Skip to content

Commit

Permalink
#291 update analyzers and short templates
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeromeleonard
jeromeleonard committed Jul 9, 2018
1 parent a864a37 commit a16dfda
Show file tree
Hide file tree
Showing 121 changed files with 173 additions and 173 deletions.
2 changes: 1 addition & 1 deletion analyzers/C1fApp/cifquery.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ def summary(self, raw):
level = "suspicious"
elif a in ["phishing", "malware", "botnet", "Exploit"]:
level = "malicious"
value = "\"{}\"".format(a)
value = "{}".format(a)
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}

Expand Down
4 changes: 2 additions & 2 deletions analyzers/CERTatPassiveDNS/certat_passivedns.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ def summary(self, raw):
results = raw.get('results')
r = len(results)
if r == 0 or r == 1:
value = "\"{} hit\"".format(r)
value = "{} hit".format(r)
else:
value = "\"{} hits\"".format(r)
value = "{} hits".format(r)

taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}
Expand Down
4 changes: 2 additions & 2 deletions analyzers/CIRCLPassiveDNS/circl_passivedns.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,9 @@ def summary(self, raw):
r = len(raw.get('results'))

if r == 0 or r == 1:
value = "\"{} record\"".format(r)
value = "{} record".format(r)
else:
value = "\"{} records\"".format(r)
value = "{} records".format(r)

taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}
Expand Down
4 changes: 2 additions & 2 deletions analyzers/CIRCLPassiveSSL/circl_passivessl.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,9 +79,9 @@ def summary(self, raw):
r = len(raw['certificates'])

if r == 0 or r == 1:
value = "\"{} record\"".format(r)
value = "{} record".format(r)
else:
value = "\"{} records\"".format(r)
value = "{} records".format(r)
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))

return {"taxonomies": taxonomies}
Expand Down
4 changes: 2 additions & 2 deletions analyzers/Crtsh/crtshquery.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,10 @@ def summary(self, raw):
level = "info"
namespace = "crt.sh"
predicate = "Certificates"
value = "\"\""
value = ""

if "certobj" in raw:
value = "\"{}\"".format(len(raw["certobj"]["result"]))
value = "{}".format(len(raw["certobj"]["result"]))
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))

return {"taxonomies": taxonomies}
Expand Down
6 changes: 3 additions & 3 deletions analyzers/CuckooSandbox/cuckoosandbox_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ def summary(self, raw):
level = "safe"
namespace = "Cuckoo"
predicate = "Malscore"
value = "\"0\""
value = "0"

result = {
'service': self.data_type + '_analysis',
Expand All @@ -37,8 +37,8 @@ def summary(self, raw):
elif result["malscore"] > 0:
level = "safe"

taxonomies.append(self.build_taxonomy(level, namespace, predicate, "\"{}\"".format(result["malscore"])))
taxonomies.append(self.build_taxonomy(level, namespace, "Malfamily", "\"{}\"".format(result["malfamily"])))
taxonomies.append(self.build_taxonomy(level, namespace, predicate, "{}".format(result["malscore"])))
taxonomies.append(self.build_taxonomy(level, namespace, "Malfamily", "{}".format(result["malfamily"])))

return {"taxonomies": taxonomies}

Expand Down
4 changes: 2 additions & 2 deletions analyzers/CyberCrime-Tracker/cct.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@ def summary(self, raw):
predicate = 'C2 Search'

hit_count = len(raw.get('results', []))
value = "\"{} hits\"".format(hit_count)
value = "{} hits".format(hit_count)
if hit_count == 1:
value = value[:-2] + "\""
value = value[:-2] + ""

if hit_count > 0:
level = 'malicious'
Expand Down
2 changes: 1 addition & 1 deletion analyzers/Cymon/cymon_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ def summary(self, raw_report):
level = "malicious"
namespace = "Cymon.io"
predicate = "Report"
value = "\"\""
value = ""

for elm in raw_report["Founds"]:
if raw_report["Founds"][elm]:
Expand Down
4 changes: 2 additions & 2 deletions analyzers/DNSDB/dnsdb.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,9 @@ def summary(self, raw):
r = len(raw["records"])

if r == 0 or r == 1:
value = "\"{} record\"".format(r)
value = "{} record".format(r)
else:
value = "\"{} records\"".format(r)
value = "{} records".format(r)

taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))

