pull SMB attackers from CHN API

smbattackers.py

#!/usr/bin/env python3

import requests
import json
import configparser
from datetime import date, timedelta

yday = date.today() - timedelta(1)

myconf = configparser.ConfigParser()
myconf.read('XXXXX/.chnapi')

#chnapi should look like this:
##[DEFAULT]
#apiserver = https://servername/api/
#apikey = SOMEKEY
#allowlist = ['knownscannerip1','knownscannerip2']

apiserver = myconf['DEFAULT']['apiserver']
apikey = myconf['DEFAULT']['apikey']
allowlist = myconf['DEFAULT']['allowlist']

payload = {'api_key': apikey, 'hours_ago': '25','honeypot':'dionaea'}
r = requests.get(apiserver+"intel_feed", params=payload)
rj = r.json()
# should look like rj['data']. There will also be rj['meta'] which contains the arguments we used.
# individual values for rj['data'] look like this:
# {'count': 178, 'destination_port': 2222, 'honeypot': 'cowrie', 'meta': [], 'protocol': 'ssh', 'source_ip': '5.188.87.52'}
# {'count': 9, 'destination_port': 445, 'honeypot': 'dionaea', 'meta': [], 'protocol': 'smbd', 'source_ip': '10.22.134.11'}

print("SMB attackers for {}".format(yday))

for attacker in rj['data']:
	if(attacker['source_ip'] in allowlist):
		continue
	if(attacker['protocol'] == 'smbd'):
		print("IP: {}\tAttacks: {}".format(attacker['source_ip'],attacker['count']))