Example #1
0
def profile():
    try:
        user = User.query.filter_by(user=current_user.user.lower()).first()
        imd = ImmutableMultiDict(request.form)
        records = helpers.convert(imd)

        if 'currentpw' in records:
            if hashlib.md5(records['currentpw'].encode(
                    'utf-8')).hexdigest() == user.password:
                if records['newpw'] == records['newpwvalidation']:
                    user.password = hashlib.md5(
                        records['newpw'].encode('utf-8')).hexdigest()
                    db_session.commit()
                    errormessage = "Password updated successfully."
                    return render_template('profile.html',
                                           errormessage=errormessage)
                else:
                    errormessage = "New passwords don't match."
                    return render_template('profile.html',
                                           errormessage=errormessage)
            else:
                errormessage = "Current password is incorrect."
                return render_template('profile.html',
                                       errormessage=errormessage)
        return render_template('profile.html')
    except Exception as e:
        return render_template('error.html', error=e)
Example #2
0
def addrelationship():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        records = helpers.convert(imd)

        row = Indicator.query.filter_by(object=records["id"]).first()
        row.relationships = records["indicator"]
        db_session.commit()

        if (
            records["type"] == "IPv4"
            or records["type"] == "IPv6"
            or records["type"] == "Domain"
            or records["type"] == "Network"
        ):
            return redirect(url_for("objectsummary", uid=str(records["id"])))
        elif records["type"] == "Hash":
            return redirect(url_for("filesobject", uid=str(records["id"])))
        elif records["type"] == "Entity":
            return redirect(url_for("victimobject", uid=str(records["id"])))
        elif records["type"] == "Threat Actor":
            return redirect(url_for("threatactorobject", uid=str(records["id"])))
    except Exception as e:
        return render_template("error.html", error=e)
Example #3
0
def addattack():
    try:
        imd = ImmutableMultiDict(request.form)
        inputs = helpers.convert(imd)
        # attack = Attack(1, 'desc', 'note', None)
        # db.session.add(attack)
        # db.session.commit()
    except:
        print 'error adding attack'
        exit()
Example #4
0
def addattack():
    try:
        imd = ImmutableMultiDict(request.form)
        inputs = helpers.convert(imd)
        # attack = Attack(1, 'desc', 'note', None)
        # db.session.add(attack)
        # db.session.commit()
    except:
        print 'error adding attack'
        exit()
Example #5
0
def insertnewfield():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        records = helpers.convert(imd)
        newdict = {}
        for i in records:
            if i == "inputnewfieldname":
                newdict[records[i]] = records['inputnewfieldvalue']
            elif i == "inputnewfieldvalue":
                pass
            else:
                newdict[i] = records[i]
        return render_template('neweditobject.html', entry=newdict)
    except Exception as e:
        return render_template('error.html', error=e)
Example #6
0
def insertnewfield():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        records = helpers.convert(imd)
        newdict = {}
        for i in records:
            if i == "inputnewfieldname":
                newdict[records[i]] = records['inputnewfieldvalue']
            elif i == "inputnewfieldvalue":
                pass
            else:
                newdict[i] = records[i]
        return render_template('neweditobject.html', entry=newdict)
    except Exception as e:
        return render_template('error.html', error=e)
def updateobject():
    try:
        # Updates entry information
        something = request.form
        imd = ImmutableMultiDict(something)
        records = helpers.convert(imd)
        # taglist = records['tags'].split(",") - Unused
        # indicator = Indicator.query.filter_by(object=records['object']).first() - Unused

        try:
            Indicator.query.filter_by(object=records["object"]).update(records)
        except Exception as e:
            # SQLAlchemy does not outright support altering tables.
            for k, v in records.iteritems():
                if Indicator.query.group_by(k).first() is None:
                    print "ALTER Table"
                    # db_session.engine.execute("ALTER TABLE indicators ADD COLUMN " + k + " TEXT DEFAULT ''")

        db_session.commit()

        # db_session.execute('ALTER  TABLE indicators ADD COLUMN')

        # con = helpers.db_connection()
        # with con:
        #    cur = con.cursor()
        #    cur.execute(
        #        "ALTER TABLE indicators ADD COLUMN " + t + " TEXT DEFAULT ''")
        #    cur.execute("UPDATE indicators SET " + t + "= '" + records[
        #                t] + "' WHERE id = '" + records['id'] + "'")

        if (
            records["type"] == "IPv4"
            or records["type"] == "IPv6"
            or records["type"] == "Domain"
            or records["type"] == "Network"
        ):
            return redirect(url_for("objectsummary", uid=str(records["object"])))
        elif records["type"] == "Hash":
            return redirect(url_for("filesobject", uid=str(records["object"])))
        elif records["type"] == "Entity":
            return redirect(url_for("victimobject", uid=str(records["object"])))
        elif records["type"] == "Threat Actor":
            return redirect(url_for("threatactorobject", uid=str(records["object"])))
    except Exception as e:
        return render_template("error.html", error=e)
Example #8
0
def updateobject():
    try:
        # Updates entry information
        something = request.form
        imd = ImmutableMultiDict(something)
        records = helpers.convert(imd)
        # taglist = records['tags'].split(",") - Unused
        # indicator = Indicator.query.filter_by(object=records['object']).first() - Unused

        try:
            Indicator.query.filter_by(object=records['object']).update(records)
        except Exception as e:
            # SQLAlchemy does not outright support altering tables.
            for k, v in records.iteritems():
                if Indicator.query.group_by(k).first() is None:
                    print 'ALTER Table'
                    # db_session.engine.execute("ALTER TABLE indicators ADD COLUMN " + k + " TEXT DEFAULT ''")

        db_session.commit()

