def search_file(ioc):
os.chdir('../')
patt = tools.regex('ip')
if ioc[-3:] == 'csv':
print '[*] Pulling indicators as CSV values'
else:
print '[*] Assuming new-line formatted file'
try:
f = open(ioc, 'r').readlines()
except:
sys.stderr.write("[!] Cannot locate file: %s.\
Please provide the full path." % ioc)
exit(0)
ioc_list = []
for line in f:
for match in patt.findall(line):
ioc_list.append(match)
sleep(2)
os.chdir('intel')
dir = os.listdir('.')
total = float(len(ioc_list))
print '[*] Found %d indicators in %s' % (total, ioc)
frac = 1.0/total
prog = 0.0
matched = open('../matches.txt', 'w+')
for item in ioc_list:
for i in dir:
f2 = open(i, 'r')
contents = f2.readlines()
for line in contents:
if item in line:
info = item + ' --> ' + i + '\n'
matched.write(info)
matches += 1
else:
pass
f2.close()
prog += frac
tools.update_progress(prog)
print '[+] Search complete.'
print '%d matches found and stored in matches.txt' % matches
def search_file(ioc):
os.chdir('../')
patt = tools.regex('ip')
if ioc[-3:] == 'csv':
print '[*] Pulling indicators as CSV values'
else:
print '[*] Assuming new-line formatted file'
try:
f = open(ioc, 'r').readlines()
except:
sys.stderr.write("[!] Cannot locate file: %s.\
Please provide the full path." % ioc)
exit(0)
ioc_list = []
for line in f:
for match in patt.findall(line):
ioc_list.append(match)
sleep(2)
os.chdir('intel')
dir = os.listdir('.')
total = float(len(ioc_list))
print '[*] Found %d indicators in %s' % (total, ioc)
frac = 1.0 / total
prog = 0.0
matched = open('../matches.txt', 'w+')
for item in ioc_list:
for i in dir:
f2 = open(i, 'r')
contents = f2.readlines()
for line in contents:
if item in line:
info = item + ' --> ' + i + '\n'
matched.write(info)
matches += 1
else:
pass
f2.close()
prog += frac
tools.update_progress(prog)
print '[+] Search complete.'
print '%d matches found and stored in matches.txt' % matches
def get_feed_info(f):
#interactive prompt for gathering and storing feed info data
feed_dict = {}
feedpath = 'bin/cb/feed_meta/%s' % f # Path for new feed metadata
meta_file = open(feedpath, 'w+')
name = ''.join(e for e in f if e.isalnum())
host = gethostname()
ioc_file = 'intel/%s_ioc' % f
feed_link = 'http://%s/%s' % (host, ioc_file)
report_name = f + '_report'
# Find URL in feeds.py
try:
feedfile = open('bin/feeds.py', 'r').readlines()
except:
print(Fore.RED + '\n[-]' + Fore.RESET),
print 'Could not open file'
exit(0)
count = 0
stat = 0
for line in feedfile:
line = line.lower()
fn = f.lower()
if fn in line:
loc = feedfile[count+1]
searches = search(regex('URL'), loc)
if searches == None:
pass
else:
result = searches.group(0)
stat=1
else:
count+=1
if stat == 0:
print(Fore.YELLOW + '\n[*]' + Fore.RESET),
print('Could not locate provider URL in feed module.. please provide it below:')
provider_url = raw_input('> ')
else:
provider_url = result
# Choose Display Name
display_name = f
print(Fore.YELLOW + '\n[*]' + Fore.RESET),
print("Is '%s' okay for Feed Display Name? ([RETURN], or specify new display name)" % display_name)
choice = raw_input('\r> ')
if len(choice) == 0:
pass
else:
display_name = choice
# Choose Summary
summary = f
print(Fore.YELLOW + '\n[*]' + Fore.RESET),
print("Is '%s' okay for Feed Summary? ([RETURN], or specify summary)" % summary)
choice = raw_input('\r> ')
if len(choice) == 0:
pass
else:
summary = choice
# Choose Tech Data
tech_data = 'There are no requirements to share any data to receive this feed.'
print(Fore.YELLOW + '\n[*]' + Fore.RESET),
print("Is '%s'\n okay for Tech Data? ([RETURN], or specify new display name)" % tech_data)
choice = raw_input('\r> ')
if len(choice) == 0:
pass
else:
tech_data = choice
#Icon
icon = ''
print(Fore.YELLOW + '\n[*]' + Fore.RESET),
iconic = raw_input('Do you have an icon to upload? (Y/N)\n> ')
if iconic.lower() == 'y':
print(Fore.YELLOW + '\n[*]' + Fore.RESET),
icon = raw_input('Please provide the full path to the image here:\n> ')
elif iconic.lower() == 'n':
pass
else:
print(Fore.YELLOW + '\n[*]' + Fore.RESET),
print('[*] Sorry, did not recognize that. You can add an icon later..')
feed_meta = ['name', 'display_name', 'provider_url', 'summary', 'tech_data', 'icon', 'ioc_file', 'feed_link', 'report_name']
for i in feed_meta:
feed_dict[i] = locals()[i]
try:
json_data = dump(feed_dict, meta_file)
print(Fore.GREEN + '\n[+] Successfully wrote metadata to %s' % feedpath)
meta_file.close()
return json_data
except:
print(Fore.RED + '\n[-] Could not write JSON stream to file')