def get_host_reputation_table(response_list):
data_list = []
header = [
'Verdict',
'Threat Status',
'Threat Name',
'Threat Type',
'First Seen',
'Last Seen',
]
data_list.append(header)
response = response_list[0]
threat_data = response.get('threatData')
data = [
threat_data.get('verdict'),
threat_data.get('threatStatus'),
threat_data.get('threatName'),
threat_data.get('threatType'),
threat_data.get('firstSeen'),
threat_data.get('lastSeen'),
]
data_list.append(data)
host_reputation = DoubleTable(data_list)
host_reputation.padding_left = 1
host_reputation.padding_right = 1
host_reputation.inner_column_border = True
host_reputation.inner_row_border = True
return host_reputation.table
def table(title, rows=[]):
print(Style.RESET_ALL)
if len(rows) > 0 and type(rows[0]) != tuple:
rows = [[
row,
] for row in rows]
table_instance = DoubleTable(rows, Fore.YELLOW + title + Fore.RESET)
table_instance.outer_border = True
table_instance.inner_heading_row_border = False
table_instance.inner_column_border = True
print(table_instance.table)
def get_api_quota_table(response_list):
data_list = []
header = [
'Licenced Quota',
'Remaining Quota',
'Expiration Date',
]
data_list.append(header)
response = response_list[0]
quota_data = response.get('quotaDetails')
data = [
quota_data.get('licensedQuota'),
quota_data.get('remainingQuota'),
quota_data.get('expiryDate'),
]
data_list.append(data)
api_quota = DoubleTable(data_list)
api_quota.padding_left = 1
api_quota.padding_right = 1
api_quota.inner_column_border = True
api_quota.inner_row_border = True
return api_quota.table + '\n\nNote: ' + quota_data.get('note')
def get_scan_report_table(response_list, source=0):
data_list = []
header = [
'URL',
'Type',
'Verdict',
'Threat Status',
'Scan ID',
'Threat Name',
'Threat Type',
'First Seen',
'Last Seen',
]
data_list.append(header)
response = response_list[0]
normalize_msg = ''
if response.get('errorNo') != 1:
if response.get('normalizeData').get('normalizeStatus') == 1:
normalize_msg = response.get('normalizeData').get(
'normalizeMessage') + '\n'
url = response.get('urlData')
threat_data = url.get('threatData')
name = url.get('scanId')
data = [
url.get('url'),
'Scanned URL',
threat_data.get('verdict'),
threat_data.get('threatStatus'),
name,
threat_data.get('threatName'),
threat_data.get('threatType'),
threat_data.get('firstSeen'),
threat_data.get('lastSeen'),
]
data_list.append(data)
if url.get('finalUrl') is not None:
data = [
url.get('finalUrl'),
'Final URL',
threat_data.get('verdict'),
threat_data.get('threatStatus'),
'-',
'-',
'-',
'-',
'-',
]
data_list.append(data)
if url.get('landingUrl') is not None:
landing_url = url.get('landingUrl')
threat_data = landing_url.get('threatData')
data = [
landing_url.get('url'),
'Redirected URL',
threat_data.get('verdict'),
threat_data.get('threatStatus'),
landing_url.get('scanId'),
threat_data.get('threatName'),
threat_data.get('threatType'),
threat_data.get('firstSeen'),
threat_data.get('lastSeen'),
]
data_list.append(data)
scan_report = DoubleTable(data_list)
scan_report.padding_left = 1
scan_report.padding_right = 1
scan_report.inner_column_border = True
scan_report.inner_row_border = True
for i, data in enumerate(data_list):
if i > 0:
wrapped_url = '\n'.join(wrap(data[0], 35))
wrapped_t = '\n'.join(wrap(data[1], 10))
wrapped_sid = '\n'.join(wrap(data[4], 18))
wrapped_tn = '\n'.join(wrap(data[5], 12))
wrapped_tt = '\n'.join(wrap(data[6], 12))
wrapped_fs = '\n'.join(wrap(data[7], 12))
wrapped_ls = '\n'.join(wrap(data[8], 12))
scan_report.table_data[i][0] = wrapped_url
