt_api_key'] settings.shodankey = newdict['shodankey'] db_session.commit() settings = Setting.query.first() return render_template('settings.html', records=settings) except Exception as e: return render_template('error.html', error=e)
def newobject(): try: something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) # Import indicators from Cuckoo for the selected analysis task if 'type' in records and 'cuckoo' in records['type']: host_data, dns_data, sha1, firstseen = cuckoo.report_data(records['cuckoo_task_id']) if host_data and dns_data and sha1 and firstseen: # Import IP Indicators from Cuckoo Task for ip in host_data: ip = ip['ip'] ind = Indicator.query.filter_by(object=ip).first() if ind is None: indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Import Domain Indicators from Cuckoo Task for dns in dns_data: ind = Indicator.query.filter_by(object=dns['request']).first() if ind is None: indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Import File/Hash Indicators from Cuckoo Task ind = Indicator.query.filter_by(object=sha1).first() if ind is None: indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Redirect to Dashboard after successful import return redirect(url_for('home')) else: errormessage = 'Task is not a file analysis' return redirect(url_for('import_indicators')) if 'inputtype' in records: # Makes sure if you submit an IPv4 indicator, it's an actual IP # address. ipregex = re.match( r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject']) # Convert the inputobject of IP or Domain to a list for Bulk Add functionality. records['inputobject'] = records['inputobject'].split(',') for newobject in records['inputobject']: if records['inputtype'] == "IPv4": if ipregex: object = Indicator.query.filter_by(object=newobject).first() if object is None: ipv4_indicator = Indicator(newobject.strip(), records['inputtype'], records['inputfirstseen'], records['inputlastseen'], records['diamondmodel'], records['inputcampaign'], records['confidence'], records['comments'], records['tags'], None) db_session.add(ipv4_indicator) db_session.commit() network = Indicator.query.filter(Indicator.type.in_( ('IPv4', 'IPv6', 'Domain', 'Network'))).all() else: errormessage = "Entry already exists in database." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) else: errormessage = "Not a valid IP Address." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], confidence=records['confidence'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) else: object = Indicator.query.filter_by(object=newobject).first() if object is None: indicator = Indicator(newobject.strip(), records['inputtype'], records['inputfirstseen'], records['inputlastseen'], records['diamondmodel'], records['inputcampaign'], records['confidence'], records['comments'], records['tags'], None) db_session.add(indicator) db_session.commit() else: errormessage = "Entry already exists in database." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) # TODO: Change 'network' to 'object' in HTML templates to standardize on verbiage if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network"\ or records['inputtype'] == "IPv6": network = Indicator.query.filter(Indicator.type.in_(('IPv4', 'IPv6', 'Domain', 'Network'))).all() return render_template('networks.html', network=network) elif records['diamondmodel'] == "Victim": victims = Indicator.query.filter(Indicator.diamondmodel == ('Victim')).all() return render_template('victims.html', network=victims) elif records['inputtype'] == "Hash": files = Indicator.query.filter(Indicator.type == ('Hash')).all() return render_template('files.html', network=files) else: threatactors = Indicator.query.filter(Indicator.type == ('Threat Actors')).all() return render_template('threatactors.html', network=threatactors) except Exception as e: return render_template('error.html', error=e)
def newobject(): try: something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) # Import indicators from Cuckoo for the selected analysis task if 'type' in records and 'cuckoo' in records['type']: host_data, dns_data, sha1, firstseen = cuckoo.report_data(records['cuckoo_task_id']) if host_data and dns_data and sha1 and firstseen: # Import IP Indicators from Cuckoo Task for ip in host_data: ind = Indicator.query.filter_by(object=ip).first() if ind is None: indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Import Domain Indicators from Cuckoo Task for dns in dns_data: ind = Indicator.query.filter_by(object=dns['request']).first() if ind is None: indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Import File/Hash Indicators from Cuckoo Task