def delete(self):
cli = Client(remote, pull_token())
try:
r = cli.tokens_delete(request.data)
except AuthError:
return jsonify_unauth()
except Exception as e:
logger.error(e)
return jsonify_unknown()
return jsonify_success(r)
def delete(self):
cli = Client(remote, pull_token())
try:
r = cli.tokens_delete(request.data)
except AuthError:
return jsonify_unauth()
except Exception as e:
logger.error(e)
return jsonify_unknown()
return jsonify_success(r)
def patch(self):
cli = Client(remote, pull_token())
try:
r = cli.tokens_edit(request.data)
except AuthError:
return jsonify_unauth()
except RuntimeError as e:
return jsonify_unknown(msg=str(e))
except Exception as e:
logger.error(e)
return jsonify_unknown()
if not r:
return jsonify_unauth()
return jsonify_success(r)
def get(self):
cli = Client(remote, pull_token())
filters = {}
for f in TOKEN_FILTERS:
filters[f] = request.args.get(f)
if current_app.config.get('dummy'):
return jsonify_success()
try:
r = cli.tokens_search(filters)
except AuthError:
return jsonify_unauth()
except Exception as e:
logger.error(e)
return jsonify_unknown()
return jsonify_success(r)
def get(self):
cli = Client(remote, pull_token())
filters = {}
for f in TOKEN_FILTERS:
filters[f] = request.args.get(f)
if current_app.config.get('dummy'):
return jsonify_success()
try:
r = cli.tokens_search(filters)
except AuthError:
return jsonify_unauth()
except Exception as e:
logger.error(e)
return jsonify_unknown()
return jsonify_success(r)
def post(self):
cli = Client(remote, pull_token())
if not request.data:
return jsonify_unknown('missing data', 400)
if current_app.config.get('dummy'):
return jsonify_success()
try:
r = cli.tokens_create(request.data)
except AuthError:
return jsonify_unauth()
except Exception as e:
logger.error(e)
return jsonify_unknown()
if not r:
return jsonify_unknown('create failed', 400)
return jsonify_success(r, code=201)
def post(self):
cli = Client(remote, pull_token())
if not request.data:
return jsonify_unknown('missing data', 400)
if current_app.config.get('dummy'):
return jsonify_success()
try:
r = cli.tokens_create(request.data)
except AuthError:
return jsonify_unauth()
except Exception as e:
logger.error(e)
return jsonify_unknown()
if not r:
return jsonify_unknown('create failed', 400)
return jsonify_success(r, code=201)
def login():
if request.method == 'GET':
return render_template('login.html')
if request.method == 'POST':
from cifsdk.client.zeromq import ZMQ as Client
if request.form['token'] == '':
return render_template('login.html')
c = Client(remote, HTTPD_TOKEN)
rv = c.tokens_search({'token': request.form['token']})
if len(rv) == 0:
return render_template('login.html', code=401)
user = rv[0]
if user['revoked']:
return render_template('login.html', code=401)
for e in ['username', 'token', 'admin', 'read', 'write', 'groups']:
session[e] = user[e]
return redirect(url_for('/u/search'))
def tokens():
cli = Client(remote, pull_token())
if request.method == 'DELETE':
try:
r = cli.tokens_delete(request.data)
except Exception as e:
logger.error(e)
response = jsonify({"message": "failed", "data": []})
response.status_code = 503
else:
response = jsonify({'message': 'success', 'data': r})
response.status_code = 200
elif request.method == 'POST':
if request.data:
try:
r = cli.tokens_create(request.data)
except AuthError:
response = jsonify({
'message': 'admin privs required',
'data': []
})
response.status_code = 401
except Exception as e:
logger.error(e)
response = jsonify({'message': 'create failed', 'data': []})
response.status_code = 503
else:
if r:
response = jsonify({'message': 'success', 'data': r})
response.status_code = 200
else:
response = jsonify({
'message': 'admin privs required',
'data': []
})
response.status_code = 401
else:
response = jsonify({'message': 'create failed', 'data': []})
response.status_code = 400
elif request.method == 'PATCH':
try:
r = cli.tokens_edit(request.data)
except AuthError:
response = jsonify({'message': 'admin privs required', 'data': []})
response.status_code = 401
except Exception as e:
logger.error(e)
import traceback