        # db_session.execute('ALTER  TABLE indicators ADD COLUMN')

        # con = helpers.db_connection()
        # with con:
        #    cur = con.cursor()
        #    cur.execute(
        #        "ALTER TABLE indicators ADD COLUMN " + t + " TEXT DEFAULT ''")
        #    cur.execute("UPDATE indicators SET " + t + "= '" + records[
        #                t] + "' WHERE id = '" + records['id'] + "'")

        if records['type'] == "IPv4" or records['type'] == "IPv6" or records['type'] == "Domain" or \
                records['type'] == "Network":
            return redirect(
                url_for('objectsummary', uid=str(records['object'])))
        elif records['type'] == "Hash":
            return redirect(url_for('filesobject', uid=str(records['object'])))
        elif records['type'] == "Entity":
            return redirect(url_for('victimobject',
                                    uid=str(records['object'])))
        elif records['type'] == "Threat Actor":
            return redirect(
                url_for('threatactorobject', uid=str(records['object'])))
    except Exception as e:
        return render_template('error.html', error=e)
Example #9
0
def addrelationship():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        records = helpers.convert(imd)

        row = Indicator.query.filter_by(object=records['id']).first()
        row.relationships = records['indicator']
        db_session.commit()

        if records['type'] == "IPv4" or records['type'] == "IPv6" or records['type'] == "Domain" or \
                records['type'] == "Network":
            return redirect(url_for('objectsummary', uid=str(records['id'])))
        elif records['type'] == "Hash":
            return redirect(url_for('filesobject', uid=str(records['id'])))
        elif records['type'] == "Entity":
            return redirect(url_for('victimobject', uid=str(records['id'])))
        elif records['type'] == "Threat Actor":
            return redirect(url_for('threatactorobject', uid=str(records['id'])))
    except Exception as e:
        return render_template('error.html', error=e)
Example #10
0
def profile():
    try:
        user = User.query.filter_by(user=current_user.user.lower()).first()
        imd = ImmutableMultiDict(request.form)
        records = helpers.convert(imd)

        if 'currentpw' in records:
            if hashlib.md5(records['currentpw'].encode('utf-8')).hexdigest() == user.password:
                if records['newpw'] == records['newpwvalidation']:
                    user.password = hashlib.md5(records['newpw'].encode('utf-8')).hexdigest()
                    db_session.commit()
                    errormessage = "Password updated successfully."
                    return render_template('profile.html', errormessage=errormessage)
                else:
                    errormessage = "New passwords don't match."
                    return render_template('profile.html', errormessage=errormessage)
            else:
                errormessage = "Current password is incorrect."
                return render_template('profile.html', errormessage=errormessage)
        return render_template('profile.html')
    except Exception as e:
        return render_template('error.html', error=e)
Example #11
0
def addrelationship():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        records = helpers.convert(imd)

        # Add Direct Relationship
        row = Indicator.query.filter_by(object=records['id']).first()

        if row.relationships:
            row.relationships = str(row.relationships) + ",{}".format(records['indicator'])
        else:
            row.relationships = str(records['indicator'])

        db_session.commit()

        # Add Reverse Relationship
        row = Indicator.query.filter_by(object=records['indicator']).first()

        if row.relationships:
            row.relationships = str(row.relationships) + ",{}".format(records['id'])
        else:
            row.relationships = str(records['id'])

        db_session.commit()

        if records['type'] == "IPv4" or records['type'] == "IPv6" or records['type'] == "Domain" or \
                records['type'] == "Network":
            return redirect(url_for('objectsummary', uid=str(records['id'])))
        elif records['type'] == "Hash":
            return redirect(url_for('filesobject', uid=str(records['id'])))
        elif records['type'] == "Entity":
            return redirect(url_for('victimobject', uid=str(records['id'])))
        elif records['type'] == "Threat Actor":
            return redirect(url_for('threatactorobject', uid=str(records['id'])))
    except Exception as e:
        return render_template('error.html', error=e)
Example #12
0
def updatesettings():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        newdict = helpers.convert(imd)

        # Query the first set of settings, could query custom settings for individual users
        settings = Setting.query.filter_by(_id=1).first()

        # Make sure we're updating the settings instead of overwriting them
        if 'threatcrowd' in newdict.keys():
            settings.threatcrowd = 'on'
        else:
            settings.threatcrowd = 'off'
        for pt_type in ['pt_pdns', 'pt_whois', 'pt_pssl', 'pt_host_attr']:
            auth = [newdict['pt_username'], newdict['pt_api_key']]
            if pt_type in newdict.keys() and ('' not in auth):
                setattr(settings, pt_type, 'on')
            else:
                setattr(settings, pt_type, 'off')
        if 'cuckoo' in newdict.keys():
            settings.cuckoo = 'on'
        else:
            settings.cuckoo = 'off'
        if 'vtinfo' in newdict.keys() and newdict['apikey'] is not '':
            settings.vtinfo = 'on'
        else:
            settings.vtinfo = 'off'
        if 'vtfile' in newdict.keys() and newdict['apikey'] is not '':
            settings.vtfile = 'on'
        else:
            settings.vtfile = 'off'
        if 'circlinfo' in newdict.keys() and newdict['circlusername'] is not '':
            settings.circlinfo = 'on'
        else:
            settings.circlinfo = 'off'
        if 'circlssl' in newdict.keys() and newdict['circlusername'] is not '':
            settings.circlssl = 'on'
        else:
            settings.circlssl = 'off'
        if 'whoisinfo' in newdict.keys():
            settings.whoisinfo = 'on'
        else:
            settings.whoisinfo = 'off'
        if 'farsightinfo' in newdict.keys() and newdict['farsightkey'] is not '':
            settings.farsightinfo = 'on'
        else:
            settings.farsightinfo = 'off'
        if 'shodaninfo' in newdict.keys() and newdict['shodankey'] is not '':
            settings.shodaninfo = 'on'
        else:
            settings.shodaninfo = 'off'
        if 'odnsinfo' in newdict.keys() and newdict['odnskey'] is not '':
            settings.odnsinfo = 'on'
        else:
            settings.odnsinfo = 'off'

