wesyoung

$ pip install csirtg-smrt
$ csirtg-smrt -r isc_miners.yml -d --format [bro|table|csv|...]

parser: json
remote: https://isc.sans.edu/api/threatlist/miner?json
defaults:
  provider: isc.sans.edu
  tlp: green
  altid_tlp: white
  application:

wesyoung

---
- name: copy csirtg-smrt rules
  command: cp -r "/tmp/bearded-avenger-{{ cif_version }}/rules/default/" "{{ smrt_rules_path | default(smrt.rules_path) }}"

- name: Update rule permissions
  file:
    path: "{{ smrt_rules_path | default(smrt.rules_path) }}/default"
    mode: u=rwX,g=rwX,o=
    recurse: yes
    owner: "{{ smrt_user | default(smrt.user) }}"

wesyoung

=Navigating=
    visit('/projects')
    visit(post_comments_path(post))

=Clicking links and buttons=
    click_link('id-of-link')
    click_link('Link Text')
    click_button('Save')
    click('Link Text') # Click either a link or a button
    click('Button Value')

wesyoung

import magic
import sys
from pprint import pprint


f = sys.argv[1]


def _is_ascii(f, mime):
    if mime == 'ASCII text':

wesyoung

#!/usr/bin/env python
# -*- encoding: utf-8 -*-
from __future__ import absolute_import, print_function

import io
import os
import re
from glob import glob
from os.path import basename
from os.path import dirname

wesyoung

// RFC5070 -- http://tools.ietf.org/html/rfc5070
// this doc organized to follow the RFC text

// global enums
enum restriction_type
{
    restriction_type_default = 1;
    restriction_type_need_to_know = 2;
    restriction_type_private = 3;
    restriction_type_public = 4;

wesyoung

#!/usr/bin/perl -w

# modified the feed_lock.pl script to check the file
# /tmp/cif_crontool.lock.daily and see it it's older than 23 hours


use strict;
use File::stat;
use MIME::Lite;

wesyoung

remote:p5-cif-sdk wes$ perl -Ilib bin/cif -R http://localhost:5000/v2 --tags hijacked,scanner
provider               |tlp  |group   |observable      |confidence|firsttime           |lasttime            |reporttime          |altid                                                |altid_tlp|tags               
dragonresearchgroup.org|amber|everyone|2.108.1.0       |85        |2014-07-28T19:07:13Z|2014-07-28T19:07:13Z|2014-07-28T19:07:13Z|http://dragonresearchgroup.org/insight/sshpwauth.txt |green    |scanner            
dragonresearchgroup.org|amber|everyone|116.10.191.175  |85        |2014-07-28T19:07:13Z|2014-07-28T19:07:13Z|2014-07-28T19:07:13Z|http://dragonresearchgroup.org/insight/sshpwauth.txt |green    |scanner            
dragonresearchgroup.org|amber|everyone|193.107.16.206  |85        |2014-07-28T19:07:15Z|2014-07-28T19:07:15Z|2014-07-28T19:07:15Z|http://dragonresearchgroup.org/insight/sshpwauth.txt |green    |scanner            
dragonresearchgroup.org|amber|everyone|68.236.173.233  |85        |2014-07

wesyoung

{"impact": "Moderate", "block_type": "IPv4 Address", "tags": ['zeus','phish'] ... }

wesyoung

sub main {
	my $ret = connect_bgpdata( $bgp_remote, $bgp_remote_port );
	die('connect failure') unless ( $ret == 0 );
	my $xml_msg;
	my ( @addrs, @peers, $hash, $timestamp, $asn );
	$Logger->debug('reading first message');
	while ( $xml_msg = read_xml_message() ) {
		warn 'test';
		if ( !defined($xml_msg) ) {
			$Logger->warn( get_error_code() . ": " . get_error_msg() );