def misp(self, option, verbose=False, submit=False): if option == 'download_all': for event in self._get_local_events(os.path.join(self.cur_path, 'misp_events')): self._download_hashes(MispEvent(event), False) return if not __sessions__.is_attached_misp(): return if option == 'hashes': ehashes, shashes = __sessions__.current.misp_event.get_all_hashes() to_scan = sorted(ehashes + shashes, key=len) while to_scan: h = to_scan.pop() response = self.scan(h, verbose) if response and not isinstance(response, bool): to_scan = [eh for eh in to_scan if eh not in response] elif option == 'download': self._download_hashes(__sessions__.current.misp_event, verbose) elif option == "ips": ips = __sessions__.current.misp_event.get_all_ips() for ip in ips: self.pdns_ip(ip, verbose) elif option == "domains": domains = __sessions__.current.misp_event.get_all_domains() for d in domains: self.pdns_domain(d, verbose) elif option == "urls": urls = __sessions__.current.misp_event.get_all_urls() for u in urls: self.url(u, verbose, submit)
def add_file(obj, tags=None): if get_sample_path(obj.sha256): self.log('warning', "Skip, file \"{0}\" appears to be already stored".format(obj.name)) return False if __sessions__.is_attached_misp(quiet=True): if tags is not None: tags += ',misp:{}'.format(__sessions__.current.misp_event.event.id) else: tags = 'misp:{}'.format(__sessions__.current.misp_event.event.id) # Try to store file object into database. status = db.add(obj=obj, tags=tags) if status: # If succeeds, store also in the local repository. # If something fails in the database (for example unicode strings) # we don't want to have the binary lying in the repository with no # associated database record. new_path = store_sample(obj) self.log("success", "Stored file \"{0}\" to {1}".format(obj.name, new_path)) else: return False # Delete the file if requested to do so. if args.delete: try: os.unlink(obj.path) except Exception as e: self.log('warning', "Failed deleting file: {0}".format(e)) return True
def store(self): try: event_path = os.path.join(self.cur_path, 'misp_events') if not os.path.exists(event_path): os.mkdir(event_path) if self.args.list: header = ['Event ID', 'Title'] rows = [] for eid, path, title in self._get_local_events(event_path): rows.append((eid, title)) self.log('table', dict(header=header, rows=sorted(rows, key=lambda i: (int(i[0]))))) elif self.args.update: for eid, path, title in self._get_local_events(event_path): event = self.misp.get(eid) with open(path, 'w') as f: f.write(json.dumps(event)) self.log('success', '{} updated successfully.'.format(eid)) elif self.args.delete: path = os.path.join(event_path, '{}.json'.format(self.args.delete)) if os.path.exists(path): os.remove(path) self.log('success', '{} removed successfully.'.format(self.args.delete)) else: self.log('error', '{} does not exists.'.format(self.args.delete)) elif self.args.open: path = os.path.join(event_path, '{}.json'.format(self.args.open)) if os.path.exists(path): e_json = json.loads(open(path, 'r').read()) __sessions__.new(misp_event=MispEvent(e_json)) else: self.log('error', '{} does not exists.'.format(self.args.open)) elif __sessions__.is_attached_misp(): self._dump(__sessions__.current.misp_event.event) except IOError as e: self.log('error', e.strerror)
def _dump(self, event=None): event_path = os.path.join(self.cur_path, 'misp_events') if not os.path.exists(event_path): os.makedirs(event_path) if not event: to_dump = __sessions__.current.misp_event.event elif isinstance(event, MISPEvent): to_dump = event else: to_dump = MISPEvent() to_dump.load(event) if to_dump.id: filename = str(to_dump.id) elif (__sessions__.is_attached_misp(True) and __sessions__.current.misp_event.current_dump_file): filename = __sessions__.current.misp_event.current_dump_file else: i = 1 while True: filename = 'new_event_{}.json'.format(i) if not os.path.exists(os.path.join(event_path, filename)): break i += 1 path = os.path.join(event_path, filename) with open(path, 'w') as f: f.write(to_dump.to_json()) self.log('success', '{} stored successfully.'.format(filename.rstrip('.json'))) return filename
