Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into reviewfeeds_20191105
- Loading branch information
Showing
5 changed files
with
110 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
import logging | ||
from datetime import timedelta | ||
|
||
from core import Feed | ||
from core.errors import ObservableValidationError | ||
from core.observables import Ip | ||
from core.config.config import yeti_config | ||
|
||
|
||
class AbuseIPDB(Feed): | ||
default_values = { | ||
"frequency": timedelta(hours=5), | ||
"name": "AbuseIPDB", | ||
"source": "https://api.abuseipdb.com/api/v2/blacklist", | ||
"description": | ||
"Black List IP generated by AbuseIPDB", | ||
} | ||
|
||
def update(self): | ||
api_key = yeti_config.get('abuseIPDB', 'key') | ||
|
||
if api_key: | ||
self.source = "https://api.abuseipdb.com/api/v2/blacklist?&key=%s&plaintext&limit=10000" % (api_key) | ||
# change the limit rate if you subscribe to a paid plan | ||
for line in self.update_lines(): | ||
self.analyze(line) | ||
else: | ||
logging.error("Your abuseIPDB API key is not set in the yeti.conf file") | ||
|
||
def analyze(self, line): | ||
line = line.strip() | ||
|
||
ip = line | ||
|
||
context = {'source': self.name} | ||
|
||
try: | ||
ip = Ip.get_or_create(value=ip) | ||
ip.add_context(context) | ||
ip.add_source(self.name) | ||
ip.tag('abuseIPDB') | ||
except ObservableValidationError as e: | ||
raise logging.error(e) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
#!/usr/bin/env python | ||
"""This class will incorporate the PhishingDatabase feed into yeti.""" | ||
|
||
from datetime import timedelta | ||
import logging | ||
|
||
from core.observables import Url | ||
from core.feed import Feed | ||
from core.errors import ObservableValidationError | ||
|
||
class PhishingDatabase(Feed): | ||
"""This class will pull the PhishingDatabase feed from github on a 12 hour interval.""" | ||
|
||
default_values = { | ||
'frequency': timedelta(hours=12), | ||
'name': 'PhishingDatabase', | ||
'source': 'https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/master/phishing-links-NEW-today.txt', | ||
'description': | ||
'Phishing Domains, urls websites and threats database.' | ||
} | ||
|
||
def update(self): | ||
for url in self.update_lines(): | ||
self.analyze(url) | ||
|
||
def analyze(self, url): | ||
context = {'source': self.name} | ||
|
||
try: | ||
url = Url.get_or_create(value=url) | ||
url.add_context(context) | ||
url.add_source(self.name) | ||
url.tag(['phishing']) | ||
except ObservableValidationError as e: | ||
logging.error(e) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters