├── .gitignore
├── README.md
├── actor.wsgi
├── app
    ├── __init__.py
    ├── config
    │   └── settings.py
    ├── core
    │   ├── __init__.py
    │   ├── blueprints
    │   │   ├── actor.py
    │   │   ├── admin.py
    │   │   ├── ajax.py
    │   │   ├── index.py
    │   │   ├── report.py
    │   │   ├── ttp.py
    │   │   └── user.py
    │   ├── decorators
    │   │   └── authentication.py
    │   └── forms
    │   │   └── forms.py
    ├── static
    │   ├── css
    │   │   ├── bootstrap.css
    │   │   ├── bootstrap.min.css
    │   │   └── shop-item.css
    │   ├── fonts
    │   │   ├── glyphicons-halflings-regular.eot
    │   │   ├── glyphicons-halflings-regular.svg
    │   │   ├── glyphicons-halflings-regular.ttf
    │   │   ├── glyphicons-halflings-regular.woff
    │   │   └── glyphicons-halflings-regular.woff2
    │   └── js
    │   │   ├── bootstrap.js
    │   │   ├── bootstrap.min.js
    │   │   └── jquery.js
    ├── templates
    │   ├── about.html
    │   ├── account_reverify.html
    │   ├── actor.html
    │   ├── admin.html
    │   ├── admin_choices.html
    │   ├── contact.html
    │   ├── error_403.html
    │   ├── index.html
    │   ├── issues.html
    │   ├── layouts
    │   │   └── base.html
    │   ├── login.html
    │   ├── password_reset.html
    │   ├── register.html
    │   ├── report.html
    │   ├── ttp.html
    │   └── view_all.html
    └── utils
    │   ├── __init__.py
    │   ├── elasticsearch.py
    │   └── functions.py
├── favicon.ico
├── license.txt
├── robots.txt
├── setup
    ├── delete_create_index.py
    ├── load_data.py
    ├── schema.sql
    └── setup_steps.sh
└── updates
    └── 2016_05_24
        ├── mappings_file.py
        └── update_mappings.py


/.gitignore:
--------------------------------------------------------------------------------
1 | # Byte-compiled / optimized / DLL files
2 | __pycache__/
3 | *.py[cod]


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # ActorTrackr
 2 | ActorTrackr is an open source web application for storing/searching/linking Actor related data.  The primary sources are from users and various public repositories. Examples of useful repos: APTNotes and "APT Groups and Operations" spreadsheet. Without the hard work of others, this application wouldn't be possible.  We hope to continue the usefulness by improving the search and linking of data stored in the system.
 3 | 
 4 | We encourage users to contribute publicly available information here to facilitate sharing and create their own ActorTrackr internally for sensitive data.  If you extend the system and find your changes useful for others, please submit a pull request.
 5 | 
 6 | # Installation
 7 | See setup/setup_steps.sh for notes on how to install. Better instruction in work
 8 | 
 9 | # License Info
10 | Copyright 2017 Lookingglass Cyber Solutions
11 | 
12 | Licensed under the Apache License, Version 2.0 (the "License");
13 | you may not use this file except in compliance with the License.
14 | You may obtain a copy of the License at
15 | 
16 | http://www.apache.org/licenses/LICENSE-2.0
17 | 
18 | Unless required by applicable law or agreed to in writing, software
19 | distributed under the License is distributed on an "AS IS" BASIS,
20 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21 | See the License for the specific language governing permissions and
22 | limitations under the License.
23 | 


--------------------------------------------------------------------------------
/actor.wsgi:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3.4
 2 | import os
 3 | import sys
 4 | 
 5 | # set PATH so imports are correct
 6 | TOP_DIR = os.path.dirname(os.path.realpath(__file__))
 7 | APP_PATH = TOP_DIR+"/app"
 8 | 
 9 | sys.path.insert(0, TOP_DIR)
10 | sys.path.insert(0, APP_PATH)
11 | 
12 | # Fire up our application
13 | from app import app as application


--------------------------------------------------------------------------------
/app/__init__.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3.4
  2 | if __name__ == "__main__":
  3 |     import os
  4 |     import sys
  5 | 
  6 |     TOP_DIR = os.path.dirname(os.path.realpath(__file__))
  7 |     APP_PATH = TOP_DIR+"/app"
  8 | 
  9 |     sys.path.insert(0, TOP_DIR)
 10 |     sys.path.insert(0, APP_PATH)
 11 | 
 12 | from config.settings import *
 13 | 
 14 | import logging
 15 | from logging.handlers import TimedRotatingFileHandler
 16 | from logging import StreamHandler
 17 | log = logging.getLogger(__name__)
 18 | 
 19 | log.setLevel(logging.getLevelName(LOG_LEVEL))
 20 | 
 21 | #log formatter
 22 | formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
 23 | 
 24 | # add a rotating handler
 25 | handler = TimedRotatingFileHandler(LOG_FILE, when='d', interval=1, backupCount=5) #creates daily logs for 5 days
 26 | handler.setFormatter(formatter)
 27 | log.addHandler(handler)
 28 | 
 29 | # add a console hander
 30 | if LOG_TO_CONSOLE:
 31 |     consoleHandler = StreamHandler()
 32 |     consoleHandler.setFormatter(formatter)
 33 |     log.addHandler(consoleHandler)
 34 | 
 35 | try:
 36 |     from flask import Flask
 37 |     from flask import render_template
 38 |     from flask import flash
 39 |     from flask import request
 40 |     from flask import redirect
 41 |     from flask import jsonify
 42 |     from flask import Markup
 43 |     from flask import g
 44 | except Exception as e:
 45 |     print("Error: {}\nFlask is not installed, try 'pip install flask'".format(e))
 46 |     exit(1)
 47 | 
 48 | try:
 49 |     from flask.ext.compress import Compress
 50 | except Exception as e:
 51 |     print("Error: {}\Flask compress library is not installed, try 'pip install flask-compress'".format(e))
 52 |     exit(1)
 53 | try:
 54 |     from elasticsearch import Elasticsearch
 55 |     from elasticsearch import exceptions
 56 | except Exception as e:
 57 |     print("Error: {}\nElasticsearch library is not installed, try 'pip install elasticsearch'".format(e))
 58 |     exit(1)
 59 | 
 60 | 
 61 | try:
 62 |     import pymysql
 63 |     from pymysql.cursors import DictCursor
 64 | except Exception as e:
 65 |     print("Error: {}\PyMySQL library is not installed, try 'pip install PyMySQL'".format(e))
 66 |     exit(1)
 67 | 
 68 | #if you want a lot of elastic logs uncomment this section
 69 | '''
 70 | es_logger = logging.getLogger('elasticsearch')
 71 | es_logger.propagate = False
 72 | es_logger.setLevel(logging.DEBUG)
 73 | es_logger_handler=logging.StreamHandler()
 74 | es_logger.addHandler(es_logger_handler)
 75 | 
 76 | es_tracer = logging.getLogger('elasticsearch.trace')
 77 | es_tracer.propagate = False
 78 | es_tracer.setLevel(logging.INFO)
 79 | es_tracer_handler=logging.StreamHandler()
 80 | es_tracer.addHandler(es_tracer_handler)
 81 | '''
 82 | 
 83 | app = Flask(__name__)
 84 | app.secret_key = "Fgtqweds5ywDJsQW87uQnL"
 85 | 
 86 | #configure gzip compression
 87 | app.config['COMPRESS_LEVEL'] = 9
 88 | app.config['COMPRESS_MIN_SIZE'] = 1
 89 | Compress(app)
 90 | 
 91 | def get_es():
 92 |     try:
 93 |         db = getattr(g, 'es', None)
 94 |         if db is None:
 95 |             db = g.es = Elasticsearch(ES_HOSTS)
 96 |     except RuntimeError as rte:
 97 |         db = Elasticsearch(ES_HOSTS)
 98 |     
 99 |     return db
100 | 
101 | def get_mysql():
102 |     try:
103 |         db = getattr(g, 'mysql', None)
104 |         if db is None:
105 |             db = g.mysql =  pymysql.connect(user=MYSQL_USER,passwd=MYSQL_PASSWD,db=MYSQL_DB, cursorclass=DictCursor)
106 |     except RuntimeError as rte:
107 |         db = g.mysql =  pymysql.connect(user=MYSQL_USER,passwd=MYSQL_PASSWD,db=MYSQL_DB, cursorclass=DictCursor)
108 |     
109 |     return db
110 | 
111 | @app.before_request
112 | def before_request():
113 |     if MAINTENANCE_MODE: 
114 |         # Or alternatively, dont redirect 
115 |         return 'Sorry, off for maintenance! Be back in 5', 503
116 | 
117 |     g.es      =     get_es()
118 |     g.mysql   =     get_mysql()
119 | 
120 | @app.teardown_request
121 | def teardown_request(exception):
122 |     get_mysql().close()
123 |     pass
124 | 
125 | 
126 | from core.blueprints.actor import actor_blueprint
127 | from core.blueprints.admin import admin_blueprint
128 | from core.blueprints.ajax import ajax_blueprint
129 | from core.blueprints.index import index_blueprint
130 | from core.blueprints.report import report_blueprint
131 | from core.blueprints.ttp import ttp_blueprint
132 | from core.blueprints.user import user_blueprint
133 | 
134 | app.register_blueprint(actor_blueprint)
135 | app.register_blueprint(admin_blueprint)
136 | app.register_blueprint(ajax_blueprint)
137 | app.register_blueprint(index_blueprint)
138 | app.register_blueprint(report_blueprint)
139 | app.register_blueprint(ttp_blueprint)
140 | app.register_blueprint(user_blueprint)
141 | 
142 | 
143 | 
144 | if __name__ == "__main__":
145 | 
146 |     #start flask
147 |     app.run(
148 |         host = '0.0.0.0',
149 |         port = 8888,
150 |         threaded=True,
151 |         debug=True
152 |         )
153 | 


--------------------------------------------------------------------------------
/app/config/settings.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Elasticsearch Settings
 3 | '''
 4 | 
 5 | ES_PREFIX   = "tp-"
 6 | ES_HOSTS    = ['http://localhost:9200',]
 7 | 
 8 | '''
 9 | MySQL Settings
10 | '''
11 | 
12 | MYSQL_USER      = '<user>'
13 | MYSQL_PASSWD    = '<password>'
14 | MYSQL_DB        = 'threat_actors'
15 | 
16 | '''
17 | Log Settings
18 | '''
19 | 
20 | LOG_FILE        = "/var/log/actortrackr/actortrackr.log"
21 | LOG_TO_CONSOLE  = True
22 | LOG_LEVEL       = "DEBUG" #NOSET, DEBUG, INFO, WARNING, ERROR, CRITICAL
23 | 
24 | '''
25 | Email Settings
26 | '''
27 | 
28 | #the email address of the sender
29 | EMAIL_SENDER    =  "Your email here"
30 | 
31 | #alerts go to these addresses
32 | EMAIL_ADDRESSES =  [ "Your email here", ] 
33 | 
34 | '''
35 | Application Settings
36 | '''
37 | 
38 | MAINTENANCE_MODE = False
39 | 
40 | APPLICATION_DOMAIN  = "http://actortrackr.com/"
41 | APPLICATION_ORG     = "Lookingglass"
42 | APPLICATION_NAME    = "ActorTrackr"
43 | 
44 | TLPS    =   [
45 |                 ("0", "White"),
46 |                 ("1", "Green"),
47 |                 ("2", "Amber"),
48 |                 ("3", "Red"),
49 |                 ("4", "Black")
50 |         ]
51 | 
52 | SOURCE_RELIABILITY    =   [
53 |                             ("A", "A. Reliable - No doubt about the source's authenticity, trustworthiness, or competency. History of complete reliability."),
54 |                             ("B", "B. Usually Reliable - Minor doubts. History of mostly valid information."),
55 |                             ("C", "C. Fairly Reliable - Doubts. Provided valid information in the past."),
56 |                             ("D", "D. Not Usually Reliable - Significant doubts. Provided valid information in the past."),
57 |                             ("E", "E. Unreliable - Lacks authenticity, trustworthiness, and competency. History of invalid information."),
58 |                             ("F", "F. Can’t Be Judged - Insufficient information to evaluate reliability. May or may not be reliable.")
59 |                     ]
60 | 
61 | INFORMATION_RELIABILITY    =   [
62 |                             ("1", "1. Confirmed - Logical, consistent with other relevant information, confirmed by independent sources."),
63 |                             ("2", "2. Probably True - Logical, consistent with other relevant information, not confirmed by independent sources."),
64 |                             ("3", "3. Possibly True - Reasonably logical, agrees with some relevant information, not confirmed."),
65 |                             ("4", "4. Doubtfully True - Not logical but possible, no other information on the subject, not confirmed."),
66 |                             ("5", "5. Improbable - Not logical, contradicted by other relevant information."),
67 |                             ("6", "6. Can’t Be Judged - The validity of the information can not be determined.")
68 |                     ]
69 | 
70 | SALTS = {
71 |     "actor" : "salt",
72 |     "report" : "salt",
73 |     "ttp" : "salt",
74 |     "user" : "salt",
75 |     "email_verification" : "salt"
76 | }
77 | 
78 | SESSION_EXPIRE = -1 # in seconds, -1 to disable
79 | 
80 | '''
81 | Recaptcha Settings
82 | '''
83 | 
84 | RECAPTCHA_ENABLED       =   True  
85 | RECAPTCHA_PUBLIC_KEY    =   ''
86 | RECAPTCHA_PRIVATE_KEY   =   ''
87 | 
88 | 
89 | 
90 | 


--------------------------------------------------------------------------------
/app/core/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jalewis/actortrackr/9840e29d483d0c46e42964062cf24924c224144e/app/core/__init__.py


--------------------------------------------------------------------------------
/app/core/blueprints/admin.py:
--------------------------------------------------------------------------------
  1 | from flask import Flask
  2 | from flask import render_template
  3 | from flask import Blueprint
  4 | from flask import flash
  5 | from flask import request
  6 | from flask import redirect
  7 | from flask import jsonify
  8 | from flask import Markup
  9 | from flask import g
 10 | 
 11 | import functools
 12 | import json
 13 | import hashlib
 14 | import logging
 15 | import os
 16 | import requests
 17 | import sys
 18 | import time
 19 | import uuid
 20 | from datetime import datetime
 21 | from pymysql.cursors import DictCursor
 22 | from operator import itemgetter
 23 | from urllib.parse import unquote_plus, quote_plus
 24 | 
 25 | from config.settings import *
 26 | from core.decorators import authentication
 27 | from core.forms import forms
 28 | from app import log, get_es, get_mysql
 29 | from utils.elasticsearch import *
 30 | from utils.functions import *
 31 | 
 32 | #blue print def
 33 | admin_blueprint = Blueprint('admin', __name__, url_prefix="/admin")
 34 | logger_prefix = "admin.py:"
 35 | 
 36 | @admin_blueprint.route("/user/<action>/<value>/<user_id>/<user_c>", methods = ['GET'])
 37 | @admin_blueprint.route("/user/<action>/<value>/<user_id>/<user_c>/", methods = ['GET'])
 38 | @authentication.access(authentication.ADMIN)
 39 | def edit_user_permissions(action,value,user_id,user_c):
 40 |     logging_prefix = logger_prefix + "edit_user_permissions({},{},{},{}) - ".format(action,value,user_id,user_c)
 41 |     log.info(logging_prefix + "Starting") 
 42 | 
 43 |     action_column_map = {}
 44 |     action_column_map['approve'] = "approved"
 45 |     action_column_map['write_perm'] = "write_permission"
 46 |     action_column_map['delete_perm'] = "delete_permission"
 47 |     action_column_map['admin_perm'] = "admin"
 48 | 
 49 |     success = 1
 50 |     try:
 51 |         #make sure the value is valid
 52 |         if value not in ["0","1"]:
 53 |             raise Exception("Invald value: {}".format(value))
 54 | 
 55 |         #make sure the action is valid    
 56 |         try:
 57 |             column = action_column_map[action]
 58 |         except Exception as f:
 59 |             log.warning(logging_prefix + "Action '{}' not found in action_column_map".format(action))
 60 |             raise f
 61 | 
 62 |         #check the hash
 63 |         if user_c == sha256(SALTS['user'], str(user_id)):
 64 | 
 65 |             #if action is approve, emails need to be sent
 66 |             if action == "approve":
 67 |                 conn = get_mysql().cursor(DictCursor)
 68 |                 conn.execute("SELECT name, email FROM users WHERE id = %s", (user_id,))
 69 |                 user = conn.fetchone()
 70 |                 conn.close()
 71 | 
 72 |                 if value == "1":
 73 |                     log.info(logging_prefix + "Setting approved=1 for user {}".format(user_id))
 74 |                     sendAccountApprovedEmail(user['email'])
 75 |                 else:
 76 |                     log.info(logging_prefix + "Setting approved=0 for user {}".format(user_id))
 77 |                     sendAccountDisapprovedEmail(user['email'])
 78 | 
 79 |             #now update the desired setting
 80 |             conn = get_mysql().cursor()
 81 |             conn.execute("UPDATE users SET "+column+" = %s WHERE id = %s", (value,user_id))
 82 |             get_mysql().commit()
 83 |             conn.close()
 84 |             log.info(logging_prefix + "Successfully update {} to {} for user id {}".format(column,value,user_id))
 85 | 
 86 |         else:
 87 |             log.warning(logging_prefix + "Hash mismatch {} {}".format(user_id, user_c))
 88 |     except Exception as e:
 89 |         success = 0
 90 |         error = "There was an error completing your request. Details: {}".format(e)
 91 |         log.exception(logging_prefix + error)
 92 | 
 93 |     return jsonify({ "success" : success, "new_value" : value })
 94 | 
 95 | @admin_blueprint.route("/user/delete/<user_id>/<user_id_hash>", methods = ['GET'])
 96 | @admin_blueprint.route("/user/delete/<user_id>/<user_id_hash>/", methods = ['GET'])
 97 | @authentication.access(authentication.ADMIN)
 98 | def user_delete(user_id, user_id_hash):
 99 |     logging_prefix = logger_prefix + "user_delete({},{}) - ".format(user_id, user_id_hash)
100 |     log.info(logging_prefix + "Starting")
101 | 
102 |     redirect_url = "/admin/"
103 |     try:
104 |         redirect_url = request.args.get("_r")
105 |         if not redirect_url:
106 |             log.warning(logging_prefix + "redirect_url not set, using default")
107 |             redirect_url = "/admin/"
108 | 
109 |         #check user_id against user_id_hash and perform delete if match
110 |         if user_id_hash == sha256( SALTS['user'], user_id ):
111 |             #now delete the user
112 |             conn=get_mysql().cursor(DictCursor)
113 |             conn.execute("DELETE FROM users WHERE id=%s", (user_id,))
114 |             conn.close()
115 |             flash("The user has been deleted", "success")
116 |         else:
117 |             flash("Unable to delete user", "danger")
118 |         
119 |     except Exception as e:
120 |         error = "There was an error completing your request. Details: {}".format(e)
121 |         flash(error,'danger')
122 |         log.exception(logging_prefix + error)
123 |         
124 |     return redirect(redirect_url)
125 | 
126 | 
127 | @admin_blueprint.route("/email", methods = ['POST'])
128 | @admin_blueprint.route("/email/", methods = ['POST'])
129 | @authentication.access(authentication.ADMIN)
130 | def email_user():
131 |     
132 |     logging_prefix = logger_prefix + "email_user() - "
133 |     log.info(logging_prefix + "Starting")
134 | 
135 |     try:
136 |         email = request.form['email']
137 |         subject = request.form['subject']
138 |         body = request.form['body']
139 | 
140 |         log.debug("Email: {}, Subject: {}, Body: {}".format(email, subject, body))
141 |         sendCustomEmail(email, subject, body)
142 |     except Exception as e:
143 |         error = "There was an error completing your request. Details: {}".format(e)
144 |         log.exception(logging_prefix + error)
145 | 
146 |         return jsonify({ 'success' : False, 'error' : str(e) })
147 |         
148 |     return jsonify({ 'success' : True })
149 | 
150 | '''
151 | Admin Pages
152 | '''
153 | 
154 | @admin_blueprint.route("/", methods = ['GET','POST'])
155 | @admin_blueprint.route("", methods = ['GET','POST'])
156 | @authentication.access(authentication.ADMIN)
157 | def main():
158 |     logging_prefix = logger_prefix + "main() - "
159 |     log.info(logging_prefix + "Starting")
160 | 
161 |     try:
162 |         conn=get_mysql().cursor(DictCursor)
163 |         conn.execute("SELECT id, name, email, company, justification, email_verified, approved, write_permission, delete_permission, admin, created, last_login FROM users ORDER BY created DESC")
164 | 
165 |         users = conn.fetchall()
166 |         for user in users:
167 |             user['id_hash'] = sha256( SALTS['user'], str(user['id']) )
168 | 
169 |         conn.close()
170 | 
171 |         email_user_form = forms.sendUserEmailForm()
172 | 
173 |     except Exception as e:
174 |         error = "There was an error completing your request. Details: {}".format(e)
175 |         flash(error,'danger')
176 |         log.exception(logging_prefix + error)
177 | 
178 | 
179 |     return render_template("admin.html",
180 |                         page_title="Admin",
181 |                         url = "/admin/",
182 |                         users=users,
183 |                         email_user_form = email_user_form
184 |             )
185 | @admin_blueprint.route("/choices", methods = ['GET','POST'])
186 | @admin_blueprint.route("/choices/", methods = ['GET','POST'])
187 | @authentication.access(authentication.ADMIN)
188 | def choices():
189 |     logging_prefix = logger_prefix + "choices() - "
190 |     log.info(logging_prefix + "Starting")
191 | 
192 |     simple_choices = None
193 |     try:
194 | 
195 |         body = {
196 |             "query" : {
197 |                 "match_all" : {}
198 |             },
199 |             "size" : 1000
200 |         }
201 | 
202 |         results = get_es().search(ES_PREFIX + 'threat_actor_simple', 'data', body)
203 | 
204 |         parsed_results = []
205 |         for r in results['hits']['hits']:
206 |             d = {}
207 |             d['type'] = r['_source']['type']
208 |             d['value'] = r['_source']['value']
209 |             d['id'] = r['_id']
210 | 
211 |             #determine how many actor profiles use this value
212 | 
213 |             query_string = None
214 |             if d['type'] == "classification":
215 |                 query_string = "type:\"" + escape(d['value']) + "\""
216 |             elif d['type'] == "communication":
217 |                 query_string = "communication_address.type:\"" + escape(d['value']) + "\""
218 |             elif d['type'] == "country":
219 |                 query_string = "country_affiliation:\"" + escape(d['value']) + "\" origin:\"" + escape(d['value']) + "\""
220 | 
221 |             if query_string:
222 |                 body = {
223 |                     "query" : {
224 |                         "query_string" : {
225 |                             "query" : query_string
226 |                         }
227 |                     },
228 |                     "size" : 0
229 |                 }
230 | 
231 |                 count = get_es().search(ES_PREFIX + 'threat_actors', 'actor', body)
232 | 
233 |                 d['count'] = count['hits']['total']
234 |                 d['q'] = quote_plus(query_string)
235 |             else:
236 |                 d['count'] = "-"
237 |                 d['q'] = ""
238 | 
239 |             parsed_results.append(d)
240 | 
241 |         simple_choices = multikeysort(parsed_results, ['type', 'value'])
242 | 
243 |     except Exception as e:
244 |         error = "There was an error completing your request. Details: {}".format(e)
245 |         flash(error,'danger')
246 |         log.exception(logging_prefix + error)
247 | 
248 |     return render_template("admin_choices.html",
249 |                         page_title="Admin",
250 |                         simple_choices = simple_choices
251 |             )
252 | 
253 | 
254 | 


