def download(uid): if '/download/campaigns/' in request.path: try: if uid == 'Unknown': uid = "" rows = Indicator.query.filter_by(campaign=uid).all() indlist = [] for i in rows: indicator = helpers.row_to_dict(i) for key, value in indicator.iteritems(): if value is None or value == "": indicator[key] = '-' indlist.append(indicator) out_file = io.BytesIO() fieldnames = indlist[0].keys() w = csv.DictWriter(out_file, fieldnames=fieldnames) w.writeheader() w.writerows(indlist) response = make_response(out_file.getvalue()) response.headers[ "Content-Disposition"] = "attachment; filename=" + uid + "-campaign.csv" response.headers["Content-type"] = "text/csv" return response except Exception as e: return render_template('error.html', error=e) elif '/download/tags/' in request.path: try: # Grab tags taglist = dict() rows = Indicator.query.distinct(Indicator.tags).all() if rows: for row in rows: if row.tags: for tag in row.tags.split(','): taglist[tag.strip()] = list() # Match indicators to tags del rows, row for tag, indicators in taglist.iteritems(): if tag == uid: indlist = [] rows = Indicator.query.filter(Indicator.tags.like('%' + tag + '%')).all() for i in rows: indicator = helpers.row_to_dict(i) indlist.append(indicator) out_file = io.BytesIO() fieldnames = indlist[0].keys() w = csv.DictWriter(out_file, fieldnames=fieldnames) w.writeheader() w.writerows(indlist) response = make_response(out_file.getvalue()) response.headers[ "Content-Disposition"] = "attachment; filename=" + uid + "-tags.csv" response.headers["Content-type"] = "text/csv" return response except Exception as e: return render_template('error.html', error=e)
def filesobject(uid): try: http = Indicator.query.filter(Indicator.object == uid).first() newdict = helpers.row_to_dict(http) settings = Setting.query.filter_by(_id=1).first() taglist = http.tags.split(",") temprel = {} if http.relationships: rellist = http.relationships.split(",") for rel in rellist: reltype = Indicator.query.filter( Indicator.object == rel).first() temprel[reltype.object] = reltype.type reldata = len(temprel) if settings.vtfile == "on": jsonvt = virustotal.vt_hash_lookup(str(http.object)) else: jsonvt = "" return render_template('fileobject.html', records=newdict, settingsvars=settings, address=http.object, temprel=temprel, reldata=reldata, jsonvt=jsonvt, taglist=taglist) except Exception as e: return render_template('error.html', error=e)
def download(uid): if uid == 'Unknown': uid = "" rows = Indicator.query.filter_by(campaign=uid).all() # Lazy hack. This takes care of downloading indicators by Tags, could be put into its own app.route if not rows: rows = Indicator.query.filter(Indicator.tags.like('%' + uid + '%')).all() indlist = [] for i in rows: indicator = helpers.row_to_dict(i) for key, value in indicator.iteritems(): if value is None or value == "": indicator[key] = '-' indlist.append(indicator) out_file = io.BytesIO() fieldnames = indlist[0].keys() w = csv.DictWriter(out_file, fieldnames=fieldnames) w.writeheader() w.writerows(indlist) response = make_response(out_file.getvalue()) response.headers[ "Content-Disposition"] = "attachment; filename=" + uid + "-campaign.csv" response.headers["Content-type"] = "text/csv" return response
def editobject(uid): try: http = Indicator.query.filter_by(object=uid).first() newdict = helpers.row_to_dict(http) return render_template('neweditobject.html', entry=newdict) except Exception as e: return render_template('error.html', error=e)
def objectdetails1(uid): try: row = Indicator.query.filter(Indicator.indicator == uid).first() records = helpers.row_to_dict(row) campaign_name = Campaign.query.filter_by( _id=row.campaign_id).first().name records['campaign'] = campaign_name settings = Setting.query.filter_by(_id=1).first() taglist = row.tags.split(",") temprel = {} if row.relationships: rellist = row.relationships.split(",") for rel in rellist: reltype = Indicator.query.filter( Indicator.indicator == rel).first() temprel[reltype.object] = reltype.type reldata = len(temprel) if settings.vtfile == "on": jsonvt = virustotal.vt_hash_lookup(str(row)) else: jsonvt = "" return render_template('indicatordetails.html', **locals()) except Exception as e: return render_template('error.html', error=e)
