def run(unfurl, node): if not node.data_type == 'mac-address': long_int = utils.long_int_re.fullmatch(str(node.value)) m = utils.mac_addr_re.fullmatch(str(node.value)) if m and not long_int: u = m.group('mac_addr') # Check if we need to add colons if len(u) == 12: pretty_mac = ':'.join([u[i]+u[i+1] for i in range(0, 12, 2)]) else: pretty_mac = u.upper() unfurl.add_to_queue( data_type='mac-address', key=None, value=pretty_mac, label=f'MAC address: {pretty_mac}', parent_id=node.node_id, incoming_edge_config=uuid_edge) elif node.data_type == 'mac-address' and unfurl.api_keys.get('macaddress_io') and unfurl.remote_lookups: client = maclookup.ApiClient(unfurl.api_keys.get('macaddress_io')) vendor_lookup = client.get_vendor(node.value).decode('utf-8') if vendor_lookup: unfurl.add_to_queue( data_type="mac-address.vendor", key=None, value=vendor_lookup, label=f'Vendor: {vendor_lookup}', parent_id=node.node_id, incoming_edge_config=uuid_edge)
def run(unfurl, node): if not node.data_type == 'mac-address': m = re.match(r'(?P<mac_addr>[0-9A-Fa-f]{12}|([0-9A-Fa-f]:){6})$', str(node.value)) if m: u = m.group('mac_addr') # Check if we need to add colons if len(u) == 12: pretty_mac = f'{u:0{12}X}' pretty_mac = ':'.join([pretty_mac[i]+pretty_mac[i+1] for i in range(0, 12, 2)]) else: pretty_mac = u.upper() # TODO: add detection for randomly generated MACs (random 48-bit number with its eighth bit set to 1 as # recommended in RFC 4122) unfurl.add_to_queue( data_type='mac-address', key=None, value=pretty_mac, label=f'MAC address: {pretty_mac}', parent_id=node.node_id, incoming_edge_config=uuid_edge) elif node.data_type == 'mac-address' and unfurl.api_keys.get('macaddress_io'): client = maclookup.ApiClient(unfurl.api_keys.get('macaddress_io')) vendor_lookup = client.get_vendor(node.value).decode('utf-8') if vendor_lookup: unfurl.add_to_queue( data_type="mac-address.vendor", key=None, value=vendor_lookup, label=f'Vendor: {vendor_lookup}', parent_id=node.node_id, incoming_edge_config=uuid_edge)