def get_host_reputation_table(response_list): data_list = [] header = [ 'Verdict', 'Threat Status', 'Threat Name', 'Threat Type', 'First Seen', 'Last Seen', ] data_list.append(header) response = response_list[0] threat_data = response.get('threatData') data = [ threat_data.get('verdict'), threat_data.get('threatStatus'), threat_data.get('threatName'), threat_data.get('threatType'), threat_data.get('firstSeen'), threat_data.get('lastSeen'), ] data_list.append(data) host_reputation = DoubleTable(data_list) host_reputation.padding_left = 1 host_reputation.padding_right = 1 host_reputation.inner_column_border = True host_reputation.inner_row_border = True return host_reputation.table
def table(title, rows=[]): print(Style.RESET_ALL) if len(rows) > 0 and type(rows[0]) != tuple: rows = [[ row, ] for row in rows] table_instance = DoubleTable(rows, Fore.YELLOW + title + Fore.RESET) table_instance.outer_border = True table_instance.inner_heading_row_border = False table_instance.inner_column_border = True print(table_instance.table)
def get_api_quota_table(response_list): data_list = [] header = [ 'Licenced Quota', 'Remaining Quota', 'Expiration Date', ] data_list.append(header) response = response_list[0] quota_data = response.get('quotaDetails') data = [ quota_data.get('licensedQuota'), quota_data.get('remainingQuota'), quota_data.get('expiryDate'), ] data_list.append(data) api_quota = DoubleTable(data_list) api_quota.padding_left = 1 api_quota.padding_right = 1 api_quota.inner_column_border = True api_quota.inner_row_border = True return api_quota.table + '\n\nNote: ' + quota_data.get('note')
def get_scan_report_table(response_list, source=0): data_list = [] header = [ 'URL', 'Type', 'Verdict', 'Threat Status', 'Scan ID', 'Threat Name', 'Threat Type', 'First Seen', 'Last Seen', ] data_list.append(header) response = response_list[0] normalize_msg = '' if response.get('errorNo') != 1: if response.get('normalizeData').get('normalizeStatus') == 1: normalize_msg = response.get('normalizeData').get( 'normalizeMessage') + '\n' url = response.get('urlData') threat_data = url.get('threatData') name = url.get('scanId') data = [ url.get('url'), 'Scanned URL', threat_data.get('verdict'), threat_data.get('threatStatus'), name, threat_data.get('threatName'), threat_data.get('threatType'), threat_data.get('firstSeen'), threat_data.get('lastSeen'), ] data_list.append(data) if url.get('finalUrl') is not None: data = [ url.get('finalUrl'), 'Final URL', threat_data.get('verdict'), threat_data.get('threatStatus'), '-', '-', '-', '-', '-', ] data_list.append(data) if url.get('landingUrl') is not None: landing_url = url.get('landingUrl') threat_data = landing_url.get('threatData') data = [ landing_url.get('url'), 'Redirected URL', threat_data.get('verdict'), threat_data.get('threatStatus'), landing_url.get('scanId'), threat_data.get('threatName'), threat_data.get('threatType'), threat_data.get('firstSeen'), threat_data.get('lastSeen'), ] data_list.append(data) scan_report = DoubleTable(data_list) scan_report.padding_left = 1 scan_report.padding_right = 1 scan_report.inner_column_border = True scan_report.inner_row_border = True for i, data in enumerate(data_list): if i > 0: wrapped_url = '\n'.join(wrap(data[0], 35)) wrapped_t = '\n'.join(wrap(data[1], 10)) wrapped_sid = '\n'.join(wrap(data[4], 18)) wrapped_tn = '\n'.join(wrap(data[5], 12)) wrapped_tt = '\n'.join(wrap(data[6], 12)) wrapped_fs = '\n'.join(wrap(data[7], 12)) wrapped_ls = '\n'.join(wrap(data[8], 12)) scan_report.table_data[i][0] = wrapped_url scan_report.table_data[i][1] = wrapped_t scan_report.table_data[i][4] = wrapped_sid scan_report.table_data[i][5] = wrapped_tn scan_report.table_data[i][6] = wrapped_tt scan_report.table_data[i][7] = wrapped_fs scan_report.table_data[i][8] = wrapped_ls else: if source == 1: return 'Your Url Scan request is submitted to the cloud and may take up-to 60 seconds to complete.