-
Notifications
You must be signed in to change notification settings - Fork 7
/
fetcher_cleanmxIP.py
61 lines (52 loc) · 2.1 KB
/
fetcher_cleanmxIP.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import requests
import re
from pymemcache.client import Client
from xml.dom.minidom import parseString
import sys
# User defined variables
feedaddr = 'http://support.clean-mx.de/clean-mx/xmlviruses.php?'
feedID = 'cleanmx'
mkey = 'fetcher_cleanmxDomain:feeddata'
killchain = 'Exploit'
# No user modifications needed below.
client = Client(('localhost', 11211))
result = client.get(mkey)
if isinstance(result, str):
dom = parseString(result)
else:
r = requests.get(feedaddr)
client.set(mkey, r.content, expire=7200)
dom = parseString(r.content)
xmlroot = dom.getElementsByTagName("output")[0]
xmlroot = xmlroot.getElementsByTagName("entries")[0]
print('ipv4,feedID,killchain,description,md5,vt_score,domain,email,url')
seen = []
for entry in xmlroot.getElementsByTagName("entry"):
if entry.getElementsByTagName('md5')[0].firstChild != None:
if entry.getElementsByTagName('md5')[0].firstChild.nodeValue in seen:
continue
else:
seen.append(entry.getElementsByTagName('md5')[0].firstChild.nodeValue)
if entry.getElementsByTagName('ip')[0].firstChild == None: continue
sys.stdout.write(entry.getElementsByTagName('ip')[0].firstChild.nodeValue)
sys.stdout.write(',')
sys.stdout.write(feedID)
sys.stdout.write(',')
sys.stdout.write(killchain)
sys.stdout.write(',')
sys.stdout.write('CleanMX malware relations')
sys.stdout.write(',')
if entry.getElementsByTagName('md5')[0].firstChild != None:
sys.stdout.write(entry.getElementsByTagName('md5')[0].firstChild.nodeValue)
sys.stdout.write(',')
if entry.getElementsByTagName('vt_score')[0].firstChild != None:
sys.stdout.write(entry.getElementsByTagName('vt_score')[0].firstChild.nodeValue)
sys.stdout.write(',')
if entry.getElementsByTagName('domain')[0].firstChild != None:
sys.stdout.write(entry.getElementsByTagName('domain')[0].firstChild.nodeValue)
sys.stdout.write(',')
if entry.getElementsByTagName('email')[0].firstChild != None:
sys.stdout.write(entry.getElementsByTagName('email')[0].firstChild.nodeValue)
if entry.getElementsByTagName('url')[0].firstChild != None:
sys.stdout.write(entry.getElementsByTagName('url')[0].firstChild.nodeValue)
print