def create_resource(user):
try:
resource_name = request.json["resource_name"].strip()
resource_type = request.json["resource_type"].lower()
resource_type = ResourceType.get_type_from_string(resource_type)
resource, created = ResourceManager.get_or_create(resource_name, resource_type)
project = User(user.get("_id")).get_active_project()
project.add_resource(resource)
response = []
response.append(resource.to_JSON())
if created:
resource.launch_plugins(project.get_id())
# Deal with the case of URL resources where we have the chance to add a Domain or IP
if resource.get_type() == ResourceType.URL:
ip_or_domain = urllib.parse.urlparse(resource_name).netloc
resource_type = ResourceType.validate_ip_or_domain(ip_or_domain)
if ip_or_domain:
resource, created = ResourceManager.get_or_create(
ip_or_domain, resource_type
)
project.add_resource(resource)
response.append(
{
"success_message": f"Added new resource: {ip_or_domain}",
"new_resource": resource.to_JSON(),
"type": resource.get_type_value(),
}
)
if created:
resource.launch_plugins(project.get_id())
# TODO: Deal with the case of domain -> IP
# TODO: Deal with the case of emails -> domains -> IP
return jsonify(response)
except ResourceTypeException:
return jsonify({"error_message": "Trying to add an unknown resource type"}), 400
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
return jsonify({"error_message": "Server error :("}), 400
def threatcrowd(plugin_name, project_id, resource_id, resource_type, target):
result_status = PluginResultStatus.STARTED
query_result = {}
try:
resource_type = ResourceType(resource_type)
if resource_type == ResourceType.IPv4:
query_result = threatcrowd_ip(target)
elif resource_type == ResourceType.DOMAIN:
query_result = threatcrowd_domain(target)
elif resource_type == ResourceType.EMAIL:
query_result = threatcrowd_email(target)
elif resource_type == ResourceType.HASH:
query_result = threatcrowd_hash(target)
else:
print("ThreatCrowd resource type does not found")
result_status = PluginResultStatus.FAILED
if not query_result:
print("No results from ThreatCrowd plugin")
result_status = PluginResultStatus.RETURN_NONE
else:
print(query_result)
result_status = PluginResultStatus.COMPLETED
PluginManager.set_plugin_results(resource_id, plugin_name, project_id,
query_result, result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def dinoflux(plugin_name, project_id, resource_id, resource_type, target):
try:
query_result = None
API_KEY = KeyRing().get(PLUGIN_NAME)
if not API_KEY:
print("No API key...!")
result_status = PluginResultStatus.NO_API_KEY
else:
result_status = PluginResultStatus.STARTED
resource_type = ResourceType(resource_type)
if resource_type:
query_result = get_report(resource_type, target)
else:
print("No resource type")
if query_result:
result_status = PluginResultStatus.COMPLETED
else:
result_status = PluginResultStatus.RETURN_NONE
PluginManager.set_plugin_results(resource_id, plugin_name, project_id,
query_result, result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def get_by_name(resource_name, resource_type):
"""
Lookup database for a resource with name "resource_name"
if None is found, then create the resource.
"""
search = "canonical_name"
resource_type = ResourceType.get_type_from_string(resource_type)
if resource_type == ResourceType.HASH:
search = "hash"
db = Resource.collection()
result = db.find_one({search: resource_name})
if result:
return Resource(result["_id"])
# TODO: Legacy method for old database resources
# TODO: Get rid of this legacy method
if not result:
docs = ["ip", "url", "username", "hash", "email", "domain"]
for doc in docs:
result = DB(doc).collection.find_one({search: resource_name})
if result:
return Resource(result["_id"])
print(f"Tried get_by_name nothing found {result}")
return None
def get_resources(user):
resource_type_as_string = request.json["type"]
try:
resource_type = ResourceType(resource_type_as_string)
project = User(user).get_active_project()
resources = project.get_resources(resource_type)
results = []
for resource in resources:
results.append(Resources.get(resource, resource_type).to_JSON())
return jsonify(results)
except ValueError:
raise ResourceTypeException()
except ResourceTypeException:
return jsonify({"error_message": "Received an unknown type of resource"}), 400
except Exception as e:
print(f"Error getting resource list {e}")
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
return jsonify({"error_message": "Error getting resources"}), 400
def main(plugin_name, project_id, resource_id, resource_type, target):
result_status = PluginResultStatus.STARTED
try:
if PLUGIN_NEEDS_API_KEY:
API_KEY = KeyRing().get(PLUGIN_NAME)
if not API_KEY:
print("No API key...!")
