本文整理汇总了Python中cortexutils.analyzer.Analyzer.run方法的典型用法代码示例。如果您正苦于以下问题:Python Analyzer.run方法的具体用法?Python Analyzer.run怎么用?Python Analyzer.run使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cortexutils.analyzer.Analyzer的用法示例。
在下文中一共展示了Analyzer.run方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
if self.data_type == 'file':
hashes = self.get_param('attachment.hashes', None)
if hashes is None:
filepath = self.get_param('file', None, 'File is missing')
hash = hashlib.sha256(open(filepath, 'r').read()).hexdigest();
else:
# find SHA256 hash
hash = next(h for h in hashes if len(h) == 64)
self.otx_query_file(hash)
elif self.data_type == 'url':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_url(data)
elif self.data_type == 'domain':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_domain(data)
elif self.data_type == 'ip':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_ip(data)
elif self.data_type == 'hash':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_file(data)
else:
self.error('Invalid data type')示例2: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
if self.data_type == 'ip':
try:
data = self.get_data()
city = geoip2.database.Reader(os.path.dirname(__file__) + '/GeoLite2-City.mmdb').city(data)
self.report({
'city': self.dump_city(city.city),
'continent': self.dump_continent(city.continent),
'country': self.dump_country(city.country),
'location': self.dump_location(city.location),
'registered_country': self.dump_country(city.registered_country),
'represented_country': self.dump_country(city.represented_country),
'subdivisions': self.dump_country(city.subdivisions.most_specific),
'traits': self.dump_traits(city.traits)
})
except ValueError as e:
self.error('Invalid IP address')
except AddressNotFoundError as e:
self.error('Unknown IP address')
except Exception as e:
self.unexpectedError(type(e))
else:
self.notSupported()示例3: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
if self.service == 'domainsearch' and (self.data_type == 'domain' or self.data_type == 'fqdn'):
try:
offset = 0
firstResponse = requests.get("{}domain-search?domain={}&api_key={}&limit=100&offset={}".format(self.URI, self.get_data(), self.key, offset))
firstResponse = firstResponse.json()
if firstResponse.get('meta'):
meta = firstResponse.get('meta')
while meta.get('results') > offset:
offset = meta.get('limit') + meta.get('offset')
additionalResponse = requests.get("{}domain-search?domain={}&api_key={}&limit=100&offset={}".format(
self.URI, self.get_data(), self.key, offset))
additionalResponse = additionalResponse.json()
meta = additionalResponse.get('meta')
firstResponse['data']['emails'] += additionalResponse['data']['emails']
self.report(firstResponse)
except Exception as e:
self.unexpectedError(e)
else:
self.notSupported()示例4: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
if self.data_type == 'file':
hashes = self.get_param('attachment.hashes', None)
if hashes is None:
filepath = self.get_param('file', None, 'File is missing')
sha256 = hashlib.sha256()
with io.open(filepath, 'rb') as fh:
while True:
data = fh.read(4096)
if not data:
break
sha256.update(data)
hash = sha256.hexdigest()
else:
# find SHA256 hash
hash = next(h for h in hashes if len(h) == 64)
self.otx_query_file(hash)
elif self.data_type == 'url':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_url(data)
elif self.data_type == 'domain':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_domain(data)
elif self.data_type == 'ip':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_ip(data)
elif self.data_type == 'hash':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_file(data)
else:
self.error('Invalid data type')示例5: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
if self.service == 'ThreatScore' and (self.data_type == 'domain' or self.data_type == 'ip'):
try:
response = requests.get("{}{}".format(self.URI, self.get_data()))
result = response.json()
self.report(result if len(result) > 0 else {})
except Exception as e:
self.unexpectedError(e)
else:
self.notSupported()示例6: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
if self.data_type == 'domain' or self.data_type == 'ip' or self.data_type == 'mail':
threatcrowd_data_type = self.data_type if self.data_type != 'mail' else 'email'
try:
response = requests.get("{}/{}/report/".format(self.URI, threatcrowd_data_type),
{threatcrowd_data_type: self.get_data()})
self.report(response.json())
except Exception as e:
self.unexpectedError(e)
else:
self.notSupported()示例7: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
info = {}
try:
if self.data_type != 'file':
object_name = self.get_data()
if self.data_type in ['domain', 'fqdn']:
url = "https://api.emergingthreats.net/v1/domains/"
features = {'reputation', 'urls', 'samples', 'ips', 'events', 'nameservers', 'whois', 'geoloc'}
elif self.data_type == 'ip':
url = "https://api.emergingthreats.net/v1/ips/"
features = {'reputation', 'urls', 'samples', 'domains', 'events', 'geoloc'}
elif self.data_type == 'hash':
url = "https://api.emergingthreats.net/v1/samples/"
features = {'', 'connections', 'dns', 'http', 'events'}
elif self.data_type == 'file':
url = "https://api.emergingthreats.net/v1/samples/"
features = {'', 'connections', 'dns', 'http', 'events'}
hashes = self.get_param('attachment.hashes', None)
if hashes is None:
filepath = self.get_param('file', None, 'File is missing')
object_name = hashlib.md5(open(filepath, 'r').read()).hexdigest()
else:
# find MD5 hash
object_name = next(h for h in hashes if len(h) == 32)
else:
self.error('Invalid data type !')
