def test_ip_address_defang(): """Make sure ip addresses are defanged sensibly.""" s = '192.168.4.2' assert ioc_fanger.defang(s) == '192[.]168[.]4[.]2' s = '8.8.8.8' assert ioc_fanger.defang(s) == '8[.]8[.]8[.]8'
def test_ip_address_defang(): """Make sure ip addresses are defanged sensibly.""" s = "192.168.4.2" assert ioc_fanger.defang(s) == "192[.]168[.]4[.]2" s = "8.8.8.8" assert ioc_fanger.defang(s) == "8[.]8[.]8[.]8"
def test_defanging(fanged_text): """Test defanging.""" defanged_text = ioc_fanger.defang(fanged_text) assert "hXXp://example[.]com" in defanged_text assert "1[.]2.3[.]4" in defanged_text assert "bob@example[.]com" in defanged_text
def test_defanging(fanged_text): """Test defanging.""" defanged_text = ioc_fanger.defang(fanged_text) assert "hXXp://example[.]com" in defanged_text assert "1[.]2[.]3[.]4" in defanged_text assert "bob(at)example[.]com" in defanged_text assert "5[.]6[.]7[.]8" in defanged_text print("defanged_text {}".format(defanged_text)) assert "9[.]10[.]11[.]12" in defanged_text
def process_text(): """Fang/defang indicators of compromise.""" text = request.form['text'] action = request.form['action'] if not text: flash('Please enter some text.', 'error') return redirect(url_for('index')) else: if action == 'fang': processed_text = ioc_fanger.fang(text) else: processed_text = ioc_fanger.defang(text) return processed_text
def ioc_fang_defang(text, action): """Expand or collapse an IPv6 address.""" response = str() error = False if action == 'fang': try: response = ioc_fanger.fang(text) except Exception as e: error = True response = str(e) elif action == 'defang': try: response = ioc_fanger.defang(text) except Exception as e: error = True response = str(e) else: raise RuntimeError( "Unknown action provided to ioc_fang_defang function: {}".format( action)) return response, error
def defang_benchmark(): return ioc_fanger.defang(SAMPLE_TEXT_FANGED)
print("Ticket for this URL (%s) already exists: %s" % (url, open_tickets)) sys.exit(0) online, size = is_online(url) if not online: print("Resource %s is offline (size: %s)" % (url, size)) sys.exit(1) my_pyurlabuse = PyURLAbuse() print("Querying URLAbuse:") response = my_pyurlabuse.run_query(url, with_digest=True) time.sleep(5) response = my_pyurlabuse.run_query(url, with_digest=True) emails = ",".join([email.strip('.') for email in response['digest'][1]]) asns = response['digest'][2] text = ioc_fanger.defang(response['digest'][0]) d = {'details': text} try: f = open(template) subject = f.readline().rstrip() templatecontent = Template(f.read()) body = templatecontent.substitute(d) except Exception: print("Couldn't open template file (%s)" % template) sys.exit(1) f.close() # print emails #emails = "*****@*****.**"
def save_post(request, feed, post, json_indicators=[], ttps=[], tas=[], is_stix2=False, stix2_titles=[], stix2_contents=[]): if len(post) == 0: return None feed.post = post[:10240] # STIX 2.x 出力の場合は RS 登録する if is_stix2: bundle = get_stix2_bundle(json_indicators, ttps, tas, feed.title, post, stix2_titles, stix2_contents, request.user) feed.stix2_package_id = bundle.id _, stix2_file_path = tempfile.mkstemp() with open(stix2_file_path, 'w', encoding='utf-8') as fp: fp.write(bundle.serialize(True, ensure_ascii=False)) # RS に登録する rs.regist_ctim_rs(feed.user, bundle.id, stix2_file_path) os.remove(stix2_file_path) # stixファイルを作成する feed_stix = FeedStix(feed=feed, indicators=json_indicators, ttps=ttps, tas=tas) # Slack 投稿用の添付ファイル作成 if feed.files.count() > 