        settings.farsightkey = newdict['farsightkey']
        settings.apikey = newdict['apikey']
        settings.odnskey = newdict['odnskey']
        settings.httpproxy = newdict['httpproxy']
        settings.httpsproxy = newdict['httpsproxy']
        settings.cuckoohost = newdict['cuckoohost']
        settings.cuckooapiport = newdict['cuckooapiport']
        settings.circlusername = newdict['circlusername']
        settings.circlpassword = newdict['circlpassword']
        settings.pt_username = newdict['pt_username']
        settings.pt_api_key = newdict['pt_api_key']
        settings.shodankey = newdict['shodankey']

        db_session.commit()
        settings = Setting.query.first()

        return render_template('settings.html', records=settings)
    except Exception as e:
        return render_template('error.html', error=e)
Example #13
0
def newobject():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        records = helpers.convert(imd)

        # Import indicators from Cuckoo for the selected analysis task
        if 'type' in records and 'cuckoo' in records['type']:
            host_data, dns_data, sha1, firstseen = cuckoo.report_data(records['cuckoo_task_id'])
            if host_data and dns_data and sha1 and firstseen:
                # Import IP Indicators from Cuckoo Task
                for ip in host_data:
                    ip = ip['ip']
                    ind = Indicator.query.filter_by(object=ip).first()
                    if ind is None:
                        indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'],
                                              'Low', '', records['tags'], '')
                        db_session.add(indicator)
                        db_session.commit()

                    # Import Domain Indicators from Cuckoo Task
                    for dns in dns_data:
                        ind = Indicator.query.filter_by(object=dns['request']).first()
                        if ind is None:
                            indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure',
                                                  records['campaign'], 'Low', '', records['tags'], '')
                            db_session.add(indicator)
                            db_session.commit()

                    # Import File/Hash Indicators from Cuckoo Task
                    ind = Indicator.query.filter_by(object=sha1).first()
                    if ind is None:
                        indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability',
                                              records['campaign'], 'Low', '', records['tags'], '')
                        db_session.add(indicator)
                        db_session.commit()

                # Redirect to Dashboard after successful import
                return redirect(url_for('home'))
            else:
                errormessage = 'Task is not a file analysis'
                return redirect(url_for('import_indicators'))

        if 'inputtype' in records:
            # Makes sure if you submit an IPv4 indicator, it's an actual IP
            # address.
            ipregex = re.match(
                r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject'])
            # Convert the inputobject of IP or Domain to a list for Bulk Add functionality.
            records['inputobject'] = records['inputobject'].split(',')
            for newobject in records['inputobject']:
                if records['inputtype'] == "IPv4":
                    if ipregex:
                        object = Indicator.query.filter_by(object=newobject).first()
                        if object is None:
                            ipv4_indicator = Indicator(newobject.strip(), records['inputtype'],
                                                       records['inputfirstseen'], records['inputlastseen'],
                                                       records['diamondmodel'], records['inputcampaign'],
                                                       records['confidence'], records['comments'], records['tags'], None)
                            db_session.add(ipv4_indicator)
                            db_session.commit()
                            network = Indicator.query.filter(Indicator.type.in_(
                                ('IPv4', 'IPv6', 'Domain', 'Network'))).all()
                        else:
                            errormessage = "Entry already exists in database."
                            return render_template('newobject.html', errormessage=errormessage,
                                                   inputtype=records['inputtype'], inputobject=newobject,
                                                   inputfirstseen=records['inputfirstseen'],
                                                   inputlastseen=records['inputlastseen'],
                                                   inputcampaign=records['inputcampaign'],
                                                   comments=records['comments'],
                                                   diamondmodel=records['diamondmodel'],
                                                   tags=records['tags'])

                    else:
                        errormessage = "Not a valid IP Address."
                        return render_template('newobject.html', errormessage=errormessage,
                                               inputtype=records['inputtype'],
                                               inputobject=newobject, inputfirstseen=records['inputfirstseen'],
                                               inputlastseen=records['inputlastseen'],
                                               confidence=records['confidence'], inputcampaign=records['inputcampaign'],
                                               comments=records['comments'], diamondmodel=records['diamondmodel'],
                                               tags=records['tags'])
                else:
                    object = Indicator.query.filter_by(object=newobject).first()
                    if object is None:
                        indicator = Indicator(newobject.strip(), records['inputtype'], records['inputfirstseen'],
                                              records['inputlastseen'], records['diamondmodel'], records['inputcampaign'],
                                              records['confidence'], records['comments'], records['tags'], None)
                        db_session.add(indicator)
                        db_session.commit()
                    else:
                        errormessage = "Entry already exists in database."
                        return render_template('newobject.html', errormessage=errormessage,
                                               inputtype=records['inputtype'], inputobject=newobject,
                                               inputfirstseen=records['inputfirstseen'],
                                               inputlastseen=records['inputlastseen'],
                                               inputcampaign=records['inputcampaign'],
                                               comments=records['comments'],
                                               diamondmodel=records['diamondmodel'],
                                               tags=records['tags'])

