Skip to content

Commit

Permalink
Fix #917: update censys exception import
Browse files Browse the repository at this point in the history
  • Loading branch information
@dadokkio
dadokkio committed Dec 16, 2020
1 parent ca857d6 commit c0cb7f8
Showing 1 changed file with 77 additions and 51 deletions.
128 changes: 77 additions & 51 deletions analyzers/Censys/censys_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,26 @@
from censys.certificates import CensysCertificates
from censys.ipv4 import CensysIPv4
from censys.websites import CensysWebsites
from censys.base import CensysNotFoundException, CensysRateLimitExceededException, CensysUnauthorizedException
from censys.exceptions import (
CensysNotFoundException,
CensysRateLimitExceededException,
CensysUnauthorizedException,
)


class CensysAnalyzer(Analyzer):
def __init__(self):
Analyzer.__init__(self)

self.__uid = self.get_param(
'config.uid',
"config.uid",
None,
'No UID for Censys given. Please add it to the cortex configuration.'
"No UID for Censys given. Please add it to the cortex configuration.",
)
self.__api_key = self.get_param(
'config.key',
"config.key",
None,
'No API-Key for Censys given. Please add it to the cortex configuration.'
"No API-Key for Censys given. Please add it to the cortex configuration.",
)

def search_hosts(self, ip):
Expand Down Expand Up @@ -55,66 +59,88 @@ def search_website(self, dom):

def run(self):
try:
if self.data_type == 'ip':
self.report({
'ip': self.search_hosts(self.get_data())
})
elif self.data_type == 'hash':
self.report({
'cert': self.search_certificate(self.get_data())
})
elif self.data_type == 'domain' or self.data_type == 'fqdn':
self.report({
'website': self.search_website(self.get_data())
})
if self.data_type == "ip":
self.report({"ip": self.search_hosts(self.get_data())})
elif self.data_type == "hash":
self.report({"cert": self.search_certificate(self.get_data())})
elif self.data_type == "domain" or self.data_type == "fqdn":
self.report({"website": self.search_website(self.get_data())})
else:
self.error('Data type not supported. Please use this analyzer with data types hash, ip or domain.')
self.error(
"Data type not supported. Please use this analyzer with data types hash, ip or domain."
)
except CensysNotFoundException:
self.report({
'message': '{} could not be found.'.format(self.get_data())
})
self.report({"message": "{} could not be found.".format(self.get_data())})
except CensysUnauthorizedException:
self.error('Censys raised NotAuthorizedException. Please check your credentials.')
self.error(
"Censys raised NotAuthorizedException. Please check your credentials."
)
except CensysRateLimitExceededException:
self.error('Rate limit exceeded.')
self.error("Rate limit exceeded.")

def summary(self, raw):
taxonomies = []
if 'ip' in raw:
raw = raw['ip']
service_count = len(raw.get('protocols', []))
heartbleed = raw.get('443', {}).get('https', {}).get('heartbleed', {}).get('heartbleed_vulnerable', False)
if "ip" in raw:
raw = raw["ip"]
service_count = len(raw.get("protocols", []))
heartbleed = (
raw.get("443", {})
.get("https", {})
.get("heartbleed", {})
.get("heartbleed_vulnerable", False)
)

taxonomies.append(self.build_taxonomy('info', 'Censys', 'OpenServices', service_count))
taxonomies.append(
self.build_taxonomy("info", "Censys", "OpenServices", service_count)
)
if heartbleed:
taxonomies.append(self.build_taxonomy('malicious', 'Censys', 'Heartbleed', 'vulnerable'))
elif 'website' in raw:
raw = raw['website']
service_count = len(raw.get('tags', []))
taxonomies.append(
self.build_taxonomy(
"malicious", "Censys", "Heartbleed", "vulnerable"
)
)
elif "website" in raw:
raw = raw["website"]
service_count = len(raw.get("tags", []))

taxonomies.append(self.build_taxonomy('info', 'Censys', 'OpenServices', service_count))
elif 'cert' in raw:
raw = raw['cert']
trusted_count = len(raw.get('validation', []))
validator_count = len(raw.get('validation', []))
taxonomies.append(
self.build_taxonomy("info", "Censys", "OpenServices", service_count)
)
elif "cert" in raw:
raw = raw["cert"]
trusted_count = len(raw.get("validation", []))
validator_count = len(raw.get("validation", []))

for _, validator in raw.get('validation', []).items():
if validator.get('blacklisted', False) or \
validator.get('in_revocation_set', False) or \
(not validator.get('whitelisted', False) and not validator.get('valid', False)):
for _, validator in raw.get("validation", []).items():
if (
validator.get("blacklisted", False)
or validator.get("in_revocation_set", False)
or (
not validator.get("whitelisted", False)
and not validator.get("valid", False)
)
):
trusted_count -= 1
if trusted_count < validator_count:
taxonomies.append(self.build_taxonomy('suspicious', 'Censys', 'TrustedCount', '{}/{}'.format(
trusted_count, validator_count
)))
taxonomies.append(
self.build_taxonomy(
"suspicious",
"Censys",
"TrustedCount",
"{}/{}".format(trusted_count, validator_count),
)
)
else:
taxonomies.append(self.build_taxonomy('info', 'Censys', 'TrustedCount', '{}/{}'.format(
trusted_count, validator_count
)))
return {
'taxonomies': taxonomies
}
taxonomies.append(
self.build_taxonomy(
"info",
"Censys",
"TrustedCount",
"{}/{}".format(trusted_count, validator_count),
)
)
return {"taxonomies": taxonomies}


if __name__ == '__main__':
if __name__ == "__main__":
CensysAnalyzer().run()

0 comments on commit c0cb7f8

Please sign in to comment.