def _get_eventid(self, quiet=False): if vars(self.args).get('event'): return self.args.event else: # Get current event ID if possible if not __sessions__.is_attached_misp(quiet): return None return __sessions__.current.misp_event.event.id
def misp(self, option): if not __sessions__.is_attached_misp(): return if option == 'ips': ips = __sessions__.current.misp_event.get_all_ips() for ip in ips: self.query_ip(ip)
def misp(self, option, verbose=False): if not __sessions__.is_attached_misp(): return if option == 'ips': ips = __sessions__.current.misp_event.get_all_ips() for ip in ips: self.query(ip, verbose) elif option == 'domains': domains = __sessions__.current.misp_event.get_all_domains() for d in domains: self.query(d, verbose)
def _display_tmp_files(self): cureid = None if __sessions__.is_attached_misp(True): cureid = __sessions__.current.misp_event.event.id header = ['Sample ID', 'Current', 'Event ID', 'Filename'] rows = [] i = 0 tmp_samples = self._load_tmp_samples() if len(tmp_samples) == 0: self.log('warning', 'No temporary samples available.') return for eid, path, name in tmp_samples: if eid == cureid: rows.append((i, '*', eid, name)) else: rows.append((i, '', eid, name)) i += 1 self.log('table', dict(header=header, rows=rows))
def _display_tmp_files(self): cureid = None if __sessions__.is_attached_misp(True): cureid = self._get_eventid() header = ["Sample ID", "Current", "Event ID", "Filename"] rows = [] i = 0 tmp_samples = self._load_tmp_samples() if len(tmp_samples) == 0: self.log("warning", "No temporary samples available.") return for eid, path, name in tmp_samples: if eid == cureid: rows.append((i, "*", eid, name)) else: rows.append((i, "", eid, name)) i += 1 self.log("table", dict(header=header, rows=rows))
def download(self, filehash, open_session=True, force_eid=None, verbose=True): # FIXME: private and intel API are inconsistent to save a file. samples_path = os.path.join(self.cur_path, 'vt_samples') if __sessions__.is_attached_misp(True): samples_path = os.path.join(samples_path, __sessions__.current.misp_event.event.id) elif force_eid: samples_path = os.path.join(samples_path, force_eid) if not os.path.exists(samples_path): os.makedirs(samples_path) filename = os.path.join(samples_path, filehash) if os.path.exists(filename): self.log('info', '{} has already been downloaded.'.format(filehash)) return if cfg.virustotal.virustotal_has_private_key: response = self.vt.get_file(filehash) if not self._has_fail(response): with open(filename, 'w') as f: f.write(response) else: return elif cfg.virustotal.virustotal_has_intel_key: response = self.vt_intel.get_file(filehash, samples_path) if self._has_fail(response): return else: self.log('error', 'This command requires virustotal private ot intelligence API key') return if open_session: return __sessions__.new(filename) self.log('success', 'Successfully downloaded {}'.format(filehash)) if verbose: self._display_tmp_files()
def run(self): super(VirusTotal, self).run() if self.args is None: return if not HAVE_VT: self.log('error', "Missing dependency, install virustotal-api (`pip install virustotal-api`)") return to_search = None path_to_submit = None if self.args.misp: self.misp(self.args.misp, self.args.verbose, self.args.submit) elif self.args.ip: self.pdns_ip(self.args.ip, self.args.verbose) elif self.args.domain: self.pdns_domain(self.args.domain, self.args.verbose) elif self.args.url: self.url(self.args.url, self.args.verbose, self.args.submit) elif self.args.download_list: self._display_tmp_files() elif self.args.download_open is not None: tmp_samples = self._load_tmp_samples() try: eid, path, name = tmp_samples[self.args.download_open] if eid: if __sessions__.is_attached_misp(quiet=True): if __sessions__.current.misp_event.event.id != int(eid): self.log('warning', 'You opened a sample related to a MISP event different than the one you are currently connected to: {}.'