ind = Indicator.query.filter_by(object=sha1).first() if ind is None: indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Redirect to Dashboard after successful import return redirect(url_for('home')) else: errormessage = 'Task is not a file analysis' return redirect(url_for('import_indicators')) if 'inputtype' in records: # Makes sure if you submit an IPv4 indicator, it's an actual IP # address. ipregex = re.match( r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject']) # Convert the inputobject of IP or Domain to a list for Bulk Add functionality. records['inputobject'] = records['inputobject'].split(',') for newobject in records['inputobject']: if records['inputtype'] == "IPv4": if ipregex: object = Indicator.query.filter_by(object=newobject).first() if object is None: ipv4_indicator = Indicator(newobject.strip(), records['inputtype'], records['inputfirstseen'], records['inputlastseen'], records['diamondmodel'], records['inputcampaign'], records['confidence'], records['comments'], records['tags'], None) db_session.add(ipv4_indicator) db_session.commit() network = Indicator.query.filter(Indicator.type.in_( ('IPv4', 'IPv6', 'Domain', 'Network'))).all() else: errormessage = "Entry already exists in database." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) else: errormessage = "Not a valid IP Address." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], confidence=records['confidence'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) else: object = Indicator.query.filter_by(object=newobject).first() if object is None: indicator = Indicator(newobject.strip(), records['inputtype'], records['inputfirstseen'], records['inputlastseen'], records['diamondmodel'], records['inputcampaign'], records['confidence'], records['comments'], records['tags'], None) db_session.add(indicator) db_session.commit() else: errormessage = "Entry already exists in database." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) # TODO: Change 'network' to 'object' in HTML templates to standardize on verbiage if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network"\ or records['inputtype'] == "IPv6": network = Indicator.query.filter(Indicator.type.in_(('IPv4', 'IPv6', 'Domain', 'Network'))).all() return render_template('networks.html', network=network) elif records['diamondmodel'] == "Victim": victims = Indicator.query.filter(Indicator.diamondmodel == ('Victim')).all() return render_template('victims.html', network=victims) elif records['inputtype'] == "Hash": files = Indicator.query.filter(Indicator.type == ('Hash')).all() return render_template('files.html', network=files) else: threatactors = Indicator.query.filter(Indicator.type == ('Threat Actors')).all() return render_template('threatactors.html', network=threatactors) except Exception as e: return render_template('error.html', error=e)
def newobject(): try: imd = ImmutableMultiDict(request.form) records = helpers.convert(imd) # Import indicators from Cuckoo for the selected analysis task if 'type' in records and 'cuckoo' in records['type']: host_data, dns_data, sha1, firstseen = cuckoo.report_data(records['cuckoo_task_id']) if host_data and dns_data and sha1 and firstseen: # Import IP Indicators from Cuckoo Task for ip in host_data: ip = ip['ip'] ind = Indicator.query.filter_by(indicator=ip).first() if ind is None: indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Import Domain Indicators from Cuckoo Task for dns in dns_data: ind = Indicator.query.filter_by(indicator=dns['request']).first() if ind is None: indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Import File/Hash Indicators from Cuckoo Task ind = Indicator.query.filter_by(indicator=sha1).first() if ind is None: indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Redirect to Dashboard after successful import return redirect(url_for('home')) else: errormessage = 'Task is not a file analysis' return redirect(url_for('import_indicators')) # Add the Campaign to the database exists = Campaign.query.filter_by(name=records['inputcampaign']).all() is not None camp = Campaign(name=records['inputcampaign'], notes='', tags=records['tags']) if not exists: db.session.add(camp) db.session.commit() if 'inputtype' in records: # Hack for dealing with disabled fields not being sent in request.form # A hidden field is used to send the indicator if 'inputobject' not in records: records['inputobject'] = records['indicator'] # Makes sure if you submit an IPv4 indicator, it's an actual IP # address. ipregex = re.match( r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject']) # Convert the inputobject of IP or Domain to