def create_resource(user): try: resource_name = request.json["resource_name"].strip() resource_type = request.json["resource_type"].lower() resource_type = ResourceType.get_type_from_string(resource_type) resource, created = ResourceManager.get_or_create(resource_name, resource_type) project = User(user.get("_id")).get_active_project() project.add_resource(resource) response = [] response.append(resource.to_JSON()) if created: resource.launch_plugins(project.get_id()) # Deal with the case of URL resources where we have the chance to add a Domain or IP if resource.get_type() == ResourceType.URL: ip_or_domain = urllib.parse.urlparse(resource_name).netloc resource_type = ResourceType.validate_ip_or_domain(ip_or_domain) if ip_or_domain: resource, created = ResourceManager.get_or_create( ip_or_domain, resource_type ) project.add_resource(resource) response.append( { "success_message": f"Added new resource: {ip_or_domain}", "new_resource": resource.to_JSON(), "type": resource.get_type_value(), } ) if created: resource.launch_plugins(project.get_id()) # TODO: Deal with the case of domain -> IP # TODO: Deal with the case of emails -> domains -> IP return jsonify(response) except ResourceTypeException: return jsonify({"error_message": "Trying to add an unknown resource type"}), 400 except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return jsonify({"error_message": "Server error :("}), 400
def threatcrowd(plugin_name, project_id, resource_id, resource_type, target): result_status = PluginResultStatus.STARTED query_result = {} try: resource_type = ResourceType(resource_type) if resource_type == ResourceType.IPv4: query_result = threatcrowd_ip(target) elif resource_type == ResourceType.DOMAIN: query_result = threatcrowd_domain(target) elif resource_type == ResourceType.EMAIL: query_result = threatcrowd_email(target) elif resource_type == ResourceType.HASH: query_result = threatcrowd_hash(target) else: print("ThreatCrowd resource type does not found") result_status = PluginResultStatus.FAILED if not query_result: print("No results from ThreatCrowd plugin") result_status = PluginResultStatus.RETURN_NONE else: print(query_result) result_status = PluginResultStatus.COMPLETED PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def dinoflux(plugin_name, project_id, resource_id, resource_type, target): try: query_result = None API_KEY = KeyRing().get(PLUGIN_NAME) if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: result_status = PluginResultStatus.STARTED resource_type = ResourceType(resource_type) if resource_type: query_result = get_report(resource_type, target) else: print("No resource type") if query_result: result_status = PluginResultStatus.COMPLETED else: result_status = PluginResultStatus.RETURN_NONE PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def get_by_name(resource_name, resource_type): """ Lookup database for a resource with name "resource_name" if None is found, then create the resource. """ search = "canonical_name" resource_type = ResourceType.get_type_from_string(resource_type) if resource_type == ResourceType.HASH: search = "hash" db = Resource.collection() result = db.find_one({search: resource_name}) if result: return Resource(result["_id"]) # TODO: Legacy method for old database resources # TODO: Get rid of this legacy method if not result: docs = ["ip", "url", "username", "hash", "email", "domain"] for doc in docs: result = DB(doc).collection.find_one({search: resource_name}) if result: return Resource(result["_id"]) print(f"Tried get_by_name nothing found {result}") return None
def get_resources(user): resource_type_as_string = request.json["type"] try: resource_type = ResourceType(resource_type_as_string) project = User(user).get_active_project() resources = project.get_resources(resource_type) results = [] for resource in resources: results.append(Resources.get(resource, resource_type).to_JSON()) return jsonify(results) except ValueError: raise ResourceTypeException() except ResourceTypeException: return jsonify({"error_message": "Received an unknown type of resource"}), 400 except Exception as e: print(f"Error getting resource list {e}") tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return jsonify({"error_message": "Error getting resources"}), 400
def main(plugin_name, project_id, resource_id, resource_type, target): result_status = PluginResultStatus.STARTED try: if PLUGIN_NEEDS_API_KEY: API_KEY = KeyRing().get(PLUGIN_NAME) if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY query_result = None resource_type = ResourceType(resource_type) if resource_type == ResourceType.DOMAIN: query_result = auxiliary_function_1(target) elif resource_type == ResourceType.EMAIL: query_result = auxiliary_function_2(target) else: print(f"[{PLUGIN_NAME}]: Resource type does not found") PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def phishtank(plugin_name, project_id, resource_id, resource_type, url): result_status = PluginResultStatus.STARTED query_result = None try: API_KEY = KeyRing().get("phishtank") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: resource_type = ResourceType(resource_type) if resource_type == ResourceType.URL: query_result = phishtank_check(url) result_status = PluginResultStatus.COMPLETED else: print("phishtank resource type does not found") result_status = PluginResultStatus.RETURN_NONE PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def threatminer_task(plugin_name, project_id, resource_id, resource_type, target): resource_type_miner = ResourceType(resource_type) try: query_result = {} result_status = PluginResultStatus.STARTED if resource_type_miner == ResourceType.DOMAIN: query_result = threatminer_domain(target) result_status = PluginResultStatus.COMPLETED elif resource_type_miner == ResourceType.IPv4: query_result = threatminer_ip(target) result_status = PluginResultStatus.COMPLETED elif resource_type_miner == ResourceType.HASH: query_result = threatminer_samples(target) result_status = PluginResultStatus.COMPLETED else: result_status = PluginResultStatus.RETURN_NONE print("threatminer resource type does not found") PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def hunterio(plugin_name, project_id, resource_id, resource_type, target): try: query_result = None if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: result_status = PluginResultStatus.STARTED resource_type = ResourceType(resource_type) if resource_type == ResourceType.DOMAIN: query_result = hunterio_domain(target) elif resource_type == ResourceType.EMAIL: query_result = hunterio_email(target) else: print("Hunter.io resource type does not found") result_status = PluginResultStatus.RETURN_NONE if query_result: result_status = PluginResultStatus.COMPLETED PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def vt_domain(plugin_name, project_id, resource_id, resource_type, target): result_status = PluginResultStatus.STARTED response = None try: API_KEY = KeyRing().get("virustotal") if not API_KEY: print("No API key...!") result_status = PluginResultStatus.NO_API_KEY else: response = None url = None params = {"apikey": API_KEY} resource_type_for_vt = ResourceType(resource_type) if resource_type_for_vt == ResourceType.DOMAIN: url = url_for_domains params["domain"] = target elif resource_type_for_vt == ResourceType.URL: url = url_for_urls params["resource"] = target elif resource_type_for_vt == ResourceType.IPv4: url = url_for_ips params["ip"] = target elif resource_type_for_vt == ResourceType.HASH: url = url_for_hashes params["resource"] = target else: print("[VT]: Unknown resource type before querying service") result_status = PluginResultStatus.FAILED response = requests.get(url, params=params) if not response.status_code == 200: print(response) result_status = PluginResultStatus.RETURN_NONE else: response = json.loads(response.content) result_status = PluginResultStatus.COMPLETED print(response) PluginManager.set_plugin_results(resource_id, plugin_name, project_id, response, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format())) return None
def tag_to_resource(user): try: resource_id = bson.ObjectId(request.json["resource_id"]) resource_type_as_string = request.json["resource_type"] tag = request.json["tag"] resource_type = ResourceType(resource_type_as_string) resource = Resources.get(resource_id, resource_type) resource.manage_tag(tag) return jsonify({"sucess_message": "ok"}) except Exception as e: print(e) return jsonify({"error_message": "Error getting global tags"}), 400
def threatminer_task(plugin_name, project_id, resource_id, resource_type, domain): try: resource_type = ResourceType(resource_type) if resource_type == ResourceType.DOMAIN: query_result = threatminer_domain(domain, "1") else: print("threatminer resource type does not found") PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def pulsedive_task(plugin_name, project_id, resource_id, resource_type, domain_or_hash): try: resource_type = ResourceType(resource_type) if resource_type == ResourceType.DOMAIN or resource_type == ResourceType.HASH: query_result = pulsedive_get_ioc_byvalue(domain_or_hash) else: print("PulseDive resource type does not found") resource = ResourceManager.get(resource_id, resource_type) resource.set_plugin_results(plugin_name, project_id, resource_id, resource_type, query_result) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def botscout_task(plugin_name, project_id, resource_id, resource_type, ip): try: resource_type = ResourceType(resource_type) if resource_type == ResourceType.DOMAIN: query_result = botscout_ip(ip) else: print("BotScout resource type does not found") resource = ResourceManager.get(resource_id) resource.set_plugin_results( plugin_name, project_id, resource_id, resource_type, query_result ) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def get_plugins(user): try: resource_id = bson.ObjectId(request.json["resource_id"]) project_id = bson.ObjectId(request.json["project_id"]) resource_type_as_string = request.json["resource_type"] project = User(user).get_active_project() resource_type = ResourceType(resource_type_as_string) resource = Resources.get(resource_id, resource_type) plugin_list = resource.get_plugins(project_id) return json.dumps(plugin_list, default=str) except Exception as e: print(e) return jsonify( {"error_message": "Error unlinking resource from project"}), 400
