Exemplo n.º 1
0
client = ip2asn()

ip = socket.gethostbyname("www.google.com")
client.lookup(ip,qType='IP')
client.lookup('15169',qType='ASN')

ip6 = socket.getaddrinfo("www.nerim.net",80,socket.AF_INET6,0,0)[0][4][0]
client.lookup(ip6,qType='IP6')
client.lookupmany(['2001:4860:8010::68','2001:7a8:1:1::76'],qType='IP6')
client.lookupmany(['1515','5005'],qType='ASN')
client.lookup('91.121.224.117',qType='PEER')


import hashlib
from cymru.mhr.dns import DNSClient as mhr
client=mhr()
h=hashlib.sha1(file("/tmp/malware", 'r').read()).hexdigest()
#md5
client.lookup('733a48a9cb49651d72fe824ca91e8d00')
#sha1
client.lookup('0fd453efa2320350f2b08fbfe194b39aab5f798d')
from cymru.mhr.whois import WhoisClient as whois
client=whois()
#md5
client.lookup('733a48a9cb49651d72fe824ca91e8d00')
#sha1
client.lookup('0fd453efa2320350f2b08fbfe194b39aab5f798d')


from cymru.bogon.dns import DNSClient as bogon
client=bogon()
Exemplo n.º 2
0
def teamCymruCheck(file_path):
    """docstring for teamCymruCheck"""
    client = mhr()
    h = hashlib.sha1(file(file_path, 'r').read()).hexdigest()
    return client.lookup(h)
Exemplo n.º 3
0
def teamCymruCheck(file_path):
  """docstring for teamCymruCheck"""
  client = mhr()
  h = hashlib.sha1(file(file_path, 'r').read()).hexdigest()
  return client.lookup(h)
Exemplo n.º 4
0
    'cyboxCommon': 'http://cybox.mitre.org/common-2',
    'cyboxVocabs': 'http://cybox.mitre.org/default_vocabularies-2',
    'indicator': 'http://stix.mitre.org/Indicator-2',
    'ttp': 'http://stix.mitre.org/TTP-1',
    'marking': 'http://data-marking.mitre.org/Marking-1',
    'simpleMarking':
    'http://data-marking.mitre.org/extensions/MarkingStructure#Simple-1',
    'openiocTM':
    'http://stix.mitre.org/extensions/TestMechanism#OpenIOC2010-1',
    'mandiant': 'http://www.mandiant.com',
    'FileObj': 'http://cybox.mitre.org/objects#FileObject-2',
    'WinServiceObj': 'http://cybox.mitre.org/objects#WinServiceObject-2',
    'WinProcessObj': 'http://cybox.mitre.org/objects#WinProcessObject-2',
    'WinExecutableFileObj':
    'http://cybox.mitre.org/objects#WinExecutableFileObject-2',
    'WinRegistryKeyObj':
    'http://cybox.mitre.org/objects#WinRegistryKeyObject-2',
    'WinHandleObj': 'http://cybox.mitre.org/objects#WinHandleObject-2',
    'ProcessObj': 'http://cybox.mitre.org/objects#ProcessObject-2',
    'WinDriverObj': 'http://cybox.mitre.org/objects#WinDriverObject-2'
}

client = mhr()
f = 'Appendix_G_IOCs_Full.xml'  # http://stix.mitre.org/downloads/APT1-STIX.zip
doc = etree.parse(f)
for r in doc.xpath(
        '/stix:STIX_Package/stix:Observables/cybox:Observable/cybox:Object/cybox:Properties/FileObj:Hashes/cyboxCommon:Hash/cyboxCommon:Simple_Hash_Value',
        namespaces=namespaces):
    print r.text
    print client.lookup(r.text)