[Bug] Abuse_Finder analyzer fails

[H2Cyber]

Describe the bug
Abuse_Finder analyzer fails

To Reproduce
Steps to reproduce the behavior:
Simply attempt to run Abuse_Finder from Cortex against any IP

Complementary information
Here is the returned error message :
Traceback (most recent call last): File \"/usr/lib/python3.8/sre_parse.py\", line 1039, in parse_template this = chr(ESCAPES[this][1])KeyError: '\\\\s'During handling of the above exception, another exception occurred:Traceback (most recent call last): File \"/opt/Cortex-Analyzers/analyzers/Abuse_Finder/abusefinder.py\", line 9, in <module> from abuse_finder import domain_abuse, ip_abuse, \\ File \"/usr/local/lib/python3.8/dist-packages/abuse_finder/__init__.py\", line 2, in <module> from .domain import domain_abuse File \"/usr/local/lib/python3.8/dist-packages/abuse_finder/domain.py\", line 3, in <module> from pythonwhois.net import get_whois_raw File \"/usr/local/lib/python3.8/dist-packages/pythonwhois/__init__.py\", line 1, in <module> from . import net, parse File \"/usr/local/lib/python3.8/dist-packages/pythonwhois/parse.py\", line 363, in <module> registrant_regexes = [preprocess_regex(regex) for regex in registrant_regexes] File \"/usr/local/lib/python3.8/dist-packages/pythonwhois/parse.py\", line 363, in <listcomp> registrant_regexes = [preprocess_regex(regex) for regex in registrant_regexes] File \"/usr/local/lib/python3.8/dist-packages/pythonwhois/parse.py\", line 205, in preprocess_regex regex = re.sub(r\"\\\\s\\*\\(\\?P<([^>]+)>\\.\\+\\)\", r\"\\s*(?P<\\1>\\S.*)\", regex) File \"/usr/lib/python3.8/re.py\", line 210, in sub return _compile(pattern, flags).sub(repl, string, count) File \"/usr/lib/python3.8/re.py\", line 327, in _subx template = _compile_repl(template, pattern) File \"/usr/lib/python3.8/re.py\", line 318, in _compile_repl return sre_parse.parse_template(repl, pattern) File \"/usr/lib/python3.8/sre_parse.py\", line 1042, in parse_template raise s.error('bad escape %s' % this, len(this))re.error: bad escape \\s at position 0

Work environment

• Server OS: Ubuntu Server 20.04
• Cortex version: 3.1.0-1
• Cortex Analyzer name: Abuse_Finder
• Cortex Analyzer/Responder version: 3.0

[dadokkio]

Hello,
tested docker version of the analyzer with dummy ip (8.8.8.8, 4.4.4.4) without any issue.
Are you sure this happens with any ip? If not can you provide a failing one?

[H2Cyber]

It happens on any IP in my case, with the traceback error mentioned above.
However I am not on the docker version, I used DEB packages.

[dadokkio]

Ok, I've tried the analyzer locally and it fails. Probably because cortex uses python 3.7 while the analyzer in docker version requires python 3.6.
@garanews made a pull request to add python 3.7 support to abuse_finder library, but since no new release has been published to pypi so you need to update it manually.

https://github.com/certsocietegenerale/abuse_finder >> Installation

[H2Cyber]

Thanks !

Not sure if its related, but upon futher testing the Censys_1_0 analyzer failed to work as well :

Traceback (most recent call last): File "/opt/Cortex-Analyzers/analyzers/Censys/censys_analyzer.py", line 6, in <module> from censys.base import CensysNotFoundException, CensysRateLimitExceededException, CensysUnauthorizedExceptionImportError: cannot import name 'CensysNotFoundException' from 'censys.base' (/usr/local/lib/python3.8/dist-packages/censys/base.py)

[dadokkio]

I think in that case the lib has been updated and some syntax must be changed. I'll open a new issue for that, and I'll close this one. If you have any other input on this topic let us know 👍