9b

#!/usr/bin/python

def poorMansConvert(di, inPath, outType, outPath):
  from apiclient.http import MediaFileUpload

	valid_output = [
		'text/html','text/plain','application/rtf','application/vnd.oasis.opendocument.text',\
		'application/pdf','application/vnd.openxmlformats-officedocument.wordprocessingml.document',\
		'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet','application/x-vnd.oasis.opendocument.spreadsheet',\
		'image/jpeg','image/png','image/svg+xml','application/vnd.openxmlformats-officedocument.presentationml.presentation'	

9b

"""Extract MITRE ATT&CK techniques into a file."""
import bs4 as bs
import requests

root_url = "https://attack.mitre.org"
file_name = "mitre.txt"


def get_urls():
    """Get MITRE ATT&CK URLs for processing."""

9b

Descriptor:
  Name: BlockadeIoService
  DisplayName: Blockade.io
  Description: Skills for blocking suspicious and malicious indicators using blockade.io

SkillGroups:
  - Format: API
    Settings:
      OpenApiSpecUrl: https://gist.githubusercontent.com/9b/f3f3e4d831bddcf0ab3f8a32b471893b/raw/b40421aa882e556794d4305dea50bd7f9acc1188/blockadeio.yaml

9b

openapi: 3.0.1

info:
    title: Blockade.io
    description: Block suspicious and malicious indicators in participating browsers
    version: "v1"

servers:
    - url: https://api.blockade.io/

9b

import ast
import datetime
import json
import sys
import requests
import urllib
from tabulate import tabulate

url = "https://www.whatruns.com/api/v1/get_site_apps"
data = {"data": {"hostname": sys.argv[1], "url": sys.argv[1],

9b

google.com,"v=spf1 include:_spf.google.com ~all"
youtube.com,"google-site-verification=OQz60vR-YapmaVrafWCALpPyA8eKJKssRhfIrzM-DJI"
youtube.com,"v=spf1 include:google.com mx -all"
facebook.com,"v=spf1 redirect=_spf.facebook.com"
baidu.com,"google-site-verification=GHb98-6msqyx_qqjGl5eRatD3QTHyVB6-xQ3gJB5UwM"
baidu.com,"v=spf1 include:spf1.baidu.com include:spf2.baidu.com include:spf3.baidu.com a mx ptr -all"
yahoo.com,"v=spf1 redirect=_spf.mail.yahoo.com"
wikipedia.org,"google-site-verification=AMHkgs-4ViEvIJf5znZle-BSE2EPNFqM1nDJGRyn2qk"
wikipedia.org,"v=spf1 include:wikimedia.org ?all"
amazon.com,"v=spf1 include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com -all"

9b

import requests, json, logging, sys

class PassiveTotal:
	def __init__(self, apikey):
		
		self.__apikey = apikey
		
		self.__classifications = [ 'targeted', 'crime', 'benign', 'multiple' ]
		self.__actions = [ 'add', 'remove' ]
		

9b

Modify the script to include your username and API key. 

Create a virtualenv to keep your space clean:

    $ virtualenv -p python3 venv3

Activate it:

    $ source venv3/bin/activate
    

9b

import base64
import sys

def main():
	if len(sys.argv) < 3:
		sys.exit('Usage (2 arguments): %s "%s" %s' % (sys.argv[0],"malicious file","outfile"))
	else:
		f = open(sys.argv[1],"rb")
		con = f.read()
		f.close()

9b

import pymongo
import json
from pymongo import Connection

def connect_to_mongo(host, port, database, collection):
	connection = Connection(host, port)
	db = connection[database]
	collection = db[collection]
	return collection