a list for Bulk Add functionality. records['inputobject'] = records['inputobject'].split(',') errormessage=None for newobject in records['inputobject']: indicator = Indicator.query.filter_by(indicator=newobject).first() if indicator is None: newindicator = Indicator(indicator=newobject.strip(), campaign=camp, indicator_type=records['inputtype'], firstseen=records['inputfirstseen'], lastseen=records['inputlastseen'], diamondmodel=records['diamondmodel'], confidence=records['confidence'], notes=records['comments'], tags=records['tags'], relationships=None) if newindicator: # Validates that the indicator is an IPv4 if not ipregex and records['inputtype'] == "IPv4": errormessage = "Not a valid IP Address." else: db.session.add(newindicator) db.session.commit() else: # Check to see if the app route was Update # preform an update instead of adding a new indicator rule = request.url_rule if 'update' in rule.rule: indicator.campaign.name = records['inputcampaign'] indicator.indicator_type = records['inputtype'] indicator.firstseen = records['inputfirstseen'] indicator.lastseen = records['inputlastseen'] indicator.diamondmodel = records['diamondmodel'] indicator.confidence = records['confidence'] indicator.notes = records['comments'] indicator.tags = records['tags'] db.session.commit() else: errormessage = "Entry already exists in database." if errormessage: return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network" \ or records['inputtype'] == "IPv6": network = Indicator.query.filter( Indicator.indicator_type.in_(('IPv4', 'IPv6', 'Domain', 'Network'))).all() return render_template('indicatorlist.html', network=network, title='Network Indicators', links='network') elif records['diamondmodel'] == "Victim": victims = Indicator.query.filter(Indicator.diamondmodel == 'Victim').all() return render_template('indicatorlist.html', network=victims, title='Victims', links='victims') elif records['inputtype'] == "Hash": files = Indicator.query.filter(Indicator.indicator_type == 'Hash').all() return render_template('indicatorlist.html', network=files, title='Files & Hashes', links='files') else: threatactors = Indicator.query.filter(Indicator.indicator_type == 'Threat Actor').all() return render_template( 'indicatorlist.html', network=threatactors, title='Threat Actors', links='threatactors') except Exception as e: return render_template('error.html', error=e)
def newobject(): try: imd = ImmutableMultiDict(request.form) records = helpers.convert(imd) # Import indicators from Cuckoo for the selected analysis task if 'type' in records and 'cuckoo' in records['type']: host_data, dns_data, sha1, firstseen = cuckoo.report_data( records['cuckoo_task_id']) if host_data and dns_data and sha1 and firstseen: # Import IP Indicators from Cuckoo Task for ip in host_data: ip = ip['ip'] ind = Indicator.query.filter_by(indicator=ip).first() if ind is None: indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Import Domain Indicators from Cuckoo Task for dns in dns_data: ind = Indicator.query.filter_by( indicator=dns['request']).first() if ind is None: indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Import File/Hash Indicators from Cuckoo Task ind = Indicator.query.filter_by(indicator=sha1).first() if ind is None: indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Redirect to Dashboard after successful import return redirect(url_for('home')) else: errormessage = 'Task is not a file analysis' return redirect(url_for('import_indicators')) # Add the Campaign to the database exists = Campaign.query.filter_by( name=records['inputcampaign']).all() is not None camp = Campaign(name=records['inputcampaign'], notes='', tags=records['tags']) if not exists: db.session.add(camp) db.session.commit() if 'inputtype' in records: # Hack for dealing with disabled fields not being sent in request.form # A hidden field is used to send the indicator if 'inputobject' not in records: records['inputobject'] = records['indicator'] # Makes sure if you submit an IPv4 indicator, it's an actual IP # address. ipregex = re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject']) # Convert the inputobject of IP or Domain to a list for Bulk Add functionality. records['inputobject'] = records['inputobject'].split(',') errormessage = None for newobject in records['inputobject']: indicator = Indicator.query.filter_by( indicator=newobject).first() if indicator is None: newindicator = Indicator( indicator=newobject.strip(), campaign=camp, indicator_type=records['inputtype'], firstseen=records['inputfirstseen'], lastseen=records['inputlastseen'], diamondmodel=records['diamondmodel'], confidence=records['confidence'], notes=records['comments'], tags=records['tags'], relationships=None) if