Fixes #247: Merge remote-tracking branch 'sigalpes/master' into relea…

…se/1.10.0
TheHive-Project · May 29, 2018 · 972d0c3 · 972d0c3
2 parents 2ca534d + 2f5924f
commit 972d0c3
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 0 deletions.
diff --git a/analyzers/UnshortenLink/UnshortenLink.json b/analyzers/UnshortenLink/UnshortenLink.json
@@ -0,0 +1,11 @@
+{
+    "name": "UnshortenLink",
+    "version": "1.0",
+    "author": "Rémi Pointel (CERT-BDF)",
+    "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+    "license": "AGPL-V3",
+    "description": "Use UnshortenLink to find the correct URL.",
+    "dataTypeList": ["url"],
+    "baseConfig": "UnshortenLink",
+    "command": "UnshortenLink/unshortenlink.py"
+}
diff --git a/analyzers/UnshortenLink/requirements.txt b/analyzers/UnshortenLink/requirements.txt
@@ -0,0 +1,2 @@
+requests
+cortexutils
diff --git a/analyzers/UnshortenLink/unshortenlink.py b/analyzers/UnshortenLink/unshortenlink.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python3
+# encoding: utf-8
+
+import requests
+from cortexutils.analyzer import Analyzer
+
+
+class UnshortenlinkAnalyzer(Analyzer):
+    def __init__(self):
+        Analyzer.__init__(self)
+        self.url = self.getParam('url', None)
+        self.proxies = self.getParam('config.proxy', None)
+
+    def artifacts(self, raw):
+        if raw['found']:
+            return [{'type': 'url', 'value': raw['url']}]
+        else:
+            return []
+
+    def run(self):
+        Analyzer.run(self)
+
+        url = self.getData()
+
+        if self.proxies:
+            proxies = self.proxies
+        else:
+            proxies = {}
+
+        result = {'found': False, 'url': None}
+        try:
+            response = requests.get(url, proxies=proxies,
+                                    allow_redirects=False)
+
+            if (response.status_code == 301) or (response.status_code == 302):
+                result['url'] = response.headers['Location']
+                result['found'] = True
+        except Exception as e:
+            self.unexpectedError("Service unavailable: %s" % e)
+
+        self.report(result)
+
+
+if __name__ == '__main__':
+    UnshortenlinkAnalyzer().run()
diff --git a/thehive-templates/UnshortenLink_1_0/long.html b/thehive-templates/UnshortenLink_1_0/long.html
@@ -0,0 +1,19 @@
+<div class="panel panel-info" ng-if="success">
+    <div class="panel-heading">
+        Unshorten Link for <strong>{{artifact.data | fang}}</strong>
+    </div>
+    <div class="panel-body">
+            <span>found:{{content.found}}</span>
+        <div ng-if="content.found">
+            <span>url:{{content.url | fang}}</span>
+        </div>
+    </div>
+</div>
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{artifact.data | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>