May-19-2022, 07:12 AM
ip=0
import html
from imp import C_EXTENSION
import pandas as pd
from werkzeug import utils
from asyncio import get_running_loop
from calendar import c
import datetime
import secrets
#from locale import ABDAY_1
#rom turtle import ht
import csv
from rauth import OAuth2Service
from datetime import date
import hashlib
from codecs import namereplace_errors
#from crypt import methods
from math import sqrt
from time import sleep
import time,json2html
#import token
from unittest import loader
from urllib import response
import sqlalchemy,sqlite3
from flask_sqlalchemy import SQLAlchemy
from distutils.cmd import Command
from re import I, S
from wtforms import Form, TextAreaField, validators, StringField, SubmitField
import requests as R
import requests as rq
import falconpy,flask,json,requests
from flask import Flask, request
class t():
def __init__(self,id, indicator,type,created_date,last_valid_date):
self.id=id
self.indicator=indicator
self.type=type
#self.indic=y.recursive_indicator(indicator)
self.created_date=datetime.datetime.fromtimestamp(created_date).strftime("%b %d %Y %H:%M:%S")
self.last_valid_date=datetime.datetime.fromtimestamp(last_valid_date).strftime("%b %d %Y %H:%M:%S")
class l():
def __init__(self,name,created_on,last_valid_on):
self.name=name
self.created_on=created_on
self.last_valid_on=last_valid_on
class y():
def __init__(self, id,recursive_indicator, indicator="",type="",deleted=False,published_date=0,last_updated=0,reports=[],actors=[],
malware_families=[''],kill_chains=[''],ip_address_types=[],domain_types=[],malicious_confidence='',labels=[l('',time.time(),time.time())],relations=[]):
self.id=id
self.indicator=indicator
self.type=type
self.deleted=deleted
self.published_date=datetime.datetime.fromtimestamp(published_date).strftime("%b %d %Y %H:%M:%S")
self.last_updated=datetime.datetime.fromtimestamp(last_updated).strftime("%b %d %Y %H:%M:%S")
self.reports=reports
self.actors=actors
self.recursive_indicator=recursive_indicator()
self.relations=y(recursive_indicator(indicator,1))
def recursive_indicator(i,rec=2):
# li.append(f"{i} is found")
#ax=pd.DataFrame(data=i["relations"])
if rec>-1:
if(i["relations"]==[]):
return ""
else:
return (y(conn1(indic=indicator),rec=rec-1)))
app = Flask(__name__)
#import INDIC
#class ReusableForm(Form):
# indicator = TextAreaField('indicator:')
# submit=SubmitField("send")
li=[]
import logging
from functools import reduce
try:
from falconpy import Intel, __version__ as FALCONPY_VERSION
except ImportError as no_falconpy:
raise SystemExit(
"The CrowdStrike FalconPy package must be installed to use this program."
) from no_falconpy
current = FALCONPY_VERSION.split(".")
requested = "0.9.0".split(".")
if bool(float(f"{current[0]}.{current[1]}") < float(f"{requested[0]}.{requested[1]}")):
raise SystemExit("This application requires FalconPy v0.9.0 or greater.")
class IntelAPIClient:
"""This class provides the interface for the CrowdStrike Intel API."""
def __init__(self, client_id, client_secret, crowdstrike_url, api_request_max, use_ssl: bool = True):
"""Construct an instance of the IntelAPIClient class.
:param client_id: CrowdStrike API Client ID
:param client_secret: CrowdStrike API Client Secret
:param crowdstrike_url: CrowdStrike Base URL / Base URL shortname
:param api_request_max [int]: Maximum number of records to return per API request
:param use_ssl [bool]: Enable SSL validation to the CrowdStrike Cloud (default: True)
"""
self.falcon = Intel(client_id=client_id, client_secret=client_secret, base_url=crowdstrike_url, ssl_verify=use_ssl)
self.valid_report_types = ["csa", "csir", "csit", "csgt", "csia", "csmr", "csta", "cswr"]
self.request_size_limit = api_request_max
self._is_valid_report = lambda report: any(report.get('name') and report.get('name').lower().startswith(valid_type)
for valid_type in self.valid_report_types)
C=client_id
intel=IntelAPIClient(client_id=C,client_secret=secret,crowdstrike_url="https://api.crowdstrike.com/",api_request_max=250000)
last_indic=[""]
def splitter(l,d):
return str(l).split(d)
#@app.route("/timer/<time>")
J=json2html.Json2Html()
#import zlib
@app.route("/")
def index():
return flask.redirect("/logon")
@app.route("/indicators2/<i>")
def ai(i):
return conn1(i,i,i)
@app.route("/indicators/<indic>/<i2>/<i3>",methods=["POST","GET"])
def conn1(indic,i2,i3):
falcon = intel.falcon
BODY = {
"ids": []
}
for i in str(indic).split(";"):
BODY["ids"].append(i)
for j in str(i2).split(";"):
BODY["ids"].append(j)
for k in str(i3).split(";"):
BODY["ids"].append(i)
b2={"ids":[]}
if(len(BODY["ids"])<12):
for bull in BODY["ids"]:
bull=str(bull).lower()
j12=False
j13=False
j14=False
if(bull=='' or bull==None):
bull=None
b2["ids"].append(bull)
else:
az=bull[0]
j12=(ord(az))>=ord('a')
j13=(ord(az)<=ord('z'))
u=bull.split(".")
