paralax/greynoisebot.py

## greynoisebot.py
#!/usr/bin/env python3

# https://github.com/slackapi/python-slack-events-api/blob/master/example/example.py
import os
import re

import greynoise
import requests
from slackeventsapi import SlackEventAdapter
from slackclient import SlackClient

# Our app's Slack Event Adapter for receiving actions via the Events API
slack_signing_secret = os.environ["SLACK_SIGNING_SECRET"]
slack_events_adapter = SlackEventAdapter(slack_signing_secret, "/slack/events")
gn = greynoise.GreyNoise(api_key=os.environ['GREYNOISE_API_KEY'])

ippat = re.compile(r"""\b(?:\d{1,3}\.){3}\d{1,3}\b""")

# Create a SlackClient for your bot to use for Web API requests
slack_bot_token = os.environ["SLACK_BOT_TOKEN"]
slack_client = SlackClient(slack_bot_token)


# Example responder to greetings
@slack_events_adapter.on("message")
def handle_message(event_data):
    message = event_data["event"]
    ts = message['event_ts']
    if 'Last seen: ' in message.get('text', ''):
        # probably one of mine
        return
    for ip in set(ippat.findall(message.get("text", ''))):
        channel = message["channel"]
        try:
            data = g.ip(ip)
        except greynoise.exceptions.RequestFailure:
            continue
        if not data['seen']:
            continue
        answer = ["Greynoise classification: {0}".format(data['classification']) ]
        answer.append('Actor: {0}'.format(data['actor']))
        answer.append('Tags: {0}'.format(', '.join(data.get('tags', []))))
        answer.append('First seen: {0}'.format(data['first_seen']))
        answer.append('Last seen: {0}'.format(data['first_seen']))
        if len(data['raw_data']['web']['paths']):
            answer.append('Web paths scanned: {0}'.format(', '.join(data['raw_data']['web']['paths'])))
        if len(data['raw_data']['scan']):
            answer.append('Ports scanned: {0}'.format(', '.join([ x['port'] for x in data['raw_data']['scan']])))
        answer.append('Link: https://viz.greynoise.io/ip/{}'.format(ip))
        answer = '\r\n'.join(answer)
        slack_client.api_call("chat.postMessage", channel=channel, text=answer, thread_ts=ts)


# Error events
@slack_events_adapter.on("error")
def error_handler(err):
    print("ERROR: " + str(err))


# Once we have our event listeners configured, we can start the
# Flask server with the default `/events` endpoint on port 3000
slack_events_adapter.start(port=3000)
	#!/usr/bin/env python3

	# https://github.com/slackapi/python-slack-events-api/blob/master/example/example.py
	import os
	import re

	import greynoise
	import requests
	from slackeventsapi import SlackEventAdapter
	from slackclient import SlackClient

	# Our app's Slack Event Adapter for receiving actions via the Events API
	slack_signing_secret = os.environ["SLACK_SIGNING_SECRET"]
	slack_events_adapter = SlackEventAdapter(slack_signing_secret, "/slack/events")
	gn = greynoise.GreyNoise(api_key=os.environ['GREYNOISE_API_KEY'])

	ippat = re.compile(r"""\b(?:\d{1,3}\.){3}\d{1,3}\b""")

	# Create a SlackClient for your bot to use for Web API requests
	slack_bot_token = os.environ["SLACK_BOT_TOKEN"]
	slack_client = SlackClient(slack_bot_token)


	# Example responder to greetings
	@slack_events_adapter.on("message")
	def handle_message(event_data):
	message = event_data["event"]
	ts = message['event_ts']
	if 'Last seen: ' in message.get('text', ''):
	# probably one of mine
	return
	for ip in set(ippat.findall(message.get("text", ''))):
	channel = message["channel"]
	try:
	data = g.ip(ip)
	except greynoise.exceptions.RequestFailure:
	continue
	if not data['seen']:
	continue
	answer = ["Greynoise classification: {0}".format(data['classification']) ]
	answer.append('Actor: {0}'.format(data['actor']))
	answer.append('Tags: {0}'.format(', '.join(data.get('tags', []))))
	answer.append('First seen: {0}'.format(data['first_seen']))
	answer.append('Last seen: {0}'.format(data['first_seen']))
	if len(data['raw_data']['web']['paths']):
	answer.append('Web paths scanned: {0}'.format(', '.join(data['raw_data']['web']['paths'])))
	if len(data['raw_data']['scan']):
	answer.append('Ports scanned: {0}'.format(', '.join([ x['port'] for x in data['raw_data']['scan']])))
	answer.append('Link: https://viz.greynoise.io/ip/{}'.format(ip))
	answer = '\r\n'.join(answer)
	slack_client.api_call("chat.postMessage", channel=channel, text=answer, thread_ts=ts)


	# Error events
	@slack_events_adapter.on("error")
	def error_handler(err):
	print("ERROR: " + str(err))


	# Once we have our event listeners configured, we can start the
	# Flask server with the default `/events` endpoint on port 3000
	slack_events_adapter.start(port=3000)