コード例 #1
0
ファイル: mispego.py プロジェクト: MISP/MISPego
def checkAge():
    s = shelve.open(eventDB)
    try:
        age = s['age']
        eid = s['id']
    except:
        age = datetime.today()-timedelta(seconds=6000)
        eid = "none"
    s.close()
    curDate = datetime.today()
    if age < curDate - timedelta(seconds=3600):
        mt = MaltegoTransform()
        mt.addException("[Warning] Selection of Event is over 1 hour old. Please reselect. Current selection: %s" % eid);
        mt.throwExceptions()
    else:
        return eid
コード例 #2
0
def checkAge():
    s = shelve.open(eventDB)
    try:
        age = s['age']
        eid = s['id']
    except:
        age = datetime.today() - timedelta(seconds=6000)
        eid = "none"
    s.close()
    curDate = datetime.today()
    if age < curDate - timedelta(seconds=3600):
        mt = MaltegoTransform()
        mt.addException(
            "[Warning] Selection of Event is over 1 hour old. Please reselect. Current selection: %s"
            % eid)
        mt.throwExceptions()
    else:
        return eid
コード例 #3
0
def returnFailure(etype, value, reason):
    mt = MaltegoTransform()
    mt.addException("[Error] Failed to add %s with value %s due to %s" %
                    (etype, value, reason))
    mt.throwExceptions()
コード例 #4
0
def dataError(request):
    mt = MaltegoTransform()
    mt.addException("[Error] Failure to load function with name %s" % request)
    mt.throwExceptions()
コード例 #5
0
import argparse
import re
import shelve
from datetime import datetime, timedelta

from pymisp import PyMISP, MISPEvent, MISPAttribute

from MaltegoTransform import *
from mispego_util import *

try:
    misp = PyMISP(BASE_URL, API_KEY, MISP_VERIFYCERT, 'json', MISP_DEBUG)
except Exception as e:
    mt = MaltegoTransform()
    mt.addException(
        "[Error] Cannot connect to MISP instance using %s with API key %s. Please check and try again"
        % (BASE_URL, API_KEY))
    mt.addException("[Error] %s" % e)
    mt.throwExceptions()

eventDB = "event.db"


def addDomain(domainValue):
    eid = checkAge()
    mispAttribute = MISPAttribute()
    mispAttribute.type = 'domain'
    mispAttribute.value = domainValue
    misp.add_attribute(eid, mispAttribute)
    returnSuccess("domain", domainValue, eid)
コード例 #6
0
        ent = me.addEntity("nullJaX.GooglePlusActivity", value)
        ent.setType("nullJaX.GooglePlusActivity")
        ent.setValue(value)
        if 'published' in activity:
            ent.addAdditionalFields("published", "Published", True,
                                    activity['published'])
        if 'updated' in activity:
            ent.addAdditionalFields("updated", "Updated", True,
                                    activity['updated'])
        ent.addAdditionalFields("AID", "Activity ID", True, activity['id'])
        ent.addAdditionalFields("url", "Activity URL", True, activity['url'])
        ent.addAdditionalFields("uid", "Publisher UID", True,
                                activity['actor']['id'])
        if 'geocode' in activity:
            ent.addAdditionalFields("geocode", "Geocode", True,
                                    activity['geocode'])
        if 'address' in activity:
            ent.addAdditionalFields("address", "Address", True,
                                    activity['address'])
        if 'radius' in activity:
            ent.addAdditionalFields("radius", "Radius", True,
                                    activity['radius'])
        if 'placeName' in activity:
            ent.addAdditionalFields("placeName", "Name of Place", True,
                                    activity['namePlace'])
        me.heartbeat()

