Skip to content

Commit

Permalink
Changing over to use configparser
Browse files Browse the repository at this point in the history 
Allowing for both a file to be provided and cmd line arguments which will either
create or overwrite the configfile provided.

Working on #10
  • Loading branch information
@SHolzhauer
SHolzhauer committed Mar 13, 2021
1 parent fae61b8 commit 873aa62
Show file tree
Hide file tree
Showing 9 changed files with 205 additions and 80 deletions.
54 changes: 54 additions & 0 deletions examples/conffile.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
[Elasticsearch]
hosts=hostname1.com,hostname2.com
port=9200
username=ll
password=ll
setup_index=True
use_tls=True
cacert="/path/to/cert"
tls_verify=True
index="elastic-tip"

[URLhaus]
enabled=True

[MalwareBazaar]
enabled=True

[FeodoTracker]
enabled=True

[SSLBlacklist]
enabled=True

[EmergingThreats-Blocklist]
enabled=True

[ESET-MalwareIOC]
enabled=True

[AbuseIPdb]
enabled=True
apikey=
confidenceminimum=90

[Spamhaus-Drop]
enabled=True

[Spamhaus-ExtendedDrop]
enabled=True

[Spamhaus-IPv6Drop]
enabled=True

[Botvrij-filenames]
enabled=True

[Botvrij-domains]
enabled=True

[Botvrij-destinations]
enabled=True

[Botvrij-urls]
enabled=True
12 changes: 8 additions & 4 deletions tip/abuse_bazaar.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,12 @@

class URLhaus:

def __init__(self):
def __init__(self, conf=None):
self._raw_threat_intel = None
self.intel = []
self._retrieved = None
self._feed_url = "https://urlhaus.abuse.ch/downloads/csv_recent/"
self.conf = conf

def run(self):
self._download()
Expand Down Expand Up @@ -50,11 +51,12 @@ def _parse(self):

class MalwareBazaar:

def __init__(self):
def __init__(self, conf=None):
self._raw_threat_intel = None
self.intel = []
self._retrieved = None
self._feed_url = "https://bazaar.abuse.ch/export/csv/recent/"
self.conf = conf

def run(self):
self._download()
Expand Down Expand Up @@ -95,11 +97,12 @@ def _parse(self):

class FeodoTracker:

def __init__(self):
def __init__(self, conf=None):
self._raw_threat_intel = None
self.intel = []
self._retrieved = None
self._feed_url = "https://feodotracker.abuse.ch/downloads/ipblocklist.csv"
self.conf = conf

def run(self):
self._download()
Expand Down Expand Up @@ -141,11 +144,12 @@ def _parse(self):

class SSLBlacklist:

def __init__(self):
def __init__(self, conf=None):
self._raw_threat_intel = None
self.intel = []
self._retrieved = None
self._feed_url = "https://sslbl.abuse.ch/blacklist/sslblacklist.csv"
self.conf = conf

def run(self):
self._download()
Expand Down
7 changes: 4 additions & 3 deletions tip/abuseipdb.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,13 @@

class AbuseIPDB:

def __init__(self):
def __init__(self, conf=None):
self.intel = []
self._retrieved = None
self._feed_url = "https://api.abuseipdb.com/api/v2/blacklist"
self.confidenceminimum = '90'
self.key = None
self._conf = conf
self.confidenceminimum = self._conf["AbuseIPdb"].getint("confidenceminimum")
self.key = self._conf["AbuseIPdb"].getint("apikey")
self._raw_threat_intel = {
"data": []
}
Expand Down
12 changes: 8 additions & 4 deletions tip/botvrij.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,13 @@

class BotvrijFileNames:

def __init__(self):
def __init__(self, conf=None):
self.intel = []
self._retrieved = None
self._feed_url = "https://botvrij.eu/data/ioclist.filename.raw"
self.key = None
self._raw_threat_intel = ""
self.conf = conf

def run(self):
self._download()
Expand Down Expand Up @@ -51,12 +52,13 @@ def _parse(self):

class BotvrijDomains:

def __init__(self):
def __init__(self, conf=None):
self.intel = []
self._retrieved = None
self._feed_url = "https://botvrij.eu/data/ioclist.domain.raw"
self.key = None
self._raw_threat_intel = ""
self.conf = conf

def run(self):
self._download()
Expand Down Expand Up @@ -95,12 +97,13 @@ def _parse(self):

class BotvrijDstIP:

def __init__(self):
def __init__(self, conf=None):
self.intel = []
self._retrieved = None
self._feed_url = "https://botvrij.eu/data/ioclist.ip-dst.raw"
self.key = None
self._raw_threat_intel = ""
self.conf = conf

def run(self):
self._download()
Expand Down Expand Up @@ -139,12 +142,13 @@ def _parse(self):

class BotvrijUrl:

def __init__(self):
def __init__(self, conf=None):
self.intel = []
self._retrieved = None
self._feed_url = "https://botvrij.eu/data/ioclist.url.raw"
self.key = None
self._raw_threat_intel = ""
self.conf = conf

def run(self):
self._download()
Expand Down
Loading

0 comments on commit 873aa62

Please sign in to comment.