--------------------------------------------------------------------------------
/app/core/blueprints/ajax.py:
--------------------------------------------------------------------------------
 1 | from flask import Flask
 2 | from flask import render_template
 3 | from flask import Blueprint
 4 | from flask import flash
 5 | from flask import request
 6 | from flask import redirect
 7 | from flask import jsonify
 8 | from flask import Markup
 9 | from flask import g
10 | 
11 | import functools
12 | import json
13 | import hashlib
14 | import logging
15 | import os
16 | import sys
17 | import time
18 | import uuid
19 | from datetime import datetime
20 | from operator import itemgetter
21 | from urllib.parse import quote_plus
22 | 
23 | from config.settings import *
24 | from core.forms import forms
25 | from app import log, get_es, get_mysql
26 | from utils.elasticsearch import *
27 | from utils.functions import *
28 | 
29 | #blue print def
30 | ajax_blueprint = Blueprint('ajax', __name__, url_prefix="/ajax")
31 | logger_prefix = "ajax.py:"
32 | 
33 | #dynamic select populator
34 | @ajax_blueprint.route("/fetch/<_type>/<value>", methods = ['GET'])
35 | def fetch(_type, value):
36 |     logging_prefix = logger_prefix + "fetch({},{}) - ".format(_type,value)
37 |     log.info(logging_prefix + "Starting")
38 | 
39 |     r = fetch_child_data(_type,value)
40 |     return jsonify(r), 200
41 | 
42 | 
43 | #dynamic select populator
44 | @ajax_blueprint.route("/related/<_type>", methods = ['GET'])
45 | @ajax_blueprint.route("/related/<_type>/", methods = ['GET'])
46 | def populate_related_elements(_type):
47 |     logging_prefix = logger_prefix + "populate_related_elements({}) - ".format(_type)
48 |     log.info(logging_prefix + "Starting")
49 | 
50 |     r = fetch_related_elements(_type)
51 |     return jsonify(r), 200


--------------------------------------------------------------------------------
/app/core/blueprints/index.py:
--------------------------------------------------------------------------------
  1 | 
  2 | from flask import Flask
  3 | from flask import render_template
  4 | from flask import Blueprint
  5 | from flask import flash
  6 | from flask import request
  7 | from flask import redirect
  8 | from flask import make_response
  9 | from flask import jsonify
 10 | from flask import Markup
 11 | from flask import g
 12 | 
 13 | from elasticsearch import TransportError
 14 | from elasticsearch.helpers import scan
 15 | 
 16 | import functools
 17 | import json
 18 | import hashlib
 19 | import logging
 20 | import os
 21 | import sys
 22 | import time
 23 | import uuid
 24 | from datetime import datetime
 25 | from operator import itemgetter
 26 | from urllib.parse import quote_plus
 27 | 
 28 | from config.settings import *
 29 | from core.decorators import authentication
 30 | from core.forms import forms
 31 | from app import log, get_es, get_mysql
 32 | 
 33 | 
 34 | #blue print def
 35 | index_blueprint = Blueprint('index', __name__, url_prefix="")
 36 | logger_prefix = "index.py:"
 37 | 
 38 | 
 39 | @index_blueprint.route("/about", methods = ['GET'])
 40 | @authentication.access(authentication.PUBLIC)
 41 | def about():
 42 |     search_form = forms.searchForm()
 43 | 
 44 |     return render_template("about.html",
 45 |                         page_title="About",
 46 |                         search_form = search_form
 47 |             )
 48 | 
 49 | @index_blueprint.route("/contact", methods = ['GET'])
 50 | @authentication.access(authentication.PUBLIC)
 51 | def contact():
 52 |     search_form = forms.searchForm()
 53 | 
 54 |     return render_template("contact.html",
 55 |                         page_title="Contact",
 56 |                         search_form = search_form
 57 |             )
 58 | 
 59 | @index_blueprint.route("/", methods = ['GET','POST'])
 60 | @authentication.access(authentication.PUBLIC)
 61 | def index():
 62 |     logging_prefix = logger_prefix + "index() - "
 63 |     log.info(logging_prefix + "Loading home page")
 64 |     
 65 |     form = forms.searchForm(request.form)
 66 |     error = None
 67 |     url = "/"
 68 |     query_string_url = ""
 69 |     try:
 70 |         #this is the default query for actors in ES, i'd imagine this will be recently added/modified actors
 71 |         es_query = {
 72 |             "query": {
 73 |                 "match_all": {}
 74 |             },
 75 |             "size": 10,
 76 |             "sort": {
 77 |                 "last_updated_s": {
 78 |                     "order": "desc"
 79 |                 }
 80 |             }
 81 |         }
 82 | 
 83 |         #pull the query out of the url
 84 |         query_string = request.args.get("q")
 85 | 
 86 |         #someone is searching for something
 87 |         if request.method == 'POST' and not query_string:
 88 |             if form.validate():
 89 | 
 90 |                 #get the value
 91 |                 value = form.query.data
 92 | 
 93 |                 #redirect to this same page, but setting the query value in the url
 94 |                 return redirect("/?q={}".format(quote_plus(value)), code=307)
 95 | 
 96 |             else:
 97 |                 #if there was an error print the error dictionary to the console
 98 |                 #   temporary help, these should also appear under the form field
 99 |                 print(form.errors)
100 | 
101 |         elif query_string:
102 |             #now that the query_string is provided as ?q=, perform the search
103 |             print("VALID SEARCH OPERATION DETECTED")
104 | 
105 |             #do some searching...
106 |             es_query = {
107 |                 "query": {
108 |                     "query_string": {
109 |                         "query" : query_string
110 |                     }
111 |                 },
112 |                 "size": 10
113 |             }
114 | 
115 |             url += "?q=" + query_string
116 |             query_string_url = "?q=" + query_string
117 | 
118 |             #set the form query value to what the user is searching for
119 |             form.query.data = query_string
120 | 
121 |         '''
122 |         Fetch the data from ES
123 |         '''
124 | 
125 |         actors = {}
126 |         actors['hits'] = {}
127 |         actors['hits']['hits'] = []
128 | 
129 |         reports = dict(actors)
130 | 
131 |         ttps = dict(actors)
132 |         
133 |         try:
134 |             actors = get_es().search(ES_PREFIX + 'threat_actors', 'actor', es_query)
135 |         except TransportError as te:
136 |             #if the index was not found, this is most likely becuase theres no data there
137 |             if te.status_code == 404:
138 |                 log.warning("Index 'threat_actors' was not found")
139 |             else:
140 |                 error = "There was an error fetching actors. Details: {}".format(te)
141 |                 flash(error,'danger')
142 |                 log.exception(logging_prefix + error)
143 |         except Exception as e:
144 |             error = "The was an error fetching Actors. Error: {}".format(e)
145 |             log.exception(error)
146 |             flash(error, "danger")
147 | 
148 |         try:
149 |             reports = get_es().search(ES_PREFIX + 'threat_reports', 'report', es_query)
150 |         except TransportError as te:
151 |             #if the index was not found, this is most likely becuase theres no data there
152 |             if te.status_code == 404:
153 |                 log.warning("Index 'threat_reports' was not found")
154 |             else:
155 |                 error = "There was an error fetching reports. Details: {}".format(te)
156 |                 flash(error,'danger')
157 |                 log.exception(logging_prefix + error)
158 |         except Exception as e:
159 |             error = "The was an error fetching Reports. Error: {}".format(e)
160 |             log.exception(error)
161 |             flash(error, "danger")
162 | 
163 |         try:
164 |             ttps = get_es().search(ES_PREFIX + 'threat_ttps', 'ttp', es_query)
165 |         except TransportError as te:
166 |             #if the index was not found, this is most likely becuase theres no data there
167 |             if te.status_code == 404:
168 |                 log.warning("Index 'threat_ttps' was not found")
169 |             else:
170 |                 error = "There was an error ttps. Details: {}".format(te)
171 |                 flash(error,'danger')
172 |                 log.exception(logging_prefix + error)
173 |         except Exception as e:
174 |             error = "The was an error fetching TTPs. Error: {}".format(e)
175 |             log.exception(error)
176 |             flash(error, "danger")
177 |         
178 |         '''
179 |         Modify the data as needed
180 |         '''
181 | 
182 |         for actor in actors['hits']['hits']:
183 |             s = SALTS['actor'] + actor['_id']
184 |             hash_object = hashlib.sha256(s.encode('utf-8'))
185 |             hex_dig = hash_object.hexdigest()
186 |             actor["_source"]['id_hash'] = hex_dig
187 | 
188 |         for report in reports['hits']['hits']:
189 |             s = SALTS['report'] + report['_id']
190 |             hash_object = hashlib.sha256(s.encode('utf-8'))
191 |             hex_dig = hash_object.hexdigest()
192 |             report["_source"]['id_hash'] = hex_dig
193 | 
194 |         for ttp in ttps['hits']['hits']:
195 |             s = SALTS['ttp'] + ttp['_id']
196 |             hash_object = hashlib.sha256(s.encode('utf-8'))
197 |             hex_dig = hash_object.hexdigest()
198 |             ttp["_source"]['id_hash'] = hex_dig
199 | 
200 |     except Exception as e:
201 |         error = "There was an error completing your request. Details: {}".format(e)
202 |         log.exception(error)
203 |         flash(error, "danger")
204 | 
205 |     #render the template, passing the variables we need
206 |     #   templates live in the templates folder
207 |     return render_template("index.html",
208 |                         page_title="ActorTrackr",
209 |                         form=form,
210 |                         query_string_url=query_string_url,
211 |                         actors=actors,
212 |                         reports=reports,
213 |                         ttps=ttps,
214 |                         url = quote_plus(url)
215 |             )
216 | 
217 | @index_blueprint.route("/export", methods = ['GET'])
218 | @index_blueprint.route("/export/", methods = ['GET'])
219 | @authentication.access(authentication.PUBLIC)
220 | def export_all_the_data():
221 |     logging_prefix = logger_prefix + "export_all_the_data() - "
222 |     log.info(logging_prefix + "Exporting")
223 | 
224 |     try:
225 |         dump = {}
226 |         dump['actors'] = []
227 |         dump['reports'] = []
228 |         dump['ttps'] = []
229 |         dump['choices'] = {}
230 | 
231 |         query = {
232 |             "query" : {
233 |                 "match_all" : {}
234 |             }
235 |         }
236 | 
237 |         results = scan(get_es(),query=query,index=ES_PREFIX + "threat_actors",doc_type="actor")
238 | 
239 |         
240 |         for i in results:
241 |             dump['actors'].append(i)
242 | 
243 |         results = scan(get_es(),query=query,index=ES_PREFIX + "threat_reports",doc_type="report")
244 | 
245 |         for i in results:
246 |             dump['reports'].append(i)
247 | 
248 |         results = scan(get_es(),query=query,index=ES_PREFIX + "threat_ttps",doc_type="ttp")
249 | 
250 |         for i in results:
251 |             dump['ttps'].append(i)
252 | 
253 |         results = scan(get_es(),query=query,index=ES_PREFIX + "threat_actor_pc",doc_type="parent")
254 | 
255 |         dump['choices']['parents'] = []
256 |         for i in results:
257 |             dump['choices']['parents'].append(i)
258 | 
259 |         results = scan(get_es(),query=query,index=ES_PREFIX + "threat_actor_pc",doc_type="child")
260 | 
261 |         dump['choices']['children'] = []
262 |         for i in results:
263 |             dump['choices']['children'].append(i)
264 | 
265 |         results = scan(get_es(),query=query,index=ES_PREFIX + "threat_actor_simple",doc_type="data")
266 | 
267 |         dump['choices']['simple'] = []
268 |         for i in results:
269 |             dump['choices']['simple'].append(i)
270 | 
271 |         # We need to modify the response, so the first thing we 
272 |         # need to do is create a response out of the Dictionary
273 |         response = make_response(json.dumps(dump))
274 | 
275 |         # This is the key: Set the right header for the response
276 |         # to be downloaded, instead of just printed on the browser
277 |         response.headers["Content-Disposition"] = "attachment; filename=export.json"
278 |         response.headers["Content-Type"] = "text/json; charset=utf-8"
279 | 
280 |         return response
281 | 
282 |     except Exception as e:
283 |         error = "There was an error completing your request. Details: {}".format(e)
284 |         log.exception(error)
285 |         flash(error, "danger")
286 |         return redirect("/")
287 | 
288 | @index_blueprint.route("/<t>", methods = ['GET','POST'])
289 | @index_blueprint.route("/<t>/", methods = ['GET','POST'])
290 | @index_blueprint.route("/<t>/<page>", methods = ['GET','POST'])
291 | @index_blueprint.route("/<t>/<page>/", methods = ['GET','POST'])
292 | def view_all(t,page=1):
293 |     if t == 'favicon.ico':
294 |         return jsonify({}),404
295 | 
296 |     page = int(page)
297 | 
298 |     logging_prefix = logger_prefix + "view_all() - "
299 |     log.info(logging_prefix + "Loading view all page {} for {}".format(page, t))
300 |     
301 |     form = forms.searchForm(request.form)
302 |     error = None
303 |     page_size = 50
304 |     offset = (page-1) * page_size
305 |     url = "/{}/{}/".format(t,page)
306 |     search_url = ""
307 |     results_text = ""
308 |     try:
309 | 
310 | 
311 |         #this is the default query for actors in ES, i'd imagine this will be recently added/modified actors
312 |         es_query = {
313 |             "query": {
314 |                 "match_all": {}
315 |             },
316 |             "size": page_size,
317 |             "from" : offset,
318 |             "sort": {
319 |                 "last_updated_s": {
320 |                     "order": "desc"
321 |                 }
322 |             }
323 |         }
324 | 
325 |         #pull the query out of the url
326 |         query_string = request.args.get("q")
327 | 
328 |         #someone is searching for something
329 |         if request.method == 'POST' and not query_string:
330 |             if form.validate():
331 |                 print("VALID SEARCH OPERATION DETECTED, redirecting...")
332 | 
333 |                 #get the value
334 |                 value = form.query.data
335 | 
336 | 
337 |                 log.info(value)
338 | 
339 |                 #redirect to this same page, but setting the query value in the url
340 |                 return redirect("/{}/1/?q={}".format(t,quote_plus(value)), code=307)
341 | 
342 |             else:
343 |                 #if there was an error print the error dictionary to the console
344 |                 #   temporary help, these should also appear under the form field
345 |                 print(form.errors)
346 | 
347 |         elif query_string:
348 |             #now that the query_string is provided as ?q=, perform the search
349 |             print("VALID SEARCH OPERATION DETECTED")
350 | 
351 |             #do some searching...
352 |             es_query = {
353 |                 "query": {
354 |                     "query_string": {
355 |                         "query" : query_string
356 |                     }
357 |                 },
358 |                 "size": page_size,
359 |                 "from" : offset
360 |             }
361 | 
362 |             search_url = "?q=" + query_string
363 |             #set the form query value to what the user is searching for
364 |             form.query.data = query_string
365 | 
366 |         '''
367 |         Fetch the data from ES
368 |         '''
369 | 
370 |         data = {}
371 |         data['hits'] = {}
372 |         data['hits']['hits'] = []
373 | 
374 |         if t == 'actor':
375 |             index = ES_PREFIX + 'threat_actors'
376 |             doc_type = 'actor'
377 |             salt = SALTS['actor']
378 |             link_prefix = 'actor'
379 |             data_header = 'Actors'
380 |             field_header = 'Actor Name'
381 |         elif t == 'report':
382 |             index = ES_PREFIX + 'threat_reports'
383 |             doc_type = 'report'
384 |             salt = SALTS['report']
385 |             link_prefix = 'report'
386 |             data_header = 'Reports'
387 |             field_header = 'Report Title'
388 |         elif t == 'ttp':
389 |             index = ES_PREFIX + 'threat_ttps'
390 |             doc_type = 'ttp'
391 |             salt = SALTS['ttp']
392 |             link_prefix = 'ttp'
393 |             data_header = 'TTPs'
394 |             field_header = 'TTP Name'
395 |         else:
396 |             raise Exception("Unknown type {}".format(t))
397 | 
398 |         try:
399 |             data = get_es().search(index, doc_type, es_query)
400 |             num_hits = len(data['hits']['hits'])
401 | 
402 |             #set up previous link
403 |             if page == 1:
404 |                 prev_url = None
405 |             else:
406 |                 prev_url = "/{}/{}/{}".format(t,(page-1),search_url)
407 | 
408 |             if ((page-1)*page_size) + num_hits <  data['hits']['total']:
409 |                 next_url = "/{}/{}/{}".format(t,(page+1),search_url)
410 |             else:
411 |                 next_url = None
412 |             
413 |             url += search_url
414 | 
415 |             for d in data['hits']['hits']:
416 |                 s = salt + d['_id']
417 |                 hash_object = hashlib.sha256(s.encode('utf-8'))
418 |                 hex_dig = hash_object.hexdigest()
419 |                 d["_source"]['id_hash'] = hex_dig
420 | 
421 |             if num_hits == 0:
422 |                 results_text = ""
423 |             else:
424 |                 f = ( (page-1) * page_size ) + 1
425 |                 l = f + (num_hits-1)
426 |                 results_text = "Showing {} to {} of {} total results".format(f,l,data['hits']['total'])
427 | 
428 |         except TransportError as te:
429 | 
430 |             #if the index was not found, this is most likely becuase theres no data there
431 |             if te.status_code == 404:
432 |                 log.warning("Index '{}' was not found".format(index))
433 |             else:
434 |                 error = "There was an error fetching {}. Details: {}".format(t, te)
435 |                 flash(error,'danger')
436 |                 log.exception(logging_prefix + error)
437 | 
438 |         except Exception as e:
439 |             error = "The was an error fetching {}. Error: {}".format(t,e)
440 |             log.exception(error)
441 |             flash(error, "danger")
442 |     
443 | 
444 |     except Exception as e:
445 |         error = "There was an error completing your request. Details: {}".format(e)
446 |         log.exception(error)
447 |         flash(error, "danger")
448 |         return redirect("/")
449 | 
450 |     return render_template("view_all.html",
451 |                         page_title="View All",
452 |                         form=form,
453 |                         data_header=data_header,
454 |                         results_text=results_text,
455 |                         field_header=field_header,
456 |                         data=data,
457 |                         link_prefix=link_prefix,
458 |                         prev_url=prev_url,
459 |                         next_url=next_url,
460 |                         url = quote_plus(url)
461 |             )
462 | 
463 | 