traceback.print_exc()
response = jsonify({'message': 'create failed', 'data': []})
response.status_code = 503
else:
if r:
response = jsonify({'message': 'success', 'data': r})
response.status_code = 200
else:
response = jsonify({
'message': 'admin privs required',
'data': []
})
response.status_code = 401
else:
filters = {}
for f in TOKEN_FILTERS:
filters[f] = request.args.get(f)
try:
r = cli.tokens_search(filters)
except AuthError:
response = jsonify({"message": "failed", "data": []})
response.status_code = 401
except Exception as e:
logger.error(e)
response = jsonify({"message": "failed", "data": []})
response.status_code = 503
else:
response = jsonify({'message': 'success', 'data': r})
response.status_code = 200
return response
def main(): # pragma: no cover
p = get_argument_parser()
p = ArgumentParser(description=textwrap.dedent('''\
example usage:
$ cif -q example.org -d
$ cif --search 1.2.3.0/24
$ cif --profile zeek
'''),
formatter_class=RawDescriptionHelpFormatter,
prog='cif',
parents=[p])
p.add_argument('--remote',
help='specify API remote [default %(default)s]',
default=REMOTE)
p.add_argument('--no-verify-ssl', action='store_true')
p.add_argument("--create", action="store_true", help="create an indicator")
p.add_argument('--delete', action='store_true')
p.add_argument('-q', '--search', help="search")
p.add_argument('--itype', help='filter by indicator type')
p.add_argument('--reported_at', help='specify reported_at filter')
p.add_argument('-n',
'--nolog',
help='do not log search',
action='store_true')
p.add_argument('-f',
'--format',
help='specify output format [default: %(default)s]"',
default=FORMAT,
choices=FORMATS.keys())
p.add_argument('--indicator',
help='indicator (ip, url, etc..) '
'to search for')
p.add_argument('--confidence', help="specify confidence level")
p.add_argument('--tags', nargs='+', help='filter by tag(s)')
p.add_argument('--provider', help='provider to filter by')
p.add_argument('--asn', help='filter by asn')
p.add_argument('--cc', help='filter by country code')
p.add_argument('--asn-name', help='filter by asn name')
p.add_argument('--rdata', help='filter by rdata')
p.add_argument('--groups', help='filter by group(s)')
p.add_argument('--days', help='filter results within last X days')
p.add_argument('--today',
action='store_true',
help='auto-sets reported_at to today, 00:00:00Z (UTC)')
p.add_argument('--limit',
help='limit results [default %(default)s]',
default=SEARCH_LIMIT)
p.add_argument('--columns',
default=','.join(COLUMNS),
help='specify output columns [default %(default)s]')
p.add_argument('--no-feed',
action='store_true',
help='return a non-filtered dataset (no whitelist applied)')
p.add_argument('--profile',
help='specify feed profile',
choices=PROFILES.keys())
args = p.parse_args()
setup_logging(args)
opts = vars(args)
options = {}
for k, v in opts.items():
if v:
options[k] = v
if args.remote.startswith('http'):
verify_ssl = True
if args.no_verify_ssl:
verify_ssl = False
if args.remote == 'https://localhost':
verify_ssl = False
cli = Client(verify_ssl=verify_ssl)
else:
from cifsdk.client.zeromq import ZMQ
cli = ZMQ()
filters = {e: options.get(e) for e in VALID_FILTERS}
if args.search:
filters['indicator'] = args.search
for k, v in filters.items():
if v is True:
filters[k] = 1
if v is False:
filters[k] = 0
if options.get("create"):
_create(cli, args, filters)
raise SystemExit
if options.get("delete"):
_delete(cli, args, filters)
raise SystemExit
if not sys.stdin.isatty():
buffer = sys.stdin.read().rstrip("\n").split("\n")
filters = [{'indicator': i} for i in buffer]
_search(cli, args, options, filters)
def main():
p = get_argument_parser()
p = ArgumentParser(description=textwrap.dedent('''\
example usage:
$ cif -q example.org -d
$ cif --search 1.2.3.0/24
$ cif --ping
'''),
formatter_class=RawDescriptionHelpFormatter,
prog='cif',
parents=[p])
p.add_argument('--token', help='specify api token', default=TOKEN)
p.add_argument('--remote',
help='specify API remote [default %(default)s]',
default=REMOTE_ADDR)
p.add_argument('-p', '--ping', action="store_true") # meg?
