def fetch(observable, api_key): """ :param observable: The extended observable klass :param api_key: The api key obtained from Malshare :return: malshare json response or None if error """ try: params = { 'hash': observable.value, 'api_key': api_key, 'action': 'details' } response = requests.get('https://malshare.com/api.php', params=params) if response.ok: return response.json() else: raise GenericYetiError( 'Could not retrieve feed, HTTP response: {}'.format( response.status_code)) except Exception: # TODO(sebdraven): Catch a better exception raise GenericYetiError( 'Could not retrieve feed, HTTP response: {}'.format( response.status_code)) return None
def fetch(observable): types = { "Ip": 'ip:"{}"', "Hostname": 'domain:"{}"', "Url": 'url:"{}"', "Hash": 'hash:"{}"', } params = {"q": types[observable.type].format(observable.value)} try: response = requests.get(UrlScanIoApi.API_URL, params=params, proxies=yeti_config.proxy) if not response.ok: raise GenericYetiError("Status code: ".format( response.status_code)) if response.json().get("total", 0) > 0: return response.json()["results"] return None except Exception as e: raise GenericYetiError("Hit an error checking {},{}".format( observable.value, e))
def fetch(observable): try: r = requests.get("https://emailrep.io/{}".format(observable.value)) if r.ok: return r.json() raise GenericYetiError("{} - {}".format(r.status_code, r.content)) except requests.exceptions.RequestException as e: logging.error(e) raise GenericYetiError("{} - {}".format(r.status_code, r.content))
def fetch(observable, params, uri): try: url = ThreatMinerApi.API_URL + uri response = requests.get( url, params=params, proxies=yeti_config.proxy) if not response.ok: raise GenericYetiError("Status code: ".format(response.status_code)) return response.json() except Exception as e: raise GenericYetiError("Hit an error checking {},{}".format( observable.value, e ))
def _make_request(self, headers={}, auth=None, params={}, url=False): """Helper function. Performs an HTTP request on ``source`` and returns request object. Args: headers: Optional headers to be added to the HTTP request. auth: Username / password tuple to be sent along with the HTTP request. params: Optional param to be added to the HTTP request. Returns: requests object. """ if auth: r = requests.get(url or self.source, headers=headers, auth=auth, proxies=yeti_config.proxy, params=params) else: r = requests.get(url or self.source, headers=headers, proxies=yeti_config.proxy) if r.status_code != 200: raise GenericYetiError("{} returns code: {}".format( self.source, r.status_code)) return r
def _make_request( self, method="get", headers={}, auth=None, params={}, data={}, url=False, verify=True, sort=True, ): """Helper function. Performs an HTTP request on ``source`` and returns request object. Args: method: Optional HTTP method to use GET/POST/etc lowercase headers: Optional headers to be added to the HTTP request. auth: Username / password tuple to be sent along with the HTTP request. params: Optional param to be added to the HTTP GET request. data: Optional param to be added to the HTTP POST request. url: Optional url to be fetched instead of self.source verify: optional verify to verify domain certificate Returns: requests object. """ if auth: r = getattr(requests, method)( url or self.source, headers=headers, auth=auth, proxies=yeti_config.proxy, params=params, data=data, verify=verify, stream=True, ) else: r = getattr(requests, method)( url or self.source, headers=headers, proxies=yeti_config.proxy, params=params, data=data, verify=verify, stream=True, ) if r.status_code != 200: raise GenericYetiError("{} returns code: {}".format( self.source, r.status_code)) if sort: if self.last_run is not None and r.headers.get("Last-Modified"): last_mod = parser.parse(r.headers["Last-Modified"]) if self.last_run and self.last_run > last_mod.replace( tzinfo=None): raise GenericYetiInfo( "Last modified date: {} returns code: {}".format( last_mod, r.status_code)) return r
def _make_request(self, headers={}, auth=None, params={}, url=False, verify=True): """Helper function. Performs an HTTP request on ``source`` and returns request object. Args: headers: Optional headers to be added to the HTTP request. auth: Username / password tuple to be sent along with the HTTP request. params: Optional param to be added to the HTTP request. url: Optional url to be fetched instead of self.source verify: optional verify to verify domain certificate Returns: requests object. """ if auth: r = requests.get(url or self.source, headers=headers, auth=auth, proxies=yeti_config.proxy, params=params, verify=verify) else: r = requests.get(url or self.source, headers=headers, proxies=yeti_config.proxy, params=params, verify=verify) if r.status_code != 200: raise GenericYetiError("{} returns code: {}".format( self.source, r.status_code)) if self.last_run is not None and r.headers.get('Last-Modified'): since_last_run = datetime.utcnow() - self.frequency last_mod = parser.parse(r.headers['Last-Modified']) if since_last_run > last_mod.replace(tzinfo=None): raise GenericYetiError( "Last modified date: {} returns code: {}".format( last_mod, r.status_code)) return r
def subclass_from_name(cls, subclass_name): """Return an inherited class based on his Parent and the type given by the string `subclass_name`. This will raise `GenericYetiError` exception if no type matching the given name can be found """ for subcls in cls.__subclasses__(): if subcls.__name__ == subclass_name: return subcls raise GenericYetiError("{} is not a subclass of {}".format( subclass_name, cls.__name__))
def aux_checker(json_result): if not json_result or not json_result.get("results"): raise GenericYetiError("Results missed") json_string = json.dumps(json_result, sort_keys=True, indent=4, separators=(",", ": ")) result = { "raw": json_string, "source": "threatminer_query", } _results = json_result.get("results") return _results, result