Added cybercure.ai command to interact with the api.

help updated Exception fix Minor fixes in cybercure plugin Co-authored-by: tek <[email protected]>
bootstrapcryptomining · Sep 2, 2018 · 257b143 · 257b143
1 parent 224afba
commit 257b143
Show file tree

Hide file tree

Showing 3 changed files with 98 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -68,6 +68,7 @@ malshare            Requests MalShare database
 certspotter         Get certificates from https://sslmate.com/certspotter
 permacc             Request Perma.cc information through the API
 save                Save a webpage in cache platforms
+cybercure           Check if intelligence on an IP exists in cybercure.ai
 ```
 
 You can get information on each command with `harpoon help COMMAND`

diff --git a/harpoon/commands/cybercure.py b/harpoon/commands/cybercure.py
@@ -0,0 +1,78 @@
+#! /usr/bin/env python
+import sys
+import os
+import json
+from harpoon.commands.base import Command
+from harpoon.lib.utils import unbracket
+from harpoon.lib.cybercure import CyberCure, CyberCureError
+
+
+class CommandCyberCure(Command):
+    """
+    # cybercure.ai plugin
+
+    **Check if intelligence on an IP exists**
+
+    Query cybercure API:
+    ```
+    harpoon cybercure ip 184.186.250.211
+    {
+    "exists": true,
+    "indicator": "184.186.250.211",
+    "status": 1,
+    "visual": "http://www.cybercure.ai/intel/ip/184.186.250.211"
+    }
+    ```
+
+    """
+    name = "cybercure"
+    description = "Search cybercure.ai intelligence database for specific indicators."
+    #config = {'IPInfo': ['token']}
+
+    def add_arguments(self, parser):
+        subparsers = parser.add_subparsers(help='Subcommand')
+        parser_a = subparsers.add_parser('ip', help='Returns a response whether an indicator exists in cybercure.ai database, if it is exists it will provide also a link for visual presentation of the indicator history.')
+        parser_a.add_argument('IP', help='IP address')
+        parser_a.set_defaults(subcommand='ip')
+        parser_b = subparsers.add_parser('file', help='Information on a list of IPs')
+        parser_b.add_argument('FILE', help='Filename')
+        parser_b.set_defaults(subcommand='file')
+        self.parser = parser
+
+    def run(self, conf, args, plugins):
+        cybercure = CyberCure(token='reserved_for_future')
+        if 'subcommand' in args:
+            if args.subcommand == 'ip':
+                try:
+                    infos = cybercure.get_infos(unbracket(args.IP))
+                except CyberCureError:
+                    print("Invalid request")
+                else:
+                    print(json.dumps(infos,  sort_keys=True, indent=4, separators=(',', ': ')))
+            elif args.subcommand == 'file':
+                if os.path.isfile(args.FILE):
+                    with open(args.FILE) as f:
+                        data = f.read().split("\n")
+                    print("IP;Exists;Details")
+                    for d in data:
+                        if d.strip() == '':
+                            continue
+                        ip = unbracket(d.strip())
+                        try:
+                            infos = cybercure.get_infos(ip)
+                        except CyberCureError:
+                            print("%s;;" % ip)
+                        else:
+                            print ("%s;%s;%s" % (
+                                    ip,
+                                    infos['exists'],
+                                    infos['visual'] if 'visual' in infos else ''
+                                )
+                            )
+                else:
+                    print("This file does not exist")
+                    sys.exit(1)
+            else:
+                self.parser.print_help()
+        else:
+            self.parser.print_help()
diff --git a/harpoon/lib/cybercure.py b/harpoon/lib/cybercure.py
@@ -0,0 +1,19 @@
+import requests
+
+
+class CyberCureError(Exception):
+    def __init__(self, message):
+        self.message = message
+        Exception.__init__(self, message)
+
+
+class CyberCure(object):
+    def __init__(self, token):
+        self.token = token
+        self.base_url = 'http://api.cybercure.ai/feed/search?value='
+
+    def get_infos(self, ip):
+        r = requests.get(self.base_url + ip, headers={'User-Agent': 'harpoon (https://github.com/Te-k/harpoon/)'})
+        if r.status_code != 200:
+            raise CyberCureError('Invalid HTTP code %i' % r.status_code)
+        return r.json()