p.add_argument('--ping-indef', action="store_true")
p.add_argument('-q', '--search', help="search")
p.add_argument('--itype', help='filter by indicator type'
) ## need to fix sqlite for non-ascii stuff first
p.add_argument("--submit", action="store_true", help="submit an indicator")
p.add_argument('--limit',
help='limit results [default %(default)s]',
default=SEARCH_LIMIT)
p.add_argument('--reporttime', help='specify reporttime filter')
p.add_argument('-n',
'--nolog',
help='do not log search',
action='store_true')
p.add_argument('-f',
'--format',
help='specify output format [default: %(default)s]"',
default=FORMAT,
choices=FORMATS.keys())
p.add_argument('--indicator')
p.add_argument('--tags', nargs='+')
p.add_argument('--provider')
p.add_argument('--confidence', help="specify confidence level")
p.add_argument('--tlp', help="specify traffic light protocol")
p.add_argument("--zmq",
help="use zmq as a transport instead of http",
action="store_true")
p.add_argument('--config',
help='specify config file [default %(default)s]',
default=CONFIG_PATH)
p.add_argument('--feed', action='store_true')
p.add_argument('--no-verify-ssl', action='store_true')
p.add_argument('--last-day',
action="store_true",
help='auto-sets reporttime to 23 hours and 59 seconds ago '
'(current time UTC) and reporttime-end to "now"')
p.add_argument(
'--last-hour',
action='store_true',
help='auto-sets reporttime to the beginning of the previous full'
' hour and reporttime-end to end of previous full hour')
p.add_argument('--days', help='filter results within last X days')
p.add_argument('--today',
help='auto-sets reporttime to today, 00:00:00Z (UTC)',
action='store_true')
p.add_argument('--columns',
help='specify output columns [default %(default)s]',
default=','.join(COLUMNS))
p.add_argument('--asn')
p.add_argument('--cc')
p.add_argument('--asn-desc')
p.add_argument('--rdata')
p.add_argument('--no-feed', action='store_true')
p.add_argument('--region')
p.add_argument('--groups', help='specify groups filter (csv)')
p.add_argument('--delete', action='store_true')
p.add_argument('--id')
args = p.parse_args()
setup_logging(args)
logger = logging.getLogger(__name__)
o = read_config(args)
options = vars(args)
for v in options:
if v == 'remote' and options[v] == REMOTE_ADDR and o.get('remote'):
options[v] = o['remote']
if v == 'token' and o.get('token'):
options[v] = o['token']
if options[v] is None or options[v] == '':
options[v] = o.get(v)
if not options.get('token'):
raise RuntimeError('missing --token')
verify_ssl = True
if o.get('no_verify_ssl') or options.get('no_verify_ssl'):
verify_ssl = False
if options.get("zmq"):
from cifsdk.client.zeromq import ZMQ as ZMQClient
cli = ZMQClient(**options)
else:
from cifsdk.client.http import HTTP as HTTPClient
if args.remote == 'https://localhost':
verify_ssl = False
cli = HTTPClient(args.remote, args.token, verify_ssl=verify_ssl)
if options.get('ping') or options.get('ping_indef'):
logger.info('running ping')
n = 4
if args.ping_indef:
n = 999
try:
for num in range(0, n):
ret = cli.ping()
if ret != 0:
print("roundtrip: {} ms".format(ret))
select.select([], [], [], 1)
from time import sleep
sleep(1)
else:
logger.error('ping failed')
raise RuntimeError
except KeyboardInterrupt:
pass
raise SystemExit
if options.get("submit"):
print("submitting {0}".format(options.get("submit")))
i = Indicator(indicator=args.indicator,
tags=args.tags,
confidence=args.confidence,
group=args.groups,
tlp=args.tlp,
provider=args.provider)
rv = cli.indicators_create(i)
print('success id: {}\n'.format(rv))
raise SystemExit
filters = {
