def __init__(self, cfg):
cowrie.core.output.Output.__init__(self, cfg)
self.user = cfg.get('output_csirtg', 'username') or USERNAME
self.feed = cfg.get('output_csirtg', 'feed') or FEED
self.token = cfg.get('output_csirtg', 'token') or TOKEN
self.port = os.environ.get('COWRIE_PORT', 22)
self.context = {}
self.client = Client(token=self.token)
def start(self, ):
self.user = CowrieConfig().get('output_csirtg', 'username') or USERNAME
self.feed = CowrieConfig().get('output_csirtg', 'feed') or FEED
self.token = CowrieConfig().get('output_csirtg', 'token') or TOKEN
self.description = CowrieConfig().get('output_csirtg',
'description',
fallback=DESCRIPTION)
self.context = {}
self.client = Client(token=self.token)
def start(self, ):
self.user = CowrieConfig.get("output_csirtg", "username") or USERNAME
self.feed = CowrieConfig.get("output_csirtg", "feed") or FEED
self.token = CowrieConfig.get("output_csirtg", "token") or TOKEN
self.description = CowrieConfig.get("output_csirtg",
"description",
fallback=DESCRIPTION)
self.context = {}
self.client = Client(token=self.token)
def run(self):
try:
client = Client(remote='https://csirtg.io/api', token=self.api_key)
search = Search(client)
data = search.search(self.artifact['name'])
if len(data['feed']['indicators']) > 0:
self.artifact['data']['csirtg'] = search.search(
self.artifact['name'])
except:
pass
def __init__(self, cfg):
cowrie.core.output.Output.__init__(self, cfg)
self.user = cfg.get('output_csirtg', 'username') or USERNAME
self.feed = cfg.get('output_csirtg', 'feed') or FEED
self.token = cfg.get('output_csirtg', 'token') or TOKEN
try:
self.description = cfg.get('output_csirtg', 'description')
except Exception:
self.description = DESCRIPTION
self.context = {}
self.client = Client(token=self.token)
def run(self):
try:
client = Client(remote='https://csirtg.io/api', token=self.api_key)
search = Search(client)
data = search.search(self.artifact['name'])
if len(data['feed']['indicators']) > 0:
self.artifact['data']['csirtg'] = search.search(
self.artifact['name'])
except Exception as err:
warning('Caught exception in module (%s)' % str(err))
def csirtg(self):
try:
from csirtgsdk.client import Client
from csirtgsdk.search import Search
except ImportError:
print('')
print('The csirtg function requires the csirtgsdk')
print('$ pip install csirtgsdk')
print('$ export CSIRTG_TOKEN=1234...')
print('')
raise SystemExit
return Search(Client()).search(self.indicator, limit=5)
def pull(self):
lineCount = 0
CSIRTGThreat = dict()
csirtgAll = dict()
csirtgIndicatorDict = dict()
indicatorCounter = 0
remote = 'https://csirtg.io/api'
remote2 = 'https://csirtg.io/api/users/csirtgadgets/feeds'
token = '3c6e9294747b06a841eadc8b8b2e73be'
token = '1c277786ae04719eb71d9e5d8e9c98be'
verify_ssl = True
user = '******'
feed = 'uce-urls'
count = 0
dataDict = dict()
# Initiate client object
cli = Client(remote=remote, token=token, verify_ssl=verify_ssl)
# Return a list of feeds (per user)
ret = Feed(cli).index(user)
# pprint the returned data structure
#pprint(ret)
try:
for feedItem in ret:
feed = feedItem['name']
ret = Feed(cli).show(user, feed, limit=None)
count += 1
dataDict[feed] = ret.copy()
print(" - Getting feed item: " + str(count) +
feedItem['name'])
#if count == 5:
# break
#pprint(dataDict)
print("copying all feeds into JSON")
js = json.dumps(dataDict)
fp = open("CSIRTG.JSON", "w")
fp.write(js)
fp.close()
self.readFile(feedItem['name'])
except:
print("ERROR: CSIRTG : too many requests in an hour")
def client():
return Client(token=TOKEN, remote=REMOTE)
def test_predict_live():
client = Client(token=TOKEN, remote=REMOTE)
assert Predict(client).get("http://example.com")
assert not Predict(client).get("http://ren-isac.net")
def test_predict():
client = Client()
f = Predict(client)
assert f.client
def client():
return Client()
def test_client():
c = Client(token=1234, remote='https://localhost2:8443', verify_ssl=False)
assert c.remote == 'https://localhost2:8443', 'remote incorrect'
assert c.verify_ssl is False, 'no-verify-ssl incorrect'
assert c.token == str(1234), 'token mis-match'