Ref: #431 Added new URLhaus API

analyzers/URLhaus/URLhaus.json

@@ -1,27 +1,12 @@
 {
   "name": "URLhaus",
-  "author": "ninoseki",
+  "author": "ninoseki, Nils Kuhnert",
   "license": "MIT",
   "url": "https://github.com/ninoseki/cortex_URLhaus_analyzer",
-  "version": "1.1",
-  "description": "Search domains, URLs or hashes on URLhaus.",
-  "dataTypeList": ["domain", "url", "hash"],
+  "version": "2.0",
+  "description": "Search domains, IPs, URLs or hashes on URLhaus.",
+  "dataTypeList": ["domain", "url", "hash", "ip"],
   "command": "URLhaus/URLhaus_analyzer.py",
   "configurationItems": [
-    {
-      "name": "cache.duration",
-      "description": "Define the cache duration",
-      "type": "number",
-      "multi": false,
-      "required": true,
-      "defaultValue": 300
-    },
-    {
-      "name": "cache.root",
-      "description": "Define the path to the stored data",
-      "type": "string",
-      "multi": false,
-      "required": false
-    }
   ]
 }

analyzers/URLhaus/URLhaus_analyzer.py

@@ -1,27 +1,34 @@
 #!/usr/bin/env python3
 from cortexutils.analyzer import Analyzer
-from URLhaus import URLhaus
+from URLhaus_client import URLhausClient
 
 
 class URLhausAnalyzer(Analyzer):
     def __init__(self):
         Analyzer.__init__(self)
 
-    def search(self, indicator):
-        """
-        Searches for a website using the indicator
-        :param indicator: domain, url, hash
-        :type indicator: str
-        :return: dict
-        """
-        return URLhaus(indicator).search()
-
     def run(self):
-        targets = ["domain", "url", "hash"]
-        if self.get_data() is not None and self.data_type in targets:
-            self.report({
-                'results': self.search(self.get_data())
-            })
+        data = self.get_data()
+        if not data:
+            self.error('No observable or file given.')
+
+        results = {}
+        if self.data_type == 'url':
+            results = URLhausClient.search_url(data)
+        elif self.data_type in ['domain', 'ip']:
+            results = URLhausClient.search_host(data)
+        elif self.data_type == 'hash':
+            if len(data) in [32, 64]:
+                results = URLhausClient.search_payload(data)
+            else:
+                self.error('Only sha256 and md5 supported by URLhaus.')
+        else:
+            self.error('Datatype not supported.')
+
+        results.update({
+            'data_type': self.data_type
+        })
+        self.report(results)
 
     def summary(self, raw):
         taxonomies = []

analyzers/URLhaus/URLhaus_client.py

@@ -0,0 +1,51 @@
+import requests
+
+
+BASEURL = 'https://urlhaus-api.abuse.ch/v1/'
+
+
+class URLhausClient(object):
+    @staticmethod
+    def __request(endpoint, key, value) -> dict:
+        results = requests.post(
+            BASEURL + endpoint + '/',
+            {key: value}
+        ).json()
+
+        if results['query_status'] in ['ok', 'no_results']:
+            return results
+        else:
+            raise ValueError('Given value seems not to be valuid: <{}: {}>.'.format(key, value))
+
+    @staticmethod
+    def search_url(url: str) -> dict:
+        return URLhausClient.__request(
+            'url',
+            'url',
+            url
+        )
+
+    @staticmethod
+    def search_host(host: str) -> dict:
+        return URLhausClient.__request(
+            'host',
+            'host',
+            host
+        )
+
+    @staticmethod
+    def search_payload(payload_hash: str) -> dict:
+        if len(payload_hash) == 32:
+            return URLhausClient.__request(
+                'payload',
+                'md5_hash',
+                payload_hash
+            )
+        elif len(payload_hash) == 64:
+            return URLhausClient.__request(
+                'payload',
+                'sha256_hash',
+                payload_hash
+            )
+        else:
+            raise ValueError('Only sha256 and md5 hashes are allowed.')

analyzers/URLhaus/requirements.txt

@@ -1,4 +1,2 @@
-beautifulsoup4
 cortexutils
-diskcache
 requests