            # TODO: Change 'network' to 'object' in HTML templates to standardize on verbiage
            if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network"\
                    or records['inputtype'] == "IPv6":
                network = Indicator.query.filter(Indicator.type.in_(('IPv4', 'IPv6', 'Domain', 'Network'))).all()
                return render_template('networks.html', network=network)

            elif records['diamondmodel'] == "Victim":
                victims = Indicator.query.filter(Indicator.diamondmodel == ('Victim')).all()
                return render_template('victims.html', network=victims)

            elif records['inputtype'] == "Hash":
                files = Indicator.query.filter(Indicator.type == ('Hash')).all()
                return render_template('files.html', network=files)

            else:
                threatactors = Indicator.query.filter(Indicator.type == ('Threat Actors')).all()
                return render_template('threatactors.html', network=threatactors)
    except Exception as e:
        return render_template('error.html', error=e)
Example #14
0
def updatesettings():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        newdict = helpers.convert(imd)

        # Query the first set of settings, could query custom settings for individual users
        settings = Setting.query.filter_by(_id=1).first()

        # Make sure we're updating the settings instead of overwriting them
        if 'threatcrowd' in newdict.keys():
            settings.threatcrowd = 'on'
        else:
            settings.threatcrowd = 'off'
        for pt_type in ['pt_pdns', 'pt_whois', 'pt_pssl', 'pt_host_attr']:
            auth = [newdict['pt_username'], newdict['pt_api_key']]
            if pt_type in newdict.keys() and ('' not in auth):
                setattr(settings, pt_type, 'on')
            else:
                setattr(settings, pt_type, 'off')
        if 'cuckoo' in newdict.keys():
            settings.cuckoo = 'on'
        else:
            settings.cuckoo = 'off'
        if 'vtinfo' in newdict.keys() and newdict['apikey'] is not '':
            settings.vtinfo = 'on'
        else:
            settings.vtinfo = 'off'
        if 'vtfile' in newdict.keys() and newdict['apikey'] is not '':
            settings.vtfile = 'on'
        else:
            settings.vtfile = 'off'
        if 'circlinfo' in newdict.keys() and newdict['circlusername'] is not '':
            settings.circlinfo = 'on'
        else:
            settings.circlinfo = 'off'
        if 'circlssl' in newdict.keys() and newdict['circlusername'] is not '':
            settings.circlssl = 'on'
        else:
            settings.circlssl = 'off'
        if 'whoisinfo' in newdict.keys():
            settings.whoisinfo = 'on'
        else:
            settings.whoisinfo = 'off'
        if 'farsightinfo' in newdict.keys() and newdict['farsightkey'] is not '':
            settings.farsightinfo = 'on'
        else:
            settings.farsightinfo = 'off'
        if 'shodaninfo' in newdict.keys() and newdict['shodankey'] is not '':
            settings.shodaninfo = 'on'
        else:
            settings.shodaninfo = 'off'
        if 'odnsinfo' in newdict.keys() and newdict['odnskey'] is not '':
            settings.odnsinfo = 'on'
        else:
            settings.odnsinfo = 'off'

        settings.farsightkey = newdict['farsightkey']
        settings.apikey = newdict['apikey']
        settings.odnskey = newdict['odnskey']
        settings.httpproxy = newdict['httpproxy']
        settings.httpsproxy = newdict['httpsproxy']
        settings.cuckoohost = newdict['cuckoohost']
        settings.cuckooapiport = newdict['cuckooapiport']
        settings.circlusername = newdict['circlusername']
        settings.circlpassword = newdict['circlpassword']
        settings.pt_username = newdict['pt_username']
        settings.pt_api_key = newdict['pt_api_key']
        settings.shodankey = newdict['shodankey']

        db_session.commit()
        settings = Setting.query.first()

        return render_template('settings.html', records=settings)
    except Exception as e:
        return render_template('error.html', error=e)
Example #15
0
def newobject():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        records = helpers.convert(imd)

        # Import indicators from Cuckoo for the selected analysis task
        if 'type' in records and 'cuckoo' in records['type']:
            host_data, dns_data, sha1, firstseen = cuckoo.report_data(records['cuckoo_task_id'])
            if host_data and dns_data and sha1 and firstseen:
                # Import IP Indicators from Cuckoo Task
                for ip in host_data:
                    ind = Indicator.query.filter_by(object=ip).first()
                    if ind is None:
                        indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'],
                                              'Low', '', records['tags'], '')
                        db_session.add(indicator)
                        db_session.commit()

                    # Import Domain Indicators from Cuckoo Task
                    for dns in dns_data:
                        ind = Indicator.query.filter_by(object=dns['request']).first()
                        if ind is None:
                            indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure',
                                                  records['campaign'], 'Low', '', records['tags'], '')
                            db_session.add(indicator)
                            db_session.commit()

                    # Import File/Hash Indicators from Cuckoo Task
                    ind = Indicator.query.filter_by(object=sha1).first()
                    if ind is None:
                        indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability',
                                              records['campaign'], 'Low', '', records['tags'], '')
                        db_session.add(indicator)
                        db_session.commit()