--------------------------------------------------------------------------------
/app/core/blueprints/ttp.py:
--------------------------------------------------------------------------------
  1 | from flask import Flask
  2 | from flask import render_template
  3 | from flask import Blueprint
  4 | from flask import flash
  5 | from flask import request
  6 | from flask import redirect
  7 | from flask import jsonify
  8 | from flask import Markup
  9 | from flask import g
 10 | from flask import session
 11 | 
 12 | import functools
 13 | import json
 14 | import hashlib
 15 | import logging
 16 | import os
 17 | import sys
 18 | import time
 19 | import uuid
 20 | from datetime import datetime
 21 | from operator import itemgetter
 22 | from urllib.parse import quote_plus
 23 | 
 24 | from config.settings import *
 25 | from core.decorators import authentication
 26 | from core.forms import forms
 27 | from app import log, get_es, get_mysql
 28 | from utils.elasticsearch import *
 29 | from utils.functions import *
 30 | 
 31 | ttp_blueprint = Blueprint('ttp', __name__, url_prefix="/ttp")
 32 | logger_prefix = "ttp.py:"
 33 | 
 34 | def es_to_form(ttp_id):
 35 |     form = forms.ttpForm()
 36 | 
 37 |     #get the values from ES
 38 |     results = get_es().get(ES_PREFIX + "threat_ttps", doc_type="ttp", id=ttp_id)
 39 | 
 40 |     
 41 |     #store certain fields from ES, so this form can be used in an update
 42 |     form.doc_index.data = results['_index']
 43 |     form.doc_type.data = results['_type']
 44 | 
 45 |     ttp_data = results['_source']
 46 | 
 47 |     form.ttp_name.data = ttp_data['name']
 48 |     form.ttp_first_observed.data = datetime.strptime(ttp_data['created_s'],"%Y-%m-%dT%H:%M:%S")
 49 |     form.ttp_description.data = ttp_data['description']
 50 |     form.ttp_criticality.data = int(ttp_data['criticality'])
 51 | 
 52 |     idx = 0
 53 |     for entry in range(len(form.ttp_class.entries)): form.ttp_class.pop_entry()
 54 |     for i in multikeysort(ttp_data['classification'], ['family', 'id']):
 55 |         ttp_class_form = forms.TPXClassificationForm()
 56 |         ttp_class_form.a_family = i['family']
 57 |         ttp_class_form.a_id = i['id']
 58 | 
 59 |         form.ttp_class.append_entry(ttp_class_form)
 60 | 
 61 |         #set the options since this select is dynamic
 62 |         form.ttp_class[idx].a_id.choices = fetch_child_data('tpx_classification',i['family'])
 63 |         idx += 1
 64 | 
 65 |     if ttp_data['related_actor']:
 66 |         for entry in range(len(form.ttp_actors.entries)): form.ttp_actors.pop_entry()
 67 |         for i in multikeysort(ttp_data['related_actor'], ['name', 'id']):
 68 |             sub_form = forms.RelatedActorsForm()
 69 |             sub_form.data = i['id'] + ":::" + i['name']
 70 | 
 71 |             form.ttp_actors.append_entry(sub_form)
 72 | 
 73 |     if ttp_data['related_report']:
 74 |         for entry in range(len(form.ttp_reports.entries)): form.ttp_reports.pop_entry()
 75 |         for i in multikeysort(ttp_data['related_report'], ['name', 'id']):
 76 |             sub_form = forms.RelatedReportsForm()
 77 |             sub_form.data = i['id'] + ":::" + i['name']
 78 | 
 79 |             form.ttp_reports.append_entry(sub_form)
 80 |             
 81 |     if ttp_data['related_ttp']:
 82 |         for entry in range(len(form.ttp_ttps.entries)): form.ttp_ttps.pop_entry()
 83 |         for i in multikeysort(ttp_data['related_ttp'], ['name', 'id']):
 84 |             sub_form = forms.RelatedTTPsForm()
 85 |             sub_form.data = i['id'] + ":::" + i['name']
 86 | 
 87 |             form.ttp_ttps.append_entry(sub_form)
 88 | 
 89 |     #convert editor dictionary of ids and times to names and times
 90 |     editors = get_editor_names(get_mysql(), ttp_data['editor'])
 91 | 
 92 |     return form, editors
 93 | 
 94 | def es_to_tpx(ttp_id):
 95 |     '''
 96 |     Build the TPX file from the data stored in Elasticsearch
 97 |     '''
 98 |     element_observables = {}
 99 | 
100 |     results = get_es().get(ES_PREFIX + "threat_ttps", doc_type="ttp", id=ttp_id)
101 |     ttp_data = results['_source']
102 | 
103 |     tpx = {}
104 |     tpx["schema_version_s"] = "2.2.0"
105 |     tpx["provider_s"] = "LookingGlass"
106 |     tpx["list_name_s"] = "Threat Actor"
107 |     tpx["created_t"] = ttp_data['created_milli']
108 |     tpx["created_s"] = ttp_data['created_s']
109 |     tpx["last_updated_t"] = ttp_data['last_updated_milli']
110 |     tpx["last_updated_s"] = ttp_data['last_updated_s']
111 |     tpx["score_i"] = 95
112 |     tpx["source_observable_s"] = "Cyveillance Threat Actor"
113 |     tpx["source_description_s"] = "This feed provides threat actor or threat actor group profiles and characterizations created by the LookingGlass Cyber Threat Intelligence Group"
114 | 
115 |     tpx["observable_dictionary_c_array"] = []
116 | 
117 |     observable_dict = {}
118 |     observable_dict["ttp_uuid_s"] = ttp_id
119 |     observable_dict["observable_id_s"] = ttp_data['name']
120 |     observable_dict["description_s"]  = ttp_data['description']
121 |     observable_dict["criticality_i"] = ttp_data['criticality']
122 | 
123 |     observable_dict["classification_c_array"] = []
124 | 
125 |     class_dict = {}
126 |     class_dict["score_i"] = 70
127 |     class_dict["classification_id_s"] = "Intel"
128 |     class_dict["classification_family_s"] = "TTP"
129 |     observable_dict["classification_c_array"].append(class_dict)
130 | 
131 |     for i in ttp_data['classification']:
132 |         class_dict = {}
133 |         class_dict["score_i"] = i["score"]
134 |         class_dict["classification_id_s"] = i["id"]
135 |         class_dict["classification_family_s"] = i["family"]
136 | 
137 |         if class_dict not in observable_dict["classification_c_array"]:
138 |             observable_dict["classification_c_array"].append(class_dict)
139 | 
140 |     observable_dict["related_ttps_c_array"]  = []
141 |     for i in ttp_data['related_ttp']:
142 |         if i['name']:
143 |             observable_dict["related_ttps_c_array"].append({ "name_s" :  i['name'], "uuid_s" : i['id'] })
144 | 
145 | 
146 |     observable_dict["related_actors_c_array"]  = []
147 |     for i in ttp_data['related_actor']:
148 |         if i['name']:
149 |             observable_dict["related_actors_c_array"].append({ "name_s" :  i['name'], "uuid_s" : i['id'] })
150 | 
151 |     observable_dict["related_reports_c_array"]  = []
152 |     for i in ttp_data['related_report']:
153 |         if i['name']:
154 |             observable_dict["related_reports_c_array"].append({ "name_s" :  i['name'], "uuid_s" : i['id'] })
155 | 
156 | 
157 |     '''
158 |     Related elements
159 |     '''
160 | 
161 |     relate_element_name_map = {
162 |             "FQDN" : "subject_fqdn_s",
163 |             "IPv4" : "subject_ipv4_s",
164 |             "TTP" : "subject_ttp_s",
165 |             "CommAddr" : "subject_address_s"
166 |         }
167 | 
168 | 
169 | 
170 |     tpx["observable_dictionary_c_array"].append(observable_dict)
171 | 
172 |     return tpx
173 | 
174 | def form_to_es(form, ttp_id):
175 |     logging_prefix = logger_prefix + "form_to_es() - "
176 |     log.info(logging_prefix + "Converting Form to ES for {}".format(ttp_id))
177 | 
178 |     doc = {}
179 | 
180 |     created_t = int(time.mktime(form.ttp_first_observed.data.timetuple())) * 1000
181 |     created_s = form.ttp_first_observed.data.strftime("%Y-%m-%dT%H:%M:%S")
182 |     now_t = int(time.time()) * 1000
183 |     now_s = datetime.now().strftime("%Y-%m-%dT%H:%M:%S")
184 | 
185 |     doc["created_milli"] = created_t
186 |     doc["created_s"] = created_s
187 |     doc["last_updated_milli"] = now_t
188 |     doc["last_updated_s"] = now_s
189 | 
190 |     doc['name'] = escape(form.ttp_name.data)
191 |     doc['description'] = escape(form.ttp_description.data)
192 |     doc['criticality'] = int(escape(form.ttp_criticality.data))
193 | 
194 |     doc['classification'] = []
195 |     for sub_form in form.ttp_class.entries:
196 |         classification_dict = {}
197 |         classification_dict['score'] = int(get_score(sub_form.data['a_family'], sub_form.data['a_id']))
198 |         classification_dict['id'] = escape(sub_form.data['a_id'])
199 |         classification_dict['family'] = escape(sub_form.data['a_family'])
200 | 
201 |         if classification_dict not in doc['classification']:
202 |             doc['classification'].append(classification_dict)
203 | 
204 |     #Links to actors and reports
205 |     doc['related_actor'] = []
206 |     for sub_form in form.ttp_actors.entries:
207 |         r_dict = {}
208 |         data = escape(sub_form.data.data)
209 | 
210 |         if data == "_NONE_":
211 |             continue
212 | 
213 |         data_array = data.split(":::")
214 | 
215 |         r_dict['id'] = escape(data_array[0])
216 |         r_dict['name'] = escape(data_array[1])  
217 |                                         #this is gonna be a nightmare to maintain, 
218 |                                         # but it make sense to have this for searches
219 |         
220 |         if r_dict not in doc['related_actor']:                                
221 |             doc['related_actor'].append(r_dict)
222 | 
223 |     doc['related_report'] = []
224 |     for sub_form in form.ttp_reports.entries:
225 |         r_dict = {}
226 |         data = escape(sub_form.data.data)
227 | 
228 |         if data == "_NONE_":
229 |             continue
230 | 
231 |         data_array = data.split(":::")
232 | 
233 |         r_dict['id'] = escape(data_array[0])
234 |         r_dict['name'] = escape(data_array[1])  
235 |                                         #this is gonna be a nightmare to maintain, 
236 |                                         # but it make sense to have this for searches
237 |         
238 |         if r_dict not in doc['related_report']:                                
239 |             doc['related_report'].append(r_dict)
240 | 
241 |     doc['related_ttp'] = []
242 |     for sub_form in form.ttp_ttps.entries:
243 |         r_dict = {}
244 |         data = escape(sub_form.data.data)
245 | 
246 |         if data == "_NONE_":
247 |             continue
248 | 
249 |         data_array = data.split(":::")
250 | 
251 |         r_dict['id'] = escape(data_array[0])
252 |         r_dict['name'] = escape(data_array[1])  
253 |                                         #this is gonna be a nightmare to maintain, 
254 |                                         # but it make sense to have this for searches
255 | 
256 |         if r_dict not in doc['related_ttp']:                                
257 |             doc['related_ttp'].append(r_dict)
258 | 
259 |     '''
260 |     Edit Tracking
261 |     '''
262 | 
263 |     doc['editor'] = get_editor_list( 
264 |             es=get_es(),
265 |             index=ES_PREFIX + "threat_ttps",
266 |             doc_type="ttp",
267 |             item_id=ttp_id,
268 |             user_id=session.get('id',None)
269 |         )
270 | 
271 |     #print_tpx(doc)
272 | 
273 |     #index the doc
274 |     log.info(logging_prefix + "Start Indexing of {}".format(ttp_id))
275 |     response = get_es().index(ES_PREFIX + "threat_ttps", "ttp", doc, ttp_id)
276 |     log.info(logging_prefix + "Done Indexing of {}".format(ttp_id))
277 | 
278 |     return response, doc
279 | 
280 | '''
281 | TTP Pages
282 | '''
283 | 
284 | @ttp_blueprint.route("/add", methods = ['GET','POST'])
285 | @ttp_blueprint.route("/add/", methods = ['GET','POST']) 
286 | @ttp_blueprint.route("/add/<template>/", methods = ['GET','POST'])  
287 | @authentication.access(authentication.WRITE)
288 | def add(template=None):
289 |     logging_prefix = logger_prefix + "add({}) - ".format(template)
290 |     log.info(logging_prefix + "Starting")
291 | 
292 |     try:
293 |         form = forms.ttpForm(request.form)
294 |         search_form = forms.searchForm()
295 | 
296 |         if request.method == 'POST':
297 |             #trick the form validation into working with our dynamic drop downs
298 |             for sub_form in form.ttp_class:
299 |                 sub_form.a_id.choices = fetch_child_data('tpx_classification',sub_form.a_family.data)
300 | 
301 |             #convert the field that lists the related_element_choices 
302 |             #choices = []
303 |             #rec = json.loads(form.related_element_choices.data)
304 |             #for k,v in rec.items():
305 |                 #choices.append((v,k))
306 | 
307 |             if form.validate():
308 |                 log.info(logging_prefix + "Add Detected")
309 | 
310 |                 #create a ttp id
311 |                 ttp_id = str(uuid.uuid4())
312 | 
313 |                 #convert the form to ES format
314 |                 form_to_es(form, ttp_id)
315 |                
316 |                 #rebuild the form from ES
317 |                 form, editors = es_to_form(ttp_id)
318 | 
319 |                 flash(Markup('<a href="/ttp/view/'+ttp_id+'" style="text-decoration:none; color:#3c763d;">New TTP Successfully Added. Click here to view this TTP</a>') , "success")
320 |             else:
321 |                 #if there was an error print the error dictionary to the console
322 |                 #   temporary help, these should also appear under the form field
323 |                 print(form.errors)
324 |         
325 |         elif template:
326 |             form, editors = es_to_form(template)
327 |         else:
328 |             #populate certain fields with default data
329 |             form.ttp_class[0].a_family.data = 'Actors'
330 |             form.ttp_class[0].a_id.choices = fetch_child_data('tpx_classification','Actors')
331 | 
332 |     except Exception as e:
333 |         error = "There was an error completing your request. Details: {}".format(e)
334 |         flash(error,'danger')
335 |         log.exception(logging_prefix + error)
336 | 
337 |     return render_template("ttp.html",
338 |                         page_title="Add New TTP",
339 |                         role="ADD",
340 |                         form=form,
341 |                         search_form=search_form
342 |             )
343 | 
344 | @ttp_blueprint.route("/view/<ttp_id>")
345 | @ttp_blueprint.route("/view/<ttp_id>/") 
346 | @authentication.access(authentication.PUBLIC)
347 | def view(ttp_id):
348 |     logging_prefix = logger_prefix + "view({}) - ".format(ttp_id)
349 |     log.info(logging_prefix + "Starting")
350 | 
351 |     editors = None
352 | 
353 |     try:
354 |         form, editors = es_to_form(ttp_id)
355 |         search_form = forms.searchForm()
356 |     except Exception as e:
357 |         error = "There was an error completing your request. Details: {}".format(e)
358 |         flash(error,'danger')
359 |         log.exception(logging_prefix + error)
360 |         form = forms.ttpForm()
361 |     
362 |     #render the template, passing the variables we need
363 |     #   templates live in the templates folder
364 |     return render_template("ttp.html",
365 |                         page_title="View TTP",
366 |                         role="VIEW",
367 |                         ttp_id=ttp_id,
368 |                         form=form,
369 |                         editors=editors,
370 |                         search_form=search_form
371 |             )
372 | 
373 | @ttp_blueprint.route("/edit/<ttp_id>", methods = ['GET','POST'])
374 | @ttp_blueprint.route("/edit/<ttp_id>/", methods = ['GET','POST']) 
375 | @authentication.access(authentication.WRITE)
376 | def edit(ttp_id):
377 |     logging_prefix = logger_prefix + "edit({}) - ".format(ttp_id)
378 |     log.info(logging_prefix + "Starting")
379 | 
380 |     error = None
381 |     try:
382 |         editors = None
383 |         search_form = forms.searchForm()
384 |         if request.method == 'POST':
385 |             form = forms.ttpForm(request.form)
386 | 
387 |             #trick the form validation into working with our dynamic drop downs
388 |             for sub_form in form.ttp_class:
389 |                 sub_form.a_id.choices = fetch_child_data('tpx_classification',sub_form.a_family.data)
390 |             
391 |             #convert the field that lists the related_element_choices 
392 |             #choices = []
393 |             #rec = json.loads(form.related_element_choices.data)
394 |             #for k,v in rec.items():
395 |                 #choices.append((v,k))
396 | 
397 |             if form.validate():
398 |                 log.info(logging_prefix + "Edit Detected")
399 | 
400 |                 #convert the form to ES format
401 |                 form_to_es(form, ttp_id)
402 |                
403 |                 #rebuild the form from ES
404 |                 form, editors = es_to_form(ttp_id)
405 | 
406 |                 flash("TTP Update Successful!" , "success")
407 |             else:
408 |                 #if there was an error print the error dictionary to the console
409 |                 #   temporary help, these should also appear under the form field
410 |                 print(form.errors)
411 |         else:
412 |             form, editors = es_to_form(ttp_id)
413 | 
414 |     except Exception as e:
415 |         error = "There was an error completing your request. Details: {}".format(e)
416 |         flash(error,'danger')
417 |         log.exception(logging_prefix + error)
418 |         form = forms.ttpForm()
419 | 
420 |     #render the template, passing the variables we need
421 |     #   templates live in the templates folder
422 |     return render_template("ttp.html",
423 |                         page_title="Edit TTP",
424 |                         role="EDIT",
425 |                         ttp_id=ttp_id,
426 |                         form=form,
427 |                         editors=editors,
428 |                         search_form=search_form
429 |             )
430 | 
431 | @ttp_blueprint.route("/export/<ttp_id>")
432 | @ttp_blueprint.route("/export/<ttp_id>/") 
433 | @authentication.access(authentication.PUBLIC)
434 | def export(ttp_id):
435 |     logging_prefix = logger_prefix + "export({}) - ".format(ttp_id)
436 |     log.info(logging_prefix + "Starting")
437 | 
438 |     try:
439 |         tpx = es_to_tpx(ttp_id)
440 |     except Exception as e:
441 |         error = "There was an error completing your request. Details: {}".format(e)
442 |         log.exception(logging_prefix + error)
443 | 
444 |         tpx = { "error" : error }
445 |         return jsonify(tpx), 500
446 | 
447 |     return jsonify(tpx), 200
448 | 
449 | @ttp_blueprint.route("/delete/<ttp_id>/<ttp_id_hash>")
450 | @ttp_blueprint.route("/delete/<ttp_id>/<ttp_id_hash>/") 
451 | @authentication.access(authentication.DELETE)
452 | def delete(ttp_id, ttp_id_hash):
453 |     s = SALTS['ttp'] + ttp_id
454 |     hash_object = hashlib.sha256(s.encode('utf-8'))
455 |     hex_dig = hash_object.hexdigest()
456 | 
457 |     if ttp_id_hash == hex_dig:
458 |         try:
459 |             get_es().delete(ES_PREFIX + "threat_ttps", "ttp", ttp_id)
460 |             flash("TTP Deleted" , "success")
461 |         except Exception as e:
462 |             flash("There was an error deleting the TTP. Error: {}".format(e), "danger")
463 |     else:
464 |         flash("There was an error deleting the TTP" , "danger")
465 | 
466 |     redirect_url = request.args.get("_r")
467 |     if not redirect_url:
468 |         redirec_url = "/"
469 | 
470 |     #sleep a sec, make them think were busy, really its to give ES time to delete the doc
471 |     time.sleep(2)
472 | 
473 |     return redirect(redirect_url, code=302)


