Merge branch 'Cyberprotect-master' into develop

2024-11-07 09:28:58 +00:00 · 2018-09-03 18:17:38 +02:00 · 2018-09-03 18:17:38 +02:00 · c5e3adfbc2
commit c5e3adfbc2
parent 4738038e2d d93c46c1be
5 changed files with 158 additions and 0 deletions
--- a/analyzers/Hunterio/Hunterio_domainsearch.json
+++ b/analyzers/Hunterio/Hunterio_domainsearch.json
@ -0,0 +1,22 @@
+{
+    "name": "Hunterio_DomainSearch",
+    "author": "Rémi Allain, Cyberprotect",
+    "license": "AGPL-V3",
+    "url": "https://github.com/Cyberprotect/Cortex-Analyzers",
+    "version": "1.0",
+    "description": "hunter.io is a service to find email addresses from a domain.",
+    "dataTypeList": ["domain", "fqdn"],
+    "command": "Hunterio/hunterio_analyzer.py",
+    "baseConfig": "Hunterio",
+    "config": {
+        "service": "domainsearch",
+        "check_tlp": false
+    },
+    "configurationItems": [{
+        "name": "key",
+        "description": "api key of hunter.io",
+        "type": "string",
+        "multi": false,
+        "required": true
+    }]
+}
--- a/analyzers/Hunterio/hunterio_analyzer.py
+++ b/analyzers/Hunterio/hunterio_analyzer.py
@ -0,0 +1,65 @@
+#!/usr/bin/env python
+# encoding: utf-8
+
+import requests
+from cortexutils.analyzer import Analyzer
+
+
+class Hunterio(Analyzer):
+    URI = "https://api.hunter.io/v2/"
+
+
+    def __init__(self):
+        Analyzer.__init__(self)
+        self.service = self.get_param('config.service', None, 'Service parameter is missing')
+        self.key = self.get_param('config.key', None, 'Missing hunter.io API key')
+
+    def summary(self, raw):
+
+        taxonomies = []
+        namespace = "Hunter.io"
+        if self.service == 'domainsearch':
+            found = 0
+            if(raw.get('meta') and raw['meta'].get('results')):
+                found = raw['meta'].get('results')
+            taxonomies.append(self.build_taxonomy('info', namespace, "Emails found", str(found)))
+
+        return {"taxonomies": taxonomies}
+
+    def artifacts(self, raw):
+        artifacts = []
+        if(raw.get('meta') and raw['meta'].get('results') > 0 ):
+            for email in raw.get('data').get('emails'):
+                artifacts.append({'type':'email', 'value':email.get('value')})
+        return artifacts
+
+
+    def run(self):
+        Analyzer.run(self)
+
+        if self.service == 'domainsearch' and (self.data_type == 'domain' or self.data_type == 'fqdn'):
+            try:
+                offset = 0
+                firstResponse = requests.get("{}domain-search?domain={}&api_key={}&limit=100&offset={}".format(self.URI, self.get_data(), self.key, offset))
+                firstResponse = firstResponse.json()
+
+                if firstResponse.get('meta'):
+                    meta = firstResponse.get('meta')
+
+                    while meta.get('results') > offset:
+                        offset = meta.get('limit') + meta.get('offset')
+                        additionalResponse = requests.get("{}domain-search?domain={}&api_key={}&limit=100&offset={}".format(
+                            self.URI, self.get_data(), self.key, offset))
+                        additionalResponse = additionalResponse.json()
+                        meta = additionalResponse.get('meta')
+                        firstResponse['data']['emails'] += additionalResponse['data']['emails']
+
+                self.report(firstResponse)
+            except Exception as e:
+                self.unexpectedError(e)
+        else:
+            self.notSupported()
+
+
+if __name__ == '__main__':
+    Hunterio().run()
--- a/analyzers/Hunterio/requirements.txt
+++ b/analyzers/Hunterio/requirements.txt
@ -0,0 +1,2 @@
+cortexutils
+requests
--- a/thehive-templates/Hunterio_DomainSearch_1_0/long.html
+++ b/thehive-templates/Hunterio_DomainSearch_1_0/long.html
@ -0,0 +1,66 @@
+<div class="panel panel-info" ng-if="success">
+    <div class="panel-heading">
+        <a href="https://hunter.io" target="_blank">hunter.io</a> domain search to find email addresses
+        <br/> Report for
+        <strong>{{artifact.data}}</strong>
+    </div>
+    <div class="panel-body" ng-if="content.meta">
+
+        <h4 class="dl-horizontal">{{content.meta.results}} addresses found.</h4>
+
+
+        <div ng-if="content.data && content.data.emails.length > 0">
+
+            <h5>
+                Pattern : {{content.data.pattern}}
+            </h5>
+
+            <h5>
+                Organization: {{content.data.organization}}
+            </h5>
+
+            <table class="table table-bordered">
+                <tr>
+                    <th>Email</th>
+                    <th>Name</th>
+                    <th>Position</th>
+                    <th>Type</th>
+                    <th>Twitter</th>
+                    <th>LinkedIn</th>
+                    <th>Phone</th>
+                    <th>Confidence</th>
+                    <th>Sources</th>
+                </tr>
+                <tr ng-repeat="email in ::content.data.emails">
+                    <td class="text-info">{{email.value}}</td>
+                    <td>{{email.fisrtname}} {{email.lastname}}</td>
+                    <td>{{email.position}}</td>
+                    <td>{{email.type}}</td>
+                    <td><a ng-if="email.twitter" href="https://twitter.com/{{email.twitter}}" target="_blank">{{email.twitter}}</a></td>
+                    <td><a ng-if="email.linkedin" href="{{email.linkedin}}" target="_blank">{{email.linkedin}}</a></td>
+                    <td>{{email.phone_number}}</td>
+                    <td>
+                        <span class="label label-default">{{email.confidence}}</span>
+                    </td>
+                    <td>
+                        <ul>
+                            <li ng-repeat="src in ::email.sources">{{src.domain}}</li>
+                        </ul>
+                    </td>
+                </tr>
+            </table>
+        </div>
+
+        <div class="panel-body" ng-if="!content.meta">
+            No results found
+        </div>
+    </div>
+
+    <div class="panel panel-danger" ng-if="!success">
+        <div class="panel-heading">
+            <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+        </div>
+        <div class="panel-body">
+            {{content.errorMessage}}
+        </div>
+    </div>
--- a/thehive-templates/Hunterio_DomainSearch_1_0/short.html
+++ b/thehive-templates/Hunterio_DomainSearch_1_0/short.html
@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>