.format(eid)) else: self.log('success', 'You opened a sample related to the current MISP event.') else: self.log('warning', 'This samples is linked to the MISP event {eid}. You may want to run misp pull {eid}'.format(eid=eid)) return __sessions__.new(path) except IndexError: self.log('error', 'Invalid id, please use virustotal -dl.') elif self.args.download_open_name is not None: tmp_samples = self._load_tmp_samples() try: for tmp_sample in tmp_samples: eid, path, name = tmp_sample if name == self.args.download_open_name: if eid: if __sessions__.is_attached_misp(quiet=True): if __sessions__.current.misp_event.event.id != int(eid): self.log('warning', 'You opened a sample related to a MISP event different than the one you are currently connected to: {}.'.format(eid)) else: self.log('success', 'You opened a sample related to the current MISP event.') else: self.log('warning', 'This samples is linked to the MISP event {eid}. You may want to run misp pull {eid}'.format(eid=eid)) return __sessions__.new(path) except IndexError: self.log('error', 'Invalid id, please use virustotal -dl.') elif self.args.download_delete is not None: if self.args.download_delete == 'all': samples_path = os.path.join(self.cur_path, 'vt_samples') if os.path.exists(samples_path): shutil.rmtree(samples_path) self.log('success', 'Successfully removed {}'.format(samples_path)) else: self.log('error', '{} does not exists'.format(samples_path)) else: tmp_samples = self._load_tmp_samples() try: eid, path, name = tmp_samples[int(self.args.download_delete)] os.remove(path) self.log('success', 'Successfully removed {}'.format(path)) except: self.log('error', 'Invalid id, please use virustotal -dl.') elif self.args.search: to_search = self.args.search elif __sessions__.is_attached_file(): to_search = __sessions__.current.file.md5 if self.args.submit and __sessions__.is_attached_file(): path_to_submit = __sessions__.current.file.path if to_search: self.scan(to_search, self.args.verbose, self.args.submit, path_to_submit) if self.args.download: self.download(to_search, self.args.verbose) if self.args.comment: response = self.vt.put_comments(to_search, ' '.join(self.args.comment)) if not self._has_fail(response): self.log('info', ("{}: {}".format(bold("VirusTotal message"), response['results']['verbose_msg'])))
def run(self): super(VirusTotal, self).run() if self.args is None: return if not HAVE_VT: self.log('error', "Missing dependency, install virustotal-api (`pip install virustotal-api`)") return to_search = None path_to_submit = None if self.args.misp: self.misp(self.args.misp, self.args.verbose, self.args.submit) elif self.args.ip: self.pdns_ip(self.args.ip, self.args.verbose) elif self.args.domain: self.pdns_domain(self.args.domain, self.args.verbose) elif self.args.url: self.url(self.args.url, self.args.verbose, self.args.submit) elif self.args.download_list: self._display_tmp_files() elif self.args.download_open is not None: tmp_samples = self._load_tmp_samples() try: eid, path, name = tmp_samples[self.args.download_open] if eid: if __sessions__.is_attached_misp(quiet=True): if __sessions__.current.misp_event.event.id != int(eid): self.log('warning', 'You opened a sample related to a MISP event different than the one you are currently connected to: {}.'.format(eid)) # noqa else: self.log('success', 'You opened a sample related to the current MISP event.') else: self.log('warning', 'This samples is linked to the MISP event {eid}. You may want to run misp pull {eid}'.format(eid=eid)) # noqa return __sessions__.new(path) except IndexError: self.log('error', 'Invalid id, please use virustotal -dl.') elif self.args.download_open_name is not None: tmp_samples = self._load_tmp_samples() try: for tmp_sample in tmp_samples: eid, path, name = tmp_sample if name == self.args.download_open_name: if eid: if __sessions__.is_attached_misp(quiet=True): if __sessions__.current.misp_event.event.id != int(eid): self.log('warning', 'You opened a sample related to a MISP event different than the one you are currently connected to: {}.'