1: # ファイルが複数 # ファイルが添付されている場合は file upload をコメント付きで temp = tempfile.NamedTemporaryFile() with zipfile.ZipFile(temp.name, 'w', compression=zipfile.ZIP_DEFLATED) as new_zip: for file_ in feed.files.all(): new_zip.write(file_.file_path, arcname=file_.file_name) upploaded_filename = 'uploaded_files.zip' elif feed.files.count() == 1: # ファイルが単数 temp = tempfile.NamedTemporaryFile() file_ = feed.files.get() with open(file_.file_path, 'rb') as fp: temp.write(fp.read()) temp.seek(0) upploaded_filename = file_.file_name else: temp = None feed.stix_file_path = write_stix_file(feed, feed_stix) # package_id取得 feed.package_id = feed_stix.get_stix_package().id_ # slack 投稿 if feed.user.username != const.SNS_SLACK_BOT_ACCOUNT: slack_post = '' slack_post += '[%s]\n' % (feed.title) slack_post += '\n' slack_post += '%s\n' % (ioc_fanger.defang(feed.post)) slack_post += '\n' slack_post += '---------- S-TIP Post Info (TLP: %s) ----------\n' % ( feed.tlp) slack_post += '%s: %s\n' % ('Account', feed.user.username) slack_post += '%s: %s\n' % ('Package_ID', feed.package_id) slack_post += '%s: %s\n' % ('Referred URL', feed.referred_url if feed.referred_url is not None else '') slack_post = slack_post.replace('&', '%amp;amp;') slack_post = slack_post.replace('<', '%amp;lt;') slack_post = slack_post.replace('>', '%amp;gt;') # Slack 投稿用の添付ファイル作成 from daemon.slack.receive import wc if wc is not None: post_slack_channel = SNSConfig.get_slack_bot_chnnel() if temp is not None: try: # ファイルが添付されている場合は file uplaod をコメント付きで wc.files_upload(initial_comment=slack_post, channels=post_slack_channel, file=open(temp.name, 'rb'), filename=upploaded_filename) finally: # 閉じると同時に削除される temp.close() else: try: wc.chat_postMessage(text=slack_post, channel=post_slack_channel, as_user='******') except Exception as _: pass # 添付 ファイルstixを送る for attachment_file in feed_stix.attachment_files: file_name = attachment_file.stix_header.title # 一時ファイルにstixの中身を書き出す tmp_file_path = write_like_comment_attach_stix( attachment_file.to_xml()) # RS に登録する rs.regist_ctim_rs(feed.user, file_name, tmp_file_path) # 登録後にファイルは削除 os.remove(tmp_file_path) # 添付ファイル STIX を RS に登録後、投稿 STIX を送る rs.regist_ctim_rs(feed.user, feed.title, feed.stix_file_path) # 添付ファイル削除 for file_ in feed.files.all(): os.remove(file_.file_path) # indicatorが存在していれば chatbot 起動する indicators = feed_stix.get_stix_package().indicators if indicators is not None and len(indicators) != 0: # chatbot指定があれば起動する if const.SNS_GV_CONCIERGE_ACCOUNT is not None: try: concierge_user = STIPUser.objects.get( username=const.SNS_GV_CONCIERGE_ACCOUNT) # 非同期で RS から matching 情報を取得しコメントをつける matching_comment_th = threading.Thread( target=post_rs_indicator_matching_comment, args=(request, feed, feed_stix.get_stix_package().id_, concierge_user)) matching_comment_th.daemon = True matching_comment_th.start() except Exception: pass if const.SNS_FALCON_CONCIERGE_ACCOUNT is not None: try: concierge_user = STIPUser.objects.get( username=const.SNS_FALCON_CONCIERGE_ACCOUNT) # 非同期で CrowdStrike から indicator に該当する report を取得しコメントをつける crowd_strike_report_th = threading.Thread( target=post_crowd_strike_indicator_matching_comment, args=(feed, feed_stix.get_stix_package().id_, concierge_user, json_indicators)) crowd_strike_report_th.daemon = True crowd_strike_report_th.start() except Exception: pass return
def test_issue_32(): # see https://github.com/ioc-fang/ioc_fanger/issues/32 s = '*****@*****.**' assert ioc_fanger.defang(s) == 'httptest(at)test[.]com'