Skip to content
Plugin source code for the InsightConnect SOAR product, developer documentation at komand.github.io/python/start.html
Python Makefile Dockerfile Other
Branch: master
Clone or download
jschipp-r7 Merge pull request #100 from rapid7/whois
WHOIS: Upgrade komand/python-whois and SDK version
Latest commit 99d6230 Nov 15, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Repository CI (#47) Oct 11, 2019
abuseipdb sync repos (#80) Nov 4, 2019
active_directory_ldap Punctuation changes in help.md Nov 8, 2019
advanced_regex sync repos (#80) Nov 4, 2019
anomali_threatstream sync repos (#80) Nov 4, 2019
att_cybersecurity_alienvault_otx sync repos (#80) Nov 4, 2019
awk sync repos (#80) Nov 4, 2019
aws_securityhub sync repos (#80) Nov 4, 2019
aws_workspaces sync repos (#80) Nov 4, 2019
azure_ad_admin sync repos (#80) Nov 4, 2019
azure_compute
barracuda_waf sync repos (#80) Nov 4, 2019
base64 sync repos (#80) Nov 4, 2019
basename sync repos (#80) Nov 4, 2019
bhr sync repos (#80) Nov 4, 2019
bitbucket sync repos (#80) Nov 4, 2019
blockade sync repos (#80) Nov 4, 2019
bluecoat_labs sync repos (#80) Nov 4, 2019
bmc_remedy_itsm
box sync repos (#80) Nov 4, 2019
carbon_black_defense sync repos (#80) Nov 4, 2019
carbon_black_live_response sync repos (#80) Nov 4, 2019
carbon_black_protection sync repos (#80) Nov 4, 2019
carbon_black_response sync repos (#80) Nov 4, 2019
cef sync repos (#80) Nov 4, 2019
chaosreader sync repos (#80) Nov 4, 2019
chardet sync repos (#80) Nov 4, 2019
checkdmarc sync repos (#80) Nov 4, 2019
checkmarx_cxsast sync repos (#80) Nov 4, 2019
checkpoint_sand_blast
cherwell sync repos (#80) Nov 4, 2019
cif sync repos (#80) Nov 4, 2019
cisco_cloudlock sync repos (#80) Nov 4, 2019
cisco_firepower sync repos (#80) Nov 4, 2019
cisco_firepower_management_center
cisco_ise
cisco_threatgrid sync repos (#80) Nov 4, 2019
cisco_umbrella_enforcement sync repos (#80) Nov 4, 2019
cisco_umbrella_investigate sync repos (#80) Nov 4, 2019
cloudshark sync repos (#80) Nov 4, 2019
compression sync repos (#80) Nov 4, 2019
confluence sync repos (#80) Nov 4, 2019
cortex sync repos (#80) Nov 4, 2019
cortex_v2 sync repos (#80) Nov 4, 2019
craigslist sync repos (#80) Nov 4, 2019
crits sync repos (#80) Nov 4, 2019
csv sync repos (#80) Nov 4, 2019
cuckoo sync repos (#80) Nov 4, 2019
cymon sync repos (#80) Nov 4, 2019
cymon_v2 sync repos (#80) Nov 4, 2019
datadog sync repos (#80) Nov 4, 2019
datetime sync repos (#80) Nov 4, 2019
diff sync repos (#80) Nov 4, 2019
dig sync repos (#80) Nov 4, 2019
digitalocean sync repos (#80) Nov 4, 2019
dirname sync repos (#80) Nov 4, 2019
docker_engine sync repos (#80) Nov 4, 2019
domaintools sync repos (#80) Nov 4, 2019
dumbno sync repos (#80) Nov 4, 2019
duo_admin sync repos (#80) Nov 4, 2019
duo_auth sync repos (#80) Nov 4, 2019
dynamodb sync repos (#80) Nov 4, 2019
ec2_investigations sync repos (#80) Nov 4, 2019
echotrail sync repos (#80) Nov 4, 2019
elastalert sync repos (#80) Nov 4, 2019
elasticsearch sync repos (#80) Nov 4, 2019
eml sync repos (#80) Nov 4, 2019
facebook_threat_exchange sync repos (#80) Nov 4, 2019
finger sync repos (#80) Nov 4, 2019
fireeye_hx sync repos (#80) Nov 4, 2019
foremost sync repos (#80) Nov 4, 2019
freegeoip Add space to force change (#99) Nov 12, 2019
freeipa sync repos (#80) Nov 4, 2019
ftp sync repos (#80) Nov 4, 2019
geoip2precision sync repos (#80) Nov 4, 2019
get_url sync repos (#80) Nov 4, 2019
