May-19-2022, 07:12 AM
ip=0 import html from imp import C_EXTENSION import pandas as pd from werkzeug import utils from asyncio import get_running_loop from calendar import c import datetime import secrets #from locale import ABDAY_1 #rom turtle import ht import csv from rauth import OAuth2Service from datetime import date import hashlib from codecs import namereplace_errors #from crypt import methods from math import sqrt from time import sleep import time,json2html #import token from unittest import loader from urllib import response import sqlalchemy,sqlite3 from flask_sqlalchemy import SQLAlchemy from distutils.cmd import Command from re import I, S from wtforms import Form, TextAreaField, validators, StringField, SubmitField import requests as R import requests as rq import falconpy,flask,json,requests from flask import Flask, request class t(): def __init__(self,id, indicator,type,created_date,last_valid_date): self.id=id self.indicator=indicator self.type=type #self.indic=y.recursive_indicator(indicator) self.created_date=datetime.datetime.fromtimestamp(created_date).strftime("%b %d %Y %H:%M:%S") self.last_valid_date=datetime.datetime.fromtimestamp(last_valid_date).strftime("%b %d %Y %H:%M:%S") class l(): def __init__(self,name,created_on,last_valid_on): self.name=name self.created_on=created_on self.last_valid_on=last_valid_on class y(): def __init__(self, id,recursive_indicator, indicator="",type="",deleted=False,published_date=0,last_updated=0,reports=[],actors=[], malware_families=[''],kill_chains=[''],ip_address_types=[],domain_types=[],malicious_confidence='',labels=[l('',time.time(),time.time())],relations=[]): self.id=id self.indicator=indicator self.type=type self.deleted=deleted self.published_date=datetime.datetime.fromtimestamp(published_date).strftime("%b %d %Y %H:%M:%S") self.last_updated=datetime.datetime.fromtimestamp(last_updated).strftime("%b %d %Y %H:%M:%S") self.reports=reports self.actors=actors self.recursive_indicator=recursive_indicator() self.relations=y(recursive_indicator(indicator,1)) def recursive_indicator(i,rec=2): # li.append(f"{i} is found") #ax=pd.DataFrame(data=i["relations"]) if rec>-1: if(i["relations"]==[]): return "" else: return (y(conn1(indic=indicator),rec=rec-1))) app = Flask(__name__) #import INDIC #class ReusableForm(Form): # indicator = TextAreaField('indicator:') # submit=SubmitField("send") li=[] import logging from functools import reduce try: from falconpy import Intel, __version__ as FALCONPY_VERSION except ImportError as no_falconpy: raise SystemExit( "The CrowdStrike FalconPy package must be installed to use this program." ) from no_falconpy current = FALCONPY_VERSION.split(".") requested = "0.9.0".split(".") if bool(float(f"{current[0]}.{current[1]}") < float(f"{requested[0]}.{requested[1]}")): raise SystemExit("This application requires FalconPy v0.9.0 or greater.") class IntelAPIClient: """This class provides the interface for the CrowdStrike Intel API.""" def __init__(self, client_id, client_secret, crowdstrike_url, api_request_max, use_ssl: bool = True): """Construct an instance of the IntelAPIClient class. :param client_id: CrowdStrike API Client ID :param client_secret: CrowdStrike API Client Secret :param crowdstrike_url: CrowdStrike Base URL / Base URL shortname :param api_request_max [int]: Maximum number of records to return per API request :param use_ssl [bool]: Enable SSL validation to the CrowdStrike Cloud (default: True) """ self.falcon = Intel(client_id=client_id, client_secret=client_secret, base_url=crowdstrike_url, ssl_verify=use_ssl) self.valid_report_types = ["csa", "csir", "csit", "csgt", "csia", "csmr", "csta", "cswr"] self.request_size_limit = api_request_max self._is_valid_report = lambda report: any(report.get('name') and report.get('name').lower().startswith(valid_type) for valid_type in self.valid_report_types) C=client_id intel=IntelAPIClient(client_id=C,client_secret=secret,crowdstrike_url="https://api.crowdstrike.com/",api_request_max=250000) last_indic=[""] def splitter(l,d): return