def filesobject(uid): try: http = Indicator.query.filter(Indicator.object == uid).first() newdict = helpers.row_to_dict(http) settings = Setting.query.filter_by(_id=1).first() taglist = http.tags.split(",") temprel = {} if http.relationships: rellist = http.relationships.split(",") for rel in rellist: reltype = Indicator.query.filter(Indicator.object == rel).first() temprel[reltype.object] = reltype.type reldata = len(temprel) if settings.vtfile == "on": jsonvt = virustotal.vt_hash_lookup(str(http.object)) else: jsonvt = "" return render_template( "fileobject.html", records=newdict, settingsvars=settings, address=http.object, temprel=temprel, reldata=reldata, jsonvt=jsonvt, taglist=taglist, ) except Exception as e: return render_template("error.html", error=e)
def editobject(uid): try: currentdate = time.strftime("%Y-%m-%d") row = Indicator.query.filter_by(indicator=uid).first() records = helpers.row_to_dict(row) records['campaign'] = row.campaign.name return render_template('editobject.html', entry=records, currentdate=currentdate) except Exception as e: return render_template('error.html', error=e)
def threatactorobject(uid): try: row = Indicator.query.filter(Indicator.object == uid).first() newdict = helpers.row_to_dict(row) temprel = {} if row.relationships: rellist = row.relationships.split(",") for rel in rellist: reltype = Indicator.query.filter(Indicator.object == rel) temprel[reltype.object] = reltype.type reldata = len(temprel) return render_template('threatactorobject.html', records=newdict, temprel=temprel, reldata=reldata) except Exception as e: return render_template('error.html', error=e)
def download(uid): if uid == "unknown": uid = "" rows = Indicator.query.filter_by(campaign=uid).all() indlist = [] for i in rows: indicator = helpers.row_to_dict(i) for key, value in indicator.iteritems(): if value is None or value == "": indicator[key] = "-" indlist.append(indicator) out_file = io.BytesIO() fieldnames = indlist[0].keys() w = csv.DictWriter(out_file, fieldnames=fieldnames) w.writeheader() w.writerows(indlist) response = make_response(out_file.getvalue()) response.headers["Content-Disposition"] = "attachment; filename=" + uid + "-campaign.csv" response.headers["Content-type"] = "text/csv" return response
def download(uid): if uid == 'unknown': uid = "" rows = Indicator.query.filter_by(campaign=uid).all() indlist = [] for i in rows: indicator = helpers.row_to_dict(i) for key, value in indicator.iteritems(): if value is None or value == "": indicator[key] = '-' indlist.append(indicator) out_file = io.BytesIO() fieldnames = indlist[0].keys() w = csv.DictWriter(out_file, fieldnames=fieldnames) w.writeheader() w.writerows(indlist) response = make_response(out_file.getvalue()) response.headers[ "Content-Disposition"] = "attachment; filename=" + uid + "-campaign.csv" response.headers["Content-type"] = "text/csv" return response
def objectdetails1(uid): try: row = Indicator.query.filter(Indicator.indicator == uid).first() records = helpers.row_to_dict(row) campaign_name = Campaign.query.filter_by(_id=row.campaign_id).first().name records['campaign'] = campaign_name settings = Setting.query.filter_by(_id=1).first() taglist = row.tags.split(",") temprel = {} if row.relationships: rellist = row.relationships.split(",") for rel in rellist: reltype = Indicator.query.filter(Indicator.indicator == rel).first() temprel[reltype.object] = reltype.type reldata = len(temprel) if settings.vtfile == "on": jsonvt = virustotal.vt_hash_lookup(str(row)) else: jsonvt = "" return render_template('indicatordetails.html', **locals()) except Exception as e: return render_template('error.html', error=e)
def victimobject(uid): try: http = Indicator.query.filter(Indicator.object == uid).first() newdict = helpers.row_to_dict(http) settings = Setting.query.filter_by(_id=1).first() taglist = http.tags.split(",") temprel = {} if http.relationships: rellist = http.relationships.split(",") for rel in rellist: reltype = Indicator.query.filter(Indicator.object == rel) temprel[reltype.object] = reltype.type reldata = len(temprel) jsonvt = "" whoisdata = "" odnsdata = "" circldata = "" circlssl = "" pt_pdns_data = "" pt_whois_data = "" pt_pssl_data = "" pt_host_attr_data = "" farsightdata = "" # shodaninfo = "" # Run ipwhois or domainwhois based on the type of indicator if str(http.type) == "IPv4" or str(http.type) == "IPv6": if settings.vtinfo == "on": jsonvt = virustotal.vt_ipv4_lookup(str(http.object)) if settings.whoisinfo == "on": whoisdata = whoisinfo.ipwhois(str(http.object)) if settings.odnsinfo == "on": odnsdata = opendns.ip_investigate(str(http.