Expand Down
14 changes: 7 additions & 7 deletions analyzers/DomainTools/domaintools_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,29 +105,29 @@ def summary(self, raw):
# Prepare predicate and value for each service
if r["service"] in ["reverse-ip", "host-domains"]:
taxonomies.append(self.build_taxonomy("info", "DT", "Reverse_IP",
"\"{}, {} domains\"".format(r["ip"]["address"],
"{}, {} domains".format(r["ip"]["address"],
r["ip"]["domain_count"])))

if r["service"] == "name-server-domains":
taxonomies.append(self.build_taxonomy("info", "DT", "Reverse_Name_Server",
"\"{}, {} domains\"".format(r["name_server"], r["domain_count"])))
"{}, {} domains".format(r["name_server"], r["domain_count"])))

if r["service"] == "reverse-whois":
taxonomies.append(self.build_taxonomy("info", "DT", "Reverse_Whois",
"\"curr:{} / hist:{} domains\"".format(r["domain_count"]["current"],
"curr:{} / hist:{} domains".format(r["domain_count"]["current"],
r["domain_count"][
"historic"])))

if r["service"] == "whois/history":
taxonomies.append(self.build_taxonomy("info", "DT", "Whois_History",
"\"{}, {} domains \"".format(r["name_server"], r["domain_count"])))
"{}, {} domains ".format(r["name_server"], r["domain_count"])))

if r["service"] == "whois/parsed" or r['service'] == "whois":
if r["registrar"]:
taxonomies.append(self.build_taxonomy("info", "DT", "Whois", "\"REGISTRAR:{}\"".format(r["registrar"])))
taxonomies.append(self.build_taxonomy("info", "DT", "Whois", "REGISTRAR:{}".format(r["registrar"])))
if r["registrant"]:
taxonomies.append(
self.build_taxonomy("info", "DT", "Whois", "\"REGISTRANT:{}\"".format(r["registrant"])))
self.build_taxonomy("info", "DT", "Whois", "REGISTRANT:{}".format(r["registrant"])))

if "risk_score" in r:
risk_service = "Risk"
Expand All @@ -140,7 +140,7 @@ def summary(self, raw):
elif r["risk_score"] > 50:
level = "malicious"
taxonomies.append(
self.build_taxonomy(level, "DT", risk_service, "\"{}\"".format(r["risk_score"])))
self.build_taxonomy(level, "DT", risk_service, "{}".format(r["risk_score"])))

result = {'taxonomies': taxonomies}
return result
Expand Down
6 changes: 3 additions & 3 deletions analyzers/FireHOLBlocklists/firehol_blocklists.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,15 +117,15 @@ def summary(self, raw):
taxonomies = []
namespace = "Firehol"
predicate = "Blocklists"
value = "\"0 hit\""
value = "0 hit"

if 'count' in raw:
r = raw.get('count', 0)

if r == 0 or r == 1:
value = "\"{} hit\"".format(r)
value = "{} hit".format(r)
else:
value = "\"{} hits\"".format(r)
value = "{} hits".format(r)

if r > 0:
level = "suspicious"
Expand Down
2 changes: 1 addition & 1 deletion analyzers/Fortiguard/urlcategory.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ def summary(self, raw):

if 'category' in raw:
r = raw.get('category')
value = "\"{}\"".format(r)
value = "{}".format(r)
if r == "Malicious Websites":
level = "malicious"
elif r == "Suspicious Websites":
Expand Down
6 changes: 3 additions & 3 deletions analyzers/GoogleSafebrowsing/safebrowsing_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,15 @@ def summary(self, raw):
level = "info"
namespace = "Google"
predicate = "Safebrowsing"
value = "\"0 match\""
value = "0 match"

if "results" in raw:
r = len(raw['results'])

if r == 0 or r == 1:
value = "\"{} match\"".format(r)
value = "{} match".format(r)
else:
value = "\"{} matches\"".format(r)
value = "{} matches".format(r)

if r > 0:
level = "malicious"
Expand Down
2 changes: 1 addition & 1 deletion analyzers/Hippocampe/hippo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ def summary(self, raw):
value = self.more_summary(raw)[self.get_data()]
if value > 0:
level = "malicious"
taxonomies.append(self.build_taxonomy(level, namespace, predicate, "\"{} record(s)\"".format(value)))
taxonomies.append(self.build_taxonomy(level, namespace, predicate, "{} record(s)".format(value)))

return {"taxonomies": taxonomies}

Expand Down
12 changes: 6 additions & 6 deletions analyzers/HybridAnalysis/HybridAnalysis_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ def summary(self, raw_report):
level = "info"
namespace = "HybridAnalysis"
predicate = "Threat level"
value = "\"No verdict\""
value = "No verdict"

