コード例 #1
0
ファイル: demo.py プロジェクト: 2xyo/python-cybox
def main():
    '''Build a CybOX Observables document and write it to stdout'''
    domain = api.create_domain_name_observable('www.example.com')
    url = api.create_url_observable('http://www.example.com')
    ipv4 = api.create_ipv4_observable('127.0.0.1')
    email = api.create_email_address_observable('*****@*****.**')
    file_ = api.create_file_hash_observable('foo.bar','94f93e00fd122466d68a6ae3b8c7f908')

    observables_doc = Observables([
                                    domain,
                                    ipv4,
                                    url,
                                    email,
                                    file_,
                                  ])
    observables_doc.to_obj().export(sys.stdout, 0)

    pprint(observables_doc.to_dict())
コード例 #2
0
ファイル: IOCextractor.py プロジェクト: Xen0ph0n/IOCextractor
def export_cybox():
    filename = asksaveasfilename(title="Save As", filetypes=[("xml file",".xml"),("All files",".*")])
    observables_doc = None
     
    if filename:
        observables = []
        for t in tags:
            indicators = []
            myhighlights = text.tag_ranges(t)
            mystart = 0
            for h in myhighlights:
                if mystart == 0:
                    mystart = h
                else:
                    mystop = h
                    value = text.get(mystart,mystop).replace('[.]','.').replace('[@]','@')
                    
                    if t == 'md5':
                        value = value.upper()
                        if value not in indicators:
                            observable = cybox_api.create_file_hash_observable('', value, 'MD5')
                            observables.append(observable)
                            indicators.append(value)
                        
                    elif t == 'ipv4':
                        if not value in indicators:
                            observable = cybox_api.create_ipv4_observable(value)
                            observables.append(observable)
                            indicators.append(value)

                    elif t == 'domain':
                        if not value in indicators:
                            observable = cybox_api.create_domain_name_observable(value)
                            observables.append(observable)
                            indicators.append(value)
                    
                    elif t == 'url':
                        if not value in indicators:
                            observable = cybox_api.create_url_observable(value)
                            observables.append(observable)
                            indicators.append(value)

                    elif t == 'email':
                        if not value in indicators:
                            observable = cybox_api.create_email_address_observable(value)
                            observables.append(observable)
                            indicators.append(value)


                    mystart = 0
                # end if
            # end for
        # end for
       
        if len(observables) > 0:
            observables_doc = cybox_api.create_observables_document(observables)
 
            if len(filename) - filename.find('.xml') != 4:
                filename = "%s.xml" % filename #add .xml extension if missing
            # end if
            
            f = open(filename, "wb")
            observables_doc.export(f, 0)
            f.close()
コード例 #3
0
ファイル: IOCextractor.py プロジェクト: raystyle/IOCextractor
def export_cybox():
    filename = asksaveasfilename(title="Save As",
                                 filetypes=[("xml file", ".xml"),
                                            ("All files", ".*")])
    observables_doc = None

    if filename:
        observables = []
        for t in tags:
            indicators = []
            myhighlights = text.tag_ranges(t)
            mystart = 0
            for h in myhighlights:
                if mystart == 0:
                    mystart = h
                else:
                    mystop = h
                    value = text.get(mystart,
                                     mystop).replace('[.]',
                                                     '.').replace('[@]', '@')

                    if t == 'md5':
                        value = value.upper()
                        if value not in indicators:
                            observable = cybox_api.create_file_hash_observable(
                                '', value, 'MD5')
                            observables.append(observable)
                            indicators.append(value)

                    elif t == 'ipv4':
                        if not value in indicators:
                            observable = cybox_api.create_ipv4_observable(
                                value)
                            observables.append(observable)
                            indicators.append(value)

                    elif t == 'domain':
                        if not value in indicators:
                            observable = cybox_api.create_domain_name_observable(
                                value)
                            observables.append(observable)
                            indicators.append(value)

                    elif t == 'url':
                        if not value in indicators:
                            observable = cybox_api.create_url_observable(value)
                            observables.append(observable)
                            indicators.append(value)

                    elif t == 'email':
                        if not value in indicators:
                            observable = cybox_api.create_email_address_observable(
                                value)
                            observables.append(observable)
                            indicators.append(value)

                    mystart = 0
                # end if
            # end for
        # end for

        if len(observables) > 0:
            observables_doc = cybox_api.create_observables_document(
                observables)

            if len(filename) - filename.find('.xml') != 4:
                filename = "%s.xml" % filename  #add .xml extension if missing
            # end if

            f = open(filename, "wb")
            observables_doc.export(f, 0)
            f.close()