'itype': options['itype'],
'limit': options['limit'],
'provider': options.get('provider'),
'indicator': options.get('search') or options.get('indicator'),
'nolog': options['nolog'],
'tags': options['tags'],
'confidence': options.get('confidence'),
'asn': options.get('asn'),
'asn_desc': options.get('asn_desc'),
'cc': options.get('cc'),
'region': options.get('region'),
'rdata': options.get('rdata'),
'reporttime': options.get('reporttime'),
'groups': options.get('groups'),
'tlp': options.get('tlp')
}
if args.last_day:
filters['days'] = '1'
del filters['reporttime']
if args.last_hour:
filters['hours'] = '1'
del filters['reporttime']
if args.days:
filters['days'] = args.days
del filters['reporttime']
if args.today:
now = arrow.utcnow()
filters['reporttime'] = '{0}Z'.format(
now.format('YYYY-MM-DDT00:00:00'))
if filters.get('itype') and not filters.get('search') and not args.no_feed:
logger.info('setting feed flag by default, use --no-feed to override')
options['feed'] = True
if options.get("delete"):
if args.id:
filters = {'id': args.id}
filters = {f: filters[f] for f in filters if filters.get(f)}
print("deleting {0}".format(filters))
rv = cli.indicators_delete(filters)
print('deleted: {}'.format(rv))
raise SystemExit
if options.get('feed'):
if not filters.get('itype') and not ADVANCED:
print('\nmissing --itype\n\n')
raise SystemExit
if not filters.get('tags') and not ADVANCED:
print(
'\nmissing --tags [phishing|malware|botnet|scanner|pdns|whitelist|...]\n\n'
)
raise SystemExit
if not filters.get('confidence'):
filters['confidence'] = 8
if args.limit == SEARCH_LIMIT:
filters['limit'] = FEED_LIMIT
try:
rv = cli.feed(filters=filters)
except AuthError as e:
logger.error('unauthorized')
except KeyboardInterrupt:
pass
except Exception as e:
logger.error(e)
else:
print(FORMATS[options.get('format')](data=rv,
cols=args.columns.split(',')))
raise SystemExit
try:
rv = cli.search(filters)
except AuthError as e:
logger.error('unauthorized')
except KeyboardInterrupt:
pass
except Exception as e:
import traceback
traceback.print_exc()
logger.error(e)
else:
print(FORMATS[options.get('format')](data=rv,
cols=args.columns.split(',')))
def tokens():
cli = Client(remote, pull_token())
if request.method == 'DELETE':
try:
r = cli.tokens_delete(request.data)
except Exception as e:
logger.error(e)
response = jsonify({
"message": "failed",
"data": []
})
response.status_code = 503
else:
response = jsonify({
'message': 'success',
'data': r
})
response.status_code = 200
elif request.method == 'POST':
if request.data:
try:
r = cli.tokens_create(request.data)
except AuthError:
response = jsonify({
'message': 'admin privs required',
'data': []
})
response.status_code = 401
except Exception as e:
logger.error(e)
response = jsonify({
'message': 'create failed',
'data': []
})
response.status_code = 503
else:
if r:
response = jsonify({
'message': 'success',
'data': r
})
response.status_code = 200
else:
response = jsonify({
'message': 'admin privs required',
'data': []
})
response.status_code = 401
else:
response = jsonify({
'message': 'create failed',
'data': []
})
response.status_code = 400
elif request.method == 'PATCH':
try:
r = cli.tokens_edit(request.data)
except AuthError:
response = jsonify({
'message': 'admin privs required',
'data': []
})
response.status_code = 401
except Exception as e:
logger.error(e)
import traceback
traceback.print_exc()
response = jsonify({
'message': 'create failed',
'data': []
})
response.status_code = 503
else:
if r:
response = jsonify({
'message': 'success',
'data': r
})
response.status_code = 200
else:
response = jsonify({