                # Redirect to Dashboard after successful import
                return redirect(url_for('home'))
            else:
                errormessage = 'Task is not a file analysis'
                return redirect(url_for('import_indicators'))

        if 'inputtype' in records:
            # Makes sure if you submit an IPv4 indicator, it's an actual IP
            # address.
            ipregex = re.match(
                r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject'])
            # Convert the inputobject of IP or Domain to a list for Bulk Add functionality.
            records['inputobject'] = records['inputobject'].split(',')
            for newobject in records['inputobject']:
                if records['inputtype'] == "IPv4":
                    if ipregex:
                        object = Indicator.query.filter_by(object=newobject).first()
                        if object is None:
                            ipv4_indicator = Indicator(newobject.strip(), records['inputtype'],
                                                       records['inputfirstseen'], records['inputlastseen'],
                                                       records['diamondmodel'], records['inputcampaign'],
                                                       records['confidence'], records['comments'], records['tags'], None)
                            db_session.add(ipv4_indicator)
                            db_session.commit()
                            network = Indicator.query.filter(Indicator.type.in_(
                                ('IPv4', 'IPv6', 'Domain', 'Network'))).all()
                        else:
                            errormessage = "Entry already exists in database."
                            return render_template('newobject.html', errormessage=errormessage,
                                                   inputtype=records['inputtype'], inputobject=newobject,
                                                   inputfirstseen=records['inputfirstseen'],
                                                   inputlastseen=records['inputlastseen'],
                                                   inputcampaign=records['inputcampaign'],
                                                   comments=records['comments'],
                                                   diamondmodel=records['diamondmodel'],
                                                   tags=records['tags'])

                    else:
                        errormessage = "Not a valid IP Address."
                        return render_template('newobject.html', errormessage=errormessage,
                                               inputtype=records['inputtype'],
                                               inputobject=newobject, inputfirstseen=records['inputfirstseen'],
                                               inputlastseen=records['inputlastseen'],
                                               confidence=records['confidence'], inputcampaign=records['inputcampaign'],
                                               comments=records['comments'], diamondmodel=records['diamondmodel'],
                                               tags=records['tags'])
                else:
                    object = Indicator.query.filter_by(object=newobject).first()
                    if object is None:
                        indicator = Indicator(newobject.strip(), records['inputtype'], records['inputfirstseen'],
                                              records['inputlastseen'], records['diamondmodel'], records['inputcampaign'],
                                              records['confidence'], records['comments'], records['tags'], None)
                        db_session.add(indicator)
                        db_session.commit()
                    else:
                        errormessage = "Entry already exists in database."
                        return render_template('newobject.html', errormessage=errormessage,
                                               inputtype=records['inputtype'], inputobject=newobject,
                                               inputfirstseen=records['inputfirstseen'],
                                               inputlastseen=records['inputlastseen'],
                                               inputcampaign=records['inputcampaign'],
                                               comments=records['comments'],
                                               diamondmodel=records['diamondmodel'],
                                               tags=records['tags'])

            # TODO: Change 'network' to 'object' in HTML templates to standardize on verbiage
            if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network"\
                    or records['inputtype'] == "IPv6":
                network = Indicator.query.filter(Indicator.type.in_(('IPv4', 'IPv6', 'Domain', 'Network'))).all()
                return render_template('networks.html', network=network)

            elif records['diamondmodel'] == "Victim":
                victims = Indicator.query.filter(Indicator.diamondmodel == ('Victim')).all()
                return render_template('victims.html', network=victims)

            elif records['inputtype'] == "Hash":
                files = Indicator.query.filter(Indicator.type == ('Hash')).all()
                return render_template('files.html', network=files)

            else:
                threatactors = Indicator.query.filter(Indicator.type == ('Threat Actors')).all()
                return render_template('threatactors.html', network=threatactors)
    except Exception as e:
        return render_template('error.html', error=e)
Example #16
0
def newobject():
    try:
        imd = ImmutableMultiDict(request.form)
        records = helpers.convert(imd)

        # Import indicators from Cuckoo for the selected analysis task
        if 'type' in records and 'cuckoo' in records['type']:
            host_data, dns_data, sha1, firstseen = cuckoo.report_data(records['cuckoo_task_id'])
            if host_data and dns_data and sha1 and firstseen:
                # Import IP Indicators from Cuckoo Task
                for ip in host_data:
                    ip = ip['ip']
                    ind = Indicator.query.filter_by(indicator=ip).first()
                    if ind is None:
                        indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'],
                                              'Low', '', records['tags'], '')
                        db.session.add(indicator)
                        db.session.commit()

                    # Import Domain Indicators from Cuckoo Task
                    for dns in dns_data:
                        ind = Indicator.query.filter_by(indicator=dns['request']).first()
                        if ind is None:
                            indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure',
                                                  records['campaign'], 'Low', '', records['tags'], '')
                            db.session.add(indicator)
                            db.session.commit()

                    # Import File/Hash Indicators from Cuckoo Task
                    ind = Indicator.query.filter_by(indicator=sha1).first()
                    if ind is None:
                        indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability',
                                              records['campaign'], 'Low', '', records['tags'], '')
                        db.session.add(indicator)
                        db.session.commit()

                # Redirect to Dashboard after successful import
                return redirect(url_for('home'))
            else:
                errormessage = 'Task is not a file analysis'
                return redirect(url_for('import_indicators'))

        # Add the Campaign to the database
        exists = Campaign.query.filter_by(name=records['inputcampaign']).all() is not None
        camp = Campaign(name=records['inputcampaign'], notes='', tags=records['tags'])
        if not exists:
            db.session.add(camp)
            db.session.commit()