str(l).split(d) #@app.route("/timer/<time>") J=json2html.Json2Html() #import zlib @app.route("/") def index(): return flask.redirect("/logon") @app.route("/indicators2/<i>") def ai(i): return conn1(i,i,i) @app.route("/indicators/<indic>/<i2>/<i3>",methods=["POST","GET"]) def conn1(indic,i2,i3): falcon = intel.falcon BODY = { "ids": [] } for i in str(indic).split(";"): BODY["ids"].append(i) for j in str(i2).split(";"): BODY["ids"].append(j) for k in str(i3).split(";"): BODY["ids"].append(i) b2={"ids":[]} if(len(BODY["ids"])<12): for bull in BODY["ids"]: bull=str(bull).lower() j12=False j13=False j14=False if(bull=='' or bull==None): bull=None b2["ids"].append(bull) else: az=bull[0] j12=(ord(az))>=ord('a') j13=(ord(az)<=ord('z')) u=bull.split(".") j14=(len(u)==2 or len(u)==3) if len(bull)==64: bull="hash_sha256_"+bull elif len(bull)==40: bull="hash_sha1_"+bull elif len(bull)==32: bull="hash_md5_"+bull elif len(bull.split("."))==4: bull="ip_address_"+bull elif (j12 and j13 and j14): bull="domain_"+bull b2["ids"].append(bull) else: BODY["ids"]=BODY["ids"][0:12] for bull in BODY["ids"]: bull=str(bull).lower() j12=False j13=False j14=False if(bull=='' or bull==None): bull=None b2["ids"].append(bull) else: az=bull[0] j12=(ord(az))>=ord('a') j13=(ord(az)<=ord('z')) u=bull.split(".") j14=(len(u)==2 or len(u)==3) if len(bull)==64: bull="hash_sha256_"+bull elif len(bull)==40: bull="hash_sha1_"+bull elif len(bull)==32: bull="hash_md5_"+bull elif len(bull.split("."))==4: bull="ip_address_"+bull elif (j12 and j13 and j14): bull="domain_"+bull b2["ids"].append(bull) #b2["ids"].append(a) x1q=[indic] response3 = falcon.get_indicator_entities(body=b2) r={} r1={} r=response3["body"]["resources"] if (len(r)<3): r1=response3["body"]["errors"] # TABLE.convert_object(response3) x=response3 rec=3 rel=[] lastu=0 l1=' secs' l2=" days" for i in r: ju=i["id"] from datetime import datetime # get current date myy = datetime.fromtimestamp(i["last_updated"]) color="gold" #jl=i["message"] # li.append(f"<h2 style='Background-color:{color}'>{ju} is found and last updated at {myy.strftime('%b %d %Y %H:%M:%S')}</h2>") j="" li2=[] #for i in r1: # ju=i["id"] # jl=i["message"] # li2.append(f"<h3>{ju} is {jl}</h3>") # J.clubbing=True q=[{"hash","last seen"}] ax=pd.array(data=y.recursive_indicator(y(response3),2),dtype=y) return f"<hr>{J.convert(ax)}<a href='/home'>return</a>" @app.route("/home") def home(): return flask.redirect("/") def dict2SemiColonSV(d): l=list(d.values()) scsv="" for i in l: scsv=f"{scsv}{i};" return scsv @app.route("/load/file",methods=["POST"]) def CSVR(): x52=[""] x166=[""] if request.method == 'POST': f = request.files['file'] f.save(utils.secure_filename(f.filename)) csr=pd.read_csv(utils.secure_filename(f.filename)) j=csr.to_dict()["value"] j=dict(j) x222=dict2SemiColonSV(j) t=f"/indicators/{x222}/{x222}/{x222}" return flask.redirect(t) def l(o): if len(o)==1 or type(o)==str: return 0 else: return len(o)-1 @app.route("/logon",methods =["GET"]) def LOGON(): X="""<script src="https://code.jquery.com/jquery-3.6.0.js" integrity="sha256-H+K7U5CnXl1h5ywQfKtSj8PCmoN9aaq30gDh27Xc0jk=" crossorigin="anonymous"></script> <a href="/indicators">list of indicators</a> <h3>indicators:</h3> <textarea type="textarea" rows="1" cols="64" name="indicator" id="indicator"></textarea ><bR> <textarea type="textarea" rows="1" cols="64" name="indicator2" id="indicator2"></textarea ><bR> <textarea type="textarea" rows="1" cols="64" name="indicator3" id="indicator3"></textarea ><bR> <button type="submit" onclick="myFunction()" >submit</button> <script> function myFunction() { X="http://"+window.location.host+"/indicators/"+$("#indicator").val()+"/"+$("#indicator2").val()+"/"+$("#indicator3").val(); window.location.replace(X); } </script><hr><hr><FORM enctype="multipart/form-data" action="/load/file" method="POST" >file <input type="file" id="file" name="file"> <input type="submit"> </FORM> """ return X @app.route("/batch") def b(): x="" return x def i1ter(i): t=[] for ix in i: t.append(ix) return (str(t)) app.run("0.0.0.0",8080)