wesyoung/ja3.py

## ja3.py
import requests
import json
import logging
import os
import re
ENABLE_JA3 = os.environ.get('CIF_GATHERERS_JA3_ENABLED')
class Ja3(object):
    def __init__(self, *args, **kwargs):
        self.logger = logging.getLogger(__name__)
        self.enabled = kwargs.get('enabled', os.environ.get('CIF_GATHERERS_JA3_ENABLED'))

    def _resolve(self, data):
        request = requests.get('https://ja3er.com/search/{}'.format(data))
        return json.loads(request.text)

    def process(self, indicator):
        if not self.enabled:
            return indicator

        if not indicator.itype == 'md5':
            return indicator

        if indicator.is_private():
            return indicator

        i = str(indicator.indicator)
        ua = self._resolve(i)
        if len(ua) == 0:
            # return early, less indents
            return indicator

        for each in ua:
            self.logger.debug(each)
            indicator['lasttime'] = each['Last_seen']
            indicator['description'] = each['User-Agent']

        return indicator

Plugin = Ja3
	import requests
	import json
	import logging
	import os
	import re
	ENABLE_JA3 = os.environ.get('CIF_GATHERERS_JA3_ENABLED')
	class Ja3(object):
	def __init__(self, args, *kwargs):
	self.logger = logging.getLogger(__name__)
	self.enabled = kwargs.get('enabled', os.environ.get('CIF_GATHERERS_JA3_ENABLED'))

	def _resolve(self, data):
	request = requests.get('https://ja3er.com/search/{}'.format(data))
	return json.loads(request.text)

	def process(self, indicator):
	if not self.enabled:
	return indicator

	if not indicator.itype == 'md5':
	return indicator

	if indicator.is_private():
	return indicator

	i = str(indicator.indicator)
	ua = self._resolve(i)
	if len(ua) == 0:
	# return early, less indents
	return indicator

	for each in ua:
	self.logger.debug(each)
	indicator['lasttime'] = each['Last_seen']
	indicator['description'] = each['User-Agent']

	return indicator

	Plugin = Ja3