Misp-Extractor is a simple Python script that connects to a MISP instance and retrieves attributes of specific types (such as IP addresses, URLs, and hashes). The retrieved attributes are then written to separate files.
This code connects to a given MISP (Malware Information Sharing Platform) server and parses a given number of events, writing the IP addresses, URLs, and MD5 hashes found in the events to three separate files.
To use this script, you will need to provide the URL of your MISP instance and a valid API key. You can then call the MISPConnector.run() method to retrieve the attributes and save them to files.
To use the code, run the following command:
python3 misp_connector.py --misp-url <MISP_URL> --misp-key <MISP_API_KEY> --limit <EVENT_LIMIT>
The MISPConnector class currently supports the following attribute types:
If an attribute of one of these types is found in an event, it will be added to the appropriate set (for example, IP addresses will be added to the network_set) and written to the corresponding file (network.txt, hash.txt, or url.txt).
The code can be configured by passing arguments to the command-line script. The available arguments are:
This script has the following limitations:
This code is provided under the MIT License. See the LICENSE file for more details.
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…
HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…