scan_report.table_data[i][1] = wrapped_t
scan_report.table_data[i][4] = wrapped_sid
scan_report.table_data[i][5] = wrapped_tn
scan_report.table_data[i][6] = wrapped_tt
scan_report.table_data[i][7] = wrapped_fs
scan_report.table_data[i][8] = wrapped_ls
else:
if source == 1:
return 'Your Url Scan request is submitted to the cloud and may take up-to 60 seconds to complete.\n'\
'Please check back later using "slashnext-scan-report" action with Scan ID = {0} or running the ' \
'same "slashnext-url-scan" action one more time'.format(response.get('urlData').get('scanId'))
elif source == 2:
return 'Your Url Scan request is submitted to the cloud and is taking longer than expected to complete.\n' \
'Please check back later using "slashnext-scan-report" action with Scan ID = {0} or running the ' \
'same "slashnext-url-scan-sync" action one more time'.format(response.get('urlData').get('scanId'))
else:
return 'Your Url Scan request is submitted to the cloud and is taking longer than expected to complete.\n' \
'Please check back later using "slashnext-scan-report" action with Scan ID = {0} one more ' \
'time'.format(response.get('urlData').get('scanId'))
if len(response_list) == 4:
download_sc = get_download_sc_file([response_list[1]], name)
download_html = get_download_html_file([response_list[2]], name)
download_text = get_download_text_file([response_list[3]], name)
return normalize_msg + scan_report.table + '\n\nWebpage Forensics\n\n' + \
download_sc + '\n' + download_html + '\n' + download_text
else:
return normalize_msg + scan_report.table
def get_host_urls_table(response_list):
data_list = []
header = [
'URL',
'Type',
'Verdict',
'Threat Status',
'Scan ID',
'Threat Name',
'Threat Type',
'First Seen',
'Last Seen',
]
data_list.append(header)
response = response_list[0]
url_list = response.get('urlDataList')
for url in url_list:
threat_data = url.get('threatData')
data = [
url.get('url'),
'Scanned URL',
threat_data.get('verdict'),
threat_data.get('threatStatus'),
url.get('scanId'),
threat_data.get('threatName'),
threat_data.get('threatType'),
threat_data.get('firstSeen'),
threat_data.get('lastSeen'),
]
data_list.append(data)
if url.get('finalUrl') is not None:
data = [
url.get('finalUrl'),
'Final URL',
threat_data.get('verdict'),
threat_data.get('threatStatus'),
'-',
'-',
'-',
'-',
'-',
]
data_list.append(data)
if url.get('landingUrl') is not None:
landing_url = url.get('landingUrl')
threat_data = landing_url.get('threatData')
data = [
landing_url.get('url'),
'Redirected URL',
threat_data.get('verdict'),
threat_data.get('threatStatus'),
landing_url.get('scanId'),
threat_data.get('threatName'),
threat_data.get('threatType'),
threat_data.get('firstSeen'),
threat_data.get('lastSeen'),
]
data_list.append(data)
host_urls = DoubleTable(data_list)
host_urls.padding_left = 1
host_urls.padding_right = 1
host_urls.inner_column_border = True
host_urls.inner_row_border = True
for i, data in enumerate(data_list):
if i > 0:
wrapped_url = '\n'.join(wrap(data[0], 35))
wrapped_t = '\n'.join(wrap(data[1], 10))
wrapped_sid = '\n'.join(wrap(data[4], 18))
wrapped_tn = '\n'.join(wrap(data[5], 12))
wrapped_tt = '\n'.join(wrap(data[6], 12))
wrapped_fs = '\n'.join(wrap(data[7], 12))
wrapped_ls = '\n'.join(wrap(data[8], 12))
host_urls.table_data[i][0] = wrapped_url
host_urls.table_data[i][1] = wrapped_t
host_urls.table_data[i][4] = wrapped_sid
host_urls.table_data[i][5] = wrapped_tn
host_urls.table_data[i][6] = wrapped_tt
host_urls.table_data[i][7] = wrapped_fs