result_status = PluginResultStatus.NO_API_KEY
query_result = None
resource_type = ResourceType(resource_type)
if resource_type == ResourceType.DOMAIN:
query_result = auxiliary_function_1(target)
elif resource_type == ResourceType.EMAIL:
query_result = auxiliary_function_2(target)
else:
print(f"[{PLUGIN_NAME}]: Resource type does not found")
PluginManager.set_plugin_results(resource_id, plugin_name, project_id,
query_result, result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def phishtank(plugin_name, project_id, resource_id, resource_type, url):
result_status = PluginResultStatus.STARTED
query_result = None
try:
API_KEY = KeyRing().get("phishtank")
if not API_KEY:
print("No API key...!")
result_status = PluginResultStatus.NO_API_KEY
else:
resource_type = ResourceType(resource_type)
if resource_type == ResourceType.URL:
query_result = phishtank_check(url)
result_status = PluginResultStatus.COMPLETED
else:
print("phishtank resource type does not found")
result_status = PluginResultStatus.RETURN_NONE
PluginManager.set_plugin_results(resource_id, plugin_name, project_id,
query_result, result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def threatminer_task(plugin_name, project_id, resource_id, resource_type,
target):
resource_type_miner = ResourceType(resource_type)
try:
query_result = {}
result_status = PluginResultStatus.STARTED
if resource_type_miner == ResourceType.DOMAIN:
query_result = threatminer_domain(target)
result_status = PluginResultStatus.COMPLETED
elif resource_type_miner == ResourceType.IPv4:
query_result = threatminer_ip(target)
result_status = PluginResultStatus.COMPLETED
elif resource_type_miner == ResourceType.HASH:
query_result = threatminer_samples(target)
result_status = PluginResultStatus.COMPLETED
else:
result_status = PluginResultStatus.RETURN_NONE
print("threatminer resource type does not found")
PluginManager.set_plugin_results(resource_id, plugin_name, project_id,
query_result, result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def hunterio(plugin_name, project_id, resource_id, resource_type, target):
try:
query_result = None
if not API_KEY:
print("No API key...!")
result_status = PluginResultStatus.NO_API_KEY
else:
result_status = PluginResultStatus.STARTED
resource_type = ResourceType(resource_type)
if resource_type == ResourceType.DOMAIN:
query_result = hunterio_domain(target)
elif resource_type == ResourceType.EMAIL:
query_result = hunterio_email(target)
else:
print("Hunter.io resource type does not found")
result_status = PluginResultStatus.RETURN_NONE
if query_result:
result_status = PluginResultStatus.COMPLETED
PluginManager.set_plugin_results(resource_id, plugin_name,
project_id, query_result,
result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def vt_domain(plugin_name, project_id, resource_id, resource_type, target):
result_status = PluginResultStatus.STARTED
response = None
try:
API_KEY = KeyRing().get("virustotal")
if not API_KEY:
print("No API key...!")