git sync repos (#80) Nov 4, 2019
github sync repos (#80) Nov 4, 2019
github_enterprise sync repos (#80) Nov 4, 2019
gitlab sync repos (#80) Nov 4, 2019
google_admin sync repos (#80) Nov 4, 2019
google_cloud_compute sync repos (#80) Nov 4, 2019
google_cloud_pub_sub sync repos (#80) Nov 4, 2019
google_directory sync repos (#80) Nov 4, 2019
google_docs sync repos (#80) Nov 4, 2019
google_drive sync repos (#80) Nov 4, 2019
google_safe_browsing sync repos (#80) Nov 4, 2019
google_search sync repos (#80) Nov 4, 2019
google_sheets sync repos (#80) Nov 4, 2019
google_web_risk sync repos (#80) Nov 4, 2019
grafana sync repos (#80) Nov 4, 2019
graphite sync repos (#80) Nov 4, 2019
grep sync repos (#80) Nov 4, 2019
grr sync repos (#80) Nov 4, 2019
hashit sync repos (#80) Nov 4, 2019
haveibeenpwned sync repos (#80) Nov 4, 2019
hipchat sync repos (#80) Nov 4, 2019
hippocampe sync repos (#80) Nov 4, 2019
html docker updates, regenerate Nov 8, 2019
hybrid_analysis sync repos (#80) Nov 4, 2019
ibm_resilient_incident sync repos (#80) Nov 4, 2019
ifconfig_co sync repos (#80) Nov 4, 2019
imgs Initial commit Jun 5, 2019
imperva_securesphere sync repos (#80) Nov 4, 2019
influxdb sync repos (#80) Nov 4, 2019
infoblox sync repos (#80) Nov 4, 2019
ipify sync repos (#80) Nov 4, 2019
ipinfo sync repos (#80) Nov 4, 2019
ipintel sync repos (#80) Nov 4, 2019
ipstack sync repos (#80) Nov 4, 2019
jamf sync repos (#80) Nov 4, 2019
jenkins sync repos (#80) Nov 4, 2019
jira Sync repos (#82) Nov 4, 2019
joe_sandbox sync repos (#80) Nov 4, 2019
jq sync repos (#80) Nov 4, 2019
json_edit sync repos (#80) Nov 4, 2019
kintone sync repos (#80) Nov 4, 2019
kolide sync repos (#80) Nov 4, 2019
komand sync repos (#80) Nov 4, 2019
lastpass_enterprise
logstash sync repos (#80) Nov 4, 2019
malwareconfig sync repos (#80) Nov 4, 2019
markdown sync repos (#80) Nov 4, 2019
math sync repos (#80) Nov 4, 2019
matplotlib sync repos (#80) Nov 4, 2019
mcafee_epo sync repos (#80) Nov 4, 2019
mcafee_esm sync repos (#80) Nov 4, 2019
microsoft_atp Initial commit Jun 5, 2019
microsoft_atp_safe_links sync repos (#80) Nov 4, 2019
microsoft_teams done Nov 11, 2019
mimecast sync repos (#80) Nov 4, 2019
minfraud sync repos (#80) Nov 4, 2019
misp sync repos (#80) Nov 4, 2019
mxtoolbox_dns sync repos (#80) Nov 4, 2019
netmiko sync repos (#80) Nov 4, 2019
networktotal sync repos (#80) Nov 4, 2019
newrelic sync repos (#80) Nov 4, 2019
nmap sync repos (#80) Nov 4, 2019
office365_admin sync repos (#80) Nov 4, 2019
okta sync repos (#80) Nov 4, 2019
opendxl sync repos (#80) Nov 4, 2019
openphish sync repos (#80) Nov 4, 2019
openvas sync repos (#80) Nov 4, 2019
ossec sync repos (#80) Nov 4, 2019
otrs sync repos (#80) Nov 4, 2019
p0f sync repos (#80) Nov 4, 2019
pagerduty sync repos (#80) Nov 4, 2019
palo_alto_pan_os sync repos (#80) Nov 4, 2019
paloalto_wildfire sync repos (#80) Nov 4, 2019
passivetotal sync repos (#80) Nov 4, 2019
pastebin
pdf_generator sync repos (#80) Nov 4, 2019
pdf_reader sync repos (#80) Nov 4, 2019
phabricator sync repos (#80) Nov 4, 2019
phishtank sync repos (#80) Nov 4, 2019
ping update help.md Nov 7, 2019
port_knocking sync repos (#80) Nov 4, 2019
powershell sync repos (#80) Nov 4, 2019
presto sync repos (#80) Nov 4, 2019
proofpoint_tap sync repos (#80) Nov 4, 2019
proofpoint_url_defense sync repos (#80) Nov 4, 2019
pushover sync repos (#80) Nov 4, 2019
python_2_script sync repos (#80) Nov 4, 2019
