add signature network/check_against_urlhaus.py

[Clevero]

URLhaus provides a list of URLs that are serving malware. https://urlhaus.abuse.ch/

It would be cool if cuckoo could raise a signature when one of those domains is queried.

I hope this belongs to here since there is an external file needed and the path for this file needs to be changed in order to work. But I wanted to share it, so if anything needs to be changed I would be glad to change that.

The file can be downloaded with a cronjob every 5 minutes:

#!/bin/bash

wget https://urlhaus.abuse.ch/downloads/text/ -O /tmp/urlhaus.raw.txt

# remove http:// and https://
cat /tmp/urlhaus.raw.txt | sed -e 's|^[^/]*//||' -e 's|/.*$||' >> /tmp/urlhaus.plain.txt
rm /tmp/urlhaus.raw.txt

# remove dupicate domains
sort -u /tmp/urlhaus.plain.txt > /var/lib/peekaboo/urlhaus.txt
rm /tmp/urlhaus.plain.txt```