.format(eid)) # noqa else: self.log('success', 'You opened a sample related to the current MISP event.') else: self.log('warning', 'This samples is linked to the MISP event {eid}. You may want to run misp pull {eid}'.format(eid=eid)) # noqa return __sessions__.new(path) except IndexError: self.log('error', 'Invalid id, please use virustotal -dl.') elif self.args.download_delete is not None: if self.args.download_delete == 'all': samples_path = os.path.join(self.cur_path, 'vt_samples') if os.path.exists(samples_path): shutil.rmtree(samples_path) self.log('success', 'Successfully removed {}'.format(samples_path)) else: self.log('error', '{} does not exists'.format(samples_path)) else: tmp_samples = self._load_tmp_samples() try: eid, path, name = tmp_samples[int(self.args.download_delete)] os.remove(path) self.log('success', 'Successfully removed {}'.format(path)) except: self.log('error', 'Invalid id, please use virustotal -dl.') elif self.args.search: to_search = self.args.search elif __sessions__.is_attached_file(): to_search = __sessions__.current.file.md5 if self.args.submit and __sessions__.is_attached_file(): path_to_submit = __sessions__.current.file.path if to_search: self.scan(to_search, self.args.verbose, self.args.submit, path_to_submit) if self.args.download: self.download(to_search, self.args.verbose) if self.args.comment: response = self.vt.put_comments(to_search, ' '.join(self.args.comment)) if not self._has_fail(response): self.log('info', ("{}: {}".format(bold("VirusTotal message"), response['results']['verbose_msg'])))
def run(self): super(MISP, self).run() if self.args is None: return if not HAVE_PYMISP: self.log('error', "Missing dependency, install pymisp (`pip install pymisp`)") return if self.args.url is None: self.url = cfg.misp.misp_url else: self.url = self.args.url if self.args.key is None: self.key = cfg.misp.misp_key else: self.key = self.args.key if self.url is None: self.log('error', "This command requires the URL of the MISP instance you want to query.") return if self.key is None: self.log('error', "This command requires a MISP private API key.") return if not self.args.verify: verify = False else: verify = cfg.misp.misp_verify try: self.misp = PyMISP(self.url, self.key, verify, 'json') except PyMISPError as e: self.log('error', e.message) return # Require an open MISP session if self.args.subname in ['add', 'show', 'publish'] and not __sessions__.is_attached_misp(): return # Require an open file session if self.args.subname in ['upload'] and not __sessions__.is_attached_file(): return try: if self.args.subname == 'upload': self.upload() elif self.args.subname == 'search': self.searchall() elif self.args.subname == 'download': self.download() elif self.args.subname == 'check_hashes': self.check_hashes() elif self.args.subname == 'yara': self.yara() elif self.args.subname == 'pull': self.pull() elif self.args.subname == 'create_event': self.create_event() elif self.args.subname == 'add': self.add() elif self.args.subname == 'show': self.show() elif self.args.subname == 'open': self.open() elif self.args.subname == 'publish': self.publish() elif self.args.subname == 'version': self.version() elif self.args.subname == 'store': self.store() else: self.log('error', "No calls defined for this command.") except requests.exceptions.HTTPError as e: self.log('error', e)
def tag(self): if not HAVE_PYTAX: self.log('error', "Missing dependency, install PyTaxonomies (`pip install git+https://github.com/MISP/PyTaxonomies.git`)") return try: taxonomies = Taxonomies(manifest_path=os.path.join(self.local_dir_taxonomies, 'MANIFEST.json')) except Exception as e: self.log('error', 'Unable to open the taxonomies, please fix the config file ([misp] - misp_taxonomies_directory): {}'.format(e)) return if self.args.list: self.log('table', dict(header=['Name', 'Description'], rows=[(title, tax.description) for title, tax in taxonomies.items()])) elif self.args.search: matches = taxonomies.search(self.args.search) if not matches: self.log('error', 'No tags matching "{}".'