for feature in features:
end = '/' if feature else ''
time.sleep(1)
r = self.session.get(url + object_name + end + feature)
if feature == '':
feature = 'main'
r_json = r.json()
if r.status_code == 200 and r_json['response'] not in [{}, []]:
info[feature] = r_json['response']
elif r.status_code != 200:
info[feature] = "Error"
else:
info[feature] = "-"
self.report(info)
except Exception as e:
self.unexpectedError(e)示例8: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
if self.data_type == 'domain':
try:
data = self.getData()
mydata = data
self.report({
'certobj': self.dump_data(mydata)
})
except Exception as e:
self.unexpectedError(e)
else:
self.notSupported()示例9: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
data = self.get_data()
try:
p = PyEUPI(self.phishinginitiative_key)
api_response = p.lookup(url=data)
if "status" in api_response and api_response["status"] != 200:
self.error(api_response["message"])
else:
self.report(api_response["results"][0])
except Exception:
self.unexpectedError("Service unavailable")示例10: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
if self.data_type == 'domain' or self.data_type == 'url':
try:
pattern = re.compile("(?:Category: )([\w\s]+)")
baseurl = 'https://www.fortiguard.com/webfilter?q='
url = baseurl + self.get_data()
req = requests.get(url)
category_match = re.search(pattern, req.content, flags=0)
self.report({
'category': category_match.group(1)
})
except ValueError as e:
self.unexpectedError(e)
else:
self.notSupported()示例11: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
url = self.get_data()
if len(re.findall(
r"^(http:\/\/)?(https:\/\/)?[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(:[0-9]{1,5})?(\/)?$",
url)) > 0 \
or len(re.findall(r"^(http:\/\/)?(https:\/\/)?.+:[0-9]{1,5}$", url)) \
or len(re.findall(r'^(http:\/\/\[)?(https:\/\/\[)('
'([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|'
'([0-9a-fA-F]{1,4}:){1,7}:|'
'([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|'
'([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|'
'([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|'
'([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|'
'([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|'
'[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|'
':((:[0-9a-fA-F]{1,4}){1,7}|:)|'
'fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|'
'::(ffff(:0{1,4}){0,1}:){0,1}' + \
'((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}'
'(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|'
'([0-9a-fA-F]{1,4}:){1,4}:'
'((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}'
'(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'
')(\])?(:[0-9]{1,5})?$', url)):
self.error("Searching for Ports and IPs not allowed.")
if self.proxies:
proxies = self.proxies
else:
proxies = {}
result = {'found': False, 'url': None}
try:
response = requests.get(url, proxies=proxies,
allow_redirects=False)
if (response.status_code == 301) or (response.status_code == 302):
result['url'] = response.headers['Location']
result['found'] = True
except Exception as e:
self.unexpectedError("Service unavailable: %s" % e)
self.report(result)示例12: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
try:
user_agent = {'User-agent': 'Cortex Analyzer'}
sha256 = None
report = {}
if self.service in ['query']:
if self.data_type == 'file':
filename = self.get_param('attachment.name', 'noname.ext')
filepath = self.get_param('file', None, 'File is missing')
sha256 = hashlib.sha256(open(filepath, 'r').read()).hexdigest()
elif self.data_type == 'hash' and len(self.get_data()) == 64:
sha256 = self.get_data()
else:
sha256 = hashlib.sha256(self.get_data()).hexdigest()
else:
self.error('unknown service')
if sha256 != None:
params = {'threatId': sha256}
response = requests.get(self.url.strip('/') + '/v2/forensics', params=params, headers=user_agent, verify=self.verify, auth=HTTPBasicAuth(self.apikey, self.secret))
if response.status_code == 200:
data = response.json()
report['known'] = True
if 'reports' in data:
report['reports'] = data['reports']
if 'generated' in data:
report['generated'] = data['generated']
self.report(report)
elif response.status_code == 400:
self.error('bad request sent')
elif response.status_code == 401:
self.error('unauthorized access, verify your key and secret values')
elif response.status_code == 404:
report = {'known': False}
self.report(report)
else:
self.error('unknown error')
else:
self.error('no hash defined')
except requests.exceptions.RequestException as e:
self.error(e)
except Exception as e:
self.unexpectedError(e)示例13: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
try:
self.shodan_client = ShodanAPIPublic(self.shodan_key)
if self.data_type == 'ip':
ip = self.get_param('data', None, 'Data is missing')
results = {'reverse_dns': {'hostnames': self.shodan_client.reverse_dns(ip)[ip]},
'host': self.shodan_client.host(ip)}
self.report(results)
if self.data_type == 'domain':
domain = self.get_param('data', None, 'Data is missing')
result = {'dns_resolve': self.shodan_client.dns_resolve(domain),
'infos_domain': self.shodan_client.info_domains(domain)}
self.report(result)
except APIError as e:
self.error(str(e))
except Exception as e:
self.unexpectedError(e)示例14: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
try:
data = {
'apikey': self.apikey
}
# Check whether API v2 is supported or not
response = requests.post(self.url + 'api/v2/server/online',
data=data,
timeout=self.networktimeout,
allow_redirects=False)
if response.status_code == 200:
self.runv2()
else:
self.runv1()
except Exception as e:
self.unexpectedError(e)示例15: run
# 需要导入模块: from cortexutils.analyzer import Analyzer [as 别名]
# 或者: from cortexutils.analyzer.Analyzer import run [as 别名]
def run(self):
Analyzer.run(self)
data = self.get_data()
try:
if self.service == 'Check_IP':
if self.data_type == 'ip':
result = self.con.search(data)
self.report(result)
else:
self.notSupported()
except ValueError as e:
self.error('Invalid IP address')
except Exception as e:
self.unexpectedError(type(e))