Philippe Langlois planglois925
planglois925
/ intel-grapher.py
Last active
September 8, 2018 13:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from threatcrowd import utils as tc_utils | |
| import argparse | |
| def main(): | |
| parser = argparse.ArgumentParser(description='Tool to take data and insert it into graphdatabase') | |
| parser.add_argument('-d', '--domain', help="Domains to look up", default=None) | |
| parser.add_argument('-e', '--email',help='Emails to look up', default=None) | |
| parser.add_argument('-hx', '--hash', help='Hashes to look up', default=None) |
planglois925
/ threat_crowd_add_domain.py
Last active
September 8, 2018 13:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def add_domain_lookup(domain): | |
| # Add the nodes | |
| domain_maker = modules.DomainTC() | |
| hash_maker = modules.Hashes_TC() | |
| email = modules.EmailTC() | |
| sub_domain = modules.Sub_DomainTC() | |
| ip_address = modules.IP_addressTC() |
planglois925
/ threat_crowd_modules.py
Last active
September 8, 2018 13:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from core.modules import NodeCreator, RelationshipMaker | |
| from py2neo import Graph | |
| class EmailTC(NodeCreator): | |
| def __init__(self): | |
| NodeCreator.__init__(self) | |
| self.Node_Label = 'Email' | |
| self.Plugin_name = 'ThreatCrowd' |
planglois925
/ core.py
Created
September 8, 2018 13:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from py2neo import Graph, Node, Relationship | |
| class NodeCreator: | |
| def __init__(self): | |
| ''' | |
| Start off my creating the graph connection |
planglois925
/ usern_name_tester
Created
September 11, 2017 16:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def user_mention(self, status): | |
| # Once again we create an empty array | |
| results = [] | |
| # Here we want to check the user mentions component of the status | |
| # So the first step is to identify if it's empty or not | |
| if status.entities['user_mentions']: | |
| # Multiple users can be mentioned in a tweet, |
planglois925
/ domain_test
Created
September 11, 2017 16:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def domain_test(self,status): | |
| # begin by making an empty array that will store our TRUE/FALSE responses | |
| results = [] | |
| # first lets check to see if we got URLs in our Entities object of the status | |
| if status.entities['urls']: | |
| # In a status we'll want to check all the urls that might be there | |
| # so we create a very quick for loop |
planglois925
/ user_name_loader
Created
September 11, 2017 16:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def load_twitter_accounts(): | |
| twitter_accounts = [] | |
| print "[] Loading twitter accounts (the good ones)" | |
| file_location = os.path.join('data','twitter.txt') | |
| if os.path.isfile(file_location): | |
| with open(file_location) as f: | |
| for account in f.readlines(): |
planglois925
/ domain_loader
Created
September 11, 2017 16:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def load_domains(): | |
| # start an empty array | |
| domains = [] | |
| # A little status information for us | |
| print "[] Loading domains" | |
| # We want our code to platform neutral, so use os.path.join | |
| # to get to our data directory and extract out domains | |
| file_location = os.path.join('data','domains.txt') |
planglois925
/ twitter_tut_hit
Created
September 11, 2017 16:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def twitter_hit(status): | |
| # This is a super simple indicator that we found something, | |
| # and the logic will be built up in the next one | |
| print '[x] Hit found \n' |
planglois925
/ logic_test
Created
September 11, 2017 16:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Listener(StreamListener): | |
| def __init__(self, api=None): | |
| # This method used to define what needs to be done | |
| # before the class can be actually used | |
| # In our case, we're making sure the api is set up | |
| # and loading the values we need for our tests | |
| self.api = api or tweepy.API() | |
| self.domains = load_domains() |