def __init__(self, patterns_ini=None, input_format='pdf', dedup=False, library='pdfminer', output_format='csv', output_handler=None): basedir = iocp.get_basedir() if patterns_ini is None: patterns_ini = os.path.join(basedir, 'data/patterns.ini') self.load_patterns(patterns_ini) wldir = os.path.join(basedir, 'data/whitelists') self.whitelist = self.load_whitelists(wldir) self.dedup = dedup if output_handler: self.handler = output_handler else: self.handler = Output.getHandler(output_format) self.ext_filter = "*." + input_format parser_format = "parse_" + input_format try: self.parser_func = getattr(self, parser_format) except AttributeError: e = 'Selected parser format is not supported: %s' % (input_format) raise NotImplementedError(e) self.library = library if input_format == 'pdf': if library not in IMPORTS: e = 'Selected PDF parser library not found: %s' % (library) raise ImportError(e) elif input_format == 'html': if 'beautifulsoup' not in IMPORTS: e = 'HTML parser library not found: BeautifulSoup' raise ImportError(e)
def print_match(self, fpath, page, name, match, flag, sheet=''):
#Read misp API key, address and cert value from misp_keys.ini
config = ConfigParser()
config.read(os.path.join(iocp.get_basedir(), 'data/misp_keys.ini'))
misp = ExpandedPyMISP(config.get('misp', 'misp_url'), config.get('misp', 'misp_key'), False)
data = {
'path' : fpath,
'file' : os.path.basename(fpath),
'page' : page,
'type' : name,
'match': match
}
data_type = data['type']
data_match = data['match']
event_id = g_misp_event
if data_type == 'URL':
print("Importing to MISP ioc %s" %(data_match))
misp.add_attribute(event_id,{'type': 'url','value': data_match})
elif data_type == 'IP':
print("Importing to MISP ioc %s" %(data_match))
misp.add_attribute(event_id,{'type': 'ip-src','value': data_match})
elif data_type == 'Email':
print("Importing to MISP ioc %s" %(data_match))
misp.add_attribute(event_id,{'type': 'email-src','value': data_match})
elif data_type == 'MD5':
print("Importing to MISP ioc %s" %(data_match))
misp.add_attribute(event_id,{'type': 'md5','value': data_match})
elif data_type == 'SHA1':
print("Importing to MISP ioc %s" %(data_match))
misp.add_attribute(event_id,{'type': 'sha1','value': data_match})
elif data_type == 'SHA256':
print("Importing to MISP ioc %s" %(data_match))
misp.add_attribute(event_id,{'type': 'sha256','value': data_match})
elif data_type == 'CVE':
print("Importing to MISP ioc %s" %(data_match))
misp.add_attribute(event_id,{'type': 'vulnerability','value': data_match})
elif data_type == 'Registry':
print("Importing to MISP ioc %s" %(data_match))
misp.add_attribute(event_id,{'type': 'regkey','value': data_match})
elif data_type == 'Filename':
print("Importing to MISP ioc %s" %(data_match))
misp.add_attribute(event_id,{'type': 'filename','value': data_match})
else:
print("Data type: %s not supported by the script" %(data_type))
def __init__(self,
patterns_ini=None,
input_format='pdf',
dedup=False,
library='pdfminer',
output_format='csv',
output_handler=None):
basedir = iocp.get_basedir()
if patterns_ini is None:
patterns_ini = os.path.join(basedir, 'data/patterns.ini')
self.load_patterns(patterns_ini)
wldir = os.path.join(basedir, 'data/whitelists')
self.whitelist = self.load_whitelists(wldir)
self.dedup = dedup
if output_handler:
self.handler = output_handler
else:
self.handler = Output.getHandler(output_format)
self.ext_filter = "*." + input_format
parser_format = "parse_" + input_format
try:
self.parser_func = getattr(self, parser_format)
except AttributeError:
e = 'Selected parser format is not supported: %s' % (input_format)
raise NotImplementedError(e)
self.library = library
if input_format == 'pdf':
if library not in IMPORTS:
e = 'Selected PDF parser library not found: %s' % (library)
raise ImportError(e)
elif input_format == 'html':
if 'beautifulsoup' not in IMPORTS:
e = 'HTML parser library not found: BeautifulSoup'
raise ImportError(e)
def __init_whitelist(self):
wldir = os.path.join(iocp.get_basedir(), 'data/whitelists')
self.whitelist = self.load_whitelists(wldir)
def __init_patterns(self, patterns_ini):
if patterns_ini is None:
patterns_ini = os.path.join(iocp.get_basedir(),
'data/patterns.ini')
self.load_patterns(patterns_ini)