def test_have_class(self): try: self.test = pyeti.YetiApi() except NameError as e: pass # fail appropriately here. except TypeError as e: pass # fail appropriately here.
def __init__(self, opts): super(YetiThreatFeedSearcher, self).__init__(opts) self.options = opts.get(CONFIG_SECTION) url = self.options.get("urlbase") username = self.options.get("username") password = self.options.get("password") api_key = self.options.get("api_key") self.yeti_client = pyeti.YetiApi(url, (username, password), api_key)
def __init__(self, url, key, attribute): self.misp_mapping = { 'Ip': 'ip-dst', 'Domain': 'domain', 'Hostname': 'hostname', 'Url': 'url', 'AutonomousSystem': 'AS', 'File': 'sha256' } self.yeti_client = pyeti.YetiApi(url=url, api_key=key) self.attribute = attribute self.misp_event = MISPEvent() self.misp_event.add_attribute(**attribute)
def check_log_file(file, url, key, **kwargs): _, file_extension = os.path.splitext(file) print("reading file", file=sys.stderr) if file_extension == ".evtx": log = __read_evtx_file(file) else: log = __read_text_file(file) print("parsing file", file=sys.stderr) values = parse_log_file(log) print("looking in database", file=sys.stderr) results = [] a = kwargs.get("all", False) api = pyeti.YetiApi(url, api_key=key) for val, logs in values.items(): result = {"value": val} yeti = api.observable_search(value=val) if yeti: result["tags"] = yeti[0].get("tags", []) result["created"] = yeti[0].get("created", "") result["sources"] = yeti[0].get("sources", []) else: result["tags"] = [] result["created"] = "" result["sources"] = [] result["original_log"] = logs if yeti or a: results.append(result) print("writing results", file=sys.stderr) ret = kwargs.get("ret", False) if ret: return results output = kwargs.get("output", None) if not output: output = sys.stdout j = kwargs.get("json", False) if j: json.dump(results, output, indent=4, sort_keys=True) else: fields = ["value", "tags", "created", "sources", "original_log"] results = __flatten(map(__unpack_logs, map(__csv_row, results))) writer = csv.DictWriter(output, fieldnames=fields, quoting=csv.QUOTE_ALL) writer.writeheader() writer.writerows(results) outfh = kwargs.get("output", None) if outfh: outfh.close() print("finished", file=sys.stderr)
def run(self): api = pyeti.YetiApi("{}/api/".format(self.url), api_key=self.api_key) data = self.get_data() try: result = api.observable_search(value=data) if not result: self.error('Service unavailable, please check if Yeti server is running') self.report({ 'findings': result }) except Exception: self.error('An issue occurred while calling Yeti API')
def get_yeti_connection(config=None): global yeti_connection if yeti_connection: return yeti_connection if not config: raise MaltegoException("Configuration is empty !") assert 'Yeti.local.api_url' in config and 'Yeti.local.api_key' in config try: api = pyeti.YetiApi(url=config['Yeti.local.api_url'], api_key=config['Yeti.local.api_key']) return api except Exception: raise MaltegoException("Yeti Error")
def test_has_make_request(self): api = pyeti.YetiApi(self.url) with self.assertRaises(TypeError) as context: api._make_request() self.assertFalse('This is broken' in str(context.exception))
def test_has_test_connection(self): api = pyeti.YetiApi(self.url) try: api._test_connection() except: pass
def test_has_observable_bulk_add(self): api = pyeti.YetiApi(self.url) with self.assertRaises(TypeError) as context: api.observable_bulk_add() self.assertFalse('This is broken' in str(context.exception))
def test_has_observable_search(self): api = pyeti.YetiApi(self.url) try: api.observable_search() except: pass
def test_YetiApi_with_url_ignore_ssl(self): try: self.test = pyeti.YetiApi('http://localhost:5000', verify_ssl=False) except TypeError as e: pass # fail appropriately here.
def test_YetiApi_with_url(self): try: self.test = pyeti.YetiApi('http://localhost:5000') except TypeError as e: pass # fail appropriately here.
def test_YetiApi_without_arg(self): with self.assertRaises(TypeError) as context: pyeti.YetiApi() self.assertFalse('This is broken' in str(context.exception))
import pyeti, json # json is only used for pretty printing in the examples below api = pyeti.YetiApi("http://192.168.66.137:5000/api/", verify_ssl=False) #result = api.observable_search(value="applicationzip", regex=True) #print(json.dumps(result, indent=4, sort_keys=True) tag = "lokibot" #api.observable_add([tag]) results = api.observable_search(tags=tag) #results = api.observable_search(value="myplatonca.com", regex=True) print(results)
def setUp(self): self.api = pyeti.YetiApi(self.url)