\n'\ 'Please check back later using "slashnext-scan-report" action with Scan ID = {0} or running the ' \ 'same "slashnext-url-scan" action one more time'.format(response.get('urlData').get('scanId')) elif source == 2: return 'Your Url Scan request is submitted to the cloud and is taking longer than expected to complete.\n' \ 'Please check back later using "slashnext-scan-report" action with Scan ID = {0} or running the ' \ 'same "slashnext-url-scan-sync" action one more time'.format(response.get('urlData').get('scanId')) else: return 'Your Url Scan request is submitted to the cloud and is taking longer than expected to complete.\n' \ 'Please check back later using "slashnext-scan-report" action with Scan ID = {0} one more ' \ 'time'.format(response.get('urlData').get('scanId')) if len(response_list) == 4: download_sc = get_download_sc_file([response_list[1]], name) download_html = get_download_html_file([response_list[2]], name) download_text = get_download_text_file([response_list[3]], name) return normalize_msg + scan_report.table + '\n\nWebpage Forensics\n\n' + \ download_sc + '\n' + download_html + '\n' + download_text else: return normalize_msg + scan_report.table
def get_host_urls_table(response_list): data_list = [] header = [ 'URL', 'Type', 'Verdict', 'Threat Status', 'Scan ID', 'Threat Name', 'Threat Type', 'First Seen', 'Last Seen', ] data_list.append(header) response = response_list[0] url_list = response.get('urlDataList') for url in url_list: threat_data = url.get('threatData') data = [ url.get('url'), 'Scanned URL', threat_data.get('verdict'), threat_data.get('threatStatus'), url.get('scanId'), threat_data.get('threatName'), threat_data.get('threatType'), threat_data.get('firstSeen'), threat_data.get('lastSeen'), ] data_list.append(data) if url.get('finalUrl') is not None: data = [ url.get('finalUrl'), 'Final URL', threat_data.get('verdict'), threat_data.get('threatStatus'), '-', '-', '-', '-', '-', ] data_list.append(data) if url.get('landingUrl') is not None: landing_url = url.get('landingUrl') threat_data = landing_url.get('threatData') data = [ landing_url.get('url'), 'Redirected URL', threat_data.get('verdict'), threat_data.get('threatStatus'), landing_url.get('scanId'), threat_data.get('threatName'), threat_data.get('threatType'), threat_data.get('firstSeen'), threat_data.get('lastSeen'), ] data_list.append(data) host_urls = DoubleTable(data_list) host_urls.padding_left = 1 host_urls.padding_right = 1 host_urls.inner_column_border = True host_urls.inner_row_border = True for i, data in enumerate(data_list): if i > 0: wrapped_url = '\n'.join(wrap(data[0], 35)) wrapped_t = '\n'.join(wrap(data[1], 10)) wrapped_sid = '\n'.join(wrap(data[4], 18)) wrapped_tn = '\n'.join(wrap(data[5], 12)) wrapped_tt = '\n'.join(wrap(data[6], 12)) wrapped_fs = '\n'.join(wrap(data[7], 12)) wrapped_ls = '\n'.join(wrap(data[8], 12)) host_urls.table_data[i][0] = wrapped_url host_urls.table_data[i][1] = wrapped_t host_urls.table_data[i][4] = wrapped_sid host_urls.table_data[i][5] = wrapped_tn host_urls.table_data[i][6] = wrapped_tt host_urls.table_data[i][7] = wrapped_fs host_urls.table_data[i][8] = wrapped_ls return host_urls.table
