def test_sha1_extract(self): content = 'adc83b19e793491b1c6ea0fd8b46cd9f32e592fc' self.assertEquals(list(iocextract.extract_sha1_hashes(content))[0], content) self.assertEquals(list(iocextract.extract_sha1_hashes(_wrap_spaces(content)))[0], content) self.assertEquals(list(iocextract.extract_sha1_hashes(_wrap_tabs(content)))[0], content) self.assertEquals(list(iocextract.extract_sha1_hashes(_wrap_newlines(content)))[0], content) self.assertEquals(list(iocextract.extract_sha1_hashes(_wrap_words(content)))[0], content) self.assertEquals(list(iocextract.extract_sha1_hashes(_wrap_nonwords(content)))[0], content)
def create_group_pulse(input_text): # Create the pulse title unix_time = str(int(time.time())) pulse_title = 'SlackIOCs - ' + unix_time API_KEY = '' otx = OTXv2(API_KEY) group_id = 840 # Create a list of indicators indicators = [] for url in iocextract.extract_urls(input_text): indicators.append({'indicator': url, 'type': 'URL'}) for ip in iocextract.extract_ips(input_text): indicators.append({'indicator': ip, 'type': 'IPv4'}) for sha256 in iocextract.extract_sha256_hashes(input_text): indicators.append({'indicator': sha256, 'type': 'FileHash-SHA256'}) for sha1 in iocextract.extract_sha1_hashes(input_text): indicators.append({'indicator': sha1, 'type': 'FileHash-SHA1'}) for md5 in iocextract.extract_md5_hashes(input_text): indicators.append({'indicator': md5, 'type': 'FileHash-MD5'}) for email in iocextract.extract_emails(input_text): indicators.append({'indicator': email, 'type': 'EMAIL'}) print('Adding ' + str(indicators)) response = otx.create_pulse(name=pulse_title, public=True, indicators=indicators, tags=['covid19'], references=[], group_ids=[group_id], tlp='White') print('Response: ' + str(response))
def CapeReporter(values): cape_val = [] for usrInput in values: chk_ip = list(iocextract.extract_ipv4s(usrInput)) chk_url = list(iocextract.extract_urls(usrInput)) chk_md5 = list(iocextract.extract_md5_hashes(usrInput)) chk_sha1 = list(iocextract.extract_sha1_hashes(usrInput)) chk_256 = list(iocextract.extract_sha256_hashes(usrInput)) if chk_url: usrInput = chk_url[0] argType = 'url' stream = allReport(usrInput, argType) for data in stream: cape_val.append({'Cape Sandbox': data}) elif chk_ip: usrInput = chk_ip[0] argType = 'ip' stream = allReport(usrInput, argType) for data in stream: cape_val.append({'Cape Sandbox': data}) elif chk_md5: usrInput = chk_md5[0] argType = 'md5' stream = allReport(usrInput, argType) for data in stream: cape_val.append({'Cape Sandbox': data}) elif chk_sha1: usrInput = chk_sha1[0] argType = 'sha1' stream = allReport(usrInput, argType) for data in stream: cape_val.append({'Cape Sandbox': data}) elif chk_256: usrInput = chk_256[0] argType = 'sha256' stream = allReport(usrInput, argType) for data in stream: cape_val.append({'Cape Sandbox': data}) else: pass return cape_val
def test_sha1(self): content = "62283808776ee974d7e7792ffa12eb90fe36556a" result = list(iocextract.extract_sha1_hashes(content)) self.assertEqual(len(result), 1) self.assertEqual(result[0], content)
def test_sha1_not_in_shaxxx(self): content = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b' self.assertEqual(len(list(iocextract.extract_sha1_hashes(content))), 0) self.assertEqual( len(list(iocextract.extract_sha1_hashes(_wrap_spaces(content)))), 0) self.assertEqual( len(list(iocextract.extract_sha1_hashes(_wrap_tabs(content)))), 0) self.assertEqual( len(list(iocextract.extract_sha1_hashes(_wrap_newlines(content)))), 0) self.assertEqual( len(list(iocextract.extract_sha1_hashes(_wrap_words(content)))), 0) self.assertEqual( len(list(iocextract.extract_sha1_hashes(_wrap_nonwords(content)))), 0) content = 'be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09' self.assertEqual(len(list(iocextract.extract_sha1_hashes(content))), 0) self.assertEqual( len(list(iocextract.extract_sha1_hashes(_wrap_spaces(content)))), 0) self.assertEqual( len(list(iocextract.extract_sha1_hashes(_wrap_tabs(content)))), 0) self.assertEqual( len(list(iocextract.extract_sha1_hashes(_wrap_newlines(content)))), 0) self.assertEqual( len(list(iocextract.extract_sha1_hashes(_wrap_words(content)))), 0) self.assertEqual( len(list(iocextract.extract_sha1_hashes(_wrap_nonwords(content)))), 0)
if(filename in skip_files): continue # Extract text from pdf filepath = os.path.join(path, filename) content = convert_pdf_txt(filepath) # Extract Indicators of Compromise from text, recording time extracted_files[filename] = {} extract_start_time = time.time() extracted_files[filename]["urls"] = list(iocextract.extract_urls(content, refang=True)) extracted_files[filename]["email_addresses"] = list(iocextract.extract_emails(content, refang=True)) extracted_files[filename]["ipv4s"] = list(iocextract.extract_ipv4s(content, refang=True)) extracted_files[filename]["ipv6s"] = list(iocextract.extract_ipv6s(content)) extracted_files[filename]["md5s"] = list(iocextract.extract_md5_hashes(content)) extracted_files[filename]["sha1s"] = list(iocextract.extract_sha1_hashes(content)) extracted_files[filename]["sha256s"] = list(iocextract.extract_sha256_hashes(content)) extracted_files[filename]["sha512s"] = list(iocextract.extract_sha512_hashes(content)) extracted_files[filename]["yara"] = list(iocextract.extract_yara_rules(content)) extract_avg_numerator += time.time() - extract_start_time count += 1 process_end_time = time.time() # add some meta info on process run time extracted_files["meta"] = { "tool": "iocextract", "files_examined": count, "elapsed_time": process_end_time - process_start_time, "average_time": extract_avg_numerator / count,