--------------------------------------------------------------------------------
/app/core/blueprints/user.py:
--------------------------------------------------------------------------------
  1 | from flask import Flask
  2 | from flask import render_template
  3 | from flask import Blueprint
  4 | from flask import flash
  5 | from flask import request
  6 | from flask import redirect
  7 | from flask import jsonify
  8 | from flask import Markup
  9 | from flask import session
 10 | from flask import g
 11 | 
 12 | import functools
 13 | import json
 14 | import hashlib
 15 | import logging
 16 | import math
 17 | import os
 18 | import requests
 19 | import sys
 20 | import time
 21 | import uuid
 22 | from datetime import datetime
 23 | from datetime import timedelta
 24 | from pymysql.cursors import DictCursor
 25 | from operator import itemgetter
 26 | from urllib.parse import unquote_plus, quote_plus
 27 | 
 28 | from config.settings import *
 29 | from core.forms import forms
 30 | from app import log, get_es, get_mysql
 31 | from utils.elasticsearch import *
 32 | from utils.functions import *
 33 | 
 34 | user_blueprint = Blueprint('user', __name__, url_prefix="/user")
 35 | logger_prefix = "user.py:"
 36 | 
 37 | '''
 38 | User Pages
 39 | '''
 40 | 
 41 | @user_blueprint.route("/register", methods = ['GET','POST'])
 42 | @user_blueprint.route("/register/", methods = ['GET','POST']) 
 43 | def register():
 44 |     logging_prefix = logger_prefix + "register() - "
 45 |     log.info(logging_prefix + "Starting")
 46 |     try:
 47 | 
 48 |         form = forms.registerForm(request.form)
 49 |         search_form = forms.searchForm()
 50 | 
 51 |         if request.method == 'POST':
 52 | 
 53 |             #verify captcha
 54 |             perform_validate = True
 55 |             try:
 56 |                 if RECAPTCHA_ENABLED:
 57 |                     captcha_value = request.form['g-recaptcha-response']
 58 |                     r = requests.post("https://www.google.com/recaptcha/api/siteverify", data={
 59 |                             'secret': RECAPTCHA_PRIVATE_KEY,
 60 |                             'response': request.form['g-recaptcha-response']
 61 |                         })
 62 |                     r_json = json.loads(r.text)
 63 | 
 64 |                     if not r_json['success']:
 65 |                         flash("Bots are not allowed",'danger')
 66 |                         perform_validate = False
 67 | 
 68 |             except Exception as s:
 69 |                 log.exception(logging_prefix + "Error preforming captcha validation")
 70 |                 raise s
 71 | 
 72 |             if perform_validate and form.validate():
 73 |                 log.info(logging_prefix + "Sign up Detected")
 74 | 
 75 |                 #get data from form
 76 |                 name = form.user_name.data
 77 |                 email = form.user_email.data 
 78 |                 password = form.user_password.data
 79 |                 company = form.user_company.data
 80 |                 reason = form.user_reason.data
 81 | 
 82 |                 #create the necessary hashes
 83 |                 salted_password = sha256(SALTS['user'],password)
 84 |                 verification_hash = sha256(SALTS['email_verification'], email)
 85 | 
 86 |                 #insert data into mysql
 87 |                 insert = "INSERT INTO users (email, password, name, company, justification, email_verified, verification_hash) VALUES (%s,%s,%s,%s,%s,%s,%s)"
 88 |                 values = (email, salted_password, name, company, reason, 0, verification_hash)
 89 |                 log.info(logging_prefix + "Adding new user {}".format(values))
 90 | 
 91 |                 try:
 92 |                     conn=get_mysql().cursor()
 93 |                     conn.execute(insert, values)
 94 |                     get_mysql().commit()
 95 |                     conn.close()
 96 |                 except Exception as s:
 97 |                     conn.close()
 98 |                     raise s
 99 | 
100 |                 #email the user to verify email
101 |                 try:
102 |                     sendAccountVerificationEmail(email, verification_hash)
103 |                 except Exception as s:
104 |                     log.exception(logging_prefix + "Unable to send email to {} with verification_hash {}".format(email, verification_hash))
105 |                     raise s
106 | 
107 |                 flash("You have been registered. A verification email with an actviation link has been sent to {} from noreply_ctig@lgscout.com".format(email),'success')
108 |             else:
109 | 
110 |                 print(form.errors)
111 |         else:
112 |             pass
113 | 
114 |     except Exception as e:
115 |         error = "There was an error completing your request. Details: {}".format(e)
116 |         flash(error,'danger')
117 |         log.exception(logging_prefix + error)
118 | 
119 | 
120 |     return render_template("register.html",
121 |                         page_title="Register",
122 |                         form=form,
123 |                         recaptcha_enabled=RECAPTCHA_ENABLED,
124 |                         recaptcha_key=RECAPTCHA_PUBLIC_KEY,
125 |                         search_form=search_form
126 |             )
127 | 
128 | @user_blueprint.route("/issues", methods = ['GET'])
129 | @user_blueprint.route("/issues/", methods = ['GET']) 
130 | def issues():
131 |     search_form = forms.searchForm()
132 | 
133 |     return render_template("issues.html",
134 |                         page_title="Trouble Logging In",
135 |                         search_form=search_form
136 |             )
137 | 
138 | @user_blueprint.route("/password/request_reset", methods = ['GET','POST'])
139 | @user_blueprint.route("/password/request_reset/", methods = ['GET','POST']) 
140 | def password_request_reset():
141 |     logging_prefix = logger_prefix + "password_request_reset() - "
142 |     log.info(logging_prefix + "Starting")
143 |     try:
144 |         form = forms.userEmailForm(request.form)
145 |         search_form = forms.searchForm()
146 | 
147 |         if request.method == 'POST':
148 |             if form.validate():
149 |                 email = form.user_email.data
150 | 
151 |                 #make sure the email exists in the system
152 |                 conn=get_mysql().cursor(DictCursor)
153 |                 conn.execute("SELECT id FROM users WHERE email = %s", (email,))
154 |                 user = conn.fetchone()
155 |                 conn.close()
156 | 
157 |                 if user:
158 |                     expiration_ts = int(time.time()) + 3600
159 |                     password_reset_hash = sha256(SALTS['user'],str(user['id']) + str(expiration_ts))
160 | 
161 |                     #set this value in the database, so it can be expired after the password is changed
162 |                     conn=get_mysql().cursor(DictCursor)
163 |                     conn.execute("INSERT INTO password_reset_hashes (user_id,hash) VALUES (%s,%s)", (user['id'],password_reset_hash))
164 |                     get_mysql().commit()
165 |                     conn.close()
166 | 
167 |                     password_reset_link = "/user/password/reset/{}/{}/{}/".format(user['id'],expiration_ts,password_reset_hash)
168 | 
169 |                     sendPasswordResetEmail(email, password_reset_link)
170 | 
171 |                     flash("An email has been sent to '{}' with a link to reset your password. This link expires in 1 hour.".format(email),'success')
172 |                 else:
173 |                     flash("The email you entered was not found", "danger")
174 | 
175 |             else:
176 |                 print(form.errors)
177 | 
178 |     except Exception as e:
179 |         error = "There was an error completing your request. Details: {}".format(e)
180 |         flash(error,'danger')
181 |         log.exception(logging_prefix + error)
182 | 
183 |     return render_template("password_reset.html",
184 |                         page_title="Reset Your Password",
185 |                         page_type="REQUEST",
186 |                         form=form,
187 |                         search_form=search_form
188 |             )
189 | 
190 | @user_blueprint.route("/password/reset/<user_id>/<expiration_ts>/<password_reset_hash>", methods = ['GET','POST'])
191 | @user_blueprint.route("/password/reset/<user_id>/<expiration_ts>/<password_reset_hash>/", methods = ['GET','POST']) 
192 | def password_reset(user_id=None, expiration_ts=None, password_reset_hash=None):
193 |     logging_prefix = logger_prefix + "password_reset({},{},{}) - ".format(user_id, expiration_ts, password_reset_hash)
194 |     log.info(logging_prefix + "Starting")
195 |     
196 |     try:
197 |         if sha256(SALTS['user'],user_id+expiration_ts) != password_reset_hash:
198 |             flash("There was an error completing your request", 'danger')
199 |             return redirect("/user/password/request_reset/")
200 | 
201 |         form = forms.passwordPerformResetForm(request.form)
202 |         search_form = forms.searchForm()
203 | 
204 |         now = int(time.time())
205 | 
206 |         if now > int(expiration_ts): # passworD1!
207 |             flash("This link has expired", 'danger')
208 |             return redirect("/user/password/request_reset/")
209 | 
210 |         conn=get_mysql().cursor(DictCursor)
211 |         conn.execute("SELECT COUNT(*) as count FROM password_reset_hashes WHERE hash = %s AND user_id = %s", (password_reset_hash,user_id))
212 |         result = conn.fetchone()
213 |         conn.close()
214 | 
215 |         if not result:
216 |             flash("This link has expired", 'danger')
217 |             return redirect("/user/password/request_reset/")
218 | 
219 |         if result['count'] == 0:
220 |             flash("This link has expired", 'danger')
221 |             return redirect("/user/password/request_reset/")
222 | 
223 |         if request.method == 'POST':
224 |             if form.validate():
225 |                 password = form.user_password.data
226 |                 salted_password = sha256(SALTS['user'],password)
227 | 
228 |                 conn=get_mysql().cursor()
229 |                 conn.execute("UPDATE users SET password = %s WHERE id = %s", (salted_password,user_id))
230 |                 conn.execute("DELETE FROM password_reset_hashes WHERE user_id = %s", (user_id,))
231 |                 get_mysql().commit()
232 |                 conn.close()
233 | 
234 |                 flash("Your password has been updated", "success")
235 |                 return redirect("/user/login")
236 |             else:
237 |                 print(form.errors)
238 | 
239 |     except Exception as e:
240 |         error = "There was an error completing your request. Details: {}".format(e)
241 |         flash(error,'danger')
242 |         log.exception(logging_prefix + error)
243 | 
244 |     log.info(logging_prefix + "Rendering")
245 |     return render_template("password_reset.html",
246 |                         page_title="Reset Your Password",
247 |                         page_type="PERFORM",
248 |                         form=form,
249 |                         search_form=search_form
250 |             )
251 | 
252 | @user_blueprint.route("/login", methods = ['GET','POST'])
253 | @user_blueprint.route("/login/", methods = ['GET','POST'])
254 | def login():
255 |     logging_prefix = logger_prefix + "login() - "
256 |     log.info(logging_prefix + "Starting")
257 | 
258 |     try:
259 |         form = forms.loginForm(request.form)
260 |         search_form = forms.searchForm()
261 | 
262 |         if request.method == 'POST':
263 |             if form.validate():
264 |                 email = form.user_email.data 
265 |                 password = form.user_password.data
266 | 
267 |                 hashed_password = sha256(SALTS['user'], password)
268 | 
269 |                 conn=get_mysql().cursor(DictCursor)
270 |                 #since email is unique
271 |                 conn.execute("SELECT id, password, name, email_verified, approved, write_permission, delete_permission, admin FROM users WHERE email = %s", (email,))
272 |                 user = conn.fetchone()
273 |                 
274 | 
275 |                 if user:
276 |             
277 |                     if user['password'] == hashed_password:
278 |                         #we have found a valid user
279 | 
280 |                         if user['email_verified']==0:
281 |                             #the user has not verified their email address
282 |                             flash("Your email address has not been verified. Click here if you did not receive a verification email", "danger")
283 | 
284 |                         elif user['approved']==0:
285 |                             #the user has not been approved, or their access has been disapproved
286 |                             flash("Your account has been approved yet, you will receive an email when your account has been approved", "danger")
287 | 
288 |                         else:
289 |                             #woohoo successful login, set up session variables
290 |                             session['logged_in']    =   True
291 |                             session['id']           =   user['id']
292 |                             session['name']         =   user['name']
293 |                             session['email']        =   email
294 |                             session['approved']     =   (user['approved'] == 1)
295 |                             session['write']        =   (user['write_permission'] == 1)
296 |                             session['delete']       =   (user['delete_permission'] == 1)
297 |                             session['admin']        =   (user['admin'] == 1)
298 |                             session['expires']      =   math.ceil(time.time()) + SESSION_EXPIRE
299 |                                                                             #now + 10 minutes of inactivity
300 |                                                                             #each time this user loads a page
301 |                                                                             #the expiration time gets now + 10m
302 | 
303 |                             #update last login timestamp
304 |                             conn=get_mysql().cursor(DictCursor)
305 |                             conn.execute("UPDATE users SET last_login=%s WHERE id = %s", (datetime.now(), user['id']))
306 |                             get_mysql().commit()
307 |                             conn.close()
308 | 
309 |                             flash("You have been logged in", "success")
310 | 
311 |                             if request.args.get("r"):
312 |                                 return redirect(request.args.get("r"))
313 |                             else:
314 |                                 return redirect("/") 
315 |                     else:
316 |                         log.warning(logging_prefix + "Invalid login attempt for {}".format(email))
317 |                         flash("The username or password is incorrect", "danger")
318 |                 else:
319 |                     log.warning(logging_prefix + "Invalid login attempt for {}".format(email))
320 |                     flash("The username or password is incorrect", "danger")
321 |             else:
322 |                 print(form.errors)
323 | 
324 |     except Exception as e:
325 |         error = "There was an error completing your request. Details: {}".format(e)
326 |         flash(error,'danger')
327 |         log.exception(logging_prefix + error)
328 | 
329 |     return render_template("login.html",
330 |                         page_title="Login",
331 |                         form=form,
332 |                         search_form=search_form
333 |             ) 
334 | 
335 | @user_blueprint.route("/logout", methods = ['GET'])
336 | @user_blueprint.route("/logout/", methods = ['GET'])
337 | def logout():
338 |     logging_prefix = logger_prefix + "logout() - "
339 |     log.info(logging_prefix + "Starting")
340 | 
341 |     session['logged_in']    =   False
342 |     session['id']           =   None
343 |     session['name']         =   None
344 |     session['email']        =   None
345 |     session['approved']     =   None
346 |     session['write']        =   None
347 |     session['delete']       =   None
348 |     session['admin']        =   None
349 |     session['expires']      =   None
350 | 
351 |     flash("You have been logged out", 'success')
352 | 
353 |     if request.args.get("r"):
354 |         return redirect("/user/login/?r={}".format(quote_plus(request.args.get("r"))))
355 |     else:
356 |         return redirect("/user/login/", code=307) 
357 | 
358 | 
359 | @user_blueprint.route("/verify/<email>/<verification_hash>", methods = ['GET'])
360 | @user_blueprint.route("/verify/<email>/<verification_hash>/", methods = ['GET']) 
361 | def verify(email, verification_hash):
362 |     logging_prefix = logger_prefix + "verify() - "
363 |     log.info(logging_prefix + "Starting")
364 | 
365 |     email = unquote_plus(email)
366 | 
367 |     print(email)
368 |     print(verification_hash)
369 | 
370 |     try:
371 |         conn=get_mysql().cursor(DictCursor)
372 |         conn.execute("SELECT id, email, name, company, justification FROM users WHERE verification_hash = %s", (verification_hash,))
373 |         r = conn.fetchone()
374 |         if not r:
375 |             log.error(logging_prefix + "User with email '{}' was not found".format(email))
376 |             flash("Your user was not found, try registering again",'danger')
377 |         elif r['email'] == email:
378 |             log.info(logging_prefix + "Successful validation of {}".format(email))
379 |             flash("Your email address have been verified, you will not be able to log in until you get approved by the Site Admin",'success')
380 | 
381 |             #update the database marking this user active
382 |             user_id = r['id']
383 |             conn.execute("UPDATE users SET email_verified=1 WHERE id = %s", (user_id,))
384 |             get_mysql().commit()
385 | 
386 |             #id, email, name, company
387 |             sendNewUserToApproveEmail(r['id'], r['email'],r['name'],r['company'],r['justification'])
388 |         else:
389 |             log.warning(logging_prefix + "Unsuccessful validation of {}".format(email))
390 |             flash("We were unable to verify your account",'danger')
391 | 
392 |     except Exception as e:
393 |         error = "There was an error completing your request. Details: {}".format(e)
394 |         flash(error,'danger')
395 |         log.exception(logging_prefix + error)
396 |     finally:
397 |         conn.close()
398 | 
399 |     return redirect("/", code=307)
400 | 
401 | @user_blueprint.route("/reverify", methods = ['GET','POST'])
402 | @user_blueprint.route("/reverify/", methods = ['GET',"POST"]) 
403 | def reverify():
404 |     logging_prefix = logger_prefix + "reverify() - "
405 |     log.info(logging_prefix + "Starting")
406 |     try:
407 |         form = forms.userEmailForm(request.form)
408 |         search_form = forms.searchForm()
409 | 
410 |         if request.method == 'POST':
411 |             if form.validate():
412 |                 email = form.user_email.data
413 | 
414 |                 #make sure the email exists in the system
415 |                 conn=get_mysql().cursor(DictCursor)
416 |                 conn.execute("SELECT verification_hash FROM users WHERE email = %s", (email,))
417 |                 user = conn.fetchone()
418 |                 conn.close()
419 | 
420 |                 if user:
421 |                     sendAccountVerificationEmail(email, user['verification_hash'])
422 | 
423 |                     flash("A verification email has been sent to '{}' with a link to verify your account.".format(email),'success')
424 |                 else:
425 |                     flash("The email you entered was not found", "danger")
426 | 
427 |             else:
428 |                 print(form.errors)
429 | 
430 |     except Exception as e:
431 |         error = "There was an error completing your request. Details: {}".format(e)
432 |         flash(error,'danger')
433 |         log.exception(logging_prefix + error)
434 | 
435 |     return render_template("account_reverify.html",
436 |                         page_title="Verify Account",
437 |                         form=form,
438 |                         search_form=search_form
439 |             )
440 | 
441 | 
442 | 
443 | 
444 | 
445 | 


--------------------------------------------------------------------------------
/app/core/decorators/authentication.py:
--------------------------------------------------------------------------------
  1 | from flask import Flask
  2 | from flask import render_template
  3 | from flask import Blueprint
  4 | from flask import flash
  5 | from flask import request
  6 | from flask import redirect
  7 | from flask import jsonify
  8 | from flask import Markup
  9 | from flask import session
 10 | from flask import abort
 11 | from flask import g
 12 | 
 13 | import functools
 14 | import json
 15 | import hashlib
 16 | import logging
 17 | import math
 18 | import os
 19 | import sys
 20 | import time
 21 | import uuid
 22 | from datetime import datetime
 23 | from functools import wraps 
 24 | from pymysql.cursors import DictCursor
 25 | from operator import itemgetter
 26 | from urllib.parse import quote_plus
 27 | 
 28 | from config.settings import *
 29 | from core.forms import forms
 30 | from app import log, get_es, get_mysql
 31 | from utils.elasticsearch import *
 32 | from utils.functions import *
 33 | 
 34 | logger_prefix = "authentication.py:"
 35 | 
 36 | PUBLIC = 0
 37 | WRITE = 1
 38 | DELETE = 2
 39 | ADMIN = 3
 40 | 
 41 | def access(access_level=PUBLIC):
 42 |     logging_prefix = logger_prefix + "access() - "
 43 |     
 44 |     def decorated(f):
 45 |         @wraps(f) 
 46 | 
 47 |         def wrapped(*args, **kwargs):
 48 | 
 49 |             r = quote_plus(request.url)
 50 |             try:
 51 |                 if access_level != PUBLIC:
 52 |                     if 'logged_in' not in session:
 53 |                         flash("You must log in to continue", 'danger')
 54 |                         return redirect("/user/login/?r={}".format(r), code=307)
 55 |                     elif not session['logged_in']:
 56 |                         flash("You must log in to continue", 'danger')
 57 |                         return redirect("/user/login/?r={}".format(r), code=307)
 58 |                     elif session['expires'] < math.ceil(time.time()) and SESSION_EXPIRE != -1:
 59 |                         flash("Your session has expired, log in below to continue", 'danger')
 60 |                         return redirect("/user/logout/?r={}".format(r), code=307)
 61 |                     
 62 |                     
 63 |                     #since the user is logged in requery the database for their current permissons
 64 |                     if 'id' not in session:
 65 |                         log.error(logging_prefix - "ID not in session: {}".format(session))
 66 |                         flash("Theres an issue with your session, please log in again. Error 001.", 'danger')
 67 |                         return redirect("/user/login/?r={}".format(r), code=307)
 68 | 
 69 |                     conn = get_mysql().cursor(DictCursor)
 70 |                     conn.execute("SELECT email_verified, approved, write_permission, delete_permission, admin FROM users WHERE id = %s", (session['id'],))
 71 |                     user = conn.fetchone()
 72 |                     conn.close()
 73 | 
 74 |                     if not user:
 75 |                         log.error(logging_prefix - "User not found: {}".format(session))
 76 |                         flash("Theres an issue with your session, please log in again. Error 002.", 'danger')
 77 |                         return redirect("/user/logout/?r={}".format(r), code=307)
 78 | 
 79 |                     if user['email_verified'] != 1:
 80 |                         flash("Your email address has not been verified yet", 'danger')
 81 |                         return redirect("/user/logout/?r={}".format(r), code=307)
 82 | 
 83 |                     session['approved']     =   (user['approved'] == 1)
 84 |                     session['write']        =   (user['write_permission'] == 1)
 85 |                     session['delete']       =   (user['delete_permission'] == 1)
 86 |                     session['admin']        =   (user['admin'] == 1)
 87 | 
 88 |                     #now that we know this user is logged in set the expiration to much later
 89 |                     session['expires'] = math.ceil(time.time()) + SESSION_EXPIRE
 90 | 
 91 |                     #compare the users current access to the access level needed for this page
 92 |                     if not session['approved']:
 93 |                         #if read is not set, the users account has been disabled
 94 |                         flash("Your account has been disabled", 'danger')
 95 |                         return redirect("/user/logout/?r={}".format(r), code=307)
 96 | 
 97 | 
 98 |                     elif access_level == WRITE and not session['write']:
 99 |                         return render_template("error_403.html")
100 |                     elif access_level == DELETE and not session['delete']:
101 |                         return render_template("error_403.html")
102 |                     elif access_level == ADMIN and not session['admin']:
103 |                         return render_template("error_403.html")
104 | 
105 |             except Exception as e:
106 |                 log.exception("Error performing user authentication")
107 |                 flash("Your account could not be verified, please log in again", 'danger')
108 |                 return redirect("/user/logout/?r={}".format(r), code=307)
109 | 
110 |             return f(*args, **kwargs)
111 | 
112 |         return wrapped
113 |     return decorated


--------------------------------------------------------------------------------
/app/static/css/shop-item.css:
--------------------------------------------------------------------------------
 1 | /*!
 2 |  * Start Bootstrap - Shop Item HTML Template (http://startbootstrap.com)
 3 |  * Code licensed under the Apache License v2.0.
 4 |  * For details, see http://www.apache.org/licenses/LICENSE-2.0.
 5 |  */
 6 | 
 7 | body {
 8 |     padding-top: 70px; /* Required padding for .navbar-fixed-top. Remove if using .navbar-static-top. Change if height of navigation changes. */
 9 | }
10 | 
11 | .thumbnail img {
12 |     width: 100%;
13 | }
14 | 
15 | .ratings {
16 |     padding-right: 10px;
17 |     padding-left: 10px;
18 |     color: #d17581;
19 | }
20 | 
21 | .thumbnail {
22 |     padding: 0;
23 | }
24 | 
25 | .thumbnail .caption-full {
26 |     padding: 9px;
27 |     color: #333;
28 | }
29 | 
30 | footer {
31 |     margin: 50px 0;
32 | }


--------------------------------------------------------------------------------
/app/static/fonts/glyphicons-halflings-regular.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jalewis/actortrackr/9840e29d483d0c46e42964062cf24924c224144e/app/static/fonts/glyphicons-halflings-regular.eot


--------------------------------------------------------------------------------
/app/static/fonts/glyphicons-halflings-regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jalewis/actortrackr/9840e29d483d0c46e42964062cf24924c224144e/app/static/fonts/glyphicons-halflings-regular.ttf


--------------------------------------------------------------------------------
/app/static/fonts/glyphicons-halflings-regular.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jalewis/actortrackr/9840e29d483d0c46e42964062cf24924c224144e/app/static/fonts/glyphicons-halflings-regular.woff


--------------------------------------------------------------------------------
/app/static/fonts/glyphicons-halflings-regular.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jalewis/actortrackr/9840e29d483d0c46e42964062cf24924c224144e/app/static/fonts/glyphicons-halflings-regular.woff2


--------------------------------------------------------------------------------
/app/templates/about.html:
--------------------------------------------------------------------------------
 1 | {% extends "layouts/base.html" %}
 2 | {% block container %}
 3 | 
 4 | {% if error %}
 5 | <div class="alert alert-danger">
 6 |     {{ error }}
 7 | </div>
 8 | {% endif %}
 9 | 
10 | <div class="row">
11 |     <div class="col-md-12">
12 |         <p>
13 |             ActorTrackr is an open source web application for storing/searching/linking Actor related data.  The primary sources are from users and various public repositories. Examples of useful repos: APTNotes and "APT Groups and Operations" spreadsheet. Without the hard work of others, this application wouldn't be possible.  We hope to continue the usefulness by improving the search and linking of data stored in the system.
14 |         </p>
15 | 
16 |         <p>
17 |             We encourage users to contribute publicly available information here to facilitate sharing and create their own ActorTrackr internally for sensitive data.  If you extend the system and find your changes useful for others, please submit a pull request.
18 |         </p>
19 | 
20 |     	<p>
21 |             ActorTrackr is maintained by LookingGlass CTIG.<br>
22 |             Visit our blog at <a href="http://deaddrop.threatpool.com/">http://deaddrop.threatpool.com/</a><br>
23 |             Follow us on Twitter:  <a href="https://twitter.com/LG_CTIG">https://twitter.com/LG_CTIG</a><br>
24 |     	</p>
25 |     </div>
26 | </div>
27 | <h1>License Info</h1>
28 | <div class="row">
29 |     <div class="col-md-12">
30 |         <p>
31 |             Copyright 2017 Lookingglass Cyber Solutions
32 |             <br/><br/>
33 |             Licensed under the Apache License, Version 2.0 (the "License");
34 |             you may not use this file except in compliance with the License.
35 |             You may obtain a copy of the License at
36 |             <br/><br/>
37 |             http://www.apache.org/licenses/LICENSE-2.0
38 |             <br/><br/>
39 |             Unless required by applicable law or agreed to in writing, software
40 |             distributed under the License is distributed on an "AS IS" BASIS,
41 |             WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
42 |             See the License for the specific language governing permissions and
43 |             limitations under the License.
44 |         </p>
45 |     </div>
46 | </div>
47 | {% endblock %}
48 | 


--------------------------------------------------------------------------------
/app/templates/account_reverify.html:
--------------------------------------------------------------------------------
 1 | {% extends "layouts/base.html" %}
 2 | {% block container %}
 3 | 
 4 | {% if error %}
 5 | <div class="alert alert-danger">
 6 |     {{ error }}
 7 | </div>
 8 | {% endif %}
 9 | 
10 | 
11 | <div class="row">
12 |     <div class="col-md-6 col-md-offset-3">
13 |         <form role="form" method="post" autocomplete="off">
14 |             {{ form.hidden_tag() }}
15 |             {% if form.errors %}
16 |                 <div class="alert alert-danger">
17 |                     <div id="showErrors">
18 |                         There were errors submitting the form!
19 |                         {% if 'csrf_token' in form.errors %}
20 |                             Invalid CSRF Token, try submitting the form again
21 |                         {% endif %}
22 |                     </div>
23 |                     <div id="errorList" style="display:none">
24 |                         <pre>{{form.errors}}</pre>
25 |                     </div>
26 |                 </div>
27 |             {% endif %}
28 | 
29 |             <div class="form-group">
30 |                 <label for="email">Email Address<span class="required">*</span></label>
31 |                 {{ form.user_email(class="form-control") }}
32 |                 {% if form.user_email.errors %}
33 |                     <div class="alert alert-danger">{% for error in form.user_email.errors %}{{ error }}<br/>{% endfor %}</div>
34 |                 {% endif %}
35 |             </div>
36 | 
37 |             <div class="form-group" style="text-align:left;margin-top:20px">
38 |                 <button type="submit" class="btn btn-success">Resend Verification Email</button>
39 |             </div>
40 | 
41 |         </form>
42 |     </div>
43 | </div>
44 | 
45 | {% endblock %}


