def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.warninglists = WarningLists()
# Create Hygiene Tag
self.label_hygiene = self.helper.api.label.create(value="Hygiene",
color="#fc0341")
def from_instance(pymisp_instance, slow_search=False):
"""Load the warnindlist from an existing MISP instance
:pymisp_instance: Already instantialized PyMISP instance."""
warninglists_index = pymisp_instance.get_warninglists()['Warninglists']
all_warningslists = []
for warninglist in warninglists_index:
wl = pymisp_instance.get_warninglist(warninglist['Warninglist']['id'])['Warninglist']
wl['list'] = wl.pop('WarninglistEntry')
all_warningslists.append(wl)
return WarningLists(slow_search, all_warningslists)
def test_slow_search(self):
self.warninglists = WarningLists(True)
results = self.warninglists.search('8.8.8.8')
self.assertEqual(results[0].name,
'List of known IPv4 public DNS resolvers')
results = self.warninglists.search('100.64.1.56')
self.assertEqual(results[0].name, 'List of RFC 6598 CIDR blocks')
results = self.warninglists.search('2001:DB8::34:1')
self.assertEqual(results[0].name, 'List of RFC 3849 CIDR blocks')
results = self.warninglists.search('1e100.net')
self.assertEqual(results[0].name, 'List of known google domains')
results = self.warninglists.search('something.files.1drv.com')
self.assertEqual(results[0].name, 'List of known microsoft domains')
def test_slow_search(self):
self.warninglists = WarningLists(True)
results = self.warninglists.search('8.8.8.8')
self.assertEqual(results[0].name,
'List of known IPv4 public DNS resolvers')
results = self.warninglists.search('100.64.1.56')
self.assertEqual(results[0].name, 'List of RFC 6598 CIDR blocks')
results = self.warninglists.search('2001:DB8::34:1')
self.assertEqual(results[0].name, 'List of RFC 3849 CIDR blocks')
results = self.warninglists.search('1e100.net')
self.assertTrue(
'List of known google domains' in [r.name for r in results])
results = self.warninglists.search('blah.files.1drv.com')
self.assertTrue(
'Top 10K most-used sites from Tranco' in [r.name for r in results])
results = self.warninglists.search('arbitrary-domain-1e100.net')
self.assertEqual(results, [])
results = self.warninglists.search('phishing.co.uk')
self.assertEqual(results, [])
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.helper = OpenCTIConnectorHelper(config)
warninglists_slow_search = bool(
get_config_variable(
"HYGIENE_WARNINGLISTS_SLOW_SEARCH",
["hygiene", "warninglists_slow_search"],
config,
default=False,
)
)
self.enrich_subdomains = bool(
get_config_variable(
"HYGIENE_ENRICH_SUBDOMAINS",
["hygiene", "enrich_subdomains"],
config,
default=False,
)
)
self.helper.log_info(f"Warning lists slow search: {warninglists_slow_search}")
self.warninglists = WarningLists(slow_search=warninglists_slow_search)
# Create Hygiene Tag
self.label_hygiene = self.helper.api.label.create(
value="Hygiene", color="#fc0341"
)
if self.enrich_subdomains:
self.label_hygiene_parent = self.helper.api.label.create(
value="Hygiene_parent", color="#fc0341"
)
def from_package(slow_search=False):
return WarningLists(slow_search)
def setUp(self):
self.warninglists = WarningLists()
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
from pymispwarninglists import WarningLists
if __name__ == '__main__':
warninglists = WarningLists(slow_search=True)
ioc_list = set()
for line in sys.stdin:
line = line.strip().split('\t')
ioc_list.add(line[-1])
for ioc in ioc_list:
r = warninglists.search(ioc)
if r:
continue
print(ioc)
def init():
return WarningLists(slow_search=True)
def init():
'''
Template to get the module started
'''
return WarningLists()