'message': 'admin privs required',
'data': []
})
response.status_code = 401
else:
filters = {}
for f in TOKEN_FILTERS:
filters[f] = request.args.get(f)
try:
r = cli.tokens_search(filters)
except AuthError:
response = jsonify({
"message": "failed",
"data": []
})
response.status_code = 401
except Exception as e:
logger.error(e)
response = jsonify({
"message": "failed",
"data": []
})
response.status_code = 503
else:
response = jsonify({
'message': 'success',
'data': r
})
response.status_code = 200
return response
def main():
p = get_argument_parser()
p = ArgumentParser(description=textwrap.dedent('''\
example usage:
$ cif -q example.org -d
$ cif --search 1.2.3.0/24
$ cif --ping
'''),
formatter_class=RawDescriptionHelpFormatter,
prog='cif',
parents=[p])
p.add_argument('--token', help='specify api token', default=TOKEN)
p.add_argument('--remote',
help='specify API remote [default %(default)s]',
default=REMOTE_ADDR)
p.add_argument('-p', '--ping', action="store_true") # meg?
p.add_argument('-q', '--search', help="search")
p.add_argument('--itype', help='filter by indicator type'
) ## need to fix sqlite for non-ascii stuff first
p.add_argument("--submit", action="store_true", help="submit an indicator")
p.add_argument('--limit',
help='limit results [default %(default)s]',
default=SEARCH_LIMIT)
p.add_argument('--reporttime', help='specify reporttime filter')
p.add_argument('-n',
'--nolog',
help='do not log search',
action='store_true')
p.add_argument('-f',
'--format',
help='specify output format [default: %(default)s]"',
default=FORMAT,
choices=FORMATS.keys())
p.add_argument('--indicator')
p.add_argument('--tags', nargs='+')
p.add_argument('--provider')
p.add_argument('--confidence', help="specify confidence level")
p.add_argument("--zmq",
help="use zmq as a transport instead of http",
action="store_true")
p.add_argument('--config',
help='specify config file [default %(default)s]',
default=CONFIG_PATH)
p.add_argument('--feed', action='store_true')
p.add_argument('--no-verify-ssl', action='store_true')
p.add_argument('--last-day',
action="store_true",
help='auto-sets reporttime to 23 hours and 59 seconds ago '
'(current time UTC) and reporttime-end to "now"')
p.add_argument(
'--last-hour',
action='store_true',
help='auto-sets reporttime to the beginning of the previous full'
' hour and reporttime-end to end of previous full hour')
p.add_argument('--days', help='filter results within last X days')
p.add_argument('--today',
help='auto-sets reporttime to today, 00:00:00Z (UTC)',
action='store_true')
args = p.parse_args()
setup_logging(args)
logger = logging.getLogger(__name__)
o = read_config(args)
options = vars(args)
for v in options:
if v == 'remote' and options[v] == REMOTE_ADDR and o.get('remote'):
options[v] = o['remote']
if options[v] is None:
options[v] = o.get(v)
if not options.get('token'):
raise RuntimeError('missing --token')
verify_ssl = True
if o.get('no_verify_ssl') or options.get('no_verify_ssl'):
verify_ssl = False
if options.get("zmq"):
from cifsdk.client.zeromq import ZMQ as ZMQClient
cli = ZMQClient(**options)
else:
from cifsdk.client.http import HTTP as HTTPClient
if args.remote == 'https://localhost':
verify_ssl = False
cli = HTTPClient(args.remote, args.token, verify_ssl=verify_ssl)
if options.get('ping'):
logger.info('running ping')
for num in range(0, 4):
ret = cli.ping()
if ret != 0:
print("roundtrip: {} ms".format(ret))
select.select([], [], [], 1)
else:
logger.error('ping failed')
raise RuntimeError
raise SystemExit
if options.get("submit"):
logger.info("submitting {0}".format(options.get("submit")))