--------------------------------------------------------------------------------
/app/templates/admin.html:
--------------------------------------------------------------------------------
  1 | {% extends "layouts/base.html" %}
  2 | {% block container %}
  3 | 
  4 | {% if users %}
  5 | <div class="table-responsive">          
  6 |     <table class="table table-striped table-bordered">
  7 |         <thead>
  8 |             <tr>
  9 |                 <th>Name</th>
 10 |                 <th>Email</th>
 11 |                 <th>Company</th>
 12 |                 <th>Justification</th>
 13 |                 <th>Approved</th>
 14 |                 <th>Write</th>
 15 |                 <th>Delete</th>
 16 |                 <th>Admin</th>
 17 |                 <th>Created</th>
 18 |                 <th>Last Login</th>
 19 |                 <th>Actions</th>
 20 |             </tr>
 21 |         </thead>
 22 |         <tbody>
 23 |             {% for user in users %}
 24 |             <tr>
 25 |                 <td>{{ user['name']|e  }}</td>
 26 |                 <td>
 27 |                     {{ user['email']|e  }}
 28 |                     {% if user['email_verified'] == 0 %}
 29 |                         <span style="color:red">(Not Verified)</span>
 30 |                     {% endif %}
 31 |                 </td>
 32 |                 <td>{{ user['company']|e  }}</td>
 33 |                 <td>{{ user['justification']|e  }}</td>
 34 |                 <td align="center">
 35 |                     <button class="btn-xs {% if user['approved'] == 1 %}btn-success{% else %}btn-danger{% endif %} user-permission"  data-action="approve" data-user-id="{{ user['id'] }}" data-value="{% if user['approved'] == 1 %}0{% else %}1{% endif %}" data-user-c="{{ user['id_hash'] }}">&nbsp;</button>
 36 |                 </td>
 37 |                 <td align="center">
 38 |                     <button class="btn-xs {% if user['write_permission'] == 1 %}btn-success{% else %}btn-danger{% endif %} user-permission" data-action="write_perm" data-user-id="{{ user['id'] }}" data-value="{% if user['write_permission'] == 1 %}0{% else %}1{% endif %}" data-user-c="{{ user['id_hash'] }}">&nbsp;</button>
 39 |                 </td>
 40 |                 <td align="center">
 41 |                     <button class="btn-xs {% if user['delete_permission'] == 1 %}btn-success{% else %}btn-danger{% endif %} user-permission" data-action="delete_perm" data-user-id="{{ user['id'] }}" data-value="{% if user['delete_permission'] == 1 %}0{% else %}1{% endif %}" data-user-c="{{ user['id_hash'] }}">&nbsp;</button>
 42 |                 </td>
 43 |                 <td align="center">
 44 |                     <button class="btn-xs {% if user['admin'] == 1 %}btn-success{% else %}btn-danger{% endif %} user-permission" data-action="admin_perm" data-user-id="{{ user['id'] }}" data-value="{% if user['admin'] == 1 %}0{% else %}1{% endif %}" data-user-c="{{ user['id_hash'] }}">&nbsp;</button>
 45 |                 </td>
 46 |                 <td>{{ user['created']|e  }}</td>
 47 |                 <td>{{ user['last_login']|e  }}</td>
 48 |                 <td align="center" style="padding:8px 4px">
 49 |                     <a href="/admin/user/delete/{{ user['id'] }}/{{ user['id_hash'] }}/?_r={{ url }}" data-toggle="tooltip" title="Delete" onclick="return confirm('Are you sure you wish to permanently delete {{ user['name'] }}')">
 50 |                         <button type="button" class="btn btn-default btn-xs">
 51 |                             <span class="glyphicon glyphicon-trash"></span>
 52 |                         </button>
 53 |                     </a>
 54 | 
 55 |                     <a href="javascript:" class="email_user" data-toggle="tooltip" data-user-email="{{user['email']|e}}" title="Email User">
 56 |                         <button  type="button" class="btn btn-default btn-xs">
 57 |                             <span class="glyphicon glyphicon-envelope"></span>
 58 |                         </button>
 59 |                     </a>
 60 |                 </td>
 61 |             </tr>
 62 |             {% endfor %}
 63 |         </tbody>
 64 |     </table>
 65 | </div>
 66 | 
 67 | <div id="dialog-form" title="Email User" style="display:none">
 68 |   <p class="validateTips">All form fields are required.</p>
 69 |  
 70 |   <form>
 71 |     <fieldset>
 72 |       <label for="email">Email</label>
 73 |       {{ email_user_form.message_email(class="form-control") }}
 74 | 
 75 |       <label for="subject">Subject</label>
 76 |       {{ email_user_form.message_subject(class="form-control") }}
 77 | 
 78 |       <label for="password">Message</label>
 79 |       {{ email_user_form.message_body(class="form-control") }}
 80 |  
 81 |       <!-- Allow form submission with keyboard without duplicating the dialog button -->
 82 |       <input type="submit" tabindex="-1" style="position:absolute; top:-1000px">
 83 |     </fieldset>
 84 |   </form>
 85 | </div>
 86 | {% else %}
 87 | <div class="row">
 88 |     <div class="col-md-12">
 89 |         No results found
 90 |     </div>
 91 | </div>
 92 | {% endif %}
 93 | 
 94 | {% endblock %}
 95 | 
 96 | {% block javascript %}
 97 | <script>
 98 | 
 99 | function sendMessage() {
100 |     var email    = $("#message_email").val()
101 |     var subject  = $("#message_subject").val()
102 |     var body     = $("#message_body").val()
103 | 
104 |     console.log(email + " " + subject + " " + body)
105 | 
106 |     if (email.trim().length == 0 || subject.trim().length == 0 || body.trim().length == 0)
107 |     {
108 |         alert("All fields are required")
109 |     }
110 |     else
111 |     {
112 |         $.post("/admin/email/", { email : email, subject : subject, body : body}, function(result){
113 |             if (result['success'])
114 |             {
115 |                 alert("Message Sent")
116 |             }
117 |             else
118 |             {
119 |                 alert("Message Failed to send. Details: " + result["error"])
120 |             }
121 |         });
122 |     }
123 | }
124 | 
125 | $(document).ready(function(){
126 | 
127 |     $(".user-permission").click(function(){
128 | 
129 |         var action = $(this).data("action")
130 |         var user_id = $(this).data("user-id")
131 |         var user_value = $(this).data("value")
132 |         var user_c = $(this).data("user-c")
133 | 
134 |         console.log(action + " " + user_id + " " + user_value + " " + user_c)
135 |         
136 |         var button = $(this)
137 |         $.get( "/admin/user/"+action+"/" + user_value + "/" + user_id + "/" + user_c, function( data ) {
138 |             if (data["success"] == 1){
139 |                 if (data['new_value'] == 1){
140 |                     button.removeClass("btn-danger")
141 |                     button.addClass("btn-success")
142 |                     button.data("value", 0)
143 |                 }
144 |                 else{
145 |                     button.removeClass("btn-success")
146 |                     button.addClass("btn-danger")
147 |                     button.data("value", 1)
148 |                 }
149 |             }
150 |             else{
151 |                 alert("There was an error completing your request.")
152 |             }
153 |         });
154 |     });
155 | 
156 |     email_user_dialog = $( "#dialog-form" ).dialog({
157 |       autoOpen: false,
158 |       height: 380,
159 |       width: 350,
160 |       modal: true,
161 |       buttons: {
162 |         "Send Message": sendMessage,
163 |         Cancel: function() {
164 |             email_user_dialog.dialog( "close" );
165 |         }
166 |       },
167 |       close: function() {
168 |         
169 |       }
170 |     });
171 | 
172 |     $(".email_user").click(function(){
173 |         email_user_dialog.dialog( "open" );
174 |         $("#message_email").val($(this).data("user-email"))
175 |         $("#message_subject").val("")
176 |         $("#message_body").val("")
177 |     });
178 | });
179 | </script>
180 | {% endblock %}


--------------------------------------------------------------------------------
/app/templates/admin_choices.html:
--------------------------------------------------------------------------------
 1 | {% extends "layouts/base.html" %}
 2 | {% block container %}
 3 | 
 4 | <div class="table-responsive">          
 5 |     <table class="table table-striped table-bordered">
 6 |         <thead>
 7 |             <tr>
 8 |                 <th>Type</th>
 9 |                 <th>Value</th>
10 |                 <th>Referenced Count</th>
11 |                 <th>Actions</th>
12 |             </tr>
13 |         </thead>
14 |         <tbody>
15 |             {% for data in simple_choices %}
16 |             <tr>
17 |                 <td>{{ data['type'] }}</td>
18 |                 <td>{{ data['value'] }}</td>
19 |                 <td><a href="/?q={{ data['q'] }}" target="_blank">{{ data['count'] }}</a></td>
20 |                 <td>-</td>
21 |             </tr>
22 |             {% endfor %}
23 |         </tbody>
24 |     </table>
25 | </div>
26 | 
27 | {% endblock %}


--------------------------------------------------------------------------------
/app/templates/contact.html:
--------------------------------------------------------------------------------
 1 | {% extends "layouts/base.html" %}
 2 | {% block container %}
 3 | 
 4 | {% if error %}
 5 | <div class="alert alert-danger">
 6 |     {{ error }}
 7 | </div>
 8 | {% endif %}
 9 | 
10 | <div class="row">
11 |     <div class="col-md-12">
12 |         Questions, Comments, Issues? Contact <a href="mailto:ctig@lookingglasscyber.com">ctig@lookingglasscyber.com</a>
13 |     </div>
14 | </div>
15 | {% endblock %}


--------------------------------------------------------------------------------
/app/templates/error_403.html:
--------------------------------------------------------------------------------
 1 | {% set page_title="Forbidden" %}
 2 | {% extends "layouts/base.html" %}
 3 | {% block container %}
 4 | 
 5 | {% if error %}
 6 | <div class="alert alert-danger">
 7 |     {{ error }}
 8 | </div>
 9 | {% endif %}
10 | 
11 | <div class="row">
12 |     <div class="col-md-12">
13 |         {% if session['logged_in'] %}
14 |         Your account does not have permission to perform this action. If you feel you should, send an email to ctig@lgscout.com
15 |         {% else %}
16 |         You must <a href="/user/login/">log in</a> and have an account with permission to perform this action
17 |         {% endif %}
18 |     </div>
19 | </div>
20 | {% endblock %}


--------------------------------------------------------------------------------
/app/templates/index.html:
--------------------------------------------------------------------------------
  1 | {% extends "layouts/base.html" %}
  2 | {% block container %}
  3 | 
  4 | <div class="row">
  5 |     <div class="col-md-6">
  6 |         <h3>Search</h3>
  7 |     </div>
  8 | </div>
  9 | <div class="row">
 10 |     <div class="col-md-12">
 11 |         <form role="form" action="/" method="post">
 12 |             <!-- Need this to prevent errors on form validation -->
 13 |             {{ form.hidden_tag() }}
 14 | 
 15 |             <div class="row">
 16 |                 <div class="col-md-5 col-md-offset-3">
 17 |                     {{ form.query(class="form-control", style="width:100%") }}
 18 |                     {% if form.query.errors %}
 19 |                     <div class="alert alert-danger">{% for error in form.query.errors %}{{ error }}<br/>{% endfor %}</div>
 20 |                     {% endif %}
 21 |                 </div>
 22 |                 <div class="col-md-2">
 23 |                   <button type="submit" class="btn btn-primary">Search</button>
 24 |                 </div>
 25 |             </div>
 26 |            
 27 |         </form>
 28 |     </div>
 29 | </div>
 30 | 
 31 | <div class="row" style="margin-top:10px">
 32 |     <div class="col-md-6">
 33 |         <h3 style="margin-top:0">Recent Actors <small><a href="/actor{{ query_string_url }}">View all</a></small></h3>
 34 |     </div>
 35 |     
 36 |     {% if session['write'] %}
 37 |     <div class="col-md-6" style="text-align:right">
 38 |         <a href="/actor/add/">
 39 |             <button type="button" class="btn btn-success btn-sm">
 40 |                 <span class="glyphicon glyphicon-plus"></span> Add New
 41 |             </button>
 42 |         </a>
 43 |     </div>
 44 |     {% endif %}
 45 | </div>
 46 | 
 47 | {% set action_width = "70" %}
 48 | {% if session['write'] and session['delete'] %}
 49 | {% set action_width = "100" %}
 50 | {% endif %}
 51 | 
 52 | 
 53 | 
 54 | {% if actors['hits']['hits'] %}
 55 | <div class="table-responsive">          
 56 |     <table class="table table-striped table-bordered">
 57 |         <thead>
 58 |             <tr>
 59 |                 <th>Actor Name</th>
 60 |                 <th width="{{ action_width }}px">Actions</th>
 61 |             </tr>
 62 |         </thead>
 63 |         <tbody>
 64 |             {% for actor in actors['hits']['hits'] %}
 65 |             <tr>
 66 |                 <td>{{ actor['_source']['name']|e  }}</td>
 67 |                 <td align="center">
 68 |                     <a href="/actor/view/{{ actor['_id'] }}" data-toggle="tooltip" title="View">
 69 |                         <button type="button" class="btn btn-default btn-xs">
 70 |                             <span class="glyphicon glyphicon-eye-open"></span>
 71 |                         </button> 
 72 |                     </a>
 73 | 
 74 |                     {% if session['write'] %}
 75 |                     <a href="/actor/edit/{{ actor['_id'] }}" data-toggle="tooltip" title="Edit">
 76 |                         <button type="button" class="btn btn-default btn-xs">
 77 |                             <span class="glyphicon glyphicon-edit"></span>
 78 |                         </button>
 79 |                     </a>
 80 |                     {% endif %}
 81 | 
 82 |                     <!--
 83 |                     {% if session['logged_in'] %}
 84 |                     <button type="button" class="btn btn-default btn-xs" onclick="alert('You do not have permissions to perform this action. Please log in or register')">
 85 |                         <span class="glyphicon glyphicon-edit"></span>
 86 |                     </button>
 87 |                     {% else %}
 88 |                     <button type="button" class="btn btn-default btn-xs" onclick="alert('You must have an account to perform this action')">
 89 |                         <span class="glyphicon glyphicon-edit"></span>
 90 |                     </button>
 91 |                     {% endif %}
 92 |                     -->
 93 | 
 94 |                     {% if session['delete'] %}
 95 |                     <a href="/actor/delete/{{ actor['_id'] }}/{{ actor['_source']['id_hash'] }}/?_r={{ url }}" data-toggle="tooltip" title="Delete" onclick="return confirm('Are you sure you wish to permanently delete {{ actor['_source']['name'] }}')">
 96 |                         <button type="button" class="btn btn-default btn-xs">
 97 |                             <span class="glyphicon glyphicon-trash"></span>
 98 |                         </button>
 99 |                     </a>
100 |                     {% endif %}
101 |                 </td>
102 |             </tr>
103 |             {% endfor %}
104 |         </tbody>
105 |     </table>
106 | </div>
107 | {% else %}
108 | <div class="row">
109 |     <div class="col-md-12">
110 |         No results found
111 |     </div>
112 | </div>
113 | {% endif %}
114 | 
115 | <div class="row" style="margin-top:10px">
116 |     <div class="col-md-6">
117 |         <h3 style="margin-top:0">Recent Reports <small><a href="/report{{ query_string_url }}">View all</a></small></h3>
118 |     </div>
119 |     
120 |     {% if session['write'] %}
121 |     <div class="col-md-6" style="text-align:right">
122 |         <a href="/report/add/">
123 |             <button type="button" class="btn btn-success btn-sm">
124 |                 <span class="glyphicon glyphicon-plus"></span> Add New
125 |             </button>
126 |         </a>
127 |     </div>
128 |     {% endif %}
129 | </div>
130 | 
131 | {% if reports['hits']['hits'] %}
132 | <div class="table-responsive">          
133 |     <table class="table table-striped table-bordered">
134 |         <thead>
135 |             <tr>
136 |                 <th>Report Name</th>
137 |                 <th width="{{ action_width }}px">Actions</th>
138 |             </tr>
139 |         </thead>
140 |         <tbody>
141 |             {% for report in reports['hits']['hits'] %}
142 |             <tr>
143 |                 <td>{{ report['_source']['name']|e  }}</td>
144 |                 <td align="center">
145 |                     <a href="/report/view/{{ report['_id'] }}" data-toggle="tooltip" title="View">
146 |                         <button type="button" class="btn btn-default btn-xs">
147 |                             <span class="glyphicon glyphicon-eye-open"></span>
148 |                         </button> 
149 |                     </a>
150 | 
151 |                     {% if session['write'] %}
152 |                     <a href="/report/edit/{{ report['_id'] }}" data-toggle="tooltip" title="Edit">
153 |                         <button type="button" class="btn btn-default btn-xs">
154 |                             <span class="glyphicon glyphicon-edit"></span>
155 |                         </button>
156 |                     </a>
157 |                     {% endif %}
158 | 
159 |                     {% if session['delete'] %}
160 |                     <a href="/report/delete/{{ report['_id'] }}/{{ report['_source']['id_hash'] }}/?_r={{ url }}" data-toggle="tooltip" title="Delete" onclick="return confirm('Are you sure you wish to permanently delete {{ report['_source']['name'] }}')">
161 |                         <button type="button" class="btn btn-default btn-xs">
162 |                             <span class="glyphicon glyphicon-trash"></span>
163 |                         </button>
164 |                     </a>
165 |                     {% endif %}
166 |                 </td>
167 |             </tr>
168 |             {% endfor %}
169 |         </tbody>
170 |     </table>
171 | </div>
172 | {% else %}
173 | <div class="row">
174 |     <div class="col-md-12">
175 |         No results found
176 |     </div>
177 | </div>
178 | {% endif %}
179 | 
180 | <div class="row" style="margin-top:10px">
181 |     <div class="col-md-6">
182 |         <h3 style="margin-top:0">Recent TTPs <small><a href="/ttp{{ query_string_url }}">View all</a></small></h3>
183 |     </div>
184 | 
185 |     {% if session['write'] %}
186 |     <div class="col-md-6" style="text-align:right">
187 |         <a href="/ttp/add/">
188 |             <button type="button" class="btn btn-success btn-sm">
189 |                 <span class="glyphicon glyphicon-plus"></span> Add New
190 |             </button>
191 |         </a>
192 |     </div>
193 |     {% endif %}
194 | </div>
195 | 
196 | {% if ttps['hits']['hits'] %}
197 | <div class="table-responsive">          
198 |     <table class="table table-striped table-bordered">
199 |         <thead>
200 |             <tr>
201 |                 <th>TTP Name</th>
202 |                 <th width="{{ action_width }}px">Actions</th>
203 |             </tr>
204 |         </thead>
205 |         <tbody>
206 |             {% for ttp in ttps['hits']['hits'] %}
207 |             <tr>
208 |                 <td>{{ ttp['_source']['name']|e  }}</td>
209 |                 <td align="center">
210 |                     <a href="/ttp/view/{{ ttp['_id'] }}" data-toggle="tooltip" title="View">
211 |                         <button type="button" class="btn btn-default btn-xs">
212 |                             <span class="glyphicon glyphicon-eye-open"></span>
213 |                         </button> 
214 |                     </a>
215 | 
216 |                     {% if session['write'] %}
217 |                     <a href="/ttp/edit/{{ ttp['_id'] }}" data-toggle="tooltip" title="Edit">
218 |                         <button type="button" class="btn btn-default btn-xs">
219 |                             <span class="glyphicon glyphicon-edit"></span>
220 |                         </button>
221 |                     </a>
222 |                     {% endif %}
223 | 
224 |                     {% if session['delete'] %}
225 |                     <a href="/ttp/delete/{{ ttp['_id'] }}/{{ ttp['_source']['id_hash'] }}/?_r={{ url }}" data-toggle="tooltip" title="Delete" onclick="return confirm('Are you sure you wish to permanently delete {{ ttp['_source']['name'] }}')">
226 |                         <button type="button" class="btn btn-default btn-xs">
227 |                             <span class="glyphicon glyphicon-trash"></span>
228 |                         </button>
229 |                     </a>
230 |                     {% endif %}
231 |                 </td>
232 |             </tr>
233 |             {% endfor %}
234 |         </tbody>
235 |     </table>
236 | </div>
237 | {% else %}
238 | <div class="row">
239 |     <div class="col-md-12">
240 |         No results found
241 |     </div>
242 | </div>
243 | {% endif %}
244 | 
245 | {% endblock %}


--------------------------------------------------------------------------------
/app/templates/issues.html:
--------------------------------------------------------------------------------
 1 | {% extends "layouts/base.html" %}
 2 | {% block container %}
 3 | 
 4 | {% if error %}
 5 | <div class="alert alert-danger">
 6 |     {{ error }}
 7 | </div>
 8 | {% endif %}
 9 | 
10 | <div class="row">
11 |     <div class="col-md-6">
12 |         <h3>Forgot Password?</h3>
13 |         To reset your password click <a href="/user/password/request_reset/">here</a>
14 |     </div>
15 |     <div class="col-md-6">
16 |         <h3>Account not verified</h3>
17 |         To resend account verification email click <a href="/user/reverify/">here</a>
18 |     </div>
19 | </div>
20 | <div class="row">
21 |     <div class="col-md-6">
22 |         <h3>Account not approved</h3>
23 |         If your account is not approved yet, send us an email at <a href="mail:ctig@lookingglasscyber.com">ctig@lookingglasscyber.com</a>
24 |     </div>
25 |     <div class="col-md-6">
26 |         <h3>Other issues</h3>
27 |         Email us at <a href="mail:ctig@lookingglasscyber.com">ctig@lookingglasscyber.com</a>
28 |     </div>
29 | </div>
30 | 
31 | {% endblock %}