python_3_script sync repos (#80) Nov 4, 2019
qradar sync repos (#80) Nov 4, 2019
qualys_ssl sync repos (#80) Nov 4, 2019
rapid7_insightappsec sync repos (#80) Nov 4, 2019
rapid7_insightidr sync repos (#80) Nov 4, 2019
rapid7_insightops sync repos (#80) Nov 4, 2019
rapid7_insightvm Sync (#83) Nov 5, 2019
rapid7_metasploit sync repos (#80) Nov 4, 2019
rapid7_tcell sync repos (#80) Nov 4, 2019
rapid7_vulndb sync repos (#80) Nov 4, 2019
recorded_future sync repos (#80) Nov 4, 2019
red_canary sync repos (#80) Nov 4, 2019
redhat_advisory sync repos (#80) Nov 4, 2019
redis sync repos (#80) Nov 4, 2019
request_tracker sync repos (#80) Nov 4, 2019
rest sync repos (#80) Nov 4, 2019
rpm sync repos (#80) Nov 4, 2019
rss sync repos (#80) Nov 4, 2019
salesforce sync repos (#80) Nov 4, 2019
samanage sync repos (#80) Nov 4, 2019
screenshot_machine sync repos (#80) Nov 4, 2019
sed sync repos (#80) Nov 4, 2019
sentinelone sync repos (#80) Nov 4, 2019
sentry sync repos (#80) Nov 4, 2019
shattered sync repos (#80) Nov 4, 2019
shodan sync repos (#80) Nov 4, 2019
sketchify sync repos (#80) Nov 4, 2019
sleep sync repos (#80) Nov 4, 2019
smb sync repos (#80) Nov 4, 2019
smtp sync repos (#80) Nov 4, 2019
snortlabslist sync repos (#80) Nov 4, 2019
sophos_xg_firewall sync repos (#80) Nov 4, 2019
splunk sync repos (#80) Nov 4, 2019
sql sync repos (#80) Nov 4, 2019
sqlmap sync repos (#80) Nov 4, 2019
ssh Sync (#83) Nov 5, 2019
statsd sync repos (#80) Nov 4, 2019
storage sync repos (#80) Nov 4, 2019
string requiring output Nov 12, 2019
subnet sync repos (#80) Nov 4, 2019
sumologic sync repos (#80) Nov 4, 2019
symantec_bcs sync repos (#80) Nov 4, 2019
syslog_forwarder sync repos (#80) Nov 4, 2019
tcpdump sync repos (#80) Nov 4, 2019
tcpxtract sync repos (#80) Nov 4, 2019
tenable_io sync repos (#80) Nov 4, 2019
tenable_nessus sync repos (#80) Nov 4, 2019
thehive sync repos (#80) Nov 4, 2019
threat_connect sync repos (#80) Nov 4, 2019
threatminer sync repos (#80) Nov 4, 2019
threatq sync repos (#80) Nov 4, 2019
threatstack sync repos (#80) Nov 4, 2019
tools Remove redundant sudo commands Aug 27, 2019
tr sync repos (#80) Nov 4, 2019
traceroute sync repos (#80) Nov 4, 2019
trello sync repos (#80) Nov 4, 2019
trufflehog sync repos (#80) Nov 4, 2019
try_bro sync repos (#80) Nov 4, 2019
tshark sync repos (#80) Nov 4, 2019
tsv sync repos (#80) Nov 4, 2019
twilio sync repos (#80) Nov 4, 2019
twitter sync repos (#80) Nov 4, 2019
typo_squatter sync repos (#80) Nov 4, 2019
uniq sync repos (#80) Nov 4, 2019
unshorten sync repos (#80) Nov 4, 2019
url_expander sync repos (#80) Nov 4, 2019
urlscan sync repos (#80) Nov 4, 2019
viper sync repos (#80) Nov 4, 2019
virustotal_yara sync repos (#80) Nov 4, 2019
vmray sync repos (#80) Nov 4, 2019
vxstream_sandbox sync repos (#80) Nov 4, 2019
wazuh_ossec sync repos (#80) Nov 4, 2019
whois Upgrade komand/python-whois and SDK Nov 14, 2019
wigle sync repos (#80) Nov 4, 2019
wordpress sync repos (#80) Nov 4, 2019
zendesk sync repos (#80) Nov 4, 2019
zenhub sync repos (#80) Nov 4, 2019
zeus_tracker sync repos (#80) Nov 4, 2019
.gitignore Add new packages and .output to .gitignore Sep 24, 2019
CODE_OF_CONDUCT.md Update placement of right to modify document Jun 10, 2019
CONTRIBUTING.md Remove mailing list: we can't make it public according to IT Sep 7, 2019
LICENSE Initial commit Jun 5, 2019
README.md Improve sentence Nov 6, 2019
test.json Freegeoip test (#67) Nov 1, 2019

