def get_misp_connection(config=None, parameters=None):
global misp_connection
if misp_connection:
return misp_connection
if not config:
raise MaltegoException("ERROR: MISP connection not yet established, and config not provided as parameter.")
misp_verify = True
misp_debug = False
misp_url = None
misp_key = None
try:
if is_local_exec_mode():
misp_url = config['MISP_maltego.local.misp_url']
misp_key = config['MISP_maltego.local.misp_key']
if config['MISP_maltego.local.misp_verify'] in ['False', 'false', 0, 'no', 'No']:
misp_verify = False
if config['MISP_maltego.local.misp_debug'] in ['True', 'true', 1, 'yes', 'Yes']:
misp_debug = True
if is_remote_exec_mode():
try:
misp_url = parameters['mispurl'].value
misp_key = parameters['mispkey'].value
except AttributeError:
raise MaltegoException("ERROR: mispurl and mispkey need to be set to something valid")
misp_connection = PyMISP(misp_url, misp_key, misp_verify, 'json', misp_debug, tool='misp_maltego')
except Exception:
if is_local_exec_mode():
raise MaltegoException("ERROR: Cannot connect to MISP server. Please verify your MISP_Maltego.conf settings.")
if is_remote_exec_mode():
raise MaltegoException("ERROR: Cannot connect to MISP server. Please verify your settings (MISP URL and API key), and ensure the MISP server is reachable from the internet.")
return misp_connection
def __init__(self, config=None, parameters=None):
self.misp = None
if not config:
raise MaltegoException(
"ERROR: MISP connection not yet established, and config not provided as parameter."
)
misp_verify = True
misp_debug = False
misp_url = None
misp_key = None
try:
if is_local_exec_mode():
misp_url = config['MISP_maltego.local.misp_url']
misp_key = config['MISP_maltego.local.misp_key']
if config['MISP_maltego.local.misp_verify'] in [
'False', 'false', 0, 'no', 'No'
]:
misp_verify = False
if config['MISP_maltego.local.misp_debug'] in [
'True', 'true', 1, 'yes', 'Yes'
]:
misp_debug = True
else:
try:
misp_url = parameters['mispurl'].value
misp_key = parameters['mispkey'].value
except AttributeError:
raise MaltegoException(
"ERROR: mispurl and mispkey need to be set to something valid"
)
self.misp = PyMISP(url=misp_url,
key=misp_key,
ssl=misp_verify,
debug=misp_debug,
tool='misp_maltego',
timeout=(2, 60))
except Exception:
if is_local_exec_mode():
raise MaltegoException(
"ERROR: Cannot connect to MISP server. Please verify your MISP_Maltego.conf settings."
)
else:
raise MaltegoException(
"ERROR: Cannot connect to MISP server. Please verify your settings (MISP URL and API key), and ensure the MISP server is reachable from the internet."
)
def __call__(self, request, *args):
self.args.append(request.entity.value)
if isinstance(request.parameters, list) and request.parameters:
self.args.extend(request.parameters)
if request.entity.fields:
self.args.append('#'.join([
'%s=%s' % (k, v.value.replace('#', '\\#').replace('=', '\\='))
for k, v in request.entity.fields.items()
]))
if is_local_exec_mode():
p = Popen(self.args, env=self.env)
p.communicate()
exit(p.returncode)
else:
p = Popen(self.args, env=self.env, stdout=PIPE)
out, _ = p.communicate()
return MaltegoMessage.parse(out)
def _parse_value(self, value):
if value.startswith('object://') and is_local_exec_mode():
r = urlparse(value)
try:
v = r.path.lstrip('/')
m = __import__(r.netloc, globals(), locals(), [v])
value = m.__dict__[v]
except ImportError:
pass
elif re.match(r'^\d+$', value):
value = int(value)
elif re.match(r'^\d+\.\d+$', value):
value = float(value)
elif re.search(r'\s*(?<=[^\\]),+\s*', value):
l = re.split(r'\s*(?<=[^\\]),+\s*', value)
value = []
for v in l:
value.append(self._parse_value(v))
else:
value = value.replace(r'\,', ',')
return value
def _parse_value(self, value):
if value.startswith("object://") and is_local_exec_mode():
r = urlparse(value)
try:
v = r.path.lstrip("/")
m = __import__(r.netloc, globals(), locals(), [v])
value = m.__dict__[v]
except ImportError:
pass
elif re.match(r"^\d+$", value):
value = int(value)
elif re.match(r"^\d+\.\d+$", value):
value = float(value)
elif re.search(r"\s*(?<=[^\\]),+\s*", value):
l = re.split(r"\s*(?<=[^\\]),+\s*", value)
value = []
for v in l:
value.append(self._parse_value(v))
else:
value = value.replace(r"\,", ",")
return value