        if 'inputtype' in records:
            # Hack for dealing with disabled fields not being sent in request.form
            # A hidden field is used to send the indicator
            if 'inputobject' not in records:
                records['inputobject'] = records['indicator']
            # Makes sure if you submit an IPv4 indicator, it's an actual IP
            # address.
            ipregex = re.match(
                r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject'])
            # Convert the inputobject of IP or Domain to a list for Bulk Add functionality.
            records['inputobject'] = records['inputobject'].split(',')
            errormessage=None
            for newobject in records['inputobject']:
                indicator = Indicator.query.filter_by(indicator=newobject).first()
                if indicator is None:
                    newindicator = Indicator(indicator=newobject.strip(), campaign=camp,
                                             indicator_type=records['inputtype'],
                                             firstseen=records['inputfirstseen'],
                                             lastseen=records['inputlastseen'],
                                             diamondmodel=records['diamondmodel'],
                                             confidence=records['confidence'],
                                             notes=records['comments'],
                                             tags=records['tags'],
                                             relationships=None)
                    if newindicator:
                        # Validates that the indicator is an IPv4
                        if not ipregex and records['inputtype'] == "IPv4":
                            errormessage = "Not a valid IP Address."
                        else:
                            db.session.add(newindicator)
                            db.session.commit()
                else:
                    # Check to see if the app route was Update
                    # preform an update instead of adding a new indicator
                    rule = request.url_rule
                    if 'update' in rule.rule:
                        indicator.campaign.name = records['inputcampaign']
                        indicator.indicator_type = records['inputtype']
                        indicator.firstseen = records['inputfirstseen']
                        indicator.lastseen = records['inputlastseen']
                        indicator.diamondmodel = records['diamondmodel']
                        indicator.confidence = records['confidence']
                        indicator.notes = records['comments']
                        indicator.tags = records['tags']
                        db.session.commit()
                    else:
                        errormessage = "Entry already exists in database."

                if errormessage:
                    return render_template('newobject.html', errormessage=errormessage,
                                           inputtype=records['inputtype'], inputobject=newobject,
                                           inputfirstseen=records['inputfirstseen'],
                                           inputlastseen=records['inputlastseen'],
                                           inputcampaign=records['inputcampaign'],
                                           comments=records['comments'],
                                           diamondmodel=records['diamondmodel'],
                                           tags=records['tags'])

            if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network" \
                    or records['inputtype'] == "IPv6":
                network = Indicator.query.filter(
                    Indicator.indicator_type.in_(('IPv4', 'IPv6', 'Domain', 'Network'))).all()
                return render_template('indicatorlist.html', network=network, title='Network Indicators',
                                       links='network')

            elif records['diamondmodel'] == "Victim":
                victims = Indicator.query.filter(Indicator.diamondmodel == 'Victim').all()
                return render_template('indicatorlist.html', network=victims, title='Victims', links='victims')

            elif records['inputtype'] == "Hash":
                files = Indicator.query.filter(Indicator.indicator_type == 'Hash').all()
                return render_template('indicatorlist.html', network=files, title='Files & Hashes', links='files')

            else:
                threatactors = Indicator.query.filter(Indicator.indicator_type == 'Threat Actor').all()
                return render_template(
                    'indicatorlist.html', network=threatactors, title='Threat Actors', links='threatactors')
    except Exception as e:
        return render_template('error.html', error=e)
Example #17
0
def newobject():
    try:
        imd = ImmutableMultiDict(request.form)
        records = helpers.convert(imd)

        # Import indicators from Cuckoo for the selected analysis task
        if 'type' in records and 'cuckoo' in records['type']:
            host_data, dns_data, sha1, firstseen = cuckoo.report_data(
                records['cuckoo_task_id'])
            if host_data and dns_data and sha1 and firstseen:
                # Import IP Indicators from Cuckoo Task
                for ip in host_data:
                    ip = ip['ip']
                    ind = Indicator.query.filter_by(indicator=ip).first()
                    if ind is None:
                        indicator = Indicator(ip.strip(), 'IPv4', firstseen,
                                              '', 'Infrastructure',
                                              records['campaign'], 'Low', '',
                                              records['tags'], '')
                        db.session.add(indicator)
                        db.session.commit()

                    # Import Domain Indicators from Cuckoo Task
                    for dns in dns_data:
                        ind = Indicator.query.filter_by(
                            indicator=dns['request']).first()
                        if ind is None:
                            indicator = Indicator(dns['request'], 'Domain',
                                                  firstseen, '',
                                                  'Infrastructure',
                                                  records['campaign'], 'Low',
                                                  '', records['tags'], '')
                            db.session.add(indicator)
                            db.session.commit()

                    # Import File/Hash Indicators from Cuckoo Task
                    ind = Indicator.query.filter_by(indicator=sha1).first()
                    if ind is None:
                        indicator = Indicator(sha1, 'Hash', firstseen, '',
                                              'Capability',
                                              records['campaign'], 'Low', '',
                                              records['tags'], '')
                        db.session.add(indicator)
                        db.session.commit()

                # Redirect to Dashboard after successful import
                return redirect(url_for('home'))
            else:
                errormessage = 'Task is not a file analysis'
                return redirect(url_for('import_indicators'))

        # Add the Campaign to the database
        exists = Campaign.query.filter_by(
            name=records['inputcampaign']).all() is not None
        camp = Campaign(name=records['inputcampaign'],
                        notes='',
                        tags=records['tags'])
        if not exists:
            db.session.add(camp)
            db.session.commit()

