cybercure module: grispan56

InQuest · Sep 10, 2018 · d73c1e7 · d73c1e7
1 parent e73bcf8
commit d73c1e7
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 2 deletions.
diff --git a/lib/dispatch.py b/lib/dispatch.py
@@ -27,7 +27,7 @@ def __init__(self, db):
                 'csirtg', 'malcode', 'mdl', 'otx', 'virustotal', 'threatcrowd'
             ],
             'ipv4': [
-                'csirtg', 'censys', 'dnsresolve', 'geoip', 'ipinfo', 'ipvoid', 'nmap',
+                'csirtg', 'cybercure', 'censys', 'dnsresolve', 'geoip', 'ipinfo', 'ipvoid', 'nmap',
                 'sans', 'shodan', 'virustotal', 'threatcrowd', 'passivetotal', 'he', 'otx',
                 'whois'
             ],

diff --git a/lib/modules/cybercure.py b/lib/modules/cybercure.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+##
+# Developed by Alex (https://github.com/grispan56)
+# Module to implement indicators search functionality in cybercure.ai api
+#
+##
+from http import get
+
+from common import warning
+
+
+class Plugin(object):
+    def __init__(self, artifact):
+        self.artifact = artifact
+        self.artifact['data']['cybercure'] = None
+
+
+    def run(self):
+        url = 'http://api.cybercure.ai/feed/search?value=%s' % self.artifact['name']
+        headers = {'User-Agent': 'OSINT Omnibus (https://github.com/InQuest/Omnibus)'}
+
+        try:
+            status, response = get(url, headers=headers)
+            if status:
+                results = response.json()
+                self.artifact['data']['cybercure'] = results
+        except Exception as err:
+            warning('Caught exception in module (%s)' % str(err))
+
+
+def main(artifact):
+    plugin = Plugin(artifact)
+    plugin.run()
+    return plugin.artifact
+
diff --git a/omnibus-cli.py b/omnibus-cli.py
@@ -49,7 +49,7 @@
         'new', 'cat', 'open', 'source', 'artifacts', 'delete'
     ],
     'modules': [
-        'blockchain', 'clearbit', 'censys', 'csirtg', 'cymon',
+        'blockchain', 'clearbit', 'censys', 'csirtg', 'csirtg', 'cymon',
         'dnsresolve', 'geoip', 'fullcontact', 'hackedemails', 'he', 'hibp',
         'ipinfo', 'ipvoid', 'isc', 'keybase', 'machine', 'nmap', 'passivetotal',
         'pgp', 'rss', 'shodan', 'threatcrowd',
@@ -402,6 +402,12 @@ def do_csirtg(self, arg):
         pp_json(result)
 
 
+    def do_cybercure(self, arg):
+        """Check if IP intelligence exists at cybercure.ai"""
+        result = self.dispatch.submit(self.session, 'cybercure', arg)
+        pp_json(result)
+
+
     def do_cymon(self, arg):
         """Search Cymon for host """
         result = self.dispatch.submit(self.session, 'cymon', arg)