newindicator: # Validates that the indicator is an IPv4 if not ipregex and records['inputtype'] == "IPv4": errormessage = "Not a valid IP Address." else: db.session.add(newindicator) db.session.commit() else: # Check to see if the app route was Update # preform an update instead of adding a new indicator rule = request.url_rule if 'update' in rule.rule: indicator.campaign.name = records['inputcampaign'] indicator.indicator_type = records['inputtype'] indicator.firstseen = records['inputfirstseen'] indicator.lastseen = records['inputlastseen'] indicator.diamondmodel = records['diamondmodel'] indicator.confidence = records['confidence'] indicator.notes = records['comments'] indicator.tags = records['tags'] db.session.commit() else: errormessage = "Entry already exists in database." if errormessage: return render_template( 'newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network" \ or records['inputtype'] == "IPv6": network = Indicator.query.filter( Indicator.indicator_type.in_( ('IPv4', 'IPv6', 'Domain', 'Network'))).all() return render_template('indicatorlist.html', network=network, title='Network Indicators', links='network') elif records['diamondmodel'] == "Victim": victims = Indicator.query.filter( Indicator.diamondmodel == 'Victim').all() return render_template('indicatorlist.html', network=victims, title='Victims', links='victims') elif records['inputtype'] == "Hash": files = Indicator.query.filter( Indicator.indicator_type == 'Hash').all() return render_template('indicatorlist.html', network=files, title='Files & Hashes', links='files') else: threatactors = Indicator.query.filter( Indicator.indicator_type == 'Threat Actor').all() return render_template('indicatorlist.html', network=threatactors, title='Threat Actors', links='threatactors') except Exception as e: return render_template('error.html', error=e)
def updatesettings(): try: something = request.form imd = ImmutableMultiDict(something) newdict = helpers.convert(imd) # Query the first set of settings, could query custom settings for individual users settings = Setting.query.filter_by(_id=1).first() # Make sure we're updating the settings instead of overwriting them if "threatcrowd" in newdict.keys(): settings.threatcrowd = "on" else: settings.threatcrowd = "off" for pt_type in ["pt_pdns", "pt_whois", "pt_pssl", "pt_host_attr"]: auth = [newdict["pt_username"], newdict["pt_api_key"]] if pt_type in newdict.keys() and ("" not in auth): setattr(settings, pt_type, "on") else: setattr(settings, pt_type, "off") if "cuckoo" in newdict.keys(): settings.cuckoo = "on" else: settings.cuckoo = "off" if "vtinfo" in newdict.keys() and newdict["apikey"] is not "": settings.vtinfo = "on" else: settings.vtinfo = "off" if "vtfile" in newdict.keys() and newdict["apikey"] is not "": settings.vtfile = "on" else: settings.vtfile = "off" if "circlinfo" in newdict.keys() and newdict["circlusername"] is not "": settings.circlinfo = "on" else: settings.circlinfo = "off" if "circlssl" in newdict.keys() and newdict["circlusername"] is not "": settings.circlssl = "on" else: settings.circlssl = "off" if "whoisinfo" in newdict.keys(): settings.whoisinfo = "on" else: settings.whoisinfo = "off" if "farsightinfo" in newdict.keys() and newdict["farsightkey"] is not "": settings.farsightinfo = "on" else: settings.farsightinfo = "off" if "shodaninfo" in newdict.keys() and newdict["shodankey"] is not "": settings.shodaninfo = "on" else: settings.shodaninfo = "off" if "odnsinfo" in newdict.keys() and newdict["odnskey"] is not "": settings.odnsinfo = "on" else: settings.odnsinfo = "off" settings.farsightkey = newdict["farsightkey"] settings.apikey = newdict["apikey"] settings.odnskey = newdict["odnskey"] settings.httpproxy = newdict["httpproxy"] settings.httpsproxy = newdict["httpsproxy"] settings.cuckoohost = newdict["cuckoohost"] settings.cuckooapiport = newdict["cuckooapiport"] settings.circlusername = newdict["circlusername"] settings.circlpassword = newdict["circlpassword"] settings.pt_username = newdict["pt_username"] settings.pt_api_key = newdict["pt_api_key"] settings.shodankey = newdict["shodankey"] db_session.commit() settings = Setting.query.first() return render_template("settings.html", records=settings) except Exception as e: return render_template("error.html", error=e)
