def display(self, module="INIT", ioc="", message_type="DEBUG", string=""):
exec('colorize = colors.%s' % message_type)
config = Config.get_instance()
if not config["debug"] and (message_type == "INFO"
or message_type == "DEBUG"):
pass
else:
if ioc != "":
if len(ioc) >= 67:
ioc = '%s%s...' % (ioc[:64], colors.NORMAL)
ioc_show = "{%s%s%s} " % (colors.INFO, ioc, colors.NORMAL)
else:
ioc_show = " "
output = "[%s][%s%s%s]%s%s%s%s" % (
module, colorize, message_type, colors.NORMAL, ioc_show,
colors.BOLD, string, colors.NORMAL)
if message_type == "FOUND":
if not exists(config["log_found_file"]):
open(config["log_found_file"], 'a').close()
chmod(config["log_found_file"], 0o777)
f = open(config["log_found_file"], 'a')
f.write(
"%s%s\n" %
(datetime.now().strftime('[%d-%m-%Y %H:%M:%S]'), output))
f.close()
print(output)
def allowedToSearch(self, status):
config = Config.get_instance()
"""
Input: "Online", "Onpremises"
"""
if status == "Onpremises":
'''
here the modules claims to be related to an on premises service
, i.e. being inside researcher nertwork, so we allow the lookup
modules: misp, cuckoo
'''
return True
elif status == "Online" and not config["offline"]:
'''
the modules claims to be online, and user _do not_ asked the
lookup to be performed offline
thus it is allowed to perform if online
'''
return True
'''
if none of previous case, lookup forbidden
'''
return False
'''
def __init__(self, iocs):
config = Config.get_instance()
if not exists(config["log_search_file"]):
open(config["log_search_file"], 'a').close()
chmod(config["log_search_file"], 0o777)
f = open(config["log_search_file"], 'a')
for ioc in iocs:
f.write("%s %s\n" %
(datetime.now().strftime('[%d-%m-%Y %H:%M:%S]'), ioc))
f.close()
def __init__(self, args):
config = Config.get_instance()
if not exists(config["log_search_file"]):
open(config["log_search_file"], 'a').close()
chmod(config["log_search_file"], 0o777)
f = open(config["log_search_file"], 'a')
if args.file == "False" :
for ioc in args.observables :
f.write("%s %s\n"%(datetime.now().strftime('[%d-%m-%Y %H:%M:%S]'), ioc))
f.close()
else :
for file in args.observables :
with open(file, "r") as f2 :
for ioc in f2.readlines():
f.write("%s %s\n" % (datetime.now().strftime('[%d-%m-%Y %H:%M:%S]'), ioc.strip('\n')))
f.close()
class colors:
config = Config.get_instance()
if system() == "Windows" or config["terminal_color"] is False:
DEBUG = ''
INFO = ''
FOUND = ''
WARNING = ''
ERROR = ''
NORMAL = ''
BOLD = ''
else:
DEBUG = '\033[95m'
INFO = '\033[94m'
FOUND = '\033[92m'
WARNING = '\033[93m'
ERROR = '\033[91m'
NORMAL = '\033[0m'
BOLD = '\033[1m'
def __init__(self, module_name, url, filename, search_method):
self.config = Config.get_instance()
self.module_name = module_name
self.url = url
self.filename = self.new_filename = filename
self.temp_folder = "%s%s/" % (self.config["temporary_cache_path"],
self.module_name)
position = 0
filename_copy = self.filename
if not self.filename.isalnum():
filename_copy = self.filename.replace("_", "")
for pos, char in enumerate(filename_copy):
if not char.isalnum() and char != '.':
position = pos
self.new_filename = filename_copy[position:]
self.temp_file = "%s%s" % (self.temp_folder, self.new_filename)
self.createModuleFolder()
if self.checkIfUpdate():
if mod.allowedToSearch(search_method):
self.downloadFile()
self.content = self.getContent()
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
import os
from platform import system
from re import findall
from requests import get
from config_parser import Config
from lib.io import module as mod
cfg = Config.get_instance()
if system() != "Windows":
import requests_cache
requests_cache.install_cache('%sBTG' % cfg["sqlite_path"])
class Malekal:
"""
This module allow you to search IOC in Malekal website (HTTP Requests)
or local directory specified in BTG configuration file.
"""
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
if "malekal_local" in self.config and "malekal_remote" in self.config:
if self.config[