README.md

InsightConnect Plugins

We made a large number of our plugins open-source in order to benefit our customers, partners, and the greater community.

The integrations here include some new, some old, and many that are community supported. These are automatically released to the product marketplace from this repository for convenient orchestration. The full list of integrations is available on our Marketplace.

For general questions and requests, reach out to us at IntegrationAlliance@rapid7.com.

Table of Contents

  1. Getting Started
  2. Example
  3. Plugin Support
  4. Contributing

Getting Started

You can run and develop plugins from the command-line and then orchestrate them via InsightConnect or legacy Komand.

Plugins are stand-alone REST services that run within Docker containers. You can interact with them over HTTP via the REST service endpoints or stdin/stdout of the running container's process.

See our developer documentation to learn how to build a plugin using our Python SDK. To learn more about a specific plugin, see the documentation in every plugin's help.md file.

Dependencies:

For a quick & easy way to install tooling dependencies, run update-tools.sh from the tools/ directory in this repository!

Example

Make Menu

Let's build and run a plugin from this repository.

We'll use the Dig plugin as an example. Dig is a command-line network utility for DNS.

$ cd dig
$ make
[*] Use ``make menu`` for available targets
[*] Including available Makefiles: ../tools/Makefiles/Colors.mk ../tools/Makefiles/Helpers.mk
--
[*] Building plugin image
docker build --pull -t rapid7/dig:1.0.1 .
Sending build context to Docker daemon  208.9kB
Step 1/14 : FROM komand/python-3-37-slim-plugin:3
2: Pulling from komand/python-3-37-slim-plugin
Digest: sha256:74c67981efc06a27c0e650bc0bc3a681c87bc193869a3316945480c26371f7f4
Status: Image is up to date for komand/python-3-37-slim-plugin:3
...

Now, let's create the runner script and then run the plugin:

$ make runner
[*] Use ``make menu`` for available targets
[*] Including available Makefiles: ../tools/Makefiles/Colors.mk ../tools/Makefiles/Helpers.mk
--
[*] Creating link to run.sh |

$ ./run.sh -R tests/search_by_domain.json -j

Running: cat tests/forward.json | docker run --rm   -i rapid7/dig:1.0.1  run | grep -- ^\{ | jq -r '.body | try(.log | split("\n") | .[]),.output'
rapid7/Dig:1.0.1. Step name: forward
Executing command /usr/bin/dig google.com A

{
  "status": "NOERROR",
  "fulloutput": "\n; <<>> DiG 9.12.3 <<>> google.com A\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52959\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0\n\n;; QUESTION SECTION:\n;google.com.\t\t\tIN\tA\n\n;; ANSWER SECTION:\ngoogle.com.\t\t162\tIN\tA\t172.217.12.174\n\n;; Query time: 62 msec\n;; SERVER: 192.168.65.1#53(192.168.65.1)\n;; WHEN: Thu Apr 18 17:06:37 UTC 2019\n;; MSG SIZE  rcvd: 44\n\n",
  "question": "google.com",
  "all_answers": [
    "172.217.12.174"
  ],
  "last_answer": "172.217.12.174",
  "answer": "172.217.12.174",
  "nameserver": "192.168.65.1"
}

You can also run the plugin container in the background as a REST server:

$ ./run.sh -c http
Forwarding to port 10001
Running:  docker run --rm  -d  -p 10001:10001 -i rapid7/dig:1.0.1  http
d719d45e9238d407010e656209f11b30674c2a3dd39225e232685737b111cc2d

Let's run the equivalent of the previous example but with a web request:

$ curl -d @tests/forward.json http://127.0.0.1:10001/actions/forward
{
  "body": {
    "log": "rapid7/Dig:1.0.1. Step name: forward\nExecuting command /usr/bin/dig google.com A\n",
    "meta": {},
    "output": {
      "all_answers": [
        "172.217.9.78"
      ],
      "answer": "172.217.9.78",
      "fulloutput": "\n; <<>> DiG 9.12.3-P4 <<>> google.com A\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59113\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0\n\n;; QUESTION SECTION:\n;google.com.\t\t\tIN\tA\n\n;; ANSWER SECTION:\ngoogle.com.\t\t162\tIN\tA\t172.217.9.78\n\n;; Query time: 46 msec\n;; SERVER: 192.168.65.1#53(192.168.65.1)\n;; WHEN: Fri Apr 19 16:45:20 UTC 2019\n;; MSG SIZE  rcvd: 44\n\n",
      "last_answer": "172.217.9.78",
      "nameserver": "192.168.65.1",
      "question": "google.com",
      "status": "NOERROR"
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

You can generate sample JSON to use to test your plugin with the runner run.sh:

$ ./run.sh -c sample
Actions: [forward reverse]
Triggers: []
Sample requires sample name e.g. ``./run.sh -c sample <name>''

$ ./run.sh -c sample forward
Running:  docker run --rm   -i rapid7/dig:1.0.1  sample forward | jq '.'
{
  "body": {
    "action": "forward",
    "input": {
      "query": "A",
      "domain": "",
      "resolver": ""
    },
    "connection": null,
    "meta": {}
  },
  "version": "v1",
  "type": "action_start"
}

You can also generate all samples for a plugin with this shorthand: ./run.sh -c samples

Plugin Support

The status key in a plugin's plugin.spec.yaml file indicates which plugins are officially supported by Rapid7 developers (rapid7) and which ones are supported by our ecosystem of external developers or by Rapid7 as best-effort (community).

$ grep '^support:' microsoft_teams/plugin.spec.yaml
support: community

Contributing

See our contributing guide.

You can’t perform that action at this time.