def newobject(): try: something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) # Import indicators from Cuckoo for the selected analysis task if "type" in records and "cuckoo" in records["type"]: host_data, dns_data, sha1, firstseen = cuckoo.report_data(records["cuckoo_task_id"]) if host_data and dns_data and sha1 and firstseen: # Import IP Indicators from Cuckoo Task for ip in host_data: ind = Indicator.query.filter_by(object=ip).first() if ind is None: indicator = Indicator( ip.strip(), "IPv4", firstseen, "", "Infrastructure", records["campaign"], "Low", "", records["tags"], "", ) db_session.add(indicator) db_session.commit() # Import Domain Indicators from Cuckoo Task for dns in dns_data: ind = Indicator.query.filter_by(object=dns["request"]).first() if ind is None: indicator = Indicator( dns["request"], "Domain", firstseen, "", "Infrastructure", records["campaign"], "Low", "", records["tags"], "", ) db_session.add(indicator) db_session.commit() # Import File/Hash Indicators from Cuckoo Task ind = Indicator.query.filter_by(object=sha1).first() if ind is None: indicator = Indicator( sha1, "Hash", firstseen, "", "Capability", records["campaign"], "Low", "", records["tags"], "", ) db_session.add(indicator) db_session.commit() # Redirect to Dashboard after successful import return redirect(url_for("home")) else: errormessage = "Task is not a file analysis" return redirect(url_for("import_indicators")) if "inputtype" in records: # Makes sure if you submit an IPv4 indicator, it's an actual IP # address. ipregex = re.match(r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", records["inputobject"]) # Convert the inputobject of IP or Domain to a list for Bulk Add functionality. records["inputobject"] = records["inputobject"].split(",") for newobject in records["inputobject"]: if records["inputtype"] == "IPv4": if ipregex: object = Indicator.query.filter_by(object=newobject).first() if object is None: ipv4_indicator = Indicator( newobject.strip(), records["inputtype"], records["inputfirstseen"], records["inputlastseen"], records["diamondmodel"], records["inputcampaign"], records["confidence"], records["comments"], records["tags"], None, ) db_session.add(ipv4_indicator) db_session.commit() network = Indicator.query.filter( Indicator.type.in_(("IPv4", "IPv6", "Domain", "Network")) ).all() else: errormessage = "Entry already exists in database." return render_template( "newobject.html", errormessage=errormessage, inputtype=records["inputtype"], inputobject=newobject, inputfirstseen=records["inputfirstseen"], inputlastseen=records["inputlastseen"], inputcampaign=records["inputcampaign"], comments=records["comments"], diamondmodel=records["diamondmodel"], tags=records["tags"], ) else: errormessage = "Not a valid IP Address." return render_template( "newobject.html", errormessage=errormessage, inputtype=records["inputtype"], inputobject=newobject, inputfirstseen=records["inputfirstseen"], inputlastseen=records["inputlastseen"], confidence=records["confidence"], inputcampaign=records["inputcampaign"], comments=records["comments"], diamondmodel=records["diamondmodel"], tags=records["tags"], ) else: object = Indicator.query.filter_by(object=newobject).first() if object is None: indicator = Indicator( newobject.strip(), records["inputtype"], records["inputfirstseen"], records["inputlastseen"], records["diamondmodel"], records["inputcampaign"], records["confidence"], records["comments"], records["tags"], None, ) db_session.add(indicator) db_session.commit() else: errormessage = "Entry already exists in database." return render_template( "newobject.html", errormessage=errormessage, inputtype=records["inputtype"], inputobject=newobject, inputfirstseen=records["inputfirstseen"], inputlastseen=records["inputlastseen"], inputcampaign=records["inputcampaign"], comments=records["comments"], diamondmodel=records["diamondmodel"], tags=records["tags"], ) # TODO: Change 'network' to 'object' in HTML templates to standardize on verbiage if ( records["inputtype"] == "IPv4" or records["inputtype"] == "Domain" or records["inputtype"] == "Network" or records["inputtype"] == "IPv6" ): network = Indicator.query.filter(Indicator.type.in_(("IPv4", "IPv6", "Domain", "Network"))).all() return render_template("networks.html", network=network) elif records["diamondmodel"] == "Victim": victims = Indicator.query.filter(Indicator.diamondmodel == ("Victim")).all() return render_template("victims.html", network=victims) elif records["inputtype"] == "Hash": files = Indicator.query.filter(Indicator.type == ("Hash")).all() return render_template("files.html", network=files) else: threatactors = Indicator.query.filter(Indicator.type == ("Threat Actors")).all() return render_template("threatactors.html", network=threatactors) except Exception as e: return render_template("error.html", error=e)