Python store_requestの例

コード例 #1

    def remoteSearch(self):
        """
            Search IOC with HTTP request
        """
        mod.display("%s_remote" % self.module_name,
                    self.ioc,
                    "INFO",
                    string="Browsing in remote http")
        url = "http://malwaredb.malekal.com/index.php?"
        if self.type in ["MD5", "SHA1", "SHA256", "SHA512"]:
            base = "hash="
        elif self.type in ["URL", "domain"]:
            base = "url="
        elif self.type in ["IPv4", "IPv6"]:
            base = "domaine="
        self.url = url + base + self.ioc

        request = {
            'url': self.url,
            'headers': self.headers,
            'module': self.module_name,
            'ioc': self.ioc,
            'verbose': self.verbose,
            'proxy': self.proxy
        }

        json_request = json.dumps(request)
        store_request(self.queues, json_request)

コード例 #2

 def search(self):
     mod.display(self.module_name, "", "INFO", "Search in VirusTotal ...")
     try:
         if "virustotal_api_keys" in self.config:
             try:
                 self.key = random.Random(self.ioc).choice(
                     self.config["virustotal_api_keys"])
             except:
                 mod.display(
                     self.module_name,
                     message_type="ERROR",
                     string=
                     "Check if you have filled virustotal_api_keys in btg.cfg"
                 )
                 return None
         else:
             mod.display(
                 self.module_name,
                 message_type="ERROR",
                 string=
                 "Check if you have virustotal_api_keys field in btg.cfg")
             return None
     except:
         mod.display(self.module_name, self.ioc, "ERROR",
                     "Please provide your authkey.")
         return None
     if self.type in ["URL", "domain", "IPv4"]:
         request = self.searchURL()
     else:
         request = self.searchReport()
     store_request(self.queues, request)

コード例 #3

    def search(self, api_url, web_url, indice):
        mod.display(self.module_name, "", "INFO", "Searching...")
        if ("cuckoosandbox_api_url" in self.config
                and "user_agent" in self.config and "proxy_host" in self.config
                and "requests_timeout" in self.config):

            if self.type in ["MD5"]:
                url = "%s/files/view/md5/%s" % (api_url, self.ioc)
            elif self.type in ["SHA256"]:
                url = "%s/files/view/sha256/%s" % (api_url, self.ioc)

            request = {
                'url': url,
                'headers': self.headers,
                'module': self.module_name,
                'ioc': self.ioc,
                'verbose': self.verbose,
                'proxy': self.proxy,
                'server_id': indice
            }
            json_request = json.dumps(request)
            store_request(self.queues, json_request)
        else:
            mod.display(
                self.module, self.ioc, "ERROR",
                "Check if you have filled cuckoosandbox fields in btg.cfg")

コード例 #4

ファイル: irish.py プロジェクト: rmarsollier/BTG

    def search(self):
        mod.display(self.module_name, "", "INFO", "Searching...")
        self.url = "https://iris-h.services/api/search?hash=" + self.ioc

        request = {'url': self.url,
                   'headers': self.headers,
                   'module': self.module_name,
                   'ioc': self.ioc,
                   'verbose': self.verbose,
                   'proxy': self.proxy
                   }
        json_request = json.dumps(request)
        store_request(self.queues, json_request)

コード例 #5

    def Search(self):
        mod.display(self.module_name, "", "INFO", "Search in MetaDefender ...")

        try:
            if 'metadefender_api_keys' in self.config:
                try:
                    api_key = random.Random(self.ioc).choice(
                        self.config['metadefender_api_keys'])
                    self.headers['apikey'] = api_key
                except:
                    mod.display(
                        self.module_name,
                        self.ioc,
                        message_type="ERROR",
                        string=
                        "Check if you have filled metadefender_api_keys in btg.cfg"
                    )
                    return None
            else:
                mod.display(
                    self.module_name,
                    self.ioc,
                    message_type="ERROR",
                    string=
                    "Check if you have metadefender_api_keys field in btg.cfg")
                return None
        except:
            mod.display(self.module_name, self.ioc, "ERROR",
                        "Please provide your MetaDefender key")
            return None

        # URL building
        self.url = "https://api.metadefender.com/v2/hash/" + self.ioc

        request = {
            'url': self.url,
            'headers': self.headers,
            'module': self.module_name,
            'ioc': self.ioc,
            'verbose': self.verbose,
            'proxy': self.proxy
        }

        json_request = json.dumps(request)
        store_request(self.queues, json_request)