i = Indicator(indicator=args.indicator,
tags=args.tags,
confidence=args.confidence)
rv = cli.indicators_create(i)
logger.info('success id: {}'.format(rv))
raise SystemExit
filters = {
'itype': options['itype'],
'limit': options['limit'],
'provider': options.get('provider'),
'indicator': options.get('search'),
'nolog': options['nolog'],
'tags': options['tags'],
'confidence': options.get('confidence')
}
if args.last_day:
filters['days'] = '1'
if args.last_hour:
filters['hours'] = '1'
if args.days:
filters['days'] = args.days
if args.today:
now = arrow.utcnow()
filters['reporttime'] = '{0}Z'.format(
now.format('YYYY-MM-DDT00:00:00'))
if options.get('feed'):
if not filters.get('confidence'):
filters['confidence'] = 8
if not filters.get('reporttime') and not filters.get(
'day') and not filters.get('hour'):
filters['days'] = FEED_DAYS_LIMIT
if args.limit == SEARCH_LIMIT:
filters['limit'] = FEED_LIMIT
try:
rv = cli.feed(filters=filters)
except AuthError as e:
logger.error('unauthorized')
else:
print(FORMATS[options.get('format')](data=rv))
raise SystemExit
try:
rv = cli.search(filters)
except AuthError as e:
logger.error('unauthorized')
else:
print(FORMATS[options.get('format')](data=rv))
def main():
p = get_argument_parser()
p = ArgumentParser(
description=textwrap.dedent('''\
example usage:
$ cif -q example.org -d
$ cif --search 1.2.3.0/24
$ cif --ping
'''),
formatter_class=RawDescriptionHelpFormatter,
prog='cif',
parents=[p]
)
p.add_argument('--token', help='specify api token', default=TOKEN)
p.add_argument('--remote', help='specify API remote [default %(default)s]', default=REMOTE_ADDR)
p.add_argument('-p', '--ping', action="store_true") # meg?
p.add_argument('--ping-indef', action="store_true")
p.add_argument('-q', '--search', help="search")
p.add_argument('--itype', help='filter by indicator type') ## need to fix sqlite for non-ascii stuff first
p.add_argument("--submit", action="store_true", help="submit an indicator")
p.add_argument('--limit', help='limit results [default %(default)s]', default=SEARCH_LIMIT)
p.add_argument('--reporttime', help='specify reporttime filter')
p.add_argument('-n', '--nolog', help='do not log search', action='store_true')
p.add_argument('-f', '--format', help='specify output format [default: %(default)s]"', default=FORMAT, choices=FORMATS.keys())
p.add_argument('--indicator')
p.add_argument('--tags', nargs='+')
p.add_argument('--provider')
p.add_argument('--confidence', help="specify confidence level")
p.add_argument('--tlp', help="specify traffic light protocol")
p.add_argument("--zmq", help="use zmq as a transport instead of http", action="store_true")
p.add_argument('--config', help='specify config file [default %(default)s]', default=CONFIG_PATH)
p.add_argument('--feed', action='store_true')
p.add_argument('--no-verify-ssl', action='store_true')
p.add_argument('--last-day', action="store_true", help='auto-sets reporttime to 23 hours and 59 seconds ago '
'(current time UTC) and reporttime-end to "now"')
p.add_argument('--last-hour', action='store_true', help='auto-sets reporttime to the beginning of the previous full'
' hour and reporttime-end to end of previous full hour')
p.add_argument('--days', help='filter results within last X days')
p.add_argument('--today', help='auto-sets reporttime to today, 00:00:00Z (UTC)', action='store_true')
p.add_argument('--columns', help='specify output columns [default %(default)s]', default=','.join(COLUMNS))
p.add_argument('--fields', help='same as --columns [default %(default)s]', default=','.join(COLUMNS))
p.add_argument('--asn')
p.add_argument('--cc')