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(http.object)) if settings.circlssl == "on": circlssl = circl.circlssl(str(http.object)) if settings.pt_pdns == "on": pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object)) if settings.pt_whois == "on": pt_whois_data = passivetotal.pt_lookup('whois', str(http.object)) if settings.pt_pssl == "on": pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object)) if settings.pt_host_attr == "on": pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object)) if settings.farsightinfo == "on": farsightdata = farsight.farsightip(str(http.object)) elif str(http.type) == "Domain": if settings.whoisinfo == "on": whoisdata = whoisinfo.domainwhois(str(http.object)) if settings.vtinfo == "on": jsonvt = virustotal.vt_domain_lookup(str(http.object)) if settings.odnsinfo == "on": odnsdata = opendns.domains_investigate( str(http.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(http.object)) if settings.pt_pdns == "on": pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object)) if settings.pt_whois == "on": pt_whois_data = passivetotal.pt_lookup('whois', str(http.object)) if settings.pt_pssl == "on": pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object)) if settings.pt_host_attr == "on": pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object)) if settings.whoisinfo == "on": if str(http.type) == "Domain": address = str(whoisdata['city']) + ", " + str( whoisdata['country']) else: address = str(whoisdata['nets'][0]['city']) + ", " + str( whoisdata['nets'][0]['country']) else: address = "Information about " + str(http.object) return render_template('victimobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata, odnsdata=odnsdata, circldata=circldata, circlssl=circlssl, settingsvars=settings, address=address, temprel=temprel, reldata=reldata, taglist=taglist, farsightdata=farsightdata, pt_pdns_data=pt_pdns_data, pt_whois_data=pt_whois_data, pt_pssl_data=pt_pssl_data, pt_host_attr_data=pt_host_attr_data) except Exception as e: return render_template('error.html', error=e)
def objectsummary(uid): try: row = Indicator.query.filter_by(object=uid).first() newdict = helpers.row_to_dict(row) settings = Setting.query.filter_by(_id=1).first() taglist = row.tags.split(",") temprel = {} if row.relationships: rellist = row.relationships.split(",") for rel in rellist: # Won't this make the 3rd party lookups use the relationship object rather than the original object? row_rel = Indicator.query.filter_by(object=rel).first() temprel[row_rel.object] = row.type reldata = len(temprel) jsonvt = "" whoisdata = "" odnsdata = "" circldata = "" circlssl = "" ptdata = "" farsightdata = "" shodandata = "" # Run ipwhois or domainwhois based on the type of indicator if str(row.type) == "IPv4" or str(row.type) == "IPv6": if settings.vtinfo == "on": jsonvt = virustotal.vt_ipv4_lookup(str(row.object)) if settings.whoisinfo == "on": whoisdata = whoisinfo.ipwhois(str(row.object)) if settings.odnsinfo == "on": odnsdata = investigate.ip_query(str(row.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.object)) if settings.circlssl == "on": circlssl = circl.circlssl(str(row.object)) if settings.ptinfo == "on": ptdata = passivetotal.pt(str(row.object)) if settings.farsightinfo == "on": farsightdata = farsight.farsightip(str(row.object)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.object)) elif str(row.type) == "Domain": if settings.whoisinfo == "on": whoisdata = whoisinfo.domainwhois(str(row.object)) if settings.vtinfo == "on": jsonvt = virustotal.vt_domain_lookup(str(row.object)) if settings.odnsinfo == "on": odnsdata = investigate.domain_categories(str(row.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.object)) if settings.ptinfo == "on": ptdata = passivetotal.pt(str(row.object)) if settings.farsightinfo == "on": farsightdata = farsight.farsightdomain(str(row.object)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.object)) if settings.whoisinfo == "on": if whoisdata: if str(row.type) == "Domain": address = str(whoisdata['city']) + ", " + str(whoisdata['country']) else: address = str(whoisdata['nets'][0]['city']) + ", " + str( whoisdata['nets'][0]['country']) else: address = None else: address = "Information about " + str(row.object) return render_template('networkobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata, odnsdata=odnsdata, settingsvars=settings, address=address, ptdata=ptdata, temprel=temprel, circldata=circldata, circlssl=circlssl, reldata=reldata, taglist=taglist, farsightdata=farsightdata, shodandata=shodandata) except Exception as e: return render_template('error.html', error=e)