--------------------------------------------------------------------------------
/app/templates/layouts/base.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 | 
  4 | <head>
  5 | 
  6 |     <meta charset="utf-8">
  7 |     <meta http-equiv="X-UA-Compatible" content="IE=edge">
  8 |     <meta name="viewport" content="width=device-width, initial-scale=1">
  9 |     <meta name="description" content="">
 10 |     <meta name="author" content="">
 11 | 
 12 |     {% if page_title %}
 13 |     <title>{{ page_title }}</title>
 14 |     {% else %}
 15 |     <title>ActorTrackr</title>
 16 |     {% endif %}
 17 | 
 18 |     <!-- Bootstrap Core CSS -->
 19 |     <link href="/static/css/bootstrap.min.css" rel="stylesheet">
 20 | 
 21 |     <!-- Custom CSS -->
 22 |     <link href="/static/css/shop-item.css" rel="stylesheet">
 23 | 
 24 |     <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
 25 |     <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
 26 |     <!--[if lt IE 9]>
 27 |         <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
 28 |         <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
 29 |     <![endif]-->
 30 | 
 31 |     <link rel="stylesheet" href="//code.jquery.com/ui/1.11.4/themes/smoothness/jquery-ui.css">
 32 | 
 33 |     <style>
 34 |     .alert {
 35 |         margin-top:5px;
 36 |         padding:5px;    
 37 |     }
 38 | 
 39 |     .required {
 40 |         color: red;
 41 |     }
 42 | 
 43 |     .suggestion {
 44 |         padding:5px;
 45 |         border-bottom: 1px solid #ccc;
 46 |         cursor: pointer;
 47 |     }
 48 | 
 49 |     .suggestion:hover {
 50 |        background-color:#eee;
 51 |     }
 52 | 
 53 |     .element label {
 54 |         font-weight: normal;
 55 |     }
 56 | 
 57 |     .table>tbody>tr>td.last {
 58 |         width: 1px; 
 59 |         white-space: nowrap;
 60 |     }
 61 |     </style>
 62 | </head>
 63 | 
 64 | <body>
 65 | 
 66 |     <!-- Navigation -->
 67 |     <nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
 68 |         <div class="container">
 69 |             <!-- Brand and toggle get grouped for better mobile display -->
 70 |             <div class="navbar-header">
 71 |                 <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
 72 |                     <span class="sr-only">Toggle navigation</span>
 73 |                     <span class="icon-bar"></span>
 74 |                     <span class="icon-bar"></span>
 75 |                     <span class="icon-bar"></span>
 76 |                 </button>
 77 |                 <a class="navbar-brand" href="/">ActorTrackr</a>
 78 |             </div>
 79 |             <!-- Collect the nav links, forms, and other content for toggling -->
 80 |             <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
 81 |                 <ul class="nav navbar-nav">
 82 |                     <li class="dropdown">
 83 |                         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Menu <b class="caret"></b></a>
 84 |                         <ul class="dropdown-menu">
 85 |                             <li><a href="/about">About</a></li>
 86 |                             <li><a href="/contact">Contact</a></li>
 87 |                         </ul>
 88 |                     </li>
 89 |                 </ul>
 90 |                 {% if search_form and page_title != 'ActorTrackr' and page_title != 'View All'%}
 91 |                 <div class="col-sm-3 col-md-3">
 92 |                     <form class="navbar-form" role="search" action="/" method="post">
 93 |                     <div class="input-group">
 94 |                         {{ search_form.hidden_tag() }}
 95 |                         {{ search_form.query(class="form-control") }}
 96 |                         <div class="input-group-btn">
 97 |                             <button class="btn btn-default" type="submit"><i class="glyphicon glyphicon-search"></i></button>
 98 |                         </div>
 99 |                     </div>
100 |                     </form>
101 |                 </div>
102 |                 {% endif %}
103 |                 <ul class="nav navbar-nav navbar-right">
104 |                     {% if not session['logged_in'] %}
105 |                     <li>
106 |                         <a href="/user/register">Register</a>
107 |                     </li>
108 |                     <li>
109 |                         <a href="/user/login">Login</a>
110 |                     </li>
111 |                     {% else %}
112 |                     <li>
113 |                         <a href="javascript: return false">{{ session['name'] }}</a>
114 |                     </li>
115 |                     <li>
116 |                         <a href="/user/logout">Logout</a>
117 |                     </li>
118 |                     {% endif %}
119 | 
120 |                     {% if session['admin'] %}
121 |                     <li>
122 |                         <a href="/admin">Admin</a>
123 |                     </li>
124 |                     {% endif %}
125 |                 </ul>
126 |             </div>
127 |             <!-- /.navbar-collapse -->
128 |         </div>
129 |         <!-- /.container -->
130 |     </nav>
131 | 
132 |     <!-- Page Content -->
133 |     <div class="container">
134 | 
135 |         {% with messages = get_flashed_messages(with_categories=true) %}
136 |             {% if messages %}
137 |                 {% for category, message in messages %}
138 |                     <div class="alert alert-{{ category }}">
139 |                         {{message}}
140 |                     </div>
141 |                 {% endfor %}
142 |             {% endif %}
143 |         {% endwith %}
144 | 
145 |         <h1>{{ page_title }}</h1>
146 | 
147 |         {% block container %}{% endblock %}
148 | 
149 |         {% if session['admin'] %}
150 |             {% if editors %}
151 |             <h3>Edit History</h3>
152 | 
153 |             <table class="table">
154 |                 <thead>
155 |                     <tr>
156 |                         <th>Name</th>
157 |                         <th>Timestamp</th>
158 |                     </tr>
159 |                 </thead>
160 |                 <tbody>
161 |                 {% for editor in editors %}
162 |                     <tr>
163 |                         <td>{{ editor['user_name'] }}</td>
164 |                         <td>{{ editor['ts'] }}</td>
165 |                     </tr>
166 |                 {% endfor %}
167 |                 </tbody>
168 |             <table>
169 |             {% endif %}
170 |         {% endif %}
171 |     </div>
172 |     <!-- /.container -->
173 | 
174 |     <div class="container">
175 |         <hr>
176 | 
177 |         <!-- Footer -->
178 |         <footer>
179 |             <div class="row">
180 |                 <div class="col-lg-6">
181 |                     <p>Copyright &copy; Lookingglass Cyber Solutions, Inc 2017</p>
182 |                     <p>
183 |                         <a href="https://github.com/jalewis/actortrackr" target="_blank">GitHub</a>&nbsp;&nbsp;|&nbsp;&nbsp;
184 |                         <a href="https://twitter.com/LG_CTIG" target="_blank">Twitter</a>&nbsp;&nbsp;|&nbsp;&nbsp;
185 |                         <a href="http://deaddrop.threatpool.com" target="_blank">Deaddrop Blog</a>&nbsp;&nbsp;|&nbsp;&nbsp;
186 |                         <a href="/export">Export Elasticsearch</a>&nbsp;&nbsp;|&nbsp;&nbsp;
187 |                         <a href="https://github.com/jalewis/actortrackr/issues">Report a Bug</a>
188 |                     </p>
189 |                 </div>
190 |             </div>
191 |         </footer>
192 |     </div>
193 |     <!-- /.container -->
194 | 
195 |     <!-- jQuery -->
196 |     <script src="/static/js/jquery.js"></script>
197 | 
198 |     <!-- Bootstrap Core JavaScript -->
199 |     <script src="/static/js/bootstrap.min.js"></script>
200 | 
201 |     <script src="//code.jquery.com/ui/1.11.4/jquery-ui.js"></script>
202 | 
203 |     <script>
204 |     function contains(a, obj) {
205 |         var i = a.length;
206 |         while (i--) {
207 |            if (a[i] === obj) {
208 |                return true;
209 |            }
210 |         }
211 |         return false;
212 |     }
213 | 
214 |     function isNumeric(n) {
215 |       return !isNaN(parseFloat(n)) && isFinite(n);
216 |     }
217 | 
218 |     function selectChanged(source_id, type){
219 |         var source = $("#" + source_id)
220 |         var target = source.parent().parent().find(".dynamic-target")
221 |         if(target){
222 |             var value  =  source.val()
223 |             //target.empty()
224 |             //target.append($("<option></option>").val("_loading").html("...Loading"));
225 | 
226 |             $.get( "/ajax/fetch/" + type + "/" + value, function( data ) {
227 |                 target.empty()
228 |                 for (var i in data){
229 |                     target.append($("<option></option>").val(i).html(data[i]));
230 |                 }
231 |             });
232 |         }
233 |     }
234 | 
235 |     function getNewElement(type,value,label,checked,i,j){
236 |         checked_string = ''
237 |         if (checked){
238 |             checked_string = 'checked="checked"'
239 |         }
240 | 
241 |         r = '<div class="element">' +
242 |                     '<input id="'+type+'-'+i+'-related_elements-'+j+'-element" name="'+type+'-'+i+'-related_elements-'+j+'-element" type="checkbox" value="y" '+checked_string+'> ' + 
243 |                     '<label for="'+type+'-'+i+'-related_elements-'+j+'-element">'+label+'</label>' +
244 |                     '<input id="'+type+'-'+i+'-related_elements-'+j+'-element_value" name="'+type+'-'+i+'-related_elements-'+j+'-element_value" type="hidden" value="'+value+'">' + 
245 |                 '</div>'
246 | 
247 |         return r
248 |     }
249 | 
250 | 
251 |     function populateRelatedElements(related_elements, related_elements_dict){
252 |         related_elements.sort()
253 | 
254 |         /*
255 |          * Populate the related-element fields with the new options
256 |          */
257 |         $(".related-elements").each(function(){
258 | 
259 |             var currentId = "" //store the value of id, so we can determine type and index
260 |             var value_to_checked = {}
261 | 
262 |             console.log("Found one...")
263 |             //determine which options are currently checked
264 |             $(this).find("input[type=checkbox]").each(function(){
265 |                 currentId = $(this).attr('id')
266 | 
267 |                 var value = $(this).parent().find("input[type=hidden]:first").val()
268 |                 var is_checked = $(this).is(':checked')
269 |                 console.log(value + " = " + is_checked)
270 |                 value_to_checked[value] = is_checked
271 | 
272 |             });
273 | 
274 |             type = currentId.split("-")[0]
275 |             idx = currentId.split("-")[1]
276 | 
277 |             console.log(type)
278 |             console.log(value_to_checked)
279 | 
280 | 
281 |             $(this).find(".element").each(function(){$(this).remove()})
282 | 
283 |             var parent_div = $(this)
284 |             var i = 0
285 |             if (related_elements.length == 0) {
286 |                 parent_div.append(parent_div.append(getNewElement(type, '_NONE_', 'n/a', false, idx, i)))
287 |             }
288 |             else{
289 |                 related_elements.forEach(function(entry) {
290 |                     v = related_elements_dict[entry]
291 |                     checked = value_to_checked[v]
292 |                     parent_div.append(getNewElement(type, v, entry, checked, idx, i))
293 |                     i+=1
294 |                 });
295 |             }
296 |         })
297 | 
298 |         //set a hidden field to the possible options for the related elements
299 |         $("#related_element_choices").val(JSON.stringify(related_elements_dict))
300 |     }
301 | 
302 | 
303 | 
304 |     $(document).ready(function(){
305 |         $('[data-toggle="tooltip"]').tooltip(); 
306 | 
307 |         $("div[data-toggle=fieldset]").each(function() {
308 |             //code borrowed and modified from https://gist.github.com/Vayn/a50c49a7f0cc5daec349
309 |             var $this = $(this);
310 |                 
311 |             //Add new entry
312 |             $this.find("button[data-toggle=fieldset-add-row]").click(function() {
313 |                 var target = $($(this).data("target"))
314 |                 var oldrow = target.find("div[data-toggle=fieldset-entry]:last");
315 |                 var row = oldrow.clone(true, true);
316 |                 var elem_id = row.find(":input")[0].id;
317 |                 var elem_num = parseInt(elem_id.replace(/.*-(\d{1,4})-.*/m, '$1')) + 1;
318 |                 row.attr('data-id', elem_num);
319 |                 console.log("## Renaming Inputs")
320 |                 row.find(":input").each(function() {
321 |                     var old_id = $(this).attr('id')
322 | 
323 |                     console.log($(this))
324 |                     var id = $(this).attr('id').replace('-' + (elem_num - 1) + '-', '-' + (elem_num) + '-');
325 |                     $(this).attr('name', id).attr('id', id).val('').removeAttr("checked");
326 | 
327 | 
328 |                     console.log(old_id + " = " + $(this).attr('id'))
329 | 
330 |                     if ( $($(this).attr('id').split("_")).get(-1) == "other" ){
331 |                         $(this).hide()
332 |                     }
333 |                 });
334 |                 row.find(".related-elements-wrapper").each(function(){ $(this).hide() })
335 | 
336 |                 oldrow.after(row);
337 | 
338 |                 row.find("select").each(function(){
339 |                     $(this).val($("#" +$(this).attr('id')+ " option:first").val());
340 | 
341 |                     if($(this).data('change-target') != undefined)
342 |                     {
343 |                         selectChanged($(this).attr('id'),'tpx_classification')
344 |                     }
345 |                 });
346 | 
347 |                 elementChange(); 
348 | 
349 |             }); //End add new entry
350 | 
351 |             //Remove row
352 |             $this.find("button[data-toggle=fieldset-remove-row]").click(function() {
353 |                 if($this.find("div[data-toggle=fieldset-entry]").length > 1) {
354 |                     var thisRow = $(this).closest("div[data-toggle=fieldset-entry]");
355 |                     thisRow.remove();
356 |                     elementChange()
357 |                 }
358 |             }); //End remove row
359 | 
360 |             //for select's with other option
361 |             $("select").each(function() {
362 |                 $(this).change(function(){
363 |                     if($(this).val() == "_NEW_"){
364 |                         //show other input field
365 |                         $("#" + $(this).attr('id') + "_other").show()
366 |                     } else {
367 |                         //hiden other input field
368 |                         $("#" + $(this).attr('id') + "_other").hide()
369 |                     }
370 |                 });
371 |             });
372 |         });
373 | 
374 |         $(".list-refresh").click(function(){
375 |             var target_class = $(this).data('target')
376 |             $('body').find('.' + target_class).each(function(){
377 | 
378 |                 var target = $(this)
379 |                 var current_value = $(this).val()
380 |                 $.get( "/ajax/related/" + $(this).data('element-type') , function( data ) {
381 |                     target.empty()
382 |                     target.append($("<option></option>").val("_NONE_").html("n/a"));
383 |                     for (var i in data){
384 |                         target.append($("<option></option>").val(i).html(data[i]));
385 |                     }
386 |                     target.val(current_value)
387 |                 });
388 |             });
389 |         });
390 | 
391 |         $("#showErrors").click(function(){
392 |             $("#errorList").toggle();
393 |         });
394 | 
395 |         $(function() {
396 |             $( "#actor_occurred_at" ).datepicker();
397 |             $( "#report_occurred_at" ).datepicker();
398 |             $( "#ttp_first_observed" ).datepicker();
399 |         });
400 | 
401 |         $('.toggle-all').click(function(){
402 |             if($(this).data("toggle") == "true"){
403 |                 toggle = true
404 |                 $(this).data("toggle","false")
405 |             }else{
406 |                 toggle = false
407 |                 $(this).data("toggle","true")
408 |             }
409 |             
410 | 
411 |             $(this).parents().eq(2).find("input[type=checkbox]").each(function(){
412 |                 console.log($(this).attr('id'))
413 |                 $(this).prop('checked', toggle);
414 |             });
415 | 
416 |             return false
417 |         });
418 | 
419 |         try { 
420 |             elementChange(); 
421 | 
422 |             $(".related-element-scroller").each(function(){
423 |                 var pos = $(this).find(".related-element-top").position().top()
424 |                 $(this).scrollTop(pos)
425 |             })
426 |         } 
427 |         catch(e) {}
428 |     });
429 | 
430 |     </script>
431 | 
432 | 
433 |    {% block javascript %}{% endblock %}
434 | </body>
435 | 
436 | </html>
437 | 


--------------------------------------------------------------------------------
/app/templates/login.html:
--------------------------------------------------------------------------------
 1 | {% extends "layouts/base.html" %}
 2 | {% block container %}
 3 | 
 4 | 
 5 | <div class="row">
 6 |     <div class="col-md-6 col-md-offset-3">
 7 |         <form role="form" method="post" autocomplete="off">
 8 |             {{ form.hidden_tag() }}
 9 |             {% if form.errors %}
10 |                 <div class="alert alert-danger">
11 |                     <div id="showErrors">
12 |                         There were errors submitting the form!
13 |                         {% if 'csrf_token' in form.errors %}
14 |                             Invalid CSRF Token, try submitting the form again
15 |                         {% endif %}
16 |                     </div>
17 |                     <div id="errorList" style="display:none">
18 |                         <pre>{{form.errors}}</pre>
19 |                     </div>
20 |                 </div>
21 |             {% endif %}
22 | 
23 |             <div class="form-group">
24 |                 <label for="email">Email Address<span class="required">*</span></label>
25 |                 {{ form.user_email(class="form-control") }}
26 |                 {% if form.user_email.errors %}
27 |                     <div class="alert alert-danger">{% for error in form.user_email.errors %}{{ error }}<br/>{% endfor %}</div>
28 |                 {% endif %}
29 |             </div>
30 | 
31 |             <div class="form-group">
32 |                 <label for="password">Password<span class="required">*</span></label>
33 |                 {{ form.user_password(class="form-control") }}
34 |                 {% if form.user_password.errors %}
35 |                     <div class="alert alert-danger">{% for error in form.user_password.errors %}{{ error }}<br/>{% endfor %}</div>
36 |                 {% endif %}
37 |             </div>
38 | 
39 |             <div class="form-group" style="text-align:left;margin-top:20px">
40 |                 <button type="submit" class="btn btn-success">Log in</button>
41 |             </div>
42 | 
43 |             <div class="form-group" style="margin-top:20px">
44 |                 <div class="row">
45 |                     <div class="col-md-6">
46 |                         <a href="/user/register">Not registered?</a><br/>
47 |                     </div>
48 |                     <div class="col-md-6" style="text-align:right">
49 |                         <a href="/user/issues">Having trouble logging in?</a>
50 |                     </div>
51 |                 </div>
52 |             </div>
53 |         </form>
54 |     </div>
55 | </div>
56 | 
57 | {% endblock %}
58 | 
59 | {% block javascript %}
60 | <script>
61 | 
62 | </script>
63 | {% endblock %}
64 | 


--------------------------------------------------------------------------------
/app/templates/password_reset.html:
--------------------------------------------------------------------------------
 1 | {% extends "layouts/base.html" %}
 2 | {% block container %}
 3 | 
 4 | {% if error %}
 5 | <div class="alert alert-danger">
 6 |     {{ error }}
 7 | </div>
 8 | {% endif %}
 9 | 
10 | 
11 | <div class="row">
12 |     <div class="col-md-6 col-md-offset-3">
13 |         <form role="form" method="post" autocomplete="off">
14 |             {{ form.hidden_tag() }}
15 |             {% if form.errors %}
16 |                 <div class="alert alert-danger">
17 |                     <div id="showErrors">
18 |                         There were errors submitting the form!
19 |                         {% if 'csrf_token' in form.errors %}
20 |                             Invalid CSRF Token, try submitting the form again
21 |                         {% endif %}
22 |                     </div>
23 |                     <div id="errorList" style="display:none">
24 |                         <pre>{{form.errors}}</pre>
25 |                     </div>
26 |                 </div>
27 |             {% endif %}
28 | 
29 |             {% if page_type=="REQUEST" %}
30 |             <div class="form-group">
31 |                 <label for="email">Email Address<span class="required">*</span></label>
32 |                 {{ form.user_email(class="form-control") }}
33 |                 {% if form.user_email.errors %}
34 |                     <div class="alert alert-danger">{% for error in form.user_email.errors %}{{ error }}<br/>{% endfor %}</div>
35 |                 {% endif %}
36 |             </div>
37 | 
38 |             {% elif page_type=="PERFORM" %}
39 |             <div class="form-group">
40 |                 <label for="password">Password<span class="required">*</span></label>
41 |                 {{ form.user_password(class="form-control") }}
42 |                 <b>Note:</b> Your password must contain at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 symbol
43 |                 {% if form.user_password.errors %}
44 |                     <div class="alert alert-danger">{% for error in form.user_password.errors %}{{ error }}<br/>{% endfor %}</div>
45 |                 {% endif %}
46 |             </div>
47 |             <div class="form-group">
48 |                 <label for="password2">Re-Enter Password<span class="required">*</span></label>
49 |                 {{ form.user_password2(class="form-control") }}
50 |                 {% if form.user_password2.errors %}
51 |                     <div class="alert alert-danger">{% for error in form.user_password2.errors %}{{ error }}<br/>{% endfor %}</div>
52 |                 {% endif %}
53 |             </div>
54 |             {% endif %}
55 | 
56 |             <div class="form-group" style="text-align:left;margin-top:20px">
57 |                 <button type="submit" class="btn btn-success">Reset Password</button>
58 |             </div>
59 | 
60 |         </form>
61 |     </div>
62 | </div>
63 | 
64 | {% endblock %}


--------------------------------------------------------------------------------
/app/templates/register.html:
--------------------------------------------------------------------------------
 1 | {% extends "layouts/base.html" %}
 2 | {% block container %}
 3 | 
 4 | 
 5 | <div class="row">
 6 |     <div class="col-md-12">
 7 |         <form role="form" method="post" autocomplete="off">
 8 |             {{ form.hidden_tag() }}
 9 |             {% if form.errors %}
10 |                 <div class="alert alert-danger">
11 |                     <div id="showErrors">
12 |                         There were errors submitting the form!
13 |                         {% if 'csrf_token' in form.errors %}
14 |                             Invalid CSRF Token, try submitting the form again
15 |                         {% endif %}
16 |                     </div>
17 |                     <div id="errorList" style="display:none">
18 |                         <pre>{{form.errors}}</pre>
19 |                     </div>
20 |                 </div>
21 |             {% endif %}
22 | 
23 |             <div class="form-group">
24 |                 <label for="name">Name<span class="required">*</span></label>
25 |                 {{ form.user_name(class="form-control") }}
26 |                 {% if form.user_name.errors %}
27 |                     <div class="alert alert-danger">{% for error in form.user_name.errors %}{{ error }}<br/>{% endfor %}</div>
28 |                 {% endif %}
29 |             </div>
30 | 
31 |             <div class="form-group">
32 |                 <label for="email">Email Address<span class="required">*</span></label>
33 |                 {{ form.user_email(class="form-control") }}
34 |                 {% if form.user_email.errors %}
35 |                     <div class="alert alert-danger">{% for error in form.user_email.errors %}{{ error }}<br/>{% endfor %}</div>
36 |                 {% endif %}
37 |             </div>
38 | 
39 |             <div class="form-group">
40 |                 <label for="password">Password<span class="required">*</span></label>
41 |                 {{ form.user_password(class="form-control") }}
42 |                 <b>Note:</b> Your password must contain at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 symbol
43 |                 {% if form.user_password.errors %}
44 |                     <div class="alert alert-danger">{% for error in form.user_password.errors %}{{ error }}<br/>{% endfor %}</div>
45 |                 {% endif %}
46 |             </div>
47 | 
48 |             <div class="form-group">
49 |                 <label for="password2">Re-Enter Password<span class="required">*</span></span></a></label>
50 |                 {{ form.user_password2(class="form-control") }}
51 |                 {% if form.user_password2.errors %}
52 |                     <div class="alert alert-danger">{% for error in form.user_password2.errors %}{{ error }}<br/>{% endfor %}</div>
53 |                 {% endif %}
54 |             </div>
55 | 
56 |             <div class="form-group">
57 |                 <label for="company">Company<span class="required">*</span></label>
58 |                 {{ form.user_company(class="form-control") }}
59 |                 {% if form.user_company.errors %}
60 |                     <div class="alert alert-danger">{% for error in form.user_company.errors %}{{ error }}<br/>{% endfor %}</div>
61 |                 {% endif %}
62 |             </div>
63 | 
64 |             <div class="form-group">
65 |                 <label for="company">Justification<span class="required">*</span></label>
66 |                 {{ form.user_reason(class="form-control") }}
67 |                 {% if form.user_reason.errors %}
68 |                     <div class="alert alert-danger">{% for error in form.user_reason.errors %}{{ error }}<br/>{% endfor %}</div>
69 |                 {% endif %}
70 |             </div>
71 | 
72 |             {% if recaptcha_enabled %}
73 |             <div class="g-recaptcha" data-sitekey="{{recaptcha_key}}"></div>
74 |             {% endif %}
75 |             
76 |             <div class="form-group" style="text-align:right;margin-top:20px">
77 |                 <button type="submit" class="btn btn-success">Register</button>
78 |             </div>
79 |         </form>
80 |     </div>
81 | </div>
82 | 
83 | {% endblock %}
84 | 
85 | {% block javascript %}
86 | <script src='https://www.google.com/recaptcha/api.js'></script>
87 | <script>
88 | 
89 | </script>
90 | {% endblock %}
91 | 