.format(self.args.search)) return self.log('success', 'Tags matching "{}":'.format(self.args.search)) for t in taxonomies.search(self.args.search): self.log('item', t) elif self.args.details: taxonomy = taxonomies.get(self.args.details) if not taxonomy: self.log('error', 'No taxonomy called "{}".'.format(self.args.details)) return if taxonomy.description: self.log('info', taxonomy.description) elif taxonomy.expanded: self.log('info', taxonomy.expanded) if taxonomy.refs: self.log('info', 'References:') for r in taxonomy.refs: self.log('item', r) if not taxonomy.has_entries(): header = ['Description', 'Predicate', 'Machinetag'] rows = [] for p in taxonomy.predicates.values(): rows.append([p.description, p.predicate, taxonomy.make_machinetag(p)]) self.log('table', dict(header=header, rows=rows)) else: for p in taxonomy.predicates.values(): if p.description: self.log('info', p.description) elif p.expanded: self.log('info', p.expanded) else: self.log('info', p.predicate) if not p.entries: self.log('item', taxonomy.make_machinetag(p)) else: header = ['Description', 'Predicate', 'Machinetag'] rows = [] for e in p.entries.values(): if e.description: descr = e.description else: descr = e.expanded rows.append([descr, e.value, taxonomy.make_machinetag(p, e)]) self.log('table', dict(header=header, rows=rows)) elif self.args.event: if not __sessions__.is_attached_misp(): return try: taxonomies.revert_machinetag(self.args.event) except: self.log('error', 'Not a valid machine tag available in misp-taxonomies: "{}".'.format(self.args.event)) return __sessions__.current.misp_event.event.add_tag(self.args.event) self._change_event() elif self.args.attribute: if not __sessions__.is_attached_misp(): return identifier, tag = self.args.attribute try: taxonomies.revert_machinetag(tag) except: self.log('error', 'Not a valid machine tag available in misp-taxonomies: "{}".'.format(tag)) return __sessions__.current.misp_event.event.add_attribute_tag(tag, identifier) self._change_event()
def store(self): try: event_path = os.path.join(self.cur_path, 'misp_events') if not os.path.exists(event_path): os.mkdir(event_path) if self.args.list: header = ['Event ID', 'Title'] rows = [] for eid, path, title in self._get_local_events(event_path): rows.append((eid, title)) self.log('table', dict(header=header, rows=sorted(rows, key=lambda i: (int(i[0].split('_')[-1]))))) elif self.args.update: if self.offline_mode: self.log('error', 'Offline mode, cannot update locally stored events.') return for eid, path, title in self._get_local_events(event_path): event = self.misp.get(eid) with open(path, 'w') as f: f.write(json.dumps(event)) self.log('success', '{} updated successfully.'.format(eid)) elif self.args.sync: if self.offline_mode: self.log('error', 'Offline mode, cannot synchronize locally stored events.') return for eid, path, title in self._get_local_events(event_path): __sessions__.close() event = MISPEvent() event.load(path) if 'new_event_' in path: event = self.misp.add_event(json.dumps(event, cls=EncodeUpdate)) try: self._dump(event) os.remove(path) except Exception as e: self.log('error', 'Unable to create new event: {}.'.format(e)) else: eid = event.id try: event = self.misp.update(event._json()) except Exception as e: self.log('error', 'Unable to update event {}: {}.'.format(eid, e)) if self._has_error_message(event): return elif self.args.delete: path = os.path.join(event_path, '{}.json'.format(self.args.delete)) if os.path.exists(path): os.remove(path) self.log('success', '{} removed successfully.'.format(self.args.delete)) else: self.log('error', '{} does not exists.'.format(self.args.delete)) elif self.args.open: filename = '{}.json'.format(self.args.open) path = os.path.join(event_path, filename) if os.path.exists(path): try: with open(path, 'r') as f: e_json = json.load(f) __sessions__.new(misp_event=MispEvent(e_json, self.offline_mode)) __sessions__.current.misp_event.current_dump_file = filename except Exception as e: self.log('error', 'Unable to open {}: {}'.format(path, e)) else: self.log('error', '{} does not exists.'.format(self.args.open)) elif __sessions__.is_attached_misp(): self._dump() except IOError as e: self.log('error', e.strerror)
