Adding listing tags command to Greynoise

devildog13 · Jan 26, 2021 · 854bfb8 · 854bfb8
1 parent 8a9a864
commit 854bfb8
Showing 1 changed file with 33 additions and 8 deletions.
diff --git a/harpoon/commands/gn.py b/harpoon/commands/gn.py
@@ -1,19 +1,24 @@
 #! /usr/bin/env python3
 import json
-import sys
 import logging
+import sys
 
+import requests
 from greynoise import GreyNoise
 from harpoon.commands.base import Command
 
 
+class GreynoiseError(Exception):
+    pass
+
+
 class CommandGreyNoise(Command):
     """
     # GreyNoise
 
     See https://github.com/Grey-Noise-Intelligence/api.greynoise.io
 
-    * List tags: `harpoon greynoise -l`
+    * List tags: `harpoon greynoise -l` (default output as json)
     * Search for an IP: `harpoon greynoise -i IP`
     * Run a GNQL query: `harpoon greynoise -q "classification:malicious tags:'emotet'"`
     """
@@ -47,6 +52,19 @@ def print_results(self, res, args):
                 print(k, ",", v)
         return
 
+    def get_list_tags(self):
+        try:
+            r = requests.get(
+                "http://api.greynoise.io:8888/v1/query/list",
+                headers={"User-Agent": "Harpoon (https://github.com/Te-k/harpoon)"},
+            )
+            if r.ok:
+                return r.json()["tags"]
+            else:
+                raise GreynoiseError(e)
+        except Exception as e:
+            raise GreynoiseError(e)
+
     def run(self, conf, args, plugins):
         logging.getLogger("greynoise").setLevel(logging.CRITICAL)
         gn = GreyNoise(api_key=conf["GreyNoise"]["key"])
@@ -56,6 +74,9 @@ def run(self, conf, args, plugins):
         elif args.query:
             res = gn.query(args.query)
             self.print_results(res, args)
+        elif args.list:
+            res = self.get_list_tags()
+            self.print_results(res, args)
         else:
             self.parser.print_help()
 
@@ -66,9 +87,13 @@ def intel(self, type, query, data, conf):
             gn = GreyNoise(api_key=conf["GreyNoise"]["key"])
             res = gn.ip(query)
             if res["seen"]:
-                data["reports"].append({
-                    "url": "https://viz.greynoise.io/ip/{}".format(query),
-                    "title": "Seen by GreyNoise as {}".format(", ".join(res["tags"])),
-                    "date": None,
-                    "source": "GreyNoise"
-                })
+                data["reports"].append(
+                    {
+                        "url": "https://viz.greynoise.io/ip/{}".format(query),
+                        "title": "Seen by GreyNoise as {}".format(
+                            ", ".join(res["tags"])
+                        ),
+                        "date": None,
+                        "source": "GreyNoise",
+                    }
+                )