def objectsummary(uid): try: row = Indicator.query.filter_by(object=uid).first() newdict = helpers.row_to_dict(row) settings = Setting.query.filter_by(_id=1).first() taglist = row.tags.split(",") temprel = {} if row.relationships: rellist = row.relationships.split(",") for rel in rellist: row = Indicator.query.filter_by(object=rel).first() temprel[row.object] = row.type reldata = len(temprel) jsonvt = "" whoisdata = "" odnsdata = "" circldata = "" circlssl = "" ptdata = "" farsightdata = "" shodandata = "" # Run ipwhois or domainwhois based on the type of indicator if str(row.type) == "IPv4" or str(row.type) == "IPv6": if settings.vtinfo == "on": jsonvt = virustotal.vt_ipv4_lookup(str(row.object)) if settings.whoisinfo == "on": whoisdata = whoisinfo.ipwhois(str(row.object)) if settings.odnsinfo == "on": odnsdata = investigate.ip_query(str(row.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.object)) if settings.circlssl == "on": circlssl = circl.circlssl(str(row.object)) if settings.ptinfo == "on": ptdata = passivetotal.pt(str(row.object)) if settings.farsightinfo == "on": farsightdata = farsight.farsightip(str(row.object)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.object)) elif str(row.type) == "Domain": if settings.whoisinfo == "on": whoisdata = whoisinfo.domainwhois(str(row.object)) if settings.vtinfo == "on": jsonvt = virustotal.vt_domain_lookup(str(row.object)) if settings.odnsinfo == "on": odnsdata = investigate.domain_categories(str(row.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.object)) if settings.ptinfo == "on": ptdata = passivetotal.pt(str(row.object)) if settings.farsightinfo == "on": farsightdata = farsight.farsightdomain(str(row.object)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.object)) if settings.whoisinfo == "on": if str(row.type) == "Domain": address = str(whoisdata['city']) + ", " + str(whoisdata['country']) else: address = str(whoisdata['nets'][0]['city']) + ", " + str( whoisdata['nets'][0]['country']) else: address = "Information about " + str(row.object) return render_template('networkobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata, odnsdata=odnsdata, settingsvars=settings, address=address, ptdata=ptdata, temprel=temprel, circldata=circldata, circlssl=circlssl, reldata=reldata, taglist=taglist, farsightdata=farsightdata, shodandata=shodandata) except Exception as e: return render_template('error.html', error=e)
def objectdetails(uid): try: row = Indicator.query.filter_by(indicator=uid).first() records = helpers.row_to_dict(row) records['campaign'] = row.campaign.name settings = Setting.query.filter_by(_id=1).first() taglist = row.tags.split(",") temprel = {} if row.relationships: rellist = row.relationships.split(",") for rel in rellist: row = Indicator.query.filter_by(indicator=rel).first() temprel[row.object] = row.indicator_type reldata = len(temprel) jsonvt = "" whoisdata = "" odnsdata = "" circldata = "" circlssl = "" farsightdata = "" shodandata = "" pt_pdns_data = "" pt_whois_data = "" pt_pssl_data = "" pt_host_attr_data = "" # Run ipwhois or domainwhois based on the type of indicator if str(row.indicator_type) == "IPv4" or str( row.indicator_type) == "IPv6": if settings.vtinfo == "on": jsonvt = virustotal.vt_ipv4_lookup(str(row.indicator)) if settings.whoisinfo == "on": whoisdata = whoisinfo.ipwhois(str(row.indicator)) if settings.odnsinfo == "on": odnsdata = opendns.ip_investigate(str(row.indicator)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.indicator)) if settings.circlssl == "on": circlssl = circl.circlssl(str(row.indicator)) if settings.pt_pdns == "on": pt_pdns_data = passivetotal.pt_lookup('dns', str(row.indicator)) if settings.pt_whois == "on": pt_whois_data = passivetotal.pt_lookup('whois', str(row.indicator)) if settings.pt_pssl == "on": pt_pssl_data = passivetotal.pt_lookup('ssl', str(row.indicator)) if settings.pt_host_attr == "on": pt_host_attr_data = passivetotal.pt_lookup( 'attributes', str(row.indicator)) if settings.farsightinfo == "on": farsightdata = farsight.farsightip(str(row.indicator)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.indicator)) elif