--------------------------------------------------------------------------------
/app/templates/ttp.html:
--------------------------------------------------------------------------------
  1 | {% extends "layouts/base.html" %}
  2 | {% block container %}
  3 | 
  4 | 
  5 | {% if role=='VIEW' %}
  6 | <div class="row" style="margin-bottom:10px">
  7 |     <div class="col-md-8">
  8 |         <h3 style="margin-top:0px">TTP</h3>
  9 |     </div>
 10 |     <div class="col-md-4" style="text-align:right">
 11 |         <a href="/ttp/export/{{ ttp_id }}/"><button type="button" class="btn btn-success btn-small">Export as .TPX</button></a>
 12 |         {% if session['write'] %}
 13 |         <a href="/ttp/edit/{{ ttp_id }}/"><button type="button" class="btn btn-success btn-small">Edit TTP</button></a>
 14 |         {% endif %}
 15 |     </div>
 16 | </div>
 17 | {% elif role=='EDIT'%} 
 18 | <div class="row" style="margin-bottom:10px">
 19 |     <div class="col-md-8">
 20 |         <h3 style="margin-top:0px">TTP</h3>
 21 |     </div>
 22 |     <div class="col-md-4" style="text-align:right">
 23 |         <a href="/ttp/export/{{ ttp_id }}/"><button type="button" class="btn btn-success btn-small">Export as .TPX</button></a>
 24 |         <a href="/ttp/view/{{ ttp_id }}/"><button type="button" class="btn btn-success btn-small">View TTP</button></a>
 25 |     </div>
 26 | </div>
 27 | {% else %}
 28 | 
 29 | <h3>TTP</h3>
 30 | 
 31 | {% endif %}
 32 | 
 33 | <!-- Help Dialog for Criticality -->
 34 | <div class="modal fade" id="help-criticality" role="dialog">
 35 |     <div class="modal-dialog">
 36 |       <!-- Modal content-->
 37 |       <div class="modal-content">
 38 |         <div class="modal-header">
 39 |           <button type="button" class="close" data-dismiss="modal">&times;</button>
 40 |           <h4>Criticality Explained</h4>
 41 |         </div>
 42 |         <div class="modal-body">
 43 |           <p>A criticality score is one of the components of a TIC score, and is a measure of severity, with 1 being the lowest, and 99 being the highest severity or criticality. Criticality scores are assigned to each individual observable and should be relative to each other (ie, criticality for a spammer should not be higher than that of a C&amp;C server). Please use the following scores as a guide to stay relative to, but of course they can differ based on the individual severity (ie an APT actor may be higher than a script kiddie): Hacktivist = 40, generic malware = 50, more specific and impactful malware = 70, C&amp;C = 75, APT actor = 95, etc</p>
 44 |         </div>
 45 |         <div class="modal-footer">
 46 |           <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
 47 |         </div>
 48 |       </div>
 49 |     </div>
 50 | </div>
 51 | 
 52 | <div class="row">
 53 |     <div class="col-md-12">
 54 |         <form role="form" method="post" autocomplete="off">
 55 |             {{ form.hidden_tag() }}
 56 |             {% if form.errors %}
 57 |                 <div class="alert alert-danger">
 58 |                     <div id="showErrors">
 59 |                         There were errors submitting the form!
 60 |                         {% if 'csrf_token' in form.errors %}
 61 |                             Invalid CSRF Token, try submitting the form again
 62 |                         {% endif %}
 63 |                     </div>
 64 |                     <div id="errorList" style="display:none">
 65 |                         <pre>{{form.errors}}</pre>
 66 |                     </div>
 67 |                 </div>
 68 |             {% endif %}
 69 | 
 70 |             <div class="form-group">
 71 |                 <label for="name">Name<span class="required">*</span></label>
 72 |                 {% if role=='ADD' or role=='EDIT' %}
 73 |                     {{ form.ttp_name(class="form-control") }}
 74 |                 {% else %}
 75 |                     {{ form.ttp_name(class="form-control", disabled=true) }}
 76 |                 {% endif %}
 77 |                 {% if form.ttp_name.errors %}
 78 |                     <div class="alert alert-danger">{% for error in form.ttp_name.errors %}{{ error }}<br/>{% endfor %}</div>
 79 |                 {% endif %}
 80 |             </div>
 81 | 
 82 |             <div class="form-group">
 83 |                 <label for="name">First Observed Date<span class="required">*</span></label>
 84 |                 {% if role=='ADD' or role=='EDIT' %}
 85 |                     {{ form.ttp_first_observed(class="form-control") }}
 86 |                 {% else %}
 87 |                     {{ form.ttp_first_observed(class="form-control", disabled=true) }}
 88 |                 {% endif %}
 89 |                 {% if form.ttp_first_observed.errors %}
 90 |                     <div class="alert alert-danger">{% for error in form.ttp_first_observed.errors %}{{ error }}<br/>{% endfor %}</div>
 91 |                 {% endif %}
 92 |             </div>
 93 | 
 94 |             <div class="form-group">
 95 |                 <label for="name">Description<span class="required">*</span></label>
 96 |                 {% if role=='ADD' or role=='EDIT' %}
 97 |                     {{ form.ttp_description(class="form-control") }}
 98 |                 {% else %}
 99 |                     {{ form.ttp_description(class="form-control", disabled=true) }}
100 |                 {% endif %}
101 |                 {% if form.ttp_description.errors %}
102 |                     <div class="alert alert-danger">{% for error in form.ttp_description.errors %}{{ error }}<br/>{% endfor %}</div>
103 |                 {% endif %}
104 |             </div>
105 | 
106 |             <div class="form-group">
107 |                 <label for="description">Criticality<span class="required">*</span> <a href="" data-toggle="modal" data-target="#help-criticality"><span class="glyphicon glyphicon-question-sign"></span></a></label>
108 |                 {% if role=='ADD' or role=='EDIT' %}
109 |                     {{ form.ttp_criticality(class="form-control") }}
110 |                 {% else %}
111 |                     {{ form.ttp_criticality(class="form-control", disabled=true) }}
112 |                 {% endif %}
113 |                 {% if form.ttp_criticality.errors %}
114 |                     <div class="alert alert-danger">{% for error in form.ttp_criticality.errors %}{{ error }}<br/>{% endfor %}</div>
115 |                 {% endif %}
116 |             </div>
117 | 
118 |             <div class="form-group">
119 |                 <div class="row" data-toggle="fieldset" id="actor-class-fieldset">
120 |                     <div class="col-md-12">
121 |                     {% if role=='ADD' or role=='EDIT' %}
122 |                         <div class="row">
123 |                             <div class="col-md-5">
124 |                                  <label for="family">Classification Family<span class="required">*</span></label>
125 |                             </div>
126 |                             <div class="col-md-6">
127 |                                 <label for="id">Classification ID<span class="required">*</span></label>
128 |                             </div>
129 |                         </div>
130 | 
131 |                         {% for l in form.ttp_class %}
132 |                         <div class="row" data-toggle="fieldset-entry" style="margin-bottom:5px">
133 |                             <div class="col-md-5">
134 |                                 {{ l.form.a_family(class="form-control", onchange="javascript:selectChanged(this.id,'tpx_classification')", **{'data-change-target':'true'} ) }}
135 |                             </div>
136 |                             <div class="col-md-6">
137 |                                 {{ l.form.a_id(class="form-control dynamic-target") }}
138 |                             </div>
139 |                             <div class="col-md-1" style="text-align:right">
140 |                                 <button type="button" class="btn btn-danger" data-toggle="fieldset-remove-row" id="actor-class-{{loop.index0}}-remove">&times;</button>
141 |                             </div>
142 |                         </div>
143 |                         {% endfor %}
144 | 
145 |                         <div class="row">
146 |                             <div class="col-md-12">
147 |                                 <button type="button" class="btn btn-primary btn-sm" data-toggle="fieldset-add-row" data-target="#actor-class-fieldset"><span class="glyphicon glyphicon-plus"></span> Add Another Classification</button>
148 |                             </div>
149 |                         </div>
150 | 
151 |                     {% else %}
152 |                         <div class="row">
153 |                             <div class="col-md-6">
154 |                                  <label for="family">Classification Family</label>
155 |                             </div>
156 |                             <div class="col-md-6">
157 |                                 <label for="id">Classification ID</label>
158 |                             </div>
159 |                         </div>
160 | 
161 |                         {% for l in form.ttp_class %}
162 |                         <div class="row" data-toggle="fieldset-entry" style="margin-bottom:5px">
163 |                             <div class="col-md-6">
164 |                                 {{ l.form.a_family(class="form-control", disabled=true) }}
165 |                             </div>
166 |                             <div class="col-md-6">
167 |                                 {{ l.form.a_id(class="form-control", disabled=true) }}
168 |                             </div>
169 |                         </div>
170 |                         {% endfor %}
171 | 
172 |                     {% endif %}
173 | 
174 |                     {% if form.ttp_class.errors %}
175 |                         <div class="alert alert-danger">{% for error in form.ttp_class.errors %}{{ error }}<br/>{% endfor %}</div>
176 |                     {% endif %}
177 |                     </div>
178 |                 </div>
179 |             </div>
180 | 
181 |             <hr/>
182 |             
183 |             <div class="form-group">
184 |                 <label for="name">Related Actors</label> 
185 |                 <div class="row" data-toggle="fieldset" id="related_actors-fieldset">
186 |                     <div class="col-md-12">
187 |                     {% if role=='ADD' or role=='EDIT' %}
188 |                         {% for l in form.ttp_actors %}
189 | 
190 |                             <div class="row" data-toggle="fieldset-entry" style="margin-bottom:5px">
191 |                                 <div class="col-md-11">
192 |                                     {{ l.form.data(class="form-control") }}
193 |                                 </div>
194 |                                 <div class="col-md-1" style="text-align:right">
195 |                                     <button type="button" class="btn btn-danger" data-toggle="fieldset-remove-row" id="related_actors-remove">&times;</button>
196 |                                 </div>
197 |                             </div>
198 |                             {% if l.form.data.errors %}
199 |                                 <div class="col-md-11 alert alert-danger">{% for error in l.form.data.errors %}{{ error }}<br/>{% endfor %}</div>
200 |                             {% endif %}
201 | 
202 |                         {% endfor %}
203 | 
204 |                         <div class="row">
205 |                             <div class="col-md-12">
206 |                                 <button type="button" class="btn btn-primary btn-sm" data-toggle="fieldset-add-row" data-target="#related_actors-fieldset"><span class="glyphicon glyphicon-plus"></span> Add Another TTP</button>
207 | 
208 |                                 <a href="/actor/add" target="_blank"><button type="button" class="btn btn-primary btn-sm">Create a new Actor</button></a>
209 | 
210 |                                 <button type="button" class="btn btn-primary btn-sm" class="list-refresh">Refresh Actor List</button>
211 |                             </div>
212 |                         </div>
213 | 
214 |                     {% else %}
215 | 
216 |                         {% for l in form.ttp_actors %}
217 |                         <div class="row" style="margin-bottom:5px">
218 |                             <div class="col-md-12">
219 |                                 {{ l.form.data(class="form-control", disabled=true) }}
220 |                             </div>
221 |                         </div>
222 |                         {% endfor %}
223 | 
224 |                     {% endif %}
225 |                     </div>
226 |                 </div>
227 |             </div>
228 | 
229 |             <div class="form-group">
230 |                 <label for="name">Related Reports</label> 
231 |                 <div class="row" data-toggle="fieldset" id="related_reports-fieldset">
232 |                     <div class="col-md-12">
233 |                     {% if role=='ADD' or role=='EDIT' %}
234 |                         {% for l in form.ttp_reports %}
235 | 
236 |                             <div class="row" data-toggle="fieldset-entry" style="margin-bottom:5px">
237 |                                 <div class="col-md-11">
238 |                                     {{ l.form.data(class="form-control") }}
239 |                                 </div>
240 |                                 <div class="col-md-1" style="text-align:right">
241 |                                     <button type="button" class="btn btn-danger" data-toggle="fieldset-remove-row" id="related_reports-remove">&times;</button>
242 |                                 </div>
243 |                             </div>
244 |                             {% if l.form.data.errors %}
245 |                                 <div class="col-md-11 alert alert-danger">{% for error in l.form.data.errors %}{{ error }}<br/>{% endfor %}</div>
246 |                             {% endif %}
247 | 
248 |                         {% endfor %}
249 | 
250 |                         <div class="row">
251 |                             <div class="col-md-12">
252 |                                 <button type="button" class="btn btn-primary btn-sm" data-toggle="fieldset-add-row" data-target="#related_reports-fieldset"><span class="glyphicon glyphicon-plus"></span> Add Another Report</button>
253 | 
254 |                                 <a href="/report/add" target="_blank"><button type="button" class="btn btn-primary btn-sm">Create a new Report</button></a>
255 | 
256 |                                 <button type="button" class="btn btn-primary btn-sm" class="list-refresh">Refresh Report List</button>
257 |                             </div>
258 |                         </div>
259 | 
260 |                     {% else %}
261 | 
262 |                         {% for l in form.ttp_reports %}
263 |                         <div class="row" style="margin-bottom:5px">
264 |                             <div class="col-md-12">
265 |                                 {{ l.form.data(class="form-control", disabled=true) }}
266 |                             </div>
267 |                         </div>
268 |                         {% endfor %}
269 | 
270 |                     {% endif %}
271 |                     </div>
272 |                 </div>
273 |             </div>
274 | 
275 |             <div class="form-group">
276 |                 <label for="name">Related TTPs</label> 
277 |                 <div class="row" data-toggle="fieldset" id="related_ttps-fieldset">
278 |                     <div class="col-md-12">
279 |                     {% if role=='ADD' or role=='EDIT' %}
280 |                         {% for l in form.ttp_ttps %}
281 | 
282 |                             <div class="row" data-toggle="fieldset-entry" style="margin-bottom:5px">
283 |                                 <div class="col-md-11">
284 |                                     {{ l.form.data(class="form-control") }}
285 |                                 </div>
286 |                                 <div class="col-md-1" style="text-align:right">
287 |                                     <button type="button" class="btn btn-danger" data-toggle="fieldset-remove-row" id="related_ttps-remove">&times;</button>
288 |                                 </div>
289 |                             </div>
290 |                             {% if l.form.data.errors %}
291 |                                 <div class="col-md-11 alert alert-danger">{% for error in l.form.data.errors %}{{ error }}<br/>{% endfor %}</div>
292 |                             {% endif %}
293 | 
294 |                         {% endfor %}
295 | 
296 |                         <div class="row">
297 |                             <div class="col-md-12">
298 |                                 <button type="button" class="btn btn-primary btn-sm" data-toggle="fieldset-add-row" data-target="#related_ttps-fieldset"><span class="glyphicon glyphicon-plus"></span> Add Another TTP</button>
299 | 
300 |                                 <a href="/ttp/add" target="_blank"><button type="button" class="btn btn-primary btn-sm">Create a new TTP</button></a>
301 | 
302 |                                 <button type="button" class="btn btn-primary btn-sm" class="list-refresh">Refresh TTP List</button>
303 |                             </div>
304 |                         </div>
305 | 
306 |                     {% else %}
307 | 
308 |                         {% for l in form.ttp_ttps %}
309 |                         <div class="row" style="margin-bottom:5px">
310 |                             <div class="col-md-12">
311 |                                 {{ l.form.data(class="form-control", disabled=true) }}
312 |                             </div>
313 |                         </div>
314 |                         {% endfor %}
315 | 
316 |                     {% endif %}
317 |                     </div>
318 |                 </div>
319 |             </div>
320 | 
321 |             <div class="form-group" style="text-align:right;margin-top:20px">
322 |                 {% if role=='ADD' %}
323 |                     <button type="submit" class="btn btn-success">Add New TTP</button>
324 |                 {% elif role=='EDIT' %}
325 |                     <button type="submit" class="btn btn-success">Save</button>
326 |                 {% else %}
327 |                     &nbsp;
328 |                 {% endif %}
329 |             </div>
330 |         </form>
331 |     </div>
332 | </div>
333 | 
334 | {% endblock %}
335 | 
336 | {% block javascript %}
337 | <script>
338 | 
339 | </script>
340 | {% endblock %}
341 | 


--------------------------------------------------------------------------------
/app/templates/view_all.html:
--------------------------------------------------------------------------------
  1 | {% extends "layouts/base.html" %}
  2 | {% block container %}
  3 | 
  4 | <div class="row">
  5 |     <div class="col-md-6">
  6 |         <h3>Search</h3>
  7 |     </div>
  8 | </div>
  9 | <div class="row">
 10 |     <div class="col-md-12">
 11 |         <form role="form" action="/{{ link_prefix }}/" method="post">
 12 |             <!-- Need this to prevent errors on form validation -->
 13 |             {{ form.hidden_tag() }}
 14 | 
 15 |             <div class="row">
 16 |                 <div class="col-md-5 col-md-offset-3">
 17 |                     {{ form.query(class="form-control", style="width:100%") }}
 18 |                     {% if form.query.errors %}
 19 |                     <div class="alert alert-danger">{% for error in form.query.errors %}{{ error }}<br/>{% endfor %}</div>
 20 |                     {% endif %}
 21 |                 </div>
 22 |                 <div class="col-md-2">
 23 |                   <button type="submit" class="btn btn-primary">Search</button>
 24 |                 </div>
 25 |             </div>
 26 |            
 27 |         </form>
 28 |     </div>
 29 | </div>
 30 | 
 31 | <div class="row" style="margin-top:10px">
 32 |     <div class="col-md-6">
 33 |         <h3 style="margin-top:0">{{ data_header }} <small>{{results_text}}</small></h3>
 34 |     </div>
 35 | 
 36 |     {% if session['write'] %}
 37 |     <div class="col-md-6" style="text-align:right">
 38 |         <a href="/{{ link_prefix }}/add/">
 39 |             <button type="button" class="btn btn-success btn-sm">
 40 |                 <span class="glyphicon glyphicon-plus"></span> Add New
 41 |             </button>
 42 |         </a>
 43 |     </div>
 44 |     {% endif %}
 45 | </div>
 46 | 
 47 | {% if data['hits']['hits'] %}
 48 | <div class="table-responsive">          
 49 |     <table class="table table-striped table-bordered">
 50 |         <thead>
 51 |             <tr>
 52 |                 <th>{{ field_header }}</th>
 53 |                 <th width="100px">Actions</th>
 54 |             </tr>
 55 |         </thead>
 56 |         <tbody>
 57 |             {% for d in data['hits']['hits'] %}
 58 |             <tr>
 59 |                 <td style="width:100%">{{ d['_source']['name']|e  }}</td>
 60 |                 <td align="center" style="white-space: nowrap">
 61 |                     <a href="/{{ link_prefix}}/view/{{ d['_id'] }}" data-toggle="tooltip" title="View">
 62 |                         <button type="button" class="btn btn-default btn-xs">
 63 |                             <span class="glyphicon glyphicon-eye-open"></span>
 64 |                         </button> 
 65 |                     </a>
 66 | 
 67 |                     {% if session['write'] %}
 68 |                     <a href="/{{ link_prefix}}/edit/{{ d['_id'] }}" data-toggle="tooltip" title="Edit">
 69 |                         <button type="button" class="btn btn-default btn-xs">
 70 |                             <span class="glyphicon glyphicon-edit"></span>
 71 |                         </button>
 72 |                     </a>
 73 |                     {% endif %}
 74 | 
 75 |                     {% if session['delete'] %}
 76 |                     <a href="/{{ link_prefix}}/delete/{{ d['_id'] }}/{{ d['_source']['id_hash'] }}/?_r={{ url }}" data-toggle="tooltip" title="Delete" onclick="return confirm('Are you sure you wish to permanently delete {{ d['_source']['name'] }}')">
 77 |                         <button type="button" class="btn btn-default btn-xs">
 78 |                             <span class="glyphicon glyphicon-trash"></span>
 79 |                         </button>
 80 |                     </a>
 81 |                     {% endif %}
 82 |                 </td>
 83 |             </tr>
 84 |             {% endfor %}
 85 |         </tbody>
 86 |     </table>
 87 | </div>
 88 | 
 89 | <div class="row">
 90 |     <div class="col-md-6">
 91 |         {% if prev_url %}
 92 |         <a href="{{ prev_url }}">
 93 |             <button type="button" class="btn btn-primary btn-small">
 94 |                 <span class="glyphicon glyphicon-chevron-left"></span>
 95 |                 Previous Page
 96 |             </button>
 97 |         </a>
 98 |         {% else %}
 99 |         <button type="button" class="btn btn-default btn-small">
100 |             <span class="glyphicon glyphicon-chevron-left"></span>
101 |             Previous Page
102 |         </button>
103 |         {% endif %}
104 |     </div>
105 |     <div class="col-md-6" style="text-align:right">
106 |         {% if next_url %}
107 |         <a href="{{ next_url }}">
108 |             <button type="button" class="btn btn-primary btn-small">
109 |                 <span class="glyphicon glyphicon-chevron-right"></span>
110 |                 Next Page
111 |             </button>
112 |         </a>
113 |         {% else %}
114 |         <button type="button" class="btn btn-default btn-small">
115 |             <span class="glyphicon glyphicon-chevron-right"></span>
116 |             Next Page
117 |         </button>
118 |         {% endif %}
119 |     </div>
120 | </div>
121 | {% else %}
122 | <div class="row">
123 |     <div class="col-md-12">
124 |         No results found
125 |     </div>
126 | </div>
127 | {% endif %}
128 | 
129 | {% endblock %}


