-
Notifications
You must be signed in to change notification settings - Fork 26
/
viper_xforce_module.py
59 lines (51 loc) · 1.99 KB
/
viper_xforce_module.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# This file is part of Viper - https://github.com/viper-framework/viper
# Ahhh xforce integration
import os
import requests
import json
import base64
from viper.common.out import cyan
from viper.common.abstracts import Module
from viper.core.session import __sessions__
from viper.core.config import Config
cfg = Config()
class xforce(Module):
cmd = 'xforce'
description = 'checks xforce for intel on the IOC'
authors = ['ahhh', 'Dan Borges']
def __init__(self):
super(xforce, self).__init__()
def run(self):
super(xforce, self).run()
# Get our keys
self.key = cfg.xforce.xforce_key
if self.key is None:
self.log('error', 'This command requires you configure your key and password in the conf file')
return
self.password = cfg.xforce.xforce_password
if self.password is None:
self.log('error', 'This command requires you configure your key and password in the conf file')
return
# Check our session
if not __sessions__.is_set():
self.log('error', "No open session")
return
# Get our md5
if os.path.exists(__sessions__.current.file.path):
filehash = __sessions__.current.file.md5
# Query xforce
try:
url = "https://api.xforce.ibmcloud.com/malware/" + filehash
token = base64.b64encode(self.key + ":" + self.password)
headers = {'Authorization': "Basic " + token, 'Accept': 'application/json'}
response = requests.get(url, params='', headers=headers, timeout=20)
all_json = response.json()
results = json.dumps(all_json, indent=4, sort_keys=True)
self.log('info', 'XForce Results: %s' % (results))
return
except:
self.log('error', 'Issues calling XForce')
return
else:
self.log('error', 'No file found')
return