    me.returnOutput()
except:
    me.addException("Something went wrong :(")
    me.throwExceptions()
コード例 #7
0
def main():
    mt = MaltegoTransform()
    if len(sys.argv) != 5:
        mt.addException(
            "You appear to be missing your uid and secret. Here is what was in your path: {s}"
            .format(s=sys.argv))
        mt.throwExceptions()
    censys_uid = sys.argv[1]
    censys_secret = sys.argv[2]
    cn = sys.argv[3]
    auth = (censys_uid, censys_secret)
    page = 1
    query = {
        'query':
        '443.https.tls.certificate.parsed.issuer.common_name: {cn}'.format(
            cn=cn),
        'fields': [
            '443.https.tls.certificate.parsed.fingerprint_sha1',
            '443.https.tls.certificate.parsed.issuer_dn',
            '443.https.tls.certificate.parsed.subject_dn',
            'updated_at',
        ],
        'page':
        page
    }
    try:
        request = requests.post('https://www.censys.io/api/v1/search/ipv4',
                                data=json.dumps(query),
                                auth=auth)
        if request.status_code == 200:
            results = request.json()
            pages = results['metadata']['pages']
            if results['metadata']['count'] > 0:
                parse_results(results['results'], mt)
                if pages > 1 > 4:
                    mt.addUIMessage(
                        "Found more than one page. Getting up to the first 100 results"
                    )
                    for i in range(2, 5):
                        page = i
                        query['page'] = page
                        request = requests.post(
                            'https://www.censys.io/api/v1/search/ipv4',
                            data=json.dumps(query),
                            auth=auth)
                        if request.status_code == 200:
                            results = request.json()
                            if results['metadata']['count'] > 0:
                                parse_results(results['results'], mt)
                        else:
                            if request.status_code == 400:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 429:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 404:
                                mt.addException(
                                    "No data was found for this issuer cn {cn}"
                                    .format(cn=cn))
                            if request.status_code == 500:
                                mt.addException(
                                    "There has been a server error!!!")
                if pages < 5 > 1:
                    mt.addUIMessage(
                        "Found more than one page. Getting up to the first 100 results"
                    )
                    for i in range(2, pages):
                        page = i
                        query['page'] = page
                        request = requests.post(
                            'https://www.censys.io/api/v1/search/ipv4',
                            data=json.dumps(query),
                            auth=auth)
                        if request.status_code == 200:
                            results = request.json()
                            if results['metadata']['count'] > 0:
                                parse_results(results['results'], mt)
                        else:
                            if request.status_code == 400:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 429:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 404:
                                mt.addException(
                                    "No data was found for this issuer cn {cn}"
                                    .format(cn=cn))
                            if request.status_code == 500:
                                mt.addException(
                                    "There has been a server error!!!")

            else:
                mt.addUIMessage(
                    "No additional cert data was found with this ssl cert subject cn: {cn}"
                    .format(cn=cn))
            mt.returnOutput()
        else:
            if request.status_code == 400:
                results = request.json()
                mt.addException(str(results['error']))
            if request.status_code == 429:
                results = request.json()
                mt.addException(str(results['error']))
            if request.status_code == 404:
                mt.addException(
                    "No data was found for this issuer cn {cn}".format(cn=cn))
            if request.status_code == 500:
                mt.addException("There has been a server error!!!")
            mt.throwExceptions()

    except requests.exceptions.RequestException as e:
        mt.addException(str(e))
        mt.throwExceptions()
コード例 #8
0
def main():
    mt = MaltegoTransform()
    if len(sys.argv) != 5:
        mt.addException("You appear to be missing your uid and secret. Here is what was in your path: {s}".format(
            s=sys.argv))
        mt.throwExceptions()
    sha1 = sys.argv[3]
    censys_uid = sys.argv[1]
    censys_secret = sys.argv[2]
    auth = (censys_uid, censys_secret)
    page = 1
    query = {'query': '443.https.tls.certificate.parsed.fingerprint_sha1: \"{s}\"'.format(s=sha1),
             'fields': ['ip', '443.https.tls.certificate.parsed.subject.common_name',
                        '443.https.tls.certificate.parsed.issuer.common_name', 'updated_at'], 'page': page}
    try:
        request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query), auth=auth)
        if request.status_code == 200:
            results = request.json()
            pages = results['metadata']['pages']
            if results['metadata']['count'] > 0:
                process_results(results['results'], mt)
                if pages > 1 > 4:
                    mt.addUIMessage("Found more than one page. Getting up to the first 100 results")
                    for i in range(2, 5):
                        page = i
                        query['page'] = page
                        request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query),
                                                auth=auth)
                        if request.status_code == 200:
                            results = request.json()
                            if results['metadata']['count'] > 0:
                                process_results(results['results'], mt)
                        else:
                            if request.status_code == 400:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 429:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 404:
                                mt.addException("No info found")
                            if request.status_code == 500:
                                mt.addException("There has been a server error!!!")
                if pages < 5 > 1:
                    for i in range(2, pages):
                        page = i
                        query['page'] = page
                        request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query),
                                                auth=auth)
                        if request.status_code == 200:
                            results = request.json()
                            if results['metadata']['count'] > 0:
                                process_results(results['results'], mt)
                        else:
                            if request.status_code == 400:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 429:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 404:
                                mt.addException("No info found")
                            if request.status_code == 500:
                                mt.addException("There has been a server error!!!")
            else:
                mt.addUIMessage("No IP addresses found with this ssl cert")
            mt.returnOutput()
        else:
            if request.status_code == 400:
                results = request.json()
                mt.addException(str(results['error']))
            if request.status_code == 429:
                results = request.json()
                mt.addException(str(results['error']))
            if request.status_code == 404:
                mt.addException("No info found")
            if request.status_code == 500:
                mt.addException("There has been a server error!!!")
            mt.throwExceptions()
    except requests.exceptions.RequestException as e:
        mt.addException(str(e))
        mt.throwExceptions()
コード例 #9
0
        if ssid is None:
            ssid = m.AdditionalFields.get('ssid')
        if domain is None:
            domain = m.AdditionalFields.get('fqdn')
        if observation is None:
            observation = m.AdditionalFields.get('observation')

        #If no start and end times specified fetch all. 
        #It might make more sense to just remove the time filter.
        if start_time is None:
            start_time = "2000-01-01 00:00:00.0"
        if end_time is None:
           end_time = "2037-01-01 00:00:00.0"

        if not shadowKey or shadowKey == ' ':
            TRX.addException("Bad shadow key entered! Please obtain it via your www.ShadowLightly.com account.")
            TRX.throwExceptions()
            exit(0)
        ss = select([mtk.c.mtkey]).where(mtk.c.mtkey == shadowKey)
        r = db.execute(ss).fetchall()
        logging.debug("Key is %s" %shadowKey)
        logging.debug("Query is %s" %str(ss))
        logging.debug("Results of R: %s" %str(r))
        logging.debug( "Length of R: %d" %len(r))
        if len(r) < 1:
            TRX.addException("Bad shadow key entered! Please obtain it via your www.ShadowLightly.com account.")
            TRX.throwExceptions()
            exit(0)
        #loging.error(len(r))

        # The dirtiest hack of dirty hacks.
コード例 #10
0
            ssid = m.AdditionalFields.get('ssid')
        if domain is None:
            domain = m.AdditionalFields.get('fqdn')
        if observation is None:
            observation = m.AdditionalFields.get('observation')

        #If no start and end times specified fetch all.
        #It might make more sense to just remove the time filter.
        if start_time is None:
            start_time = "2000-01-01 00:00:00.0"
        if end_time is None:
            end_time = "2037-01-01 00:00:00.0"

        if not shadowKey or shadowKey == ' ':
            TRX.addException(
                "Bad shadow key entered! Please obtain it via your www.ShadowLightly.com account."
            )
            TRX.throwExceptions()
            exit(0)
        ss = select([mtk.c.mtkey]).where(mtk.c.mtkey == shadowKey)
        r = db.execute(ss).fetchall()
        logging.debug("Key is %s" % shadowKey)
        logging.debug("Query is %s" % str(ss))
        logging.debug("Results of R: %s" % str(r))
        logging.debug("Length of R: %d" % len(r))
        if len(r) < 1:
            TRX.addException(
                "Bad shadow key entered! Please obtain it via your www.ShadowLightly.com account."
            )
            TRX.throwExceptions()
            exit(0)
コード例 #11
0
ファイル: mispego.py プロジェクト: MISP/MISPego
def dataError(request):
    mt = MaltegoTransform()
    mt.addException("[Error] Failure to load function with name %s" % request)
    mt.throwExceptions()
コード例 #12
0
ファイル: mispego.py プロジェクト: MISP/MISPego
def returnFailure(etype, value, reason):
    mt = MaltegoTransform()
    mt.addException("[Error] Failed to add %s with value %s due to %s" % (etype, value, reason));
    mt.throwExceptions()
コード例 #13
0
ファイル: mispego.py プロジェクト: MISP/MISPego
# MISP_Maltego)
# Date: 09/03/2016
######################################################

from pymisp import PyMISP
from MaltegoTransform import *
from mispego_util import *
from datetime import datetime, timedelta
import shelve
import re

try:
    misp =  PyMISP(BASE_URL, API_KEY, MISP_VERIFYCERT, 'json', MISP_DEBUG)
except Exception as e:
    mt = MaltegoTransform()
    mt.addException("[Error] Cannot connect to MISP instance using %s with API key %s. Please check and try again" % (BASE_URL, API_KEY))
    mt.addException("[Error] %s" % e)
    mt.throwExceptions()

eventDB = "event.db"

def addDomain(domainValue):
    eid = checkAge()
    event = misp.get(eid)
    misp.add_domain(event, domainValue, to_ids=MISP_TO_IDS)
    returnSuccess("domain",domainValue,eid)

def addIP(ipValue):
    eid = checkAge()
    event = misp.get(eid)
    misp.add_ipdst(event, ipValue, to_ids=MISP_TO_IDS)