j14=(len(u)==2 or len(u)==3)
if len(bull)==64:
bull="hash_sha256_"+bull
elif len(bull)==40:
bull="hash_sha1_"+bull
elif len(bull)==32:
bull="hash_md5_"+bull
elif len(bull.split("."))==4:
bull="ip_address_"+bull
elif (j12 and j13 and j14):
bull="domain_"+bull
b2["ids"].append(bull)
else:
BODY["ids"]=BODY["ids"][0:12]
for bull in BODY["ids"]:
bull=str(bull).lower()
j12=False
j13=False
j14=False
if(bull=='' or bull==None):
bull=None
b2["ids"].append(bull)
else:
az=bull[0]
j12=(ord(az))>=ord('a')
j13=(ord(az)<=ord('z'))
u=bull.split(".")
j14=(len(u)==2 or len(u)==3)
if len(bull)==64:
bull="hash_sha256_"+bull
elif len(bull)==40:
bull="hash_sha1_"+bull
elif len(bull)==32:
bull="hash_md5_"+bull
elif len(bull.split("."))==4:
bull="ip_address_"+bull
elif (j12 and j13 and j14):
bull="domain_"+bull
b2["ids"].append(bull)
#b2["ids"].append(a)
x1q=[indic]
response3 = falcon.get_indicator_entities(body=b2)
r={}
r1={}
r=response3["body"]["resources"]
if (len(r)<3):
r1=response3["body"]["errors"]
# TABLE.convert_object(response3)
x=response3
rec=3
rel=[]
lastu=0
l1=' secs'
l2=" days"
for i in r:
ju=i["id"]
from datetime import datetime
# get current date
myy = datetime.fromtimestamp(i["last_updated"])
color="gold"
#jl=i["message"]
# li.append(f"<h2 style='Background-color:{color}'>{ju} is found and last updated at {myy.strftime('%b %d %Y %H:%M:%S')}</h2>")
j=""
li2=[]
#for i in r1:
# ju=i["id"]
# jl=i["message"]
# li2.append(f"<h3>{ju} is {jl}</h3>")
# J.clubbing=True
q=[{"hash","last seen"}]
ax=pd.array(data=y.recursive_indicator(y(response3),2),dtype=y)
return f"<hr>{J.convert(ax)}<a href='/home'>return</a>"
@app.route("/home")
def home():
return flask.redirect("/")
def dict2SemiColonSV(d):
l=list(d.values())
scsv=""
for i in l:
scsv=f"{scsv}{i};"
return scsv
@app.route("/load/file",methods=["POST"])
def CSVR():
x52=[""]
x166=[""]
if request.method == 'POST':
f = request.files['file']
f.save(utils.secure_filename(f.filename))
csr=pd.read_csv(utils.secure_filename(f.filename))
j=csr.to_dict()["value"]
j=dict(j)
x222=dict2SemiColonSV(j)
t=f"/indicators/{x222}/{x222}/{x222}"
return flask.redirect(t)
def l(o):
if len(o)==1 or type(o)==str:
return 0
else:
return len(o)-1
@app.route("/logon",methods =["GET"])
def LOGON():
X="""<script src="https://code.jquery.com/jquery-3.6.0.js" integrity="sha256-H+K7U5CnXl1h5ywQfKtSj8PCmoN9aaq30gDh27Xc0jk=" crossorigin="anonymous"></script>
<a href="/indicators">list of indicators</a>
<h3>indicators:</h3>
<textarea type="textarea" rows="1" cols="64" name="indicator" id="indicator"></textarea ><bR>
<textarea type="textarea" rows="1" cols="64" name="indicator2" id="indicator2"></textarea ><bR>
<textarea type="textarea" rows="1" cols="64" name="indicator3" id="indicator3"></textarea ><bR>
<button type="submit" onclick="myFunction()" >submit</button>
<script>
function myFunction() {
X="http://"+window.location.host+"/indicators/"+$("#indicator").val()+"/"+$("#indicator2").val()+"/"+$("#indicator3").val();
window.location.replace(X);
}
</script><hr><hr><FORM enctype="multipart/form-data" action="/load/file" method="POST" >file
<input type="file" id="file" name="file">
<input type="submit">
</FORM>
"""
return X
@app.route("/batch")
def b():
x=""
return x
def i1ter(i):
t=[]
for ix in i:
t.append(ix)
return (str(t))
app.run("0.0.0.0",8080)