def get_statistics(): flag_total = 0 noinfo = [] source_matches = defaultdict(list) mapp_sigable = defaultdict(list) mapp_nonsigable = defaultdict(list) itw_sigable = defaultdict(list) itw_nonsigable = defaultdict(list) try: # Validate input date strings initially if (pendulum.parse(args.fromdate) or pendulum.parse(args.enddate)) and (pendulum.parse( args.enddate) > pendulum.parse(args.fromdate)): for idx in json_data: if (pendulum.parse(idx['date']) >= pendulum.parse( args.fromdate) and pendulum.parse(idx['date']) <= pendulum.parse(args.enddate)): flag_total += 1 if idx['source'] == 'No info': source_matches[idx['source']].append(idx) noinfo.append((idx['cve_id'], idx['vendor'])) elif idx['source'] == 'MAPP': source_matches[idx['source']].append(idx) if idx['sigable'] == 'Yes': mapp_sigable[idx['sigable']].append( (idx['cve_id'], idx['rules'])) elif idx['sigable'] == 'No': mapp_nonsigable[idx['sigable']].append( (idx['cve_id'], idx['reason'], idx['author'])) elif idx['source'] == 'ITW': source_matches[idx['source']].append(idx) if idx['sigable'] == 'Yes': itw_sigable[idx['sigable']].append( (idx['cve_id'], idx['rules'])) elif idx['sigable'] == 'No': itw_nonsigable[idx['sigable']].append( (idx['cve_id'], idx['reason'], idx['author'])) else: print('Invalid date range!\n') exit(0) except ValueError as error: print(error) exit(0) print('--[[ MAPP STATISTICS ]]--\n==========================') print('[*]Total CVEs:\t\t{}'.format(flag_total)) print('[*]MAPP CVEs:') print(' - Sigable:\t\t{}'.format(len(mapp_sigable['Yes']))) print(' - Nonsigable:\t{}'.format(len(mapp_nonsigable['No']))) print('[*]ITW CVEs:') print(' - Sigable:\t\t{}'.format(len(itw_sigable['Yes']))) print(' - Nonsigable:\t{}'.format(len(itw_nonsigable['No']))) print('[*]No info CVEs:\t{}\n'.format(len(source_matches['No info']))) if len(mapp_sigable['Yes']) > 0 and (args.table == 'True' or args.table == 'true'): table = DoubleTable(title=' MAPP Sigable ', table_data=mapp_sigable['Yes']) table.inner_row_border = True table.inner_column_border = True table.justify_columns[0] = 'left' table.justify_columns[0] = 'center' print() print(table.table) if len(itw_sigable['Yes']) > 0 and (args.table == 'True' or args.table == 'true'): table = DoubleTable(title=' ITW Sigable ', table_data=itw_sigable['Yes']) table.inner_row_border = True table.inner_column_border = True table.justify_columns[0] = 'left' table.justify_columns[1] = 'center' print() print(table.table) if len(mapp_nonsigable['No']) > 0 and (args.table == 'True' or args.table == 'true'): table = DoubleTable(title=' MAPP Nonsigable ', table_data=mapp_nonsigable['No']) table.inner_row_border = True table.inner_column_border = True table.justify_columns[0] = 'center' table.justify_columns[1] = 'left' table.justify_columns[2] = 'center' print() print(table.table) if len(itw_nonsigable['No']) > 0 and (args.table == 'True' or args.table == 'true'): table = DoubleTable(title=' ITW Nonsigable ', table_data=itw_nonsigable['No']) table.inner_row_border = True table.inner_column_border = True table.justify_columns[0] = 'center' table.justify_columns[1] = 'left' table.justify_columns[2] = 'center' print() print(table.table) if len(noinfo) > 0 and (args.table == 'True' or args.table == 'true'): table = DoubleTable(title=' No info ', table_data=noinfo) table.inner_row_border = True table.inner_column_border = True table.justify_columns[0] = 'left' table.justify_columns[1] = 'left' print() print(table.table)