Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tor project analyzer #138

Merged
merged 20 commits into from
Dec 18, 2017
Merged

Tor project analyzer #138

merged 20 commits into from
Dec 18, 2017

Conversation

srilumpa
Copy link
Contributor

This PR aims to offer a solution to issue #45 with an analyzer extracting data from check.torproject.org to check if an IP address is a registered TOR exit node.

I documented both of the classes but if you need a more advance documentation, please tell me. Also, I hope i coped with your coding standards. If not tell me so I can fix it.

Note that the analyzer implements a caching system to avoid querying continuously the torproject website and to improve the analyzer performances. It takes only a few kB on disk and can be deactivated by setting the cache_duration configuration option to 0.

@srilumpa srilumpa mentioned this pull request Nov 15, 2017
Merged
@saadkadhi saadkadhi added scope:analyzer Issue is analyzer related category:feature-request Issue is related to a feature request status:pr-submitted labels Dec 13, 2017
@jeromeleonard jeromeleonard added this to the 1.8.0 milestone Dec 14, 2017
@3c7
Copy link
Contributor

3c7 commented Dec 14, 2017

Hey @srilumpa is there an alternative to pyfscache? Pyfscache only supports python 2.7...

@3c7
Copy link
Contributor

3c7 commented Dec 14, 2017

See https://github.com/srilumpa/Cortex-Analyzers/pull/1 for a proposal.

@3c7
Copy link
Contributor

3c7 commented Dec 18, 2017
edited
Loading

  • Functionality
➜  TorProject git:(TorProjectAnalyzer) ✗ . ../../bin/activate
(TorProjectAnalyzer) ➜  TorProject git:(TorProjectAnalyzer) ✗ ./tor_project_analyzer.py <<< '{
"dataType": "ip",
"data": "1.2.3.4"    
}' | jq
{
  "success": true,
  "summary": {
    "taxonomies": [
      {
        "level": "info",
        "namespace": "TorProject",
        "predicate": "Node",
        "value": false
      }
    ]
  },
  "artifacts": [],
  "full": {}
}
(TorProjectAnalyzer) ➜  TorProject git:(TorProjectAnalyzer) ✗ ./tor_project_analyzer.py <<< '{
"dataType": "ip",
"data": "178.20.55.16"
}' | jq
{
  "success": true,
  "summary": {
    "taxonomies": [
      {
        "level": "suspicious",
        "namespace": "TorProject",
        "predicate": "Node",
        "value": true
      }
    ]
  },
  "artifacts": [
    {
      "type": "hash",
      "value": "EFAE44728264982224445E96214C15F9075DEE1D"
    }
  ],
  "full": {
    "node": "EFAE44728264982224445E96214C15F9075DEE1D",
    "last_status": "2017-12-18T07:06:05+0000"
  }
}
(TorProjectAnalyzer) ➜  TorProject git:(TorProjectAnalyzer) ✗ deactivate
  • Integration

3c7
3c7 approved these changes Dec 18, 2017
View reviewed changes
Copy link
Contributor

@3c7 3c7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works great, thanks for the contribution.

@nadouani nadouani changed the base branch from master to develop December 18, 2017 10:23
@nadouani nadouani merged commit 37dcc16 into TheHive-Project:develop Dec 18, 2017
@srilumpa srilumpa deleted the TorProjectAnalyzer branch February 22, 2018 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@3c7 3c7 3c7 approved these changes

Assignees
No one assigned
Labels
category:feature-request Issue is related to a feature request scope:analyzer Issue is analyzer related status:pr-submitted
Projects
None yet
Milestone
1.8.0
Development

Successfully merging this pull request may close these issues.
5 participants
@srilumpa @3c7 @nadouani @saadkadhi @jeromeleonard