def tacyt(plugin_name, project_id, resource_id, resource_type, apk_hash): application = None result_status = PluginResultStatus.STARTED try: APP_ID = KeyRing().get("tacyt-appid") SECRET_KEY = KeyRing().get("tacyt-secret") API_KEY_IN_DDBB = bool(APP_ID) & bool(SECRET_KEY) if not API_KEY_IN_DDBB: print("No App ID key...!") result_status = PluginResultStatus.NO_API_KEY else: api = tacytsdk.TacytApp(APP_ID, SECRET_KEY) search = api.search_apps(query=apk_hash, outfields=__OUT_FIELDS) if (search.data and search.data.get("data") and search.data.get("data").get("result") and search.data.get("data").get("result").get("numResults") == 1): application = (search.data.get("data").get("result").get( "applications")[0]) result_status = PluginResultStatus.COMPLETED else: result_status = PluginResultStatus.RETURN_NONE PluginManager.set_plugin_results(resource_id, plugin_name, project_id, application, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) application = None
def binaryedge(plugin_name, project_id, resource_id, resource_type, ip): try: API_KEY = KeyRing().get("binaryedge") if not API_KEY: print("No API key...!") return {} response = {} headers = {"X-Key": API_KEY} response = requests.get(URL.format(**{"ip": ip}), headers=headers) if response.status_code == 404: print("associated records not found!") elif not response.status_code == 200: print("API key error!") else: response = json.loads(response.content) print(response) PluginManager.set_plugin_results( resource_id, plugin_name, project_id, response, result_status ) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def pulsedive_get_ioc_byvalue(param): try: API_KEY = KeyRing().get("pulsedive") if not API_KEY: print("No API key...!") return None response = {} headers = { "User-Agent": "Mozilla/5.0 (X11; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0" } params = f"?pretty=1&key={API_KEY}&indicator={param}" response = requests.get(URL_INFO, params=params, headers=headers) if not response.status_code == 200: print("API key error!") return None else: response = json.loads(response.content) return response except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def pastebin(plugin_name, project_id, resource_id, resource_type, target, search_engine): try: query_result = None API_KEY = KeyRing().get("pastebin") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: # We use "googlesearch" subtask to gather results as pastebin.com does not # have a in-search engine query_result = restricted_googlesearch(search_engine, target) # Now, process google results and get the pastes and metadata if query_result: query_result = pastebin_get_results(query_result) result_status = PluginResultStatus.COMPLETED else: result_status = PluginResultStatus.RETURN_NONE PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def otx_iocs_file(file_hash, section): try: API_KEY = KeyRing().get("otx") if not API_KEY: print("No API key...!") return None response = {} headers = { "User-Agent": "Mozilla/5.0 (X11; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0", "X-OTX-API-KEY": API_KEY, } print("testessss ") response = requests.get( URL_HASH.format(**{ "file_hash": file_hash, "section": section }), headers=headers, ) if not response.status_code == 200: print("API key error!") return None else: response = json.loads(response.content) return response except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def main(plugin_name, project_id, resource_id, resource_type, target): result_status = PluginResultStatus.STARTED try: if PLUGIN_NEEDS_API_KEY: API_KEY = KeyRing().get(PLUGIN_NAME) if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY query_result = None resource_type = ResourceType(resource_type) if resource_type == ResourceType.DOMAIN: query_result = auxiliary_function_1(target) elif resource_type == ResourceType.EMAIL: query_result = auxiliary_function_2(target) else: print(f"[{PLUGIN_NAME}]: Resource type does not found") PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def dinoflux(plugin_name, project_id, resource_id, resource_type, target): try: query_result = None API_KEY = KeyRing().get(PLUGIN_NAME) if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: result_status = PluginResultStatus.STARTED resource_type = ResourceType(resource_type) if resource_type: query_result = get_report(resource_type, target) else: print("No resource type") if query_result: result_status = PluginResultStatus.COMPLETED else: result_status = PluginResultStatus.RETURN_NONE PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def phishtank(plugin_name, project_id, resource_id, resource_type, url): result_status = PluginResultStatus.STARTED query_result = None try: API_KEY = KeyRing().get("phishtank") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: resource_type = ResourceType(resource_type) if resource_type == ResourceType.URL: query_result = phishtank_check(url) result_status = PluginResultStatus.COMPLETED else: print("phishtank resource type does not found") result_status = PluginResultStatus.RETURN_NONE PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def phishtank_tech_details(phish_id): try: URL_main = f"https://www.phishtank.com/phish_detail.php?phish_id={phish_id}" API_KEY = KeyRing().get("phishtank") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY response = {} headers = {"User-Agent": USER_AGENT} response = requests.get(URL_main, headers=headers) if not response.status_code == 200: print("API key error!") return None else: response = response.content return response except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None # parsing html to extract Verify and more
def geoip(plugin_name, project_id, resource_id, resource_type, ip): result_status = PluginResultStatus.STARTED result = None try: API_KEY = KeyRing().get("ipstack") if not API_KEY: print("No API key...!") return None URL = f"http://api.ipstack.com/{ip}?access_key={API_KEY}&format=1" response = urllib.request.urlopen(URL).read() result = json.loads(response) if "success" in result: if not result["success"]: if result["error"]["code"] in [101, 102, 103, 104, 105]: result_status = PluginResultStatus.NO_API_KEY elif result["error"]["code"] == 404: result_status = PluginResultStatus.RETURN_NONE else: result_status = PluginResultStatus.COMPLETED PluginManager.set_plugin_results(resource_id, plugin_name, project_id, result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def maltiverse(plugin_name, project_id, resource_id, resource_type, target): try: MALTIVERSE_EMAIL = KeyRing().get("maltiverse_email") MALTIVERSE_PASS = KeyRing().get("maltiverse_pass") API_KEY = bool(MALTIVERSE_EMAIL) & bool(MALTIVERSE_PASS) query_result = None if not API_KEY: print(["[maltiverse]: No API Keys..."]) result_status = PluginResultStatus.NO_API_KEY else: result_status = PluginResultStatus.STARTED resource_type = ResourceType(resource_type) if resource_type == ResourceType.IPv4: query_result = maltiverse_ip(target) elif resource_type == ResourceType.DOMAIN: query_result = maltiverse_domain(target) elif resource_type == ResourceType.URL: query_result = maltiverse_url(target) elif resource_type == ResourceType.HASH: query_result = maltiverse_hash(target) else: print("Maltiverse resource type does not found") result_status = PluginResultStatus.RETURN_NONE if not query_result: result_status = PluginResultStatus.FAILED if query_result.get("message"): result_status = PluginResultStatus.RETURN_NONE else: result_status = PluginResultStatus.COMPLETED print(query_result) PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def shodan(plugin_name, project_id, resource_id, resource_type, ip): result_status = PluginResultStatus.STARTED response = {} try: API_KEY = KeyRing().get("shodan") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: ipinfo = requests.get(URL.format(**{"ip": ip, "API_KEY": API_KEY})) if not ipinfo.status_code == 200: result_status = PluginResultStatus.RETURN_NONE else: ipinfo = json.loads(ipinfo.content) response["hostnames"] = (ipinfo["hostnames"] if "hostnames" in ipinfo else []) response["os"] = ipinfo["os"] if "os" in ipinfo else None response["org"] = ipinfo["org"] if "org" in ipinfo else None response["isp"] = ipinfo["isp"] if "isp" in ipinfo else None response["services"] = [] for data in ipinfo["data"]: service = {} service["port"] = data["port"] if "port" in data else None service["transport"] = (data["transport"] if "transport" in data else None) service["service"] = data[ "service"] if "service" in data else None service["data"] = data["data"] if "data" in data else None service["product"] = data[ "product"] if "product" in data else None service["banner"] = data[ "banner"] if "banner" in data else None service["devicetype"] = (data["devicetype"] if "devicetype" in data else None) service["timestamp"] = (data["timestamp"] if "timestamp" in data else None) service["hostnames"] = (data["hostnames"] if "hostnames" in data else []) response["services"].append(service) result_status = PluginResultStatus.COMPLETED PluginManager.set_plugin_results(resource_id, plugin_name, project_id, response, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def vt_domain(plugin_name, project_id, resource_id, resource_type, target): result_status = PluginResultStatus.STARTED response = None try: API_KEY = KeyRing().get("virustotal") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: response = None url = None params = {"apikey": API_KEY} resource_type_for_vt = ResourceType(resource_type) if resource_type_for_vt == ResourceType.DOMAIN: url = url_for_domains params["domain"] = target elif resource_type_for_vt == ResourceType.URL: url = url_for_urls params["resource"] = target elif resource_type_for_vt == ResourceType.IPv4: url = url_for_ips params["ip"] = target elif resource_type_for_vt == ResourceType.HASH: url = url_for_hashes params["resource"] = target else: print("[VT]: Unknown resource type before querying service") result_status = PluginResultStatus.FAILED response = requests.get(url, params=params) if not response.status_code == 200: print(response) result_status = PluginResultStatus.RETURN_NONE else: response = json.loads(response.content) result_status = PluginResultStatus.COMPLETED print(response) PluginManager.set_plugin_results(resource_id, plugin_name, project_id, response, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def urlscan(plugin_name, project_id, resource_id, resource_type, url): result_status = PluginResultStatus.STARTED response = {} try: API_KEY = KeyRing().get("urlscan") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: headers = { "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0", "Content-Type": "application/json", "API-Key": API_KEY, } data = {"url": url, "public": "on", "tags": ["phishing", "malicious"]} url_submission_response = requests.post( SUBMISSION_URL, headers=headers, json=data ) if not url_submission_response.status_code == 200: print("API key error!") result_status = PluginResultStatus.RETURN_NONE else: uuid = json.loads(url_submission_response.content)["uuid"] SLEEP_LIMIT = 300 SLEEP_DELTA_INCREMENT = 2.5 SLEEP_FRAME = 2 # Número de reintentos cada 2 segundos while SLEEP_FRAME < SLEEP_LIMIT: response = result(uuid) if response is not None: break SLEEP_FRAME = round(SLEEP_FRAME * SLEEP_DELTA_INCREMENT) time.sleep(SLEEP_FRAME) if response: result_status = PluginResultStatus.COMPLETED else: result_status = PluginResultStatus.RETURN_NONE PluginManager.set_plugin_results( resource_id, plugin_name, project_id, response, result_status ) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def botscout_ip(ip): try: API_KEY = KeyRing().get("botscout") if not API_KEY: print("No API key...!") return None URL = f"http://botscout.com/test/?ip={ip}&key={API_KEY}&format=xml" response = urllib.request.urlopen(URL).read() return response except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def haveibeenpwned(plugin_name, project_id, resource_id, resource_type, email): try: API_KEY = KeyRing().get("haveibeenpwned") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: response = [] headers = { "user-agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0", "hibp-api-key": API_KEY, } hibp = requests.get( URL.format(**{ "service": "breachedaccount", "account": email }), headers=headers, ) if not hibp.status_code == 200: print("HIBP Request error!") result_status = PluginResultStatus.RETURN_NONE else: hibp = json.loads(hibp.content) response = hibp result_status = PluginResultStatus.COMPLETED details = breach_detail_filler(response) if not len(details) == len(response): print( "[HIBP] An update should be needed in breaches.json file") result_status = PluginResultStatus.FAILED PluginManager.set_plugin_results(resource_id, plugin_name, project_id, response, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def onyphe(plugin_name, project_id, resource_id, resource_type, resource): result_status = PluginResultStatus.STARTED query_result = None try: API_KEY = KeyRing().get("onyphe") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: url = "" headers = { "Authorization": f"apikey {API_KEY}", "Content-Type": "application/json", } if resource_type == "domain": url = f"https://www.onyphe.io/api/v2/summary/domain/{resource}" elif resource_type == "ip": url = f"https://www.onyphe.io/api/v2/summary/ip/{resource}" query_result = requests.get(url, headers=headers) if query_result.status_code == 200: json_results = query_result.json() if json_results["results"] == []: result_status = PluginResultStatus.RETURN_NONE else: query_result = json_results["results"] result_status = PluginResultStatus.COMPLETED else: result_status = PluginResultStatus.FAILED PluginManager.set_plugin_results( resource_id, plugin_name, project_id, query_result, result_status ) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def phishtank_check(url): try: API_KEY = KeyRing().get("phishtank") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY response = {} headers = { "User-Agent": USER_AGENT, "Content-Type": "application/x-www-form-urlencoded", } post_data = {"url": url, "format": "json", "app_key": API_KEY} response = requests.post(URL, post_data, headers=headers) if not response.status_code == 200: print("API key error!") return None else: response = json.loads(response.content) if "phish_id" in response["results"]: phish_id = response["results"]["phish_id"] try: screenshot_path = phishtank_screenshot(phish_id) if screenshot_path: response["results"][ "screenshot_path"] = screenshot_path except: print("[PHISHTANK] Could not have a screenshot") return response except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def phishtank_screenshot(phish_id): try: URL_main = f"https://www.phishtank.com/phish_screenshot.php?phish_id={phish_id}" regex_url = "http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\\(\\), ]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" API_KEY = KeyRing().get("phishtank") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY response = {} headers = {"User-Agent": USER_AGENT} response = requests.get(URL_main, headers=headers) if not response.status_code == 200: print("API key error!") return None else: if response.content: content = response.content.decode("utf-8") matches = re.findall(regex_url, content) if matches: screenshot_url = matches[0] screenshot_name = urlparse(screenshot_url).path r = requests.get(screenshot_url, allow_redirects=True) with open(f"{SCREENSHOTS_STORAGE_PATH}{screenshot_name}", "wb") as f: f.write(r.content) return f"{SCREENSHOTS_SERVER_PATH}{screenshot_name}" return None except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def pulsedive_analyze(domain): try: API_KEY = KeyRing().get("pulsedive") if not API_KEY: print("No API key...!") return None pyb64_domain = base64.b64encode(bytes(domain, "utf-8")) response = {} headers = { "User-Agent": "Mozilla/5.0 (X11; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", } post_data = { "ioc": pyb64_domain.decode("utf-8"), "probe": "1", "pretty": "1", "app_key": API_KEY, } response = requests.post(URL, post_data, headers=headers) if not response.status_code == 200: print("API key error!") return None else: response = json.loads(response.content) return response except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def verifymail(plugin_name, project_id, resource_id, resource_type, email): response = {} result_status = PluginResultStatus.STARTED try: API_KEY = KeyRing().get("verify-email") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: headers = { "Accept": "application/json", "Content-Type": "application/json" } vmail = requests.get(URL.format(**{ "key": API_KEY, "email": email }), headers=headers) if not vmail.status_code == 200: print("[verifymail]: error!") result_status = PluginResultStatus.FAILED else: response = json.loads(vmail.content) if response: result_status = PluginResultStatus.COMPLETED else: result_status = PluginResultStatus.RETURN_NONE PluginManager.set_plugin_results(resource_id, plugin_name, project_id, response, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
import traceback import json import requests from tasks.api_keys import KeyRing API_KEY = KeyRing().get("abuseipdb") URL = "https://api.abuseipdb.com/api/v2/check" def abuseipdb(ip): try: if not API_KEY: print("No API key...!") return None response = {} headers = {"Accept": "application/json", "Key": API_KEY} data = {"ipAddress": ip} abuse_response = requests.get(URL, headers=headers, json=data) if not abuse_response.status_code == 200: print("API key error!") return None else: response = json.loads(abuse_response.content) print(response) return response except Exception as e: tb1 = traceback.TracebackException.from_exception(e)
"https://api.hunter.io/v2/email-verifier?email={email}&api_key={key}") # URL_EMAIL_FINDER = "https://api.hunter.io/v2/email-finder?domain={domain}&first_name={name}&last_name={lastname}&api_key={key}" # Which resources are this plugin able to work with RESOURCE_TARGET = [ResourceType.DOMAIN, ResourceType.EMAIL] # Plugin Metadata {a description, if target is actively reached and name} PLUGIN_AUTOSTART = False PLUGIN_DESCRIPTION = "Lists all the people working in a company with their name and email address found on the web" PLUGIN_DISABLE = False PLUGIN_IS_ACTIVE = False PLUGIN_NAME = "hunterio" PLUGIN_NEEDS_API_KEY = True API_KEY = KeyRing().get("hunterio") API_KEY_IN_DDBB = bool(API_KEY) API_KEY_DOC = "https://hunter.io/api" API_KEY_NAMES = ["hunterio"] class Plugin: def __init__(self, resource, project_id): self.project_id = project_id self.resource = resource def do(self): resource_type = self.resource.get_type() try: to_task = {
import traceback import json import urllib.request from tasks.api_keys import KeyRing API_KEY = KeyRing().get("ipstack") def geoip(ip): try: URL = f"http://api.ipstack.com/{ip}?access_key={API_KEY}&format=1" response = urllib.request.urlopen(URL).read() return json.loads(response) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
import traceback from tasks.deps.tacyt import TacytApp as tacytsdk from tasks.api_keys import KeyRing APP_ID = KeyRing().get("tacyt-appid") SECRET_KEY = KeyRing().get("tacyt-secret") __OUT_FIELDS = [ "title", "platform", "origin", "categoryName", "size", "marketSize", "numDownloads", "versionCode", "packageName", "price", "versionString", "minSdkVersion", "targetSdkVersion", "nFiles", "nImages", "nPermissions", "nMetadataApiKeys", "nActivities", "nActivityAlias", "nServices", "nReceivers", "nProviders",
import traceback import json import hashlib import requests from tasks.deps.maltiverse import Maltiverse from tasks.api_keys import KeyRing MALTIVERSE_EMAIL = KeyRing().get("maltiverse_email") MALTIVERSE_PASS = KeyRing().get("maltiverse_pass") api = Maltiverse() api.login(MALTIVERSE_EMAIL, password=MALTIVERSE_PASS) URL_IP = "https://api.maltiverse.com/ip/{ip}" URL_DOMAIN = "https://api.maltiverse.com/hostname/{hostname}" URL_URL = "https://api.maltiverse.com/url/{url}" URL_HASH = "https://api.maltiverse.com/sample/{hash}" def send_request(url): try: response = {} maltiverse_response = requests.get(url) if not maltiverse_response.status_code == 200: print("Response error!") print(maltiverse_response.content) response = None else: response = json.dumps(json.loads(maltiverse_response.content))
import json import traceback from tasks.tasks import celery_app from server.entities.resource_types import ResourceType from server.entities.plugin_result_types import PluginResultStatus from server.entities.plugin_manager import PluginManager from tasks.api_keys import KeyRing URL_API = "https://www.dinoflux.com/api/analyses/search" # This URL is used to query a complete dinoflux analysis report URL_REPORT = "https://www.dinoflux.com/private/intelligence/report/" API_KEY = KeyRing().get("dinoflux") API_KEY_IN_DDBB = bool(API_KEY) API_KEY_DOC = "https://www.dinoflux.com/private/intelligence/search/" API_KEY_NAMES = ["dinoflux"] PLUGIN_NAME = "dinoflux" PLUGIN_DESCRIPTION = "Search dinoflux reports from a binary hash, IPv4, URL or Filename" PLUGIN_IS_ACTIVE = False PLUGIN_AUTOSTART = False PLUGIN_DISABLE = False PLUGIN_NEEDS_API_KEY = True RESOURCE_TARGET = [ ResourceType.HASH, ResourceType.IPv4,
from server.entities.plugin_manager import PluginManager from server.entities.plugin_result_types import PluginResultStatus # Which resources are this plugin able to work with RESOURCE_TARGET = [ResourceType.URL] # Plugin Metadata {a description, if target is actively reached and name} PLUGIN_AUTOSTART = False PLUGIN_DESCRIPTION = "Scan and analyse URLs" PLUGIN_IS_ACTIVE = False PLUGIN_DISABLE = False PLUGIN_NAME = "urlscan" PLUGIN_NEEDS_API_KEY = True API_KEY = KeyRing().get("urlscan") API_KEY_IN_DDBB = bool(API_KEY) API_KEY_DOC = "https://urlscan.io/about-api/" API_KEY_NAMES = ["urlscan"] SUBMISSION_URL = "https://urlscan.io/api/v1/scan/" RESULT_URL = "https://urlscan.io/api/v1/result/{uuid}/" class Plugin: def __init__(self, resource, project_id): self.project_id = project_id self.resource = resource def do(self): resource_type = self.resource.get_type()
# Which resources are this plugin able to work with RESOURCE_TARGET = [ ResourceType.URL, ResourceType.HASH, ] # Plugin Metadata {a description, if target is actively reached and name} PLUGIN_AUTOSTART = False PLUGIN_DESCRIPTION = "Search a hash or a URL in VirusTotal" PLUGIN_DISABLE = False PLUGIN_IS_ACTIVE = False PLUGIN_NAME = "virustotal" PLUGIN_NEEDS_API_KEY = True API_KEY = KeyRing().get("virustotal") API_KEY_IN_DDBB = bool(API_KEY) API_KEY_DOC = "https://developers.virustotal.com/reference" API_KEY_NAMES = ["virustotal"] class Plugin: def __init__(self, resource, project_id): self.project_id = project_id self.resource = resource def do(self): resource_type = self.resource.get_type() target = self.resource.get_data()["canonical_name"]
# user: user11 o [email protected] # pass: Developer_11 import traceback import json import requests, base64 from tasks.api_keys import KeyRing API_KEY = KeyRing().get("pulsedive") URL = "https://pulsedive.com/api/analyze.php" URL_INFO = "https://pulsedive.com/api/info.php" ## Indicator(https://pulsedive.com/api/?q=indicators) ## param = domain, md5, sha1, sha256 ## Function OK def pulsedive_get_ioc_byvalue(param): try: if not API_KEY: print("No API key...!") return None response = {} headers = { "User-Agent": "Mozilla/5.0 (X11; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0" } params = f"?pretty=1&key={API_KEY}&indicator={param}"