        if 'inputtype' in records:
            # Hack for dealing with disabled fields not being sent in request.form
            # A hidden field is used to send the indicator
            if 'inputobject' not in records:
                records['inputobject'] = records['indicator']
            # Makes sure if you submit an IPv4 indicator, it's an actual IP
            # address.
            ipregex = re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}',
                               records['inputobject'])
            # Convert the inputobject of IP or Domain to a list for Bulk Add functionality.
            records['inputobject'] = records['inputobject'].split(',')
            errormessage = None
            for newobject in records['inputobject']:
                indicator = Indicator.query.filter_by(
                    indicator=newobject).first()
                if indicator is None:
                    newindicator = Indicator(
                        indicator=newobject.strip(),
                        campaign=camp,
                        indicator_type=records['inputtype'],
                        firstseen=records['inputfirstseen'],
                        lastseen=records['inputlastseen'],
                        diamondmodel=records['diamondmodel'],
                        confidence=records['confidence'],
                        notes=records['comments'],
                        tags=records['tags'],
                        relationships=None)
                    if newindicator:
                        # Validates that the indicator is an IPv4
                        if not ipregex and records['inputtype'] == "IPv4":
                            errormessage = "Not a valid IP Address."
                        else:
                            db.session.add(newindicator)
                            db.session.commit()
                else:
                    # Check to see if the app route was Update
                    # preform an update instead of adding a new indicator
                    rule = request.url_rule
                    if 'update' in rule.rule:
                        indicator.campaign.name = records['inputcampaign']
                        indicator.indicator_type = records['inputtype']
                        indicator.firstseen = records['inputfirstseen']
                        indicator.lastseen = records['inputlastseen']
                        indicator.diamondmodel = records['diamondmodel']
                        indicator.confidence = records['confidence']
                        indicator.notes = records['comments']
                        indicator.tags = records['tags']
                        db.session.commit()
                    else:
                        errormessage = "Entry already exists in database."

                if errormessage:
                    return render_template(
                        'newobject.html',
                        errormessage=errormessage,
                        inputtype=records['inputtype'],
                        inputobject=newobject,
                        inputfirstseen=records['inputfirstseen'],
                        inputlastseen=records['inputlastseen'],
                        inputcampaign=records['inputcampaign'],
                        comments=records['comments'],
                        diamondmodel=records['diamondmodel'],
                        tags=records['tags'])

            if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network" \
                    or records['inputtype'] == "IPv6":
                network = Indicator.query.filter(
                    Indicator.indicator_type.in_(
                        ('IPv4', 'IPv6', 'Domain', 'Network'))).all()
                return render_template('indicatorlist.html',
                                       network=network,
                                       title='Network Indicators',
                                       links='network')

            elif records['diamondmodel'] == "Victim":
                victims = Indicator.query.filter(
                    Indicator.diamondmodel == 'Victim').all()
                return render_template('indicatorlist.html',
                                       network=victims,
                                       title='Victims',
                                       links='victims')

            elif records['inputtype'] == "Hash":
                files = Indicator.query.filter(
                    Indicator.indicator_type == 'Hash').all()
                return render_template('indicatorlist.html',
                                       network=files,
                                       title='Files & Hashes',
                                       links='files')

            else:
                threatactors = Indicator.query.filter(
                    Indicator.indicator_type == 'Threat Actor').all()
                return render_template('indicatorlist.html',
                                       network=threatactors,
                                       title='Threat Actors',
                                       links='threatactors')
    except Exception as e:
        return render_template('error.html', error=e)
def updatesettings():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        newdict = helpers.convert(imd)

        # Query the first set of settings, could query custom settings for individual users
        settings = Setting.query.filter_by(_id=1).first()

        # Make sure we're updating the settings instead of overwriting them
        if "threatcrowd" in newdict.keys():
            settings.threatcrowd = "on"
        else:
            settings.threatcrowd = "off"
        for pt_type in ["pt_pdns", "pt_whois", "pt_pssl", "pt_host_attr"]:
            auth = [newdict["pt_username"], newdict["pt_api_key"]]
            if pt_type in newdict.keys() and ("" not in auth):
                setattr(settings, pt_type, "on")
            else:
                setattr(settings, pt_type, "off")
        if "cuckoo" in newdict.keys():
            settings.cuckoo = "on"
        else:
            settings.cuckoo = "off"
        if "vtinfo" in newdict.keys() and newdict["apikey"] is not "":
            settings.vtinfo = "on"
        else:
            settings.vtinfo = "off"
        if "vtfile" in newdict.keys() and newdict["apikey"] is not "":
            settings.vtfile = "on"
        else:
            settings.vtfile = "off"
        if "circlinfo" in newdict.keys() and newdict["circlusername"] is not "":
            settings.circlinfo = "on"
        else:
            settings.circlinfo = "off"
        if "circlssl" in newdict.keys() and newdict["circlusername"] is not "":
            settings.circlssl = "on"
        else:
            settings.circlssl = "off"
        if "whoisinfo" in newdict.keys():
            settings.whoisinfo = "on"
        else:
            settings.whoisinfo = "off"
        if "farsightinfo" in newdict.keys() and newdict["farsightkey"] is not "":
            settings.farsightinfo = "on"
        else:
            settings.farsightinfo = "off"
        if "shodaninfo" in newdict.keys() and newdict["shodankey"] is not "":
            settings.shodaninfo = "on"
        else:
            settings.shodaninfo = "off"
        if "odnsinfo" in newdict.keys() and newdict["odnskey"] is not "":
            settings.odnsinfo = "on"
        else:
            settings.odnsinfo = "off"

        settings.farsightkey = newdict["farsightkey"]
        settings.apikey = newdict["apikey"]
        settings.odnskey = newdict["odnskey"]
        settings.httpproxy = newdict["httpproxy"]
        settings.httpsproxy = newdict["httpsproxy"]
        settings.cuckoohost = newdict["cuckoohost"]
        settings.cuckooapiport = newdict["cuckooapiport"]
        settings.circlusername = newdict["circlusername"]
        settings.circlpassword = newdict["circlpassword"]
        settings.pt_username = newdict["pt_username"]
        settings.pt_api_key = newdict["pt_api_key"]
        settings.shodankey = newdict["shodankey"]

        db_session.commit()
        settings = Setting.query.first()

        return render_template("settings.html", records=settings)
    except Exception as e:
        return render_template("error.html", error=e)
def newobject():
    try:
        something = request.form
        imd = ImmutableMultiDict(something)
        records = helpers.convert(imd)