p.add_argument('--asn-desc')
p.add_argument('--rdata')
p.add_argument('--no-feed', action='store_true')
p.add_argument('--region')
p.add_argument('--groups', help='specify groups filter (csv)')
p.add_argument('--delete', action='store_true')
p.add_argument('--id')
args = p.parse_args()
if args.fields != ','.join(COLUMNS):
args.columns = args.fields
setup_logging(args)
logger = logging.getLogger(__name__)
o = read_config(args)
options = vars(args)
# support for separate read and write tokens
if o.get('write_token') and options.get('submit'):
o['token'] = o['write_token']
elif o.get('read_token'):
o['token'] = o['read_token']
for v in options:
if v == 'remote' and options[v] == REMOTE_ADDR and o.get('remote'):
options[v] = o['remote']
if v == 'token' and o.get('token'):
options[v] = o['token']
if options[v] is None or options[v] == '':
options[v] = o.get(v)
if not options.get('token'):
raise RuntimeError('missing --token')
verify_ssl = True
if o.get('no_verify_ssl') or options.get('no_verify_ssl'):
verify_ssl = False
if options.get("zmq"):
from cifsdk.client.zeromq import ZMQ as ZMQClient
cli = ZMQClient(**options)
else:
from cifsdk.client.http import HTTP as HTTPClient
if args.remote == 'https://localhost':
verify_ssl = False
cli = HTTPClient(args.remote, args.token, verify_ssl=verify_ssl)
if options.get('ping') or options.get('ping_indef'):
logger.info('running ping')
n = 4
if args.ping_indef:
n = 999
try:
for num in range(0, n):
ret = cli.ping()
if ret != 0:
print("roundtrip: {} ms".format(ret))
select.select([], [], [], 1)
from time import sleep
sleep(1)
else:
logger.error('ping failed')
raise RuntimeError
except KeyboardInterrupt:
pass
raise SystemExit
if options.get("submit"):
print("submitting {0}".format(options.get("submit")))
i = Indicator(indicator=args.indicator, tags=args.tags, confidence=args.confidence, group=args.groups, tlp=args.tlp, provider=args.provider)
rv = cli.indicators_create(i)
print('success id: {}\n'.format(rv))
raise SystemExit
filters = {
'itype': options['itype'],
'limit': options['limit'],
'provider': options.get('provider'),
'indicator': options.get('search') or options.get('indicator'),
'nolog': options['nolog'],
'tags': options['tags'],
'confidence': options.get('confidence'),
'asn': options.get('asn'),
'asn_desc': options.get('asn_desc'),
'cc': options.get('cc'),
'region': options.get('region'),
'rdata': options.get('rdata'),
'reporttime': options.get('reporttime'),
'groups': options.get('groups'),
'tlp': options.get('tlp')
}
if args.last_day:
filters['days'] = '1'
del filters['reporttime']
if args.last_hour:
filters['hours'] = '1'
del filters['reporttime']
if args.days:
filters['days'] = args.days
del filters['reporttime']
if args.today:
now = arrow.utcnow()
filters['reporttime'] = '{0}Z'.format(now.format('YYYY-MM-DDT00:00:00'))
if filters.get('itype') and not filters.get('search') and not args.no_feed:
logger.info('setting feed flag by default, use --no-feed to override')
options['feed'] = True
if options.get("delete"):
if args.id:
filters = {'id': args.id}
filters = {f: filters[f] for f in filters if filters.get(f)}
print("deleting {0}".format(filters))
rv = cli.indicators_delete(filters)
print('deleted: {}'.format(rv))
raise SystemExit
if options.get('feed'):
if not filters.get('itype') and not ADVANCED:
print('\nmissing --itype\n\n')
raise SystemExit
if not filters.get('tags') and not ADVANCED:
print('\nmissing --tags [phishing|malware|botnet|scanner|pdns|whitelist|...]\n\n')
raise SystemExit
if not filters.get('confidence'):
filters['confidence'] = 8
if args.limit == SEARCH_LIMIT:
filters['limit'] = FEED_LIMIT
try:
rv = cli.feed(filters=filters)
except AuthError as e:
logger.error('unauthorized')
except KeyboardInterrupt:
pass
except Exception as e:
logger.error(e)
else:
print(FORMATS[options.get('format')](data=rv, cols=args.columns.split(',')))
raise SystemExit
try:
rv = cli.search(filters)
except AuthError as e:
logger.error('unauthorized')
except KeyboardInterrupt:
pass
except Exception as e:
import traceback
traceback.print_exc()
logger.error(e)
else:
print(FORMATS[options.get('format')](data=rv, cols=args.columns.split(',')))
def main():
p = get_argument_parser()
p = ArgumentParser(
description=textwrap.dedent('''\
example usage:
$ cif -q example.org -d
$ cif --search 1.2.3.0/24
$ cif --ping
'''),
formatter_class=RawDescriptionHelpFormatter,
prog='cif',
parents=[p]
)
p.add_argument('--token', help='specify api token', default=TOKEN)
p.add_argument('--remote', help='specify API remote [default %(default)s]', default=REMOTE_ADDR)
p.add_argument('-p', '--ping', action="store_true") # meg?
p.add_argument('-q', '--search', help="search")
p.add_argument('--itype', help='filter by indicator type') ## need to fix sqlite for non-ascii stuff first
p.add_argument("--submit", action="store_true", help="submit an indicator")
p.add_argument('--limit', help='limit results [default %(default)s]', default=SEARCH_LIMIT)
p.add_argument('-n', '--nolog', help='do not log search', action='store_true')
p.add_argument('-f', '--format', help='specify output format [default: %(default)s]"', default=FORMAT, choices=FORMATS.keys())
p.add_argument('--indicator')
p.add_argument('--tags', nargs='+')
p.add_argument('--provider')
p.add_argument("--zmq", help="use zmq as a transport instead of http", action="store_true")
p.add_argument('--config', help='specify config file [default %(default)s]', default=CONFIG_PATH)
args = p.parse_args()
setup_logging(args)
logger = logging.getLogger(__name__)
o = read_config(args)
options = vars(args)
for v in options:
if options[v] is None:
options[v] = o.get(v)
if not options.get('token'):
raise RuntimeError('missing --token')
verify_ssl = True
if o.get('no_verify_ssl') or options.get('no_verify_ssl'):
verify_ssl = False
options = vars(args)
if options.get("zmq"):
from cifsdk.client.zeromq import ZMQ as ZMQClient
cli = ZMQClient(**options)
else:
from cifsdk.client.http import HTTP as HTTPClient
cli = HTTPClient(args.remote, args.token, verify_ssl=verify_ssl)
if options.get('ping'):
logger.info('running ping')
for num in range(0, 4):
ret = cli.ping()
if ret != 0:
print("roundtrip: {} ms".format(ret))
select.select([], [], [], 1)
else:
logger.error('ping failed')
raise RuntimeError
elif options.get('itype'):
logger.info('searching for {}'.format(options['itype']))
try:
rv = cli.search({
'itype': options['itype'],
'limit': options['limit'],
'provider': options.get('provider')
})
except AuthError as e:
logger.error('unauthorized')
except RuntimeError as e:
import traceback
traceback.print_exc()
logger.error(e)
else:
print(FORMATS[options.get('format')](data=rv))
elif options.get('search'):
logger.info("searching for {0}".format(options.get("search")))
try:
rv = cli.indicators_search({
'indicator': options['search'],
'limit': options['limit'],
'nolog': options['nolog']
}
)
except RuntimeError as e:
import traceback
traceback.print_exc()
logger.error(e)
except AuthError as e:
logger.error('unauthorized')
else:
print(FORMATS[options.get('format')](data=rv))
elif options.get("submit"):
logger.info("submitting {0}".format(options.get("submit")))
rv = cli.submit(indicator=args.indicator, tags=args.tags)