--------------------------------------------------------------------------------
/app/utils/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jalewis/actortrackr/9840e29d483d0c46e42964062cf24924c224144e/app/utils/__init__.py


--------------------------------------------------------------------------------
/app/utils/elasticsearch.py:
--------------------------------------------------------------------------------
  1 | from flask import flash, g
  2 | from app import log, get_es
  3 | from config.settings import *
  4 | 
  5 | from elasticsearch import TransportError
  6 | from elasticsearch.helpers import scan
  7 | 
  8 | logger_prefix = "elasticsearch.py:"
  9 | 
 10 | SIMPLE_CHOICES = {}
 11 | 
 12 | def escape(v):
 13 |     '''
 14 |     Function for escaping data before it goes into ES
 15 | 
 16 |     Parameters: 
 17 |         v - the value to be escaped
 18 |     Returns:
 19 |         v - the escaped value, or the original value if escaping is not possible (int)
 20 |     '''
 21 | 
 22 |     #TODO: escape this before returning it, maybe?
 23 | 
 24 |     #trim the string
 25 |     try:
 26 |         v = v.strip()
 27 |     except AttributeError as a:
 28 |         #if its an integer strip doesnt apply
 29 |         pass
 30 |     return v
 31 | 
 32 | 
 33 | def populate_simple_choices():
 34 |     '''
 35 |     Populates the SIMPLE_CHOICES dictionary with options
 36 |     '''
 37 | 
 38 |     global SIMPLE_CHOICES
 39 | 
 40 |     SIMPLE_CHOICES = {}
 41 |     try:
 42 |         body = {
 43 |             "query" : {
 44 |                 "match_all" : {}
 45 |             },
 46 |             "size" : 1000
 47 |         }
 48 |         results = get_es().search(ES_PREFIX + 'threat_actor_simple', 'data', body)
 49 | 
 50 |         for r in results['hits']['hits']:
 51 |             c_type = r['_source']['type']
 52 |             c_value = r['_source']['value']
 53 | 
 54 |             if c_type not in SIMPLE_CHOICES:
 55 |                 SIMPLE_CHOICES[c_type] = []
 56 | 
 57 |             SIMPLE_CHOICES[c_type].append(c_value)
 58 | 
 59 |         for k,v in SIMPLE_CHOICES.items():
 60 |             SIMPLE_CHOICES[k] = sorted(v)
 61 | 
 62 |         #print(SIMPLE_CHOICES)
 63 | 
 64 |     except Exception as e:
 65 |         error = "There was an error fetching choices. Details: {}".format(t, e)
 66 |         flash(error,'danger')
 67 |         log.exception(logging_prefix + error)
 68 | 
 69 | def fetch_data(c_type, add_new=False, add_unknown=False):
 70 |     d = []
 71 | 
 72 |     if not SIMPLE_CHOICES:
 73 |         populate_simple_choices()
 74 | 
 75 |     for value in sorted(SIMPLE_CHOICES[c_type]):
 76 |         d.append((value,value))
 77 | 
 78 |     if add_new:
 79 |         d.append(("_NEW_","Other"))
 80 | 
 81 |     if add_unknown:
 82 |         d.insert(0, ("Unknown", "Unknown"))
 83 |     
 84 |     #return the data
 85 |     return d
 86 | 
 87 | def fetch_parent_data(_type, add_new=False, add_unknown=False):
 88 |     d = []
 89 | 
 90 |     #query
 91 |     body = {
 92 |         "query" : {
 93 |             "term" : {
 94 |                 "type" : _type
 95 |             }
 96 |         },
 97 |         "sort": {
 98 |             "value": {
 99 |                 "order": "asc"
100 |             }
101 |         },
102 |         "size" : 1000
103 |     }
104 | 
105 |     #get the data!
106 |     results = get_es().search(ES_PREFIX + 'threat_actor_pc', 'parent', body)
107 |     for r in results['hits']['hits']:
108 |         d.append((r['_source']['value'],r['_source']['value']))
109 | 
110 |     if add_new:
111 |         d.append(("_NEW_","Other"))
112 | 
113 |     if add_unknown:
114 |         d.insert(0, ("Unknown", "Unknown"))
115 |     
116 |     #return the data
117 |     return d
118 | 
119 | def fetch_child_data(_type, parent, add_new=False, add_unknown=False):
120 |     d = []
121 | 
122 |     #query
123 |     body = {
124 |         "query" : {
125 |             "term" : {
126 |                 "_parent" : _type + " " + parent
127 |             }
128 |         },
129 |         "sort": {
130 |             "value": {
131 |                 "order": "asc"
132 |             }
133 |         },
134 |         "size" : 1000
135 |     }
136 | 
137 |     #get the data!
138 |     results = get_es().search(ES_PREFIX + 'threat_actor_pc', 'child', body)
139 |     for r in results['hits']['hits']:
140 |         d.append((r['_source']['value'],r['_source']['value']))
141 | 
142 |     if add_new:
143 |         d.append(("_NEW_","Other"))
144 | 
145 |     if add_unknown:
146 |         d.insert(0, ("Unknown", "Unknown"))
147 |     
148 |     #return the data
149 |     return d
150 | 
151 | def fetch_related_choices(t):
152 |     logging_prefix = logger_prefix + "fetch_related_choices({}) - ".format(t)
153 | 
154 |     choices = [('_NONE_', 'n/a')]
155 | 
156 |     if t == 'actor':
157 |         index = ES_PREFIX + "threat_actors"
158 |         doc_type = "actor"
159 |     elif t == 'report':
160 |         index = ES_PREFIX + "threat_reports"
161 |         doc_type = "report"
162 |     elif t == 'ttp':
163 |         index = ES_PREFIX + "threat_ttps"
164 |         doc_type = "ttp"
165 |     else:
166 |         raise Exception("Invalid type '{}'. Expected 'actor', 'ttp' or 'report'")
167 | 
168 |     es_query = {
169 |             "query": {
170 |                 "match_all": {}
171 |             },
172 |             "size": 1000,
173 |             "fields" : ["name"],
174 |             "sort": {
175 |                 "name": {
176 |                     "order": "asc"
177 |                 }
178 |             }
179 |         }
180 | 
181 |     try:
182 |         results = get_es().search(index, doc_type, es_query)
183 |         for r in results['hits']['hits']:
184 |             choices.append((r['_id'] + ":::" + r['fields']['name'][0],r['fields']['name'][0]))
185 | 
186 |     except TransportError as te:
187 | 
188 |         #if the index was not found, this is most likely becuase theres no data there
189 |         if te.status_code == 404:
190 |             log.warning("Index '{}' was not found".format(index))
191 |         else:
192 |             error = "There was an error fetching related {}s. Details: {}".format(t, te)
193 |             flash(error,'danger')
194 |             log.exception(logging_prefix + error)
195 | 
196 |     except Exception as e:
197 |         error = "There was an error fetching related {}s. Details: {}".format(t, e)
198 |         flash(error,'danger')
199 |         log.exception(logging_prefix + error)
200 | 
201 |     return choices
202 | 
203 | def fetch_related_elements(t):
204 |     if t == 'Actor':
205 |         index = "tp-threat_actors"
206 |         doc_type = "actor"
207 |     elif t == 'Report':
208 |         index = "tp-threat_reports"
209 |         doc_type = "report"
210 |     elif t == 'TTP':
211 |         index = "tp-threat_ttps"
212 |         doc_type = "ttp"
213 |     else:
214 |         return []
215 | 
216 |     query = {
217 |         "query" : {
218 |             "match_all" : {}
219 |         },
220 |         "sort" : {
221 |             "name" : {
222 |                 "order" : "asc"
223 |             }
224 |         },
225 |         "fields" : ["name"]
226 |     }
227 | 
228 |     results = scan(get_es(),query=query,index=index,doc_type=doc_type,preserve_order=True)
229 | 
230 |     choices = []
231 |     for r in results:
232 |         _id = r["_id"]
233 |         name = r["fields"]["name"][0]
234 |         choices.append((_id + ":::" + name, name))
235 | 
236 |     return choices
237 | 
238 | def add_to_store(t, v, add_to_local=False):
239 |     body = {
240 |         "value" : escape(v),
241 |         "type" : escape(t)
242 |     }
243 |     doc_id = t + " " + v
244 |     get_es().index(ES_PREFIX + "threat_actor_simple", "data", body, doc_id)
245 | 
246 |     if add_to_local:
247 |         global SIMPLE_CHOICES
248 |         SIMPLE_CHOICES[t].append(v)
249 | 
250 |     print("Added {} {} to ES".format(v,t))
251 | 
252 | def get_score(classification_family, classification_id):
253 |     #query
254 |     body = {
255 |         "query" : {
256 |             "query_string" : {
257 |                 "query" : '+_parent:"tpx_classification {}" +value:"{}"'.format(escape(classification_family),escape(classification_id))
258 |             }
259 |         },
260 |         "sort": {
261 |             "value": {
262 |                 "order": "asc"
263 |             }
264 |         },
265 |         "size" : 1
266 |     }
267 | 
268 |     #get the data!
269 |     results = get_es().search(ES_PREFIX + 'threat_actor_pc', 'child', body)
270 |     if results['hits']['total'] != 1:
271 |         raise Exception("Unable to perform score look up for {} - {}".format(classification_family,classification_id))
272 | 
273 |     return results['hits']['hits'][0]['_source']['score']
274 | 


--------------------------------------------------------------------------------
/app/utils/functions.py:
--------------------------------------------------------------------------------
  1 | import functools
  2 | import json
  3 | import hashlib
  4 | import logging
  5 | import os
  6 | import sys
  7 | import time
  8 | import uuid
  9 | from datetime import datetime
 10 | from operator import itemgetter
 11 | from pymysql.cursors import DictCursor
 12 | from urllib.parse import quote_plus
 13 | 
 14 | #email imports
 15 | import smtplib
 16 | from email.mime.multipart import MIMEMultipart
 17 | from email.mime.text import MIMEText
 18 | 
 19 | from config.settings import *
 20 | from core.forms import forms
 21 | from app import log
 22 | from utils.elasticsearch import *
 23 | from utils.functions import *
 24 | 
 25 | logger_prefix = "functions.py:"
 26 | 
 27 | def sha256(salt, s):
 28 |     s = salt + s
 29 |     hash_object = hashlib.sha256(s.encode('utf-8'))
 30 |     return hash_object.hexdigest()
 31 | 
 32 | def print_tpx(tpx):
 33 |     print(json.dumps(tpx, sort_keys=True, indent=4, separators=(',', ': ')))
 34 | 
 35 | def cmp(a, b):
 36 |     return (a > b) - (a < b) 
 37 | 
 38 | def multikeysort(items, columns):
 39 |     from operator import itemgetter
 40 |     comparers = [ ((itemgetter(col[1:].strip()), -1) if col.startswith('-') else (itemgetter(col.strip()), 1)) for col in columns]
 41 |     def comparer(left, right):
 42 |         for fn, mult in comparers:
 43 |             result = cmp(fn(left), fn(right))
 44 |             if result:
 45 |                 return mult * result
 46 |         else:
 47 |             return 0
 48 |     return sorted(items, key=functools.cmp_to_key(comparer))
 49 | 
 50 | '''
 51 | Edit Tracking Helpers
 52 | '''
 53 | 
 54 | def get_editor_names(mysql, es_editors):
 55 |     user_ids = []
 56 |     editors = []
 57 | 
 58 |     #get a uniq list of user ids
 59 |     for editor in es_editors:
 60 |         user_id = editor.get('user_id')
 61 |         if user_id:
 62 |             if user_id not in user_ids:
 63 |                 user_ids.append(user_id)
 64 | 
 65 |     #with the unique list query mysql
 66 |     if user_ids:
 67 |         query = "SELECT id, name FROM users WHERE id IN ({})".format(','.join(str(x) for x in user_ids))
 68 |         conn = mysql.cursor(DictCursor)
 69 |         conn.execute(query)
 70 |         results = conn.fetchall()
 71 |         conn.close()
 72 | 
 73 |         user_dict = {} #maps id to name
 74 |         for user in results:
 75 |             user_dict[user['id']] = user['name']
 76 | 
 77 |         for editor in es_editors:
 78 |             editors.append({
 79 |                     "user_name" : user_dict[editor['user_id']],
 80 |                     "ts" : editor['ts']
 81 |                 })
 82 | 
 83 | 
 84 |     editors.reverse()
 85 |     return editors
 86 | 
 87 | 
 88 | def get_editor_list(es, index, doc_type, item_id, user_id):
 89 |     #get the current list of editors
 90 |     try:
 91 |         #if this is the "Add" function, the id wont exist, so catch the exception
 92 |         current_data = es.get(index=index, doc_type=doc_type, id=item_id)
 93 |         editors = current_data['_source']['editor']
 94 |     except:
 95 |         editors = []
 96 | 
 97 |     if user_id:
 98 |         editors.append({
 99 |             'user_id' : user_id, 
100 |             'ts' : datetime.now().strftime("%Y-%m-%dT%H:%M:%S") 
101 |             })
102 |     else:
103 |         raise Exception("Unable to locate User ID for session")
104 | 
105 |     return editors
106 | 
107 | '''
108 | Email functions
109 | '''
110 | 
111 | def sendAccountVerificationEmail(email, verification_hash):
112 |     to      = [ email, ]
113 |     sender  = EMAIL_SENDER
114 |     subject = "{}: Account Activation".format(APPLICATION_NAME)
115 |     body    = 'Thank you for registering for the {} {}. To verify your email address, click <a href="{}/user/verify/{}/{}">here</a>.<br/><br/>If you were not expecting this email, please send an email to ctig@lookingglasscyber.com.'.format(APPLICATION_ORG, APPLICATION_NAME, APPLICATION_DOMAIN, quote_plus(quote_plus(email)), verification_hash)
116 | 
117 |     sendHTMLEmail(to, sender, subject, body)
118 | 
119 | def sendNewUserToApproveEmail(user_id, user_email, user_name, user_company, user_justification):
120 |     to      = EMAIL_ADDRESSES
121 |     sender  = EMAIL_SENDER
122 |     subject = "{}: New Verified User".format(APPLICATION_NAME)
123 |     body    = 'A new user has signed up and verified their email. They can be approved on the Admin page.<br/><br/>Name: {}<br/>Email: {}<br/>Company: {}<br/>Justification: {}'.format(user_name, user_email, user_company, user_justification)
124 | 
125 |     sendHTMLEmail(to, sender, subject, body)
126 | 
127 | 
128 | def sendAccountApprovedEmail(user_email):
129 |     to      = [ user_email, ]
130 |     sender  = EMAIL_SENDER
131 |     subject = "{}: Account Approved".format(APPLICATION_NAME)
132 |     body    = 'Your account for the {} {} has been approved<br/><br/>Click <a href="{}/user/login/">here</a> to log in.'.format(APPLICATION_ORG, APPLICATION_NAME, APPLICATION_DOMAIN)
133 | 
134 |     sendHTMLEmail(to, sender, subject, body)
135 | 
136 | def sendAccountDisapprovedEmail(user_email):
137 |     to      = [ user_email, ]
138 |     sender  = EMAIL_SENDER
139 |     subject = "{}: Account Access Removed".format(APPLICATION_NAME)
140 |     body    = 'Your access to the {} {} has been removed<br/><br/>If you feel this has been done in error, contact <a href="mailto:ctig@lookingglasscyber.com">ctig@lookingglasscyber.com</a>'.format(APPLICATION_ORG, APPLICATION_NAME)
141 | 
142 |     sendHTMLEmail(to, sender, subject, body)
143 | 
144 | def sendPasswordResetEmail(user_email, reset_link):
145 |     to      = [ user_email, ]
146 |     sender  = EMAIL_SENDER
147 |     subject = "{}: Password Reset".format(APPLICATION_NAME)
148 |     body    = 'To reset your password, click <a href="{}{}">here</a>'.format(APPLICATION_DOMAIN, reset_link)
149 | 
150 |     sendHTMLEmail(to, sender, subject, body)
151 | 
152 | 
153 | def sendCustomEmail(user_email, subject, body):
154 |     to      = [ user_email, ]
155 |     sender  = EMAIL_SENDER
156 | 
157 |     sendPlainTextEmail(to, sender, subject, body)
158 | 
159 | '''
160 | Email Senders
161 | '''
162 | 
163 | def sendPlainTextEmail(to, sender, subject, body):
164 |     msg = MIMEText(body)
165 |     msg['Subject'] = subject
166 |     msg['From'] = sender
167 |     msg['To'] = ", ".join(to)
168 |     s = smtplib.SMTP('localhost')
169 |     s.sendmail(sender, to, msg.as_string())
170 |     s.quit()
171 | 
172 |     print("Email sent")
173 | 
174 | def sendHTMLEmail(to, sender, subject, body):
175 |     msg = MIMEMultipart('alternative')
176 |     msg['Subject'] = subject
177 |     msg['From'] = sender
178 |     msg['To'] = ", ".join(to)
179 | 
180 |     msgbody = MIMEText(body, 'html')
181 |     msg.attach(msgbody)
182 | 
183 |     s = smtplib.SMTP('localhost')
184 |     s.sendmail(sender, to, msg.as_string())
185 |     s.quit()
186 | 
187 |     print("Email sent")


--------------------------------------------------------------------------------
/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jalewis/actortrackr/9840e29d483d0c46e42964062cf24924c224144e/favicon.ico


--------------------------------------------------------------------------------
/license.txt:
--------------------------------------------------------------------------------
 1 | Copyright 2016 Lookingglass Cyber Solutions
 2 | 
 3 | Licensed under the Apache License, Version 2.0 (the "License");
 4 | you may not use this file except in compliance with the License.
 5 | You may obtain a copy of the License at
 6 | 
 7 |     http://www.apache.org/licenses/LICENSE-2.0
 8 | 
 9 | Unless required by applicable law or agreed to in writing, software
10 | distributed under the License is distributed on an "AS IS" BASIS,
11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | See the License for the specific language governing permissions and
13 | limitations under the License.


--------------------------------------------------------------------------------
/robots.txt:
--------------------------------------------------------------------------------
1 | User-agent: *
2 | Disallow: /cgi-bin/
3 | 


--------------------------------------------------------------------------------
/setup/load_data.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3.4
  2 | # Creates ES indexes for the threat actor application
  3 | 
  4 | from elasticsearch import Elasticsearch
  5 | from elasticsearch import exceptions
  6 | from elasticsearch.helpers import bulk
  7 | 
  8 | import time
  9 | import logging 
 10 | 
 11 | es_logger = logging.getLogger('elasticsearch')
 12 | es_logger.propagate = False
 13 | es_logger.setLevel(logging.DEBUG)
 14 | es_logger_handler=logging.StreamHandler()
 15 | es_logger.addHandler(es_logger_handler)
 16 | 
 17 | es_tracer = logging.getLogger('elasticsearch.trace')
 18 | es_tracer.propagate = False
 19 | es_tracer.setLevel(logging.INFO)
 20 | es_tracer_handler=logging.StreamHandler()
 21 | es_tracer.addHandler(es_tracer_handler)
 22 | 
 23 | ES_PREFIX = "tp-"
 24 | 
 25 | es = Elasticsearch(['http://localhost',])
 26 | 
 27 | 
 28 | data_simple = {}
 29 | 
 30 | data_simple['classification']           =   [
 31 |                                                 "Nation State", 
 32 |                                                 "Criminal", 
 33 |                                                 "Hacktivist"
 34 |                                         ]
 35 | 
 36 | data_simple['motivation']               =   [
 37 |                                                 "Espionage", 
 38 |                                                 "Deny, degrade, disrupt, destroy, manipulate info or info systems"                                
 39 |                                         ]
 40 | 
 41 | data_simple['communication']            =   [
 42 |                                                 "Jabber", 
 43 |                                                 "ICQ", 
 44 |                                                 "Email"
 45 |                                         ]
 46 | 
 47 | data_simple['country']                  =   [
 48 |                                                 "China", 
 49 |                                                 "Russia"                                
 50 |                                         ]
 51 | 
 52 | 
 53 | 
 54 | data_simple['financial']                =   [
 55 |                                                 "Bitcoin Wallet", 
 56 |                                                 "Bank Account", 
 57 |                                                 "Credit Card"
 58 |                                         ]
 59 | 
 60 | data_simple['known_target']             =   [
 61 |                                                 "Healthcare Industry",
 62 |                                                 "Pharmaceutical Industry",
 63 |                                                 "Hospitals", 
 64 |                                                 "Biochemical Engineering Companies"
 65 |                                         ]
 66 | 
 67 | 
 68 | '''
 69 | data_simple['ttp']                      =   [
 70 |                                                 "Watering Hole Attack", 
 71 |                                                 "Spear Phishing", 
 72 |                                                 "Adobe 0-Days",
 73 |                                                 "Cyber Pathogens",
 74 |                                                 "Metasploit",
 75 |                                                 "Lateral Movement",
 76 |                                                 "Generic Decoy Malware"
 77 |                                         ]
 78 | '''
 79 | 
 80 | data_simple['infrastructure_action']    =   [ 
 81 |                                                 "Passive Only: Only passive requests shall be performed to avoid detection by the adversary", 
 82 |                                                 "Take Down: Take down requests can be performed to avoid detection by the adversary", 
 83 |                                                 "Monitoring Active: Monitoring requests are ongoing the adversary infrastructure", 
 84 |                                                 "Pending Law Enforcement Request: Requests are ongoing the adversary infrastructure"
 85 |                                         ]
 86 | 
 87 | data_simple['infrastructure_owner']     =   [
 88 |                                                 "Unknown: Infrastructure ownership and status is unknown", 
 89 |                                                 "Compromised: Infrastructure compromised by or in the benefit of the adversary",
 90 |                                                 "Own-and-Operated: Infrastructure owned and operated by adversary"
 91 |                                         ]
 92 | 
 93 | data_simple['infrastructure_status']    =   [
 94 |                                                 