result_status = PluginResultStatus.NO_API_KEY
else:
response = None
url = None
params = {"apikey": API_KEY}
resource_type_for_vt = ResourceType(resource_type)
if resource_type_for_vt == ResourceType.DOMAIN:
url = url_for_domains
params["domain"] = target
elif resource_type_for_vt == ResourceType.URL:
url = url_for_urls
params["resource"] = target
elif resource_type_for_vt == ResourceType.IPv4:
url = url_for_ips
params["ip"] = target
elif resource_type_for_vt == ResourceType.HASH:
url = url_for_hashes
params["resource"] = target
else:
print("[VT]: Unknown resource type before querying service")
result_status = PluginResultStatus.FAILED
response = requests.get(url, params=params)
if not response.status_code == 200:
print(response)
result_status = PluginResultStatus.RETURN_NONE
else:
response = json.loads(response.content)
result_status = PluginResultStatus.COMPLETED
print(response)
PluginManager.set_plugin_results(resource_id, plugin_name, project_id,
response, result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
return None
def tag_to_resource(user):
try:
resource_id = bson.ObjectId(request.json["resource_id"])
resource_type_as_string = request.json["resource_type"]
tag = request.json["tag"]
resource_type = ResourceType(resource_type_as_string)
resource = Resources.get(resource_id, resource_type)
resource.manage_tag(tag)
return jsonify({"sucess_message": "ok"})
except Exception as e:
print(e)
return jsonify({"error_message": "Error getting global tags"}), 400
def threatminer_task(plugin_name, project_id, resource_id, resource_type,
domain):
try:
resource_type = ResourceType(resource_type)
if resource_type == ResourceType.DOMAIN:
query_result = threatminer_domain(domain, "1")
else:
print("threatminer resource type does not found")
PluginManager.set_plugin_results(resource_id, plugin_name, project_id,
query_result, result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def pulsedive_task(plugin_name, project_id, resource_id, resource_type,
domain_or_hash):
try:
resource_type = ResourceType(resource_type)
if resource_type == ResourceType.DOMAIN or resource_type == ResourceType.HASH:
query_result = pulsedive_get_ioc_byvalue(domain_or_hash)
else:
print("PulseDive resource type does not found")
resource = ResourceManager.get(resource_id, resource_type)
resource.set_plugin_results(plugin_name, project_id, resource_id,
resource_type, query_result)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def botscout_task(plugin_name, project_id, resource_id, resource_type, ip):
try:
resource_type = ResourceType(resource_type)
if resource_type == ResourceType.DOMAIN:
query_result = botscout_ip(ip)
else:
print("BotScout resource type does not found")
resource = ResourceManager.get(resource_id)
resource.set_plugin_results(
plugin_name, project_id, resource_id, resource_type, query_result
)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def get_plugins(user):
try:
resource_id = bson.ObjectId(request.json["resource_id"])
project_id = bson.ObjectId(request.json["project_id"])
resource_type_as_string = request.json["resource_type"]
project = User(user).get_active_project()
resource_type = ResourceType(resource_type_as_string)
resource = Resources.get(resource_id, resource_type)
plugin_list = resource.get_plugins(project_id)
return json.dumps(plugin_list, default=str)
except Exception as e:
print(e)
return jsonify(
{"error_message": "Error unlinking resource from project"}), 400
def launch_plugin(user):
try:
resource_id = bson.ObjectId(request.json["resource_id"])
resource_type_as_string = request.json["resource_type"]
plugin_name = request.json["plugin_name"]
project = User(user).get_active_project()
resource_type = ResourceType(resource_type_as_string)
resource = Resources.get(resource_id, resource_type)
resource.launch_plugin(project.get_id(), plugin_name)
return jsonify({"sucess_message": "ok"})
except Exception as e:
print(e)
return jsonify(
{"error_message": "Error unlinking resource from project"}), 400
def main(plugin_name, project_id, resource_id, resource_type, target):
try:
query_result = None
resource_type = ResourceType(resource_type)
if resource_type == ResourceType.DOMAIN:
query_result = auxiliary_function_1(target)
elif resource_type == ResourceType.EMAIL:
query_result = auxiliary_function_2(target)
else:
print(f"[{PLUGIN_NAME}]: Resource type does not found")
finishing_task(plugin_name, project_id, resource_id, resource_type,
query_result)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def maltiverse(plugin_name, project_id, resource_id, resource_type, target):
try:
MALTIVERSE_EMAIL = KeyRing().get("maltiverse_email")
MALTIVERSE_PASS = KeyRing().get("maltiverse_pass")
API_KEY = bool(MALTIVERSE_EMAIL) & bool(MALTIVERSE_PASS)
query_result = None
if not API_KEY:
print(["[maltiverse]: No API Keys..."])
