Closed eshaan7 closed 3 years ago
I can work on this issue. Will you please elaborate what do I have to do exactly.?
Hi @Palash-Vishnani, thank you for your interest in contributing to the project. You need to look for the services which can be integrated as an analyzer.
ip
)general
)domain
)domain
)See the docs on How to add new analyzer? Join us on Slack @Honeynet Slack, if you need any help regarding development.
Another thing @Palash-Vishnani, we are in works of releasing a new version which brings about a lot of changes in the project (It may or may not be of concern to you depending on the timeline of your PR). The process for the addition of analyzer is not going to be affected as much but just giving a heads up.
Hello, @Palash-Vishnani. Welcome to IntelOwl, you are more than welcome to work on this issue.
Here are some tips:
develop-2
branch, from there create a new branch dev-spyse
git checkout develop-2
git checkout -b dev-spyse
configuration/analyzer_config.json
file. Similar to the existing entries, you've to create a new entry for Spyse. Shodan_Search
entry in this JSON file, you will see it's python_module
attribute points to a file named shodan.py
inside which we have a class named Shodan
which is a child class of ObservableAnalyzer
class. Similar to this, you should create a spyse.py
file with a class Spyse
that inherits from ObservableAnalyzer
. You will overwrite the set_params
method with the logic of getting the API key and the run
method is where the main logic lives..py
file for each. Instead, it can be made as part of a single new analyzer only. Meaning the observable_supported
of this new analyzer will be: ["ip", "domain", "generic"]
. Depending on which observable classification was passed to the class instance (accessed with: self.observable_classification
), the endpoint to be queried will change. (Similar kind of logic is in the threatminer.Threatminer.run
method so you can take inspiration from that.).py
file, you can test your analyzer by opening the GUI on http://localhost/ and creating a new scan. (Remember to create a django superuser using the command line first)_monkeypatch
method of the Spyse
class. On how to implement this function, you can take inspiration from the various analyzers that are there in the api_app/analyzers_manager/observable_analyzers
directory.Hi, @Palash-Vishnani. Feel free to drop into our slack @Honeynet Slack, if you need any help regarding development.
Sorry for the delay, I was busy because of my exams. I will start working on this issue soon now.
Update:
Use the develop
branch, the develop-2
has been deprecated.
@Eshaan7 there are some things in which I am still confused:
description
should I write in the new Spyse
analyzer in configuration/analyzer_config.json
file?base_url
, and also can you tell me exactly how should I overwrite the set_params
method with the logic of getting the API key inside Spyse
class in spyse.py
?observable_type
, please tell me in detail about that too.I am a beginner that's why I am facing such problems, but I'll definitely solve this issue if I'll get to know what exactly do I have to do further.
@Palash-Vishnani
base_url
should hold the base endpoint for the API.
Example: here the part https://api.spyse.com/v4/data/
is constant in all endpoints (i think) so this would be the base_url
.However, you won't need to mess with this since as mentioned in the first comment on the issue, you can use the official Python SDK. You can simply import that package and use your API token to make requests using that. (https://github.com/spyse-com/spyse-python) (check their docs for more info on the usage)
Each analyzer we integrate either scans files or observables - observable being IPs/Domains/URLs/Hashes. This analyzer supports IPs and Domains (not sure if there are more, you'll have to check their API Docs). Based on the value of self.observable_classification
, you'll have to query a different endpoint. Ex: The above screenshot shows an endpoint for IPs. Similarly, there's another for Domains. Something like an if condition could help you decide where you want to query for data depending on the value of the variable. Do see other implementations of analyzers once.
Once you have created the analyzer, analyzers_config.json
stores it's configuration info (details of which are there in the docs). Once you add that, you have to build and launch the Django Backend so you can test your changes. localhost
is where you will have to go in order to access the GUI and test if the analyzers runs. For you to access the GUI, you'll need to create a superuser account. (Run the backend, open another terminal window/tab and run
docker exec -ti intelowl_uwsgi python3 manage.py createsuperuser
See https://intelowl.readthedocs.io/en/develop/Tests.html for details on testing.
For this point, it can be a little confusing at first so I would encourage you to reach till here and submit a draft PR so we can see your progress and help you more effectively. Try and go through other analyzers to see how _monkeypatch
is implemented and see if you can replicate it otherwise.
Also, @sp35 was referring to different endpoint based on value of self.observable_classification
, similar to what @Eshaan7 was saying.
Hey, just confirming ..which git command should I use to push this new dev-spyse
branch from my local system to my remote forked IntelOwl repository??? And the origin should be master
or develop
branch?
Mark from their marketing team reached out to me on Twitter for this integration a long time back but I forgot about it.
SDK: https://github.com/spyse-com/spyse-python