str(row.indicator_type) == "Domain": if settings.whoisinfo == "on": whoisdata = whoisinfo.domainwhois(str(row.indicator)) if settings.vtinfo == "on": jsonvt = virustotal.vt_domain_lookup(str(row.indicator)) if settings.odnsinfo == "on": odnsdata = opendns.domains_investigate(str(row.indicator)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.indicator)) if settings.pt_pdns == "on": pt_pdns_data = passivetotal.pt_lookup('dns', str(row.indicator)) if settings.pt_whois == "on": pt_whois_data = passivetotal.pt_lookup('whois', str(row.indicator)) if settings.pt_pssl == "on": pt_pssl_data = passivetotal.pt_lookup('ssl', str(row.indicator)) if settings.pt_host_attr == "on": pt_host_attr_data = passivetotal.pt_lookup( 'attributes', str(row.indicator)) if settings.farsightinfo == "on": farsightdata = farsight.farsightdomain(str(row.indicator)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.indicator)) if settings.whoisinfo == "on": if whoisdata: if str(row.indicator_type) == "Domain": address = str(whoisdata['city']) + ", " + str( whoisdata['country']) else: address = str(whoisdata['nets'][0]['city']) + ", " + str( whoisdata['nets'][0]['country']) else: address = "Information about " + str(row.indicator) return render_template('indicatordetails.html', **locals()) except Exception as e: return render_template('error.html', error=e)
def objectdetails(uid): try: row = Indicator.query.filter_by(indicator=uid).first() records = helpers.row_to_dict(row) records['campaign'] = row.campaign.name settings = Setting.query.filter_by(_id=1).first() taglist = row.tags.split(",") temprel = {} if row.relationships: rellist = row.relationships.split(",") for rel in rellist: row = Indicator.query.filter_by(indicator=rel).first() temprel[row.object] = row.indicator_type reldata = len(temprel) jsonvt = "" whoisdata = "" odnsdata = "" circldata = "" circlssl = "" farsightdata = "" shodandata = "" pt_pdns_data = "" pt_whois_data = "" pt_pssl_data = "" pt_host_attr_data = "" # Run ipwhois or domainwhois based on the type of indicator if str(row.indicator_type) == "IPv4" or str(row.indicator_type) == "IPv6": if settings.vtinfo == "on": jsonvt = virustotal.vt_ipv4_lookup(str(row.indicator)) if settings.whoisinfo == "on": whoisdata = whoisinfo.ipwhois(str(row.indicator)) if settings.odnsinfo == "on": odnsdata = opendns.ip_investigate(str(row.indicator)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.indicator)) if settings.circlssl == "on": circlssl = circl.circlssl(str(row.indicator)) if settings.pt_pdns == "on": pt_pdns_data = passivetotal.pt_lookup('dns', str(row.indicator)) if settings.pt_whois == "on": pt_whois_data = passivetotal.pt_lookup('whois', str(row.indicator)) if settings.pt_pssl == "on": pt_pssl_data = passivetotal.pt_lookup('ssl', str(row.indicator)) if settings.pt_host_attr == "on": pt_host_attr_data = passivetotal.pt_lookup('attributes', str(row.indicator)) if settings.farsightinfo == "on": farsightdata = farsight.farsightip(str(row.indicator)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.indicator)) elif str(row.indicator_type) == "Domain": if settings.whoisinfo == "on": whoisdata = whoisinfo.domainwhois(str(row.indicator)) if settings.vtinfo == "on": jsonvt = virustotal.vt_domain_lookup(str(row.indicator)) if settings.odnsinfo == "on": odnsdata = opendns.domains_investigate(str(row.indicator)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.indicator)) if settings.pt_pdns == "on": pt_pdns_data = passivetotal.pt_lookup('dns', str(row.indicator)) if settings.pt_whois == "on": pt_whois_data = passivetotal.pt_lookup('whois', str(row.indicator)) if settings.pt_pssl == "on": pt_pssl_data = passivetotal.pt_lookup('ssl', str(row.indicator)) if settings.pt_host_attr == "on": pt_host_attr_data = passivetotal.pt_lookup('attributes', str(row.indicator)) if settings.farsightinfo == "on": farsightdata = farsight.farsightdomain(str(row.indicator)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.indicator)) if settings.whoisinfo == "on": if whoisdata: if str(row.indicator_type) == "Domain": address = str(whoisdata['city']) + ", " + str(whoisdata['country']) else: address = str(whoisdata['nets'][0]['city']) + ", " + str(whoisdata['nets'][0]['country']) else: address = "Information about " + str(row.indicator) return render_template('indicatordetails.html', **locals()) except Exception as e: return render_template('error.html', error=e)