host_urls.table_data[i][8] = wrapped_ls
return host_urls.table
def get_statistics():
flag_total = 0
noinfo = []
source_matches = defaultdict(list)
mapp_sigable = defaultdict(list)
mapp_nonsigable = defaultdict(list)
itw_sigable = defaultdict(list)
itw_nonsigable = defaultdict(list)
try:
# Validate input date strings initially
if (pendulum.parse(args.fromdate)
or pendulum.parse(args.enddate)) and (pendulum.parse(
args.enddate) > pendulum.parse(args.fromdate)):
for idx in json_data:
if (pendulum.parse(idx['date']) >= pendulum.parse(
args.fromdate) and pendulum.parse(idx['date']) <=
pendulum.parse(args.enddate)):
flag_total += 1
if idx['source'] == 'No info':
source_matches[idx['source']].append(idx)
noinfo.append((idx['cve_id'], idx['vendor']))
elif idx['source'] == 'MAPP':
source_matches[idx['source']].append(idx)
if idx['sigable'] == 'Yes':
mapp_sigable[idx['sigable']].append(
(idx['cve_id'], idx['rules']))
elif idx['sigable'] == 'No':
mapp_nonsigable[idx['sigable']].append(
(idx['cve_id'], idx['reason'], idx['author']))
elif idx['source'] == 'ITW':
source_matches[idx['source']].append(idx)
if idx['sigable'] == 'Yes':
itw_sigable[idx['sigable']].append(
(idx['cve_id'], idx['rules']))
elif idx['sigable'] == 'No':
itw_nonsigable[idx['sigable']].append(
(idx['cve_id'], idx['reason'], idx['author']))
else:
print('Invalid date range!\n')
exit(0)
except ValueError as error:
print(error)
exit(0)
print('--[[ MAPP STATISTICS ]]--\n==========================')
print('[*]Total CVEs:\t\t{}'.format(flag_total))
print('[*]MAPP CVEs:')
print(' - Sigable:\t\t{}'.format(len(mapp_sigable['Yes'])))
print(' - Nonsigable:\t{}'.format(len(mapp_nonsigable['No'])))
print('[*]ITW CVEs:')
print(' - Sigable:\t\t{}'.format(len(itw_sigable['Yes'])))
print(' - Nonsigable:\t{}'.format(len(itw_nonsigable['No'])))
print('[*]No info CVEs:\t{}\n'.format(len(source_matches['No info'])))
if len(mapp_sigable['Yes']) > 0 and (args.table == 'True'
or args.table == 'true'):
table = DoubleTable(title=' MAPP Sigable ',
table_data=mapp_sigable['Yes'])
table.inner_row_border = True
table.inner_column_border = True
table.justify_columns[0] = 'left'
table.justify_columns[0] = 'center'
print()
print(table.table)
if len(itw_sigable['Yes']) > 0 and (args.table == 'True'
or args.table == 'true'):
table = DoubleTable(title=' ITW Sigable ',
table_data=itw_sigable['Yes'])
table.inner_row_border = True
table.inner_column_border = True
table.justify_columns[0] = 'left'
table.justify_columns[1] = 'center'
print()
print(table.table)
if len(mapp_nonsigable['No']) > 0 and (args.table == 'True'
or args.table == 'true'):
table = DoubleTable(title=' MAPP Nonsigable ',
table_data=mapp_nonsigable['No'])
table.inner_row_border = True
table.inner_column_border = True
table.justify_columns[0] = 'center'
table.justify_columns[1] = 'left'
table.justify_columns[2] = 'center'
print()
print(table.table)
if len(itw_nonsigable['No']) > 0 and (args.table == 'True'
or args.table == 'true'):
table = DoubleTable(title=' ITW Nonsigable ',
table_data=itw_nonsigable['No'])
table.inner_row_border = True
table.inner_column_border = True
table.justify_columns[0] = 'center'
table.justify_columns[1] = 'left'
table.justify_columns[2] = 'center'
print()
print(table.table)
if len(noinfo) > 0 and (args.table == 'True' or args.table == 'true'):
table = DoubleTable(title=' No info ', table_data=noinfo)
table.inner_row_border = True
table.inner_column_border = True
table.justify_columns[0] = 'left'
table.justify_columns[1] = 'left'
print()
print(table.table)
