-
Notifications
You must be signed in to change notification settings - Fork 385
/
Copy pathtor_project_analyzer.py
executable file
·43 lines (36 loc) · 1.36 KB
/
tor_project_analyzer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/usr/bin/env python3
from cortexutils.analyzer import Analyzer
import tor_project
class TorProjectAnalyzer(Analyzer):
"""Cortex analyzer to query TorProject for exit nodes IP addresses"""
def __init__(self):
Analyzer.__init__(self)
self.ttl = self.get_param("config.ttl", 86400)
self.cache_duration = self.get_param("config.cache.duration", 3600)
self.cache_root = self.get_param("config.cache.root", "/tmp/cortex/tor_project")
self.proxies = {
"https": self.get_param("config.proxy_https"),
"http": self.get_param("config.proxy_http"),
}
self.client = tor_project.TorProjectClient(
ttl=self.ttl,
cache_duration=self.cache_duration,
cache_root=self.cache_root,
proxies=self.proxies,
)
def summary(self, raw):
taxonomies = []
level = "info"
value = False
if "node" in raw:
level = "suspicious"
value = True
taxonomies.append(self.build_taxonomy(level, "TorProject", "Node", value))
return {"taxonomies": taxonomies}
def run(self):
if self.data_type != "ip":
return self.error("Not an IP address")
report = self.client.search_tor_node(self.get_data())
self.report(report)
if __name__ == "__main__":
TorProjectAnalyzer().run()