def test_defang(self): self.assertEqual(iocextract.defang('http://example.com/some/lo.ng/path.ext/'), 'hxxp://example[.]com/some/lo.ng/path.ext/') self.assertEqual(iocextract.defang('http://example.com/path.ext'), 'hxxp://example[.]com/path.ext') self.assertEqual(iocextract.defang('http://127.0.0.1/path.ext'), 'hxxp://127[.]0[.]0[.]1/path.ext') self.assertEqual(iocextract.defang('http://example.com/'), 'hxxp://example[.]com/') self.assertEqual(iocextract.defang('https://example.com/'), 'hxxps://example[.]com/') self.assertEqual(iocextract.defang('ftp://example.com/'), 'fxp://example[.]com/') self.assertEqual(iocextract.defang('example.com'), 'example[.]com') self.assertEqual(iocextract.defang('example.com/'), 'example[.]com/') self.assertEqual(iocextract.defang('example.com/some/lo.ng/path.ext/'), 'example[.]com/some/lo.ng/path.ext/') self.assertEqual(iocextract.defang('127.0.0.1'), '127[.]0[.]0[.]1')
def extract_iocs(): file = input("File you want to extract IOCs from(full file path): ") iocs = [] with open(file, "r") as f: f = f.read() print(f"{green}\nIOCs extracted:\n{reset}") for everything in iocextract.extract_iocs(f): iocs.append(iocextract.defang(everything)) print(f"{red}{iocextract.defang(everything)}{reset}") iocs = "\n".join(iocs) Files.mk_file("extract_iocs.txt", iocs)
def format_message(self, message: str, **kwargs): """Allow string interpolation with artifact contents. Supported variables: * {ipaddress} * {defanged} * All supported variables from Artifact.format_message """ return super().format_message( message, ipaddress=str(self), defanged=iocextract.defang(str(self)) )
def format_message(self, message, **kwargs): """Allow string interpolation with artifact contents. Supported variables: * {url} * {defanged} * {domain} * All supported variables from Artifact.format_message """ return super(URL, self).format_message(message, url=str(self), domain=self.domain(), defanged=iocextract.defang( str(self)))
def make_pdf_content(self, response, feed): self.package_id = feed.package_id self.tlp = feed.tlp feed_pdf_stix = _get_feed_pdf_stix(feed) # style変更 styles = getSampleStyleSheet() for name in ('Normal', 'BodyText', 'Title', 'Heading1', 'Heading2', 'Heading3', 'Heading4', 'Heading5', 'Heading6', 'Bullet', 'Definition', 'Code'): styles[name].wordWrap = 'CJK' styles[name].fontName = 'meiryo' # doc作成 doc = SimpleDocTemplate(response, pagesize=portrait(A4)) story = [] # Title string = '<b>Title:</b> %s' % iocextract.defang(feed.title) story.append(Paragraph(string, styles['Normal'])) # Author if feed.administrative_code is None: administrative_code = '-' else: administrative_code = feed.administrative_code if feed.country_code is None: country_code = '-' else: country_code = feed.country_code string = '%s (%s - %s, %s)' % (feed.user.get_screen_name(), feed.user.get_sector_display(), administrative_code, country_code) txt = '<b>Author:</b> %s' % (string) story.append(Paragraph(txt, styles['Normal'])) # Produced Time ts = feed_pdf_stix.get_timestamp() txt = '<b>Produced Time:</b> %s' % (ts) story.append(Paragraph(txt, styles['Normal'])) # STIX Package ID string = str(feed.package_id) txt = '<b>STIX Package ID:</b> %s' % (string) story.append(Paragraph(txt, styles['Normal'])) # 空行 story.append(Spacer(1, 1.0 * cm)) # content txt = '<b>Content:</b>' story.append(Paragraph(txt, styles['Normal'])) txt = iocextract.defang(feed.post) story.append(Paragraph(txt, styles['Normal'])) # 空行 story.append(Spacer(1, 1.0 * cm)) # テーブルのセルスタイル設定 style = ParagraphStyle(name='Normal', fontName=self.FONT_MEIRYO, fontSize=9, leading=9) # indicators indicators = feed_pdf_stix.get_indicators() if len(indicators) == 0: txt = '<b>Indicators:</b> No Data' story.append(Paragraph(txt, styles['Normal'])) else: txt = '<b>Indicators:</b>' story.append(Paragraph(txt, styles['Normal'])) # 空行 story.append(Spacer(1, 0.1 * cm)) # Table d = [ # header ['Type', 'Indicators'], ] # Sort(優先度は1列目、2列目の順で名前順) indicators.sort(key=lambda x: x[1]) indicators.sort(key=lambda x: x[0]) # STIXからObservablesとIndicatorsを抽出 for item in indicators: (type_, value, _) = item item = [] item.append(Paragraph(type_, style)) # file_nameの場合は値がパイプで囲まれている if type_ == 'file_name': # 前後のパイプをトリミング value = value[1:-1] # defang value = iocextract.defang(value) item.append(Paragraph(value, style)) d.append(item) # テーブル作成とスタイル設定 indicators_table = self._create_table(d, len(indicators), (20 * mm, 135 * mm)) story.append(indicators_table) # 空行 story.append(Spacer(1, 1.0 * cm)) # Exploit Targets exploit_targets = feed_pdf_stix.get_exploit_targets() if len(exploit_targets) == 0: txt = '<b>Exploit Targets:</b> No Data' story.append(Paragraph(txt, styles['Normal'])) else: txt = '<b>Exploit Targets:</b>' story.append(Paragraph(txt, styles['Normal'])) # 空行 story.append(Spacer(1, 0.1 * cm)) # Table d = [ # header ['CVE', 'Description'], ] # Description情報を抽出 for item in exploit_targets: (_, cve, value) = item item = [] value = self._html_text(value) item.append(Paragraph(cve, style)) item.append(Paragraph(value, style)) d.append(item) # テーブル作成とスタイル設定 cve_table = self._create_table(d, len(exploit_targets), (35 * mm, 120 * mm)) story.append(cve_table) # 空行 story.append(Spacer(1, 1.0 * cm)) # Threat Actors threat_actors = feed_pdf_stix.get_threat_actors() if len(threat_actors) == 0: txt = '<b>Threat Actors:</b> No Data' story.append(Paragraph(txt, styles['Normal'])) else: txt = '<b>Threat Actors:</b>' story.append(Paragraph(txt, styles['Normal'])) # 空行 story.append(Spacer(1, 0.1 * cm)) # Table d = [ # header ['Name', 'Description'], ] # Description情報を抽出 for item in threat_actors: (_, actor, value) = item item = [] item.append(Paragraph(actor, style)) item.append(Paragraph(str(value), style)) d.append(item) # テーブル作成とスタイル設定 actors_table = self._create_table(d, len(threat_actors), (30 * mm, 125 * mm)) story.append(actors_table) # 改ページ story.append(PageBreak()) # PDF 作成 doc.build(story, onFirstPage=self._first_page, onLaterPages=self._last_page)