Last active
December 15, 2019 00:46
-
-
Save wesyoung/6c4d1d2e9a122e03b4c482239f3a1b78 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import json | |
import logging | |
import os | |
import re | |
ENABLE_JA3 = os.environ.get('CIF_GATHERERS_JA3_ENABLED') | |
class Ja3(object): | |
def __init__(self, *args, **kwargs): | |
self.logger = logging.getLogger(__name__) | |
self.enabled = kwargs.get('enabled', os.environ.get('CIF_GATHERERS_JA3_ENABLED')) | |
def _resolve(self, data): | |
request = requests.get('https://ja3er.com/search/{}'.format(data)) | |
return json.loads(request.text) | |
def process(self, indicator): | |
if not self.enabled: | |
return indicator | |
if not indicator.itype == 'md5': | |
return indicator | |
if indicator.is_private(): | |
return indicator | |
i = str(indicator.indicator) | |
ua = self._resolve(i) | |
if len(ua) == 0: | |
# return early, less indents | |
return indicator | |
for each in ua: | |
self.logger.debug(each) | |
indicator['lasttime'] = each['Last_seen'] | |
indicator['description'] = each['User-Agent'] | |
return indicator | |
Plugin = Ja3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment