How to use the ivre.utils.str2regexp function in ivre
To help you get started, we’ve selected a few ivre examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
cea-sec / ivre / ivre / db / tiny.py View on Github 
value1, value2 = values.split(':', 1)
if value1:
subkey1, value1 = self._ja3keyvalue(
utils.str2regexp(value1)
)
else:
subkey1, value1 = None, None
if value2:
subkey2, value2 = self._ja3keyvalue(
utils.str2regexp(value2)
)
else:
subkey2, value2 = None, None
else:
subkey1, value1 = self._ja3keyvalue(
utils.str2regexp(values)
)
subkey2, value2 = None, None
else:
subkey1, value1 = None, None
subkey2, value2 = None, None
if '.' in field:
field, subfield = field.split('.', 1)
else:
subfield = 'md5'
def _newflt(field):
return self.searchja3server(
value_or_hash=value1,
client_value_or_hash=value2,
)maxn=maxn))
if args.no_countports:
minn, maxn = int(args.no_countports[0]), int(args.no_countports[1])
flt = self.flt_and(flt,
self.searchcountopenports(minn=minn,
maxn=maxn,
neg=True))
if args.service is not None:
flt = self.flt_and(
flt,
self.searchservicescript(utils.str2regexp(args.service)))
if args.label is not None:
if ':' in args.label:
group, lab = map(utils.str2regexp, args.label.split(':', 1))
else:
group, lab = utils.str2regexp(args.label), None
flt = self.flt_and(flt, self.searchlabel(group=group,
label=lab, neg=False))
if args.no_label is not None:
if ':' in args.no_label:
group, lab = map(utils.str2regexp, args.no_label.split(':', 1))
else:
group, lab = utils.str2regexp(args.no_label), None
flt = self.flt_and(flt, self.searchlabel(group=group,
label=lab, neg=True))
if args.script is not None:
if ':' in args.script:
name, output = (utils.str2regexp(string) for
string in args.script.split(':', 1))
else:
name, output = utils.str2regexp(args.script), None
flt = self.flt_and(flt, self.searchscript(name=name,"aggs": {"patterns": base},
}},
}},
}
elif field == 'ja3-server' or (
field.startswith('ja3-server') and field[10] in ':.'
):
def outputproc(value):
return tuple(value.split('/'))
if ':' in field:
field, values = field.split(':', 1)
if ':' in values:
value1, value2 = values.split(':', 1)
if value1:
subkey1, value1 = self._ja3keyvalue(
utils.str2regexp(value1)
)
if isinstance(value1, utils.REGEXP_T):
filter_value1 = {'regexp': {
"ports.scripts.ssl-ja3-server.%s" % subkey1:
self._get_pattern(value1),
}}
else:
filter_value1 = {'match': {
"ports.scripts.ssl-ja3-server.%s" % subkey1:
value1,
}}
else:
subkey1, value1 = None, None
if value2:
subkey2, value2 = self._ja3keyvalue(
utils.str2regexp(value2)))
if args.port is not None:
port = args.port.replace('_', '/')
if '/' in port:
proto, port = port.split('/', 1)
else:
proto = 'tcp'
port = int(port)
flt = self.flt_and(
flt,
self.searchport(port=port, protocol=proto)
)
if args.service is not None:
flt = self.flt_and(
flt,
self.searchservice(utils.str2regexp(args.service)),
)
if args.svchostname is not None:
flt = self.flt_and(
flt,
self.searchsvchostname(utils.str2regexp(args.svchostname))
)
if args.useragent is not None:
if args.useragent is False:
flt = self.flt_and(flt, self.searchuseragent())
else:
flt = self.flt_and(
flt,
self.searchuseragent(
useragent=utils.str2regexp(args.useragent)
),
)maxn=maxn,
neg=True))
if args.script is not None:
if ':' in args.script:
name, output = (utils.str2regexp(string) for
string in args.script.split(':', 1))
else:
name, output = utils.str2regexp(args.script), None
flt = self.flt_and(flt, self.searchscript(name=name,
output=output))
if args.no_script is not None:
if ':' in args.no_script:
name, output = (utils.str2regexp(string) for
string in args.no_script.split(':', 1))
else:
name, output = utils.str2regexp(args.no_script), None
flt = self.flt_and(flt, self.searchscript(name=name,
output=output,
neg=True))
if args.os is not None:
flt = self.flt_and(
flt,
self.searchos(utils.str2regexp(args.os))
)
if args.anonftp:
flt = self.flt_and(flt, self.searchftpanon())
if args.anonldap:
flt = self.flt_and(flt, self.searchldapanon())
if args.authhttp:
flt = self.flt_and(flt, self.searchhttpauth())
if args.authbypassvnc:
flt = self.flt_and(flt, self.searchvncauthbypass())for port in rec['ports']:
for script in port.get('scripts', []):
for ua in script.get('http-user-agent', []):
if isinstance(subfield, utils.REGEXP_T):
if subfield.search(ua):
yield ua
else:
if ua == subfield:
yield ua
field = "ports.scripts.http-user-agent"
elif field == 'ja3-client' or (
field.startswith('ja3-client') and field[10] in ':.'
):
if ':' in field:
field, value = field.split(':', 1)
subkey, value = self._ja3keyvalue(utils.str2regexp(value))
if isinstance(value, utils.REGEXP_T):
def _match(ja3cli):
return value.search(ja3cli.get(subkey, "")) is not None
else:
def _match(ja3cli):
return value == ja3cli.get(subkey, "")
else:
value = None
subkey = None
def _match(ja3cli):
return True
if '.' in field:flt, dbase.searchdomain(utils.str2regexp(value), neg=neg))
elif param == "category":
flt = dbase.flt_and(flt, dbase.searchcategory(
utils.str2regexp(value), neg=neg))
elif param == "country":
flt = dbase.flt_and(flt, dbase.searchcountry(
utils.str2list(value.upper()), neg=neg))
elif param == "city":
flt = dbase.flt_and(flt, dbase.searchcity(
utils.str2regexp(value), neg=neg))
elif param == "asnum":
flt = dbase.flt_and(flt, dbase.searchasnum(
utils.str2list(value), neg=neg))
elif param == "asname":
flt = dbase.flt_and(flt, dbase.searchasname(
utils.str2regexp(value), neg=neg))
elif param == "source":
flt = dbase.flt_and(flt, dbase.searchsource(value, neg=neg))
elif param == "timerange":
flt = dbase.flt_and(flt, dbase.searchtimerange(
*(float(val) for val in value.replace('-', ',').split(',')),
neg=neg))
elif param == 'timeago':
if value and value[-1].isalpha():
unit = {
's': 1,
'm': 60,
'h': 3600,
'd': 86400,
'y': 31557600,
}[value[-1]]
timeago = int(value[:-1]) * unit*value.replace('-', ',').split(',', 1),
neg=neg))
elif param == "countports":
vals = [int(val) for val in value.replace('-', ',').split(',', 1)]
if len(vals) == 1:
flt = dbase.flt_and(flt, dbase.searchcountopenports(
minn=vals[0], maxn=vals[0], neg=neg))
else:
flt = dbase.flt_and(flt, dbase.searchcountopenports(
minn=vals[0], maxn=vals[1], neg=neg))
elif param == "hostname":
flt = dbase.flt_and(
flt, dbase.searchhostname(utils.str2regexp(value), neg=neg))
elif param == "domain":
flt = dbase.flt_and(
flt, dbase.searchdomain(utils.str2regexp(value), neg=neg))
elif param == "category":
flt = dbase.flt_and(flt, dbase.searchcategory(
utils.str2regexp(value), neg=neg))
elif param == "country":
flt = dbase.flt_and(flt, dbase.searchcountry(
utils.str2list(value.upper()), neg=neg))
elif param == "city":
flt = dbase.flt_and(flt, dbase.searchcity(
utils.str2regexp(value), neg=neg))
elif param == "asnum":
flt = dbase.flt_and(flt, dbase.searchasnum(
utils.str2list(value), neg=neg))
elif param == "asname":
flt = dbase.flt_and(flt, dbase.searchasname(
utils.str2regexp(value), neg=neg))
elif param == "source":if args.pop:
flt = self.flt_and(flt, self.searchpopauth())
if args.dns is not None:
flt = self.flt_and(
flt,
self.searchdns(utils.str2regexp(args.dns), subdomains=False)
)
if args.dnssub is not None:
flt = self.flt_and(
flt,
self.searchdns(utils.str2regexp(args.dnssub), subdomains=True)
)
if args.cert is not None:
flt = self.flt_and(
flt,
self.searchcertsubject(utils.str2regexp(args.cert)),
)
if args.timeago is not None:
flt = self.flt_and(self.searchtimeago(args.timeago, new=False))
if args.timeagonew is not None:
flt = self.flt_and(self.searchtimeago(args.timeagonew, new=True))
if args.dnstype is not None:
flt = self.flt_and(flt, self.searchdns(dnstype=args.dnstype))
return fltdef parse_args(self, args, flt=None):
if flt is None:
flt = self.flt_empty
if args.category is not None:
flt = self.flt_and(flt, self.searchcategory(
utils.str2list(args.category)))
if args.country is not None:
flt = self.flt_and(flt, self.searchcountry(
utils.str2list(args.country)))
if args.asnum is not None:
flt = self.flt_and(flt, self.searchasnum(
utils.str2list(args.asnum)))
if args.asname is not None:
flt = self.flt_and(flt, self.searchasname(
utils.str2regexp(args.asname)))
if args.source is not None:
flt = self.flt_and(flt, self.searchsource(args.source))
if args.timeago is not None:
flt = self.flt_and(flt, self.searchtimeago(args.timeago))
if args.id is not None:
flt = self.flt_and(flt, self.searchobjectid(args.id))
if args.no_id is not None:
flt = self.flt_and(flt, self.searchobjectid(args.no_id, neg=True))
if args.host is not None:
flt = self.flt_and(flt, self.searchhost(args.host))
if args.hostname is not None:
flt = self.flt_and(
flt,
self.searchhostname(utils.str2regexp(args.hostname))
)
if args.domain is not None:
Popular ivre functions
- ivre.config
- ivre.db.db
- ivre.db.db.nmap
- ivre.db.db.nmap.count
- ivre.db.db.nmap.get
- ivre.db.db.passive
- ivre.db.db.passive.get
- ivre.db.sql.__init__.PassiveFilter
- ivre.utils
- ivre.utils.all2datetime
- ivre.utils.datetime2timestamp
- ivre.utils.encode_b64
- ivre.utils.force_int2ip
- ivre.utils.int2ip
- ivre.utils.ip2int
- ivre.utils.LOGGER
- ivre.utils.LOGGER.debug
- ivre.utils.LOGGER.warning
- ivre.utils.str2regexp
- ivre.xmlnmap