def launch_plugin(user): try: resource_id = bson.ObjectId(request.json["resource_id"]) resource_type_as_string = request.json["resource_type"] plugin_name = request.json["plugin_name"] project = User(user).get_active_project() resource_type = ResourceType(resource_type_as_string) resource = Resources.get(resource_id, resource_type) resource.launch_plugin(project.get_id(), plugin_name) return jsonify({"sucess_message": "ok"}) except Exception as e: print(e) return jsonify( {"error_message": "Error unlinking resource from project"}), 400
def main(plugin_name, project_id, resource_id, resource_type, target): try: query_result = None resource_type = ResourceType(resource_type) if resource_type == ResourceType.DOMAIN: query_result = auxiliary_function_1(target) elif resource_type == ResourceType.EMAIL: query_result = auxiliary_function_2(target) else: print(f"[{PLUGIN_NAME}]: Resource type does not found") finishing_task(plugin_name, project_id, resource_id, resource_type, query_result) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def maltiverse(plugin_name, project_id, resource_id, resource_type, target): try: MALTIVERSE_EMAIL = KeyRing().get("maltiverse_email") MALTIVERSE_PASS = KeyRing().get("maltiverse_pass") API_KEY = bool(MALTIVERSE_EMAIL) & bool(MALTIVERSE_PASS) query_result = None if not API_KEY: print(["[maltiverse]: No API Keys..."]) result_status = PluginResultStatus.NO_API_KEY else: result_status = PluginResultStatus.STARTED resource_type = ResourceType(resource_type) if resource_type == ResourceType.IPv4: query_result = maltiverse_ip(target) elif resource_type == ResourceType.DOMAIN: query_result = maltiverse_domain(target) elif resource_type == ResourceType.URL: query_result = maltiverse_url(target) elif resource_type == ResourceType.HASH: query_result = maltiverse_hash(target) else: print("Maltiverse resource type does not found") result_status = PluginResultStatus.RETURN_NONE if not query_result: result_status = PluginResultStatus.FAILED if query_result.get("message"): result_status = PluginResultStatus.RETURN_NONE else: result_status = PluginResultStatus.COMPLETED print(query_result) PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def enrich_by_type(args): resource_type = ResourceType(args["resource_type"]) if resource_type == ResourceType.IPv4: args["address"] = args["canonical_name"] elif resource_type == ResourceType.USERNAME: args["username"] = args["canonical_name"] elif resource_type == ResourceType.URL: args["full_url"] = args["canonical_name"] url_parts = urllib.parse.urlparse(args["full_url"]) args["scheme"] = url_parts.scheme args["netloc"] = url_parts.netloc args["path"] = url_parts.path args["params"] = url_parts.params args["query"] = url_parts.query args["fragment"] = url_parts.fragment elif resource_type == ResourceType.HASH: args["hash"] = args["canonical_name"] args["hash_type"] = HashType.hash_detection(args["hash"]).value # canonical_name == printable name in the view args["canonical_name"] = args["hash"][:8] elif resource_type == ResourceType.EMAIL: args["email"] = args["canonical_name"] if "@" in args["email"]: args["domain"] = args["email"].split("@")[1] else: args["domain"] = None elif resource_type == ResourceType.DOMAIN: args["domain"] = args["canonical_name"] else: print( f"[entities/resource_base/enrich_by_type]: Unknown resource type {args['resource_type']} when creating resource." ) return args
def get_resource(user): """ Return a resource doc """ resource_type_as_string = request.json["resource_type"] resource_id = request.json["resource_id"] try: resource_type = ResourceType(resource_type_as_string) resource = Resources.get(resource_id, resource_type) return jsonify(resource.to_JSON()) except ValueError: raise ResourceTypeException() except ResourceTypeException: return jsonify({"error_message": "Received an unknown type of resource"}), 400 except Exception as e: print(f"Error getting ip list {e}") return jsonify({"error_message": "Error getting resources"}), 400
def otx_task(plugin_name, project_id, resource_id, resource_type, target): try: resource_type = ResourceType(resource_type) # Check 2nd parameter if it's sent through view (frontend) if resource_type == ResourceType.IPv4: query_result = otx_iocs_ipv4(target, "general") elif resource_type == ResourceType.DOMAIN: query_result = otx_iocs_hostname(target, "general") elif resource_type == ResourceType.URL: query_result = otx_iocs_url(target, "general") elif resource_type == ResourceType.HASH: query_result = otx_iocs_file(target, "analysis") else: print("OTX resource type does not found") PluginManager.set_plugin_results(resource_id, plugin_name, project_id, query_result, result_status) except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def get_type(self): return ResourceType.get_type_from_string(self.resource["resource_type"])