def run(self): super(MISP, self).run() if self.args is None: return if not HAVE_PYMISP: self.log("error", "Missing dependency, install pymisp (`pip install pymisp`)") return if self.args.url is None: self.url = cfg.misp.misp_url else: self.url = self.args.url if self.args.key is None: self.key = cfg.misp.misp_key else: self.key = self.args.key if self.url is None: self.log("error", "This command requires the URL of the MISP instance you want to query.") return if self.key is None: self.log("error", "This command requires a MISP private API key.") return if not self.args.verify: verify = False else: verify = cfg.misp.misp_verify try: self.misp = PyMISP(self.url, self.key, verify, "json") except PyMISPError as e: self.log("error", e.message) return # Require an open MISP session if self.args.subname in ["add", "show", "publish"] and not __sessions__.is_attached_misp(): return # Require an open file session if self.args.subname in ["upload"] and not __sessions__.is_attached_file(): return try: if self.args.subname == "upload": self.upload() elif self.args.subname == "search": self.searchall() elif self.args.subname == "download": self.download() elif self.args.subname == "check_hashes": self.check_hashes() elif self.args.subname == "yara": self.yara() elif self.args.subname == "pull": self.pull() elif self.args.subname == "create_event": self.create_event() elif self.args.subname == "add": self.add() elif self.args.subname == "show": self.show() elif self.args.subname == "open": self.open() elif self.args.subname == "publish": self.publish() elif self.args.subname == "version": self.version() elif self.args.subname == "store": self.store() else: self.log("error", "No calls defined for this command.") except requests.exceptions.HTTPError as e: self.log("error", e)
def run(self): super(MISP, self).run() if self.args is None: return if not HAVE_PYMISP: self.log('error', "Missing dependency, install pymisp (`pip install pymisp`)") return self.offline_mode = False if self.args.on: self.offline_mode = False if __sessions__.is_attached_misp(True): __sessions__.current.misp_event.off = False elif self.args.off or (__sessions__.is_attached_misp(True) and __sessions__.current.misp_event.off): self.offline_mode = True if __sessions__.is_attached_misp(True): __sessions__.current.misp_event.off = True self.url = self.args.url if self.url is None: self.url = cfg.misp.misp_url if self.url is None: self.log('error', "This command requires the URL of the MISP instance you want to query.") return self.key = self.args.key if self.key is None: self.key = cfg.misp.misp_key if self.key is None: self.log('error', "This command requires a MISP private API key.") return if not self.args.verify: verify = False else: verify = cfg.misp.tls_verify # Capture default distribution and sharing group settings. Backwards compatability and empty string check self.distribution = cfg.misp.get("misp_distribution", None) self.distribution = None if self.distribution == "" else self.distribution if type(self.distribution) not in (type(None), int): self.distribution = None self.log('info', "The distribution stored in viper config is not an integer, setting to None") self.sharinggroup = cfg.misp.get("misp_sharinggroup", None) self.sharinggroup = None if self.sharinggroup == "" else self.sharinggroup if type(self.sharinggroup) not in (type(None), int): self.sharinggroup = None self.log('info', "The sharing group stored in viper config is not an integer, setting to None") if not self.offline_mode: try: self.misp = PyMISP(self.url, self.key, ssl=verify, proxies=cfg.misp.proxies, cert=cfg.misp.cert) except PyMISPError as e: self.log('error', e.message) return # Require an open MISP session if self.args.subname in ['add_hashes', 'add', 'show', 'publish'] and not __sessions__.is_attached_misp(): return # Require an open file session if self.args.subname in ['upload'] and not __sessions__.is_attached_file(): return try: if self.args.subname == 'upload': self.upload() elif self.args.subname == 'search': self.searchall() elif