result_status = PluginResultStatus.NO_API_KEY
else:
result_status = PluginResultStatus.STARTED
resource_type = ResourceType(resource_type)
if resource_type == ResourceType.IPv4:
query_result = maltiverse_ip(target)
elif resource_type == ResourceType.DOMAIN:
query_result = maltiverse_domain(target)
elif resource_type == ResourceType.URL:
query_result = maltiverse_url(target)
elif resource_type == ResourceType.HASH:
query_result = maltiverse_hash(target)
else:
print("Maltiverse resource type does not found")
result_status = PluginResultStatus.RETURN_NONE
if not query_result:
result_status = PluginResultStatus.FAILED
if query_result.get("message"):
result_status = PluginResultStatus.RETURN_NONE
else:
result_status = PluginResultStatus.COMPLETED
print(query_result)
PluginManager.set_plugin_results(resource_id, plugin_name,
project_id, query_result,
result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def enrich_by_type(args):
resource_type = ResourceType(args["resource_type"])
if resource_type == ResourceType.IPv4:
args["address"] = args["canonical_name"]
elif resource_type == ResourceType.USERNAME:
args["username"] = args["canonical_name"]
elif resource_type == ResourceType.URL:
args["full_url"] = args["canonical_name"]
url_parts = urllib.parse.urlparse(args["full_url"])
args["scheme"] = url_parts.scheme
args["netloc"] = url_parts.netloc
args["path"] = url_parts.path
args["params"] = url_parts.params
args["query"] = url_parts.query
args["fragment"] = url_parts.fragment
elif resource_type == ResourceType.HASH:
args["hash"] = args["canonical_name"]
args["hash_type"] = HashType.hash_detection(args["hash"]).value
# canonical_name == printable name in the view
args["canonical_name"] = args["hash"][:8]
elif resource_type == ResourceType.EMAIL:
args["email"] = args["canonical_name"]
if "@" in args["email"]:
args["domain"] = args["email"].split("@")[1]
else:
args["domain"] = None
elif resource_type == ResourceType.DOMAIN:
args["domain"] = args["canonical_name"]
else:
print(
f"[entities/resource_base/enrich_by_type]: Unknown resource type {args['resource_type']} when creating resource."
)
return args
def get_resource(user):
"""
Return a resource doc
"""
resource_type_as_string = request.json["resource_type"]
resource_id = request.json["resource_id"]
try:
resource_type = ResourceType(resource_type_as_string)
resource = Resources.get(resource_id, resource_type)
return jsonify(resource.to_JSON())
except ValueError:
raise ResourceTypeException()
except ResourceTypeException:
return jsonify({"error_message": "Received an unknown type of resource"}), 400
except Exception as e:
print(f"Error getting ip list {e}")
return jsonify({"error_message": "Error getting resources"}), 400
def otx_task(plugin_name, project_id, resource_id, resource_type, target):
try:
resource_type = ResourceType(resource_type)
# Check 2nd parameter if it's sent through view (frontend)
if resource_type == ResourceType.IPv4:
query_result = otx_iocs_ipv4(target, "general")
elif resource_type == ResourceType.DOMAIN:
query_result = otx_iocs_hostname(target, "general")
elif resource_type == ResourceType.URL:
query_result = otx_iocs_url(target, "general")
elif resource_type == ResourceType.HASH:
query_result = otx_iocs_file(target, "analysis")
else:
print("OTX resource type does not found")
PluginManager.set_plugin_results(resource_id, plugin_name, project_id,
query_result, result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def get_type(self):
return ResourceType.get_type_from_string(self.resource["resource_type"])
