-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsearch.py
executable file
·45 lines (35 loc) · 1.03 KB
/
search.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/usr/bin/env python
import json
import os
import sys
from pymispwarninglists import WarningLists
IOCS_FILE = "/data/iocs.txt"
DOCKER_HUB_REPO = "ilyaglow/misp-warninglists"
USAGE = """
Specify observable to search as an argument or mount a file {0} with new line separated observables.
Examples:
docker run -it --rm {1} 8.8.8.8
docker run -it --rm $PWD/iocs.txt:{0} {1}
""".format(IOCS_FILE, DOCKER_HUB_REPO)
def lookup(indicator):
results = wl.search(indicator)
output = {}
output["value"] = indicator
output["lists"] = []
for r in results:
output["lists"].append(r.name)
return output
if __name__ == "__main__":
iocs_from_file = False
wl = WarningLists(True)
if os.path.isfile(IOCS_FILE):
iocs_from_file = True
if iocs_from_file:
with open(IOCS_FILE) as f:
for line in f:
print(json.dumps(lookup(line.strip())))
sys.exit()
if len(sys.argv) != 2:
print(USAGE)
sys.exit(1)
print(json.dumps(lookup(sys.argv[1])))