self.args.subname == 'download': self.download() elif self.args.subname == 'check_hashes': self.check_hashes() elif self.args.subname == 'yara': self.yara() elif self.args.subname == 'pull': self.pull() elif self.args.subname == 'create_event': self.create_event() elif self.args.subname == 'add': self.add() elif self.args.subname == 'add_hashes': self.add_hashes() elif self.args.subname == 'show': self.show() elif self.args.subname == 'open': self.open_samples() elif self.args.subname == 'publish': self.publish() elif self.args.subname == 'version': self.version() elif self.args.subname == 'store': self.store() elif self.args.subname == 'tag': self.tag() elif self.args.subname == 'galaxies': self.galaxies() elif self.args.subname == 'admin': self.admin() else: self.log('error', "No calls defined for this command.") except requests.exceptions.HTTPError as e: self.log('error', e)
def run(self): super(MISP, self).run() if self.args is None: return if not HAVE_PYMISP: self.log('error', "Missing dependency, install pymisp (`pip install pymisp`)") return self.offline_mode = False if self.args.on: self.offline_mode = False if __sessions__.is_attached_misp(True): __sessions__.current.misp_event.off = False elif self.args.off or (__sessions__.is_attached_misp(True) and __sessions__.current.misp_event.off): self.offline_mode = True if __sessions__.is_attached_misp(True): __sessions__.current.misp_event.off = True self.url = self.args.url if self.url is None: self.url = cfg.misp.misp_url if self.url is None: self.log('error', "This command requires the URL of the MISP instance you want to query.") return self.key = self.args.key if self.key is None: self.key = cfg.misp.misp_key if self.key is None: self.log('error', "This command requires a MISP private API key.") return if not self.args.verify: verify = False else: verify = cfg.misp.tls_verify # Capture default distribution and sharing group settings. Backwards compatability and empty string check self.distribution = cfg.misp.get("misp_distribution", None) self.distribution = None if self.distribution == "" else self.distribution if type(self.distribution) not in (type(None), int): self.distribution = None self.log('info', "The distribution stored in viper config is not an integer, setting to None") self.sharinggroup = cfg.misp.get("misp_sharinggroup", None) self.sharinggroup = None if self.sharinggroup == "" else self.sharinggroup if type(self.sharinggroup) not in (type(None), int): self.sharinggroup = None self.log('info', "The sharing group stored in viper config is not an integer, setting to None") if not self.offline_mode: try: self.misp = ExpandedPyMISP(self.url, self.key, ssl=verify, proxies=cfg.misp.proxies, cert=cfg.misp.cert) except PyMISPError as e: self.log('error', e.message) return # Require an open MISP session if self.args.subname in ['add_hashes', 'add', 'show', 'publish'] and not __sessions__.is_attached_misp(): return # Require an open file session if self.args.subname in ['upload'] and not __sessions__.is_attached_file(): return try: if self.args.subname == 'upload': self.upload() elif self.args.subname == 'search': self.searchall() elif self.args.subname == 'download': self.download() elif self.args.subname == 'check_hashes': self.check_hashes() elif self.args.subname == 'yara': self.yara() elif self.args.subname == 'pull': self.pull() elif self.args.subname == 'create_event': self.create_event() elif self.args.subname == 'add': self.add() elif self.args.subname == 'add_hashes': self.add_hashes() elif self.args.subname == 'show': self.show() elif self.args.subname == 'open': self.open_samples() elif self.args.subname == 'publish': self.publish() elif self.args.subname == 'version': self.version() elif self.args.subname == 'store': self.store() elif self.args.subname == 'tag': self.tag() elif self.args.subname == 'galaxies': self.galaxies() elif self.args.subname == 'admin': self.admin() else: self.log('error', "No calls defined for this command.") except requests.exceptions.HTTPError as e: self.log('error', e)