        # Import indicators from Cuckoo for the selected analysis task
        if "type" in records and "cuckoo" in records["type"]:
            host_data, dns_data, sha1, firstseen = cuckoo.report_data(records["cuckoo_task_id"])
            if host_data and dns_data and sha1 and firstseen:
                # Import IP Indicators from Cuckoo Task
                for ip in host_data:
                    ind = Indicator.query.filter_by(object=ip).first()
                    if ind is None:
                        indicator = Indicator(
                            ip.strip(),
                            "IPv4",
                            firstseen,
                            "",
                            "Infrastructure",
                            records["campaign"],
                            "Low",
                            "",
                            records["tags"],
                            "",
                        )
                        db_session.add(indicator)
                        db_session.commit()

                    # Import Domain Indicators from Cuckoo Task
                    for dns in dns_data:
                        ind = Indicator.query.filter_by(object=dns["request"]).first()
                        if ind is None:
                            indicator = Indicator(
                                dns["request"],
                                "Domain",
                                firstseen,
                                "",
                                "Infrastructure",
                                records["campaign"],
                                "Low",
                                "",
                                records["tags"],
                                "",
                            )
                            db_session.add(indicator)
                            db_session.commit()

                    # Import File/Hash Indicators from Cuckoo Task
                    ind = Indicator.query.filter_by(object=sha1).first()
                    if ind is None:
                        indicator = Indicator(
                            sha1,
                            "Hash",
                            firstseen,
                            "",
                            "Capability",
                            records["campaign"],
                            "Low",
                            "",
                            records["tags"],
                            "",
                        )
                        db_session.add(indicator)
                        db_session.commit()

                # Redirect to Dashboard after successful import
                return redirect(url_for("home"))
            else:
                errormessage = "Task is not a file analysis"
                return redirect(url_for("import_indicators"))

        if "inputtype" in records:
            # Makes sure if you submit an IPv4 indicator, it's an actual IP
            # address.
            ipregex = re.match(r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", records["inputobject"])
            # Convert the inputobject of IP or Domain to a list for Bulk Add functionality.
            records["inputobject"] = records["inputobject"].split(",")
            for newobject in records["inputobject"]:
                if records["inputtype"] == "IPv4":
                    if ipregex:
                        object = Indicator.query.filter_by(object=newobject).first()
                        if object is None:
                            ipv4_indicator = Indicator(
                                newobject.strip(),
                                records["inputtype"],
                                records["inputfirstseen"],
                                records["inputlastseen"],
                                records["diamondmodel"],
                                records["inputcampaign"],
                                records["confidence"],
                                records["comments"],
                                records["tags"],
                                None,
                            )
                            db_session.add(ipv4_indicator)
                            db_session.commit()
                            network = Indicator.query.filter(
                                Indicator.type.in_(("IPv4", "IPv6", "Domain", "Network"))
                            ).all()
                        else:
                            errormessage = "Entry already exists in database."
                            return render_template(
                                "newobject.html",
                                errormessage=errormessage,
                                inputtype=records["inputtype"],
                                inputobject=newobject,
                                inputfirstseen=records["inputfirstseen"],
                                inputlastseen=records["inputlastseen"],
                                inputcampaign=records["inputcampaign"],
                                comments=records["comments"],
                                diamondmodel=records["diamondmodel"],
                                tags=records["tags"],
                            )

                    else:
                        errormessage = "Not a valid IP Address."
                        return render_template(
                            "newobject.html",
                            errormessage=errormessage,
                            inputtype=records["inputtype"],
                            inputobject=newobject,
                            inputfirstseen=records["inputfirstseen"],
                            inputlastseen=records["inputlastseen"],
                            confidence=records["confidence"],
                            inputcampaign=records["inputcampaign"],
                            comments=records["comments"],
                            diamondmodel=records["diamondmodel"],
                            tags=records["tags"],
                        )
                else:
                    object = Indicator.query.filter_by(object=newobject).first()
                    if object is None:
                        indicator = Indicator(
                            newobject.strip(),
                            records["inputtype"],
                            records["inputfirstseen"],
                            records["inputlastseen"],
                            records["diamondmodel"],
                            records["inputcampaign"],
                            records["confidence"],
                            records["comments"],
                            records["tags"],
                            None,
                        )
                        db_session.add(indicator)
                        db_session.commit()
                    else:
                        errormessage = "Entry already exists in database."
                        return render_template(
                            "newobject.html",
                            errormessage=errormessage,
                            inputtype=records["inputtype"],
                            inputobject=newobject,
                            inputfirstseen=records["inputfirstseen"],
                            inputlastseen=records["inputlastseen"],
                            inputcampaign=records["inputcampaign"],
                            comments=records["comments"],
                            diamondmodel=records["diamondmodel"],
                            tags=records["tags"],
                        )

            # TODO: Change 'network' to 'object' in HTML templates to standardize on verbiage
            if (
                records["inputtype"] == "IPv4"
                or records["inputtype"] == "Domain"
                or records["inputtype"] == "Network"
                or records["inputtype"] == "IPv6"
            ):
                network = Indicator.query.filter(Indicator.type.in_(("IPv4", "IPv6", "Domain", "Network"))).all()
                return render_template("networks.html", network=network)

            elif records["diamondmodel"] == "Victim":
                victims = Indicator.query.filter(Indicator.diamondmodel == ("Victim")).all()
                return render_template("victims.html", network=victims)

            elif records["inputtype"] == "Hash":
                files = Indicator.query.filter(Indicator.type == ("Hash")).all()
                return render_template("files.html", network=files)

            else:
                threatactors = Indicator.query.filter(Indicator.type == ("Threat Actors")).all()
                return render_template("threatactors.html", network=threatactors)
    except Exception as e:
        return render_template("error.html", error=e)