# define json keys to loop
if self.data_type in ['hash', 'file']:
Expand All @@ -53,19 +53,19 @@ def summary(self, raw_report):
# create shield badge for short.html
if report_verdict == 'malicious':
level = 'malicious'
value = "\"Malicious\""
value = "Malicious"
elif report_verdict == 'suspicious':
level = 'suspicious'
value = "\"Suspicious\""
value = "Suspicious"
elif report_verdict == 'whitelisted':
level = 'safe'
value = "\"Whitelisted\""
value = "Whitelisted"
elif report_verdict == 'no specific threat':
level = 'info'
value = "\"No Specific Threat\""
value = "No Specific Threat"
else:
level = 'info'
value = "\"Unknown\""
value = "Unknown"

taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}
Expand Down
2 changes: 1 addition & 1 deletion analyzers/IBMXForce/ibmxforce_lookup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ def summary(self, raw):
elif score_value >= 7 or score_value == 'high':
level = "malicious"

#taxonomies.append(self.build_taxonomy(level, namespace, predicate, "\"{}\"".format(score)))
#taxonomies.append(self.build_taxonomy(level, namespace, predicate, "{}".format(score)))
taxonomies.append(self.build_taxonomy(level, namespace, predicate, "{}".format(score)))


Expand Down
2 changes: 1 addition & 1 deletion analyzers/JoeSandbox/joesandbox_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def summary(self, raw):

r = raw['detection']

value = "\"{}/{}\"".format(r["score"], r["maxscore"])
value = "{}/{}".format(r["score"], r["maxscore"])

if r["clean"]:
level = "safe"
Expand Down
4 changes: 2 additions & 2 deletions analyzers/MISP/misp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,10 @@ def summary(self, raw):

# return number of unique events
if not data:
value = "\"0 events\""
value = "0 events"
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
else:
value = "\"{} event(s)\"".format(len(list(set(data))))
value = "{} event(s)".format(len(list(set(data))))
level = "suspicious"
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))

Expand Down
2 changes: 1 addition & 1 deletion analyzers/Malpedia/malpedia_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ def summary(self, raw):
namespace = "Malpedia"
predicate = "Match"

value = "\"{} rule(s)\"".format(len(raw["results"]))
value = "{} rule(s)".format(len(raw["results"]))
if len(raw["results"]) == 0:
level = "safe"
else:
Expand Down
8 changes: 4 additions & 4 deletions analyzers/Malwares/malwares.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ def summary(self, raw):
level = "info"
namespace = "Malwares"
predicate = "Score"
value = "\"No info\""
value = "No info"
score = -1

result = {
Expand All @@ -89,7 +89,7 @@ def summary(self, raw):

result['score'] = score

value = "\"{}/100\"".format(score)
value = "{}/100".format(score)

else:
if "detected_communicating_file" in raw.keys() or "detected_url" in raw.keys() or "detected_downloaded_file" in raw.keys():
Expand All @@ -98,12 +98,12 @@ def summary(self, raw):
raw.get("detected_url", {}).get("total", 0),
raw.get("detected_downloaded_file", {}).get("total", 0)
)
value = "\"{} results\"".format(score)
value = "{} results".format(score)

elif "virustotal" in raw.keys():
score = raw.get("virustotal", {}).get("positives", 0)
total = raw.get("virustotal", {}).get("total", 0)
value = "\"{}/{} positives\"".format(score, total)
value = "{}/{} positives".format(score, total)

if score == 0:
level = "safe"
Expand Down
2 changes: 1 addition & 1 deletion analyzers/MaxMind/geo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ def summary(self, raw):
predicate = "Location"

if "continent" in raw:
value = "\"{}/{}\"".format(raw["country"]["name"], raw["continent"]["name"])
value = "{}/{}".format(raw["country"]["name"], raw["continent"]["name"])
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))

return {"taxonomies": taxonomies}
Expand Down
2 changes: 1 addition & 1 deletion analyzers/MsgParser/parse.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def summary(self, raw):
level = "info"
namespace = "MsgParser"
predicate = "Attachments"
value = "\"0\""
value = "0"

if "attachments" in raw:
value = len(raw["attachments"])
Expand Down
2 changes: 1 addition & 1 deletion analyzers/OTXQuery/otxquery.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ def summary(self, raw):
level = "info"
namespace = "OTX"
predicate = "Pulses"
value = "\"{}\"".format(raw["pulse_count"])
value = "{}".format(raw["pulse_count"])
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))

return {"taxonomies": taxonomies}
Expand Down
Loading

0 comments on commit a16dfda

Please sign in to comment.