コード例 #6

    def vxstream_api(self):
        """
        VXstream API Connection
        """

        if 'vxstream_api_keys' in self.config:
            try:
                self.headers['api-key'] = random.Random(self.ioc).choice(
                    self.config['vxstream_api_keys'])
            except:
                mod.display(
                    self.module_name, self.ioc, "ERROR",
                    "Check if you have filled vxstream_api_keys_secret in btg.cfg"
                )
                return None
        else:
            mod.display(
                self.module_name, self.ioc, "ERROR",
                "Check if you have vxstream_api_keys_secret field in btg.cfg")
            return None

        if self.type in ["MD5", "SHA1", "SHA256"]:
            self.url = "https://www.hybrid-analysis.com/api/v2/search/hash"
            self.data = "hash=" + self.ioc
        else:
            self.url = "https://www.hybrid-analysis.com/api/v2/search/terms"
            if self.type in ["IPv4", "IPv6"]:
                self.data = "host=" + self.ioc
            elif self.type == "URL":
                self.data = "url=" + self.ioc
            else:
                self.data = "domain=" + self.ioc

        request = {
            'url': self.url,
            'headers': self.headers,
            'data': self.data,
            'module': self.module_name,
            'ioc': self.ioc,
            'verbose': self.verbose,
            'proxy': self.proxy
        }
        json_request = json.dumps(request)
        store_request(self.queues, json_request)

コード例 #7

ファイル: misp.py プロジェクト: rmarsollier/BTG

    def Search(self, misp_url, misp_key, indice):
        mod.display(self.module_name, "", "INFO", "Search in misp...")

        url = '%sattributes/restSearch/json' % (misp_url)
        self.headers['Authorization'] = misp_key
        payload = {'value': self.ioc, 'searchall': 1}
        data = json.dumps(payload)

        request = {'url': url,
                   'headers': self.headers,
                   'data': data,
                   'module': self.module_name,
                   'ioc': self.ioc,
                   'verbose': self.verbose,
                   'proxy': self.proxy,
                   'verify': self.verify,
                   'server_id': indice
                   }
        json_request = json.dumps(request)
        store_request(self.queues, json_request)

コード例 #8

ファイル: googlesb.py プロジェクト: rmarsollier/BTG

    def lookup_API(self):
        mod.display(self.module_name, "", "INFO",
                    "Search in Google Safe Browsing ...")

        if 'googlesb_api_keys' in self.config:
            try:
                api_key = random.Random(self.ioc).choice(
                    self.config['googlesb_api_keys'])
            except:
                mod.display(
                    self.module_name,
                    self.ioc,
                    message_type="ERROR",
                    string=
                    "Check if you have filled googlesb_api_keys in btg.cfg")
                return None
        else:
            mod.display(
                self.module_name,
                self.ioc,
                message_type="ERROR",
                string="Check if you have googlesb_api_keys field in btg.cfg")
            return None

        self.url = "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=" + api_key

        # TODO
        # Does not work 400 status_code
        if self.type == "SHA256":
            threatType = "EXECUTABLE"
            threatTypeEntry = "hash"
        # Does not work 400 status_code
        elif self.type in ["IPv4", "IPv6"]:
            threatType = "IP_RANGE"
            threatTypeEntry = "ip"
        else:
            threatType = "URL"

        payload = {
            "threatInfo": {
                "threatTypes": [
                    "MALWARE", "SOCIAL_ENGINEERING", "UNWANTED_SOFTWARE",
                    "POTENTIALLY_HARMFUL_APPLICATION"
                ],
                "platformTypes": [
                    "ANY_PLATFORM", "ALL_PLATFORMS", "WINDOWS", "LINUX", "OSX",
                    "ANDROID", "IOS"
                ],
                "threatEntryTypes": [threatType],
                "threatEntries": [{
                    threatType.lower(): str(self.ioc)
                }]
            }
        }
        self.data = json.dumps(payload)
        request = {
            'url': self.url,
            'headers': self.headers,
            'data': self.data,
            'module': self.module_name,
            'ioc': self.ioc,
            'verbose': self.verbose,
            'proxy': self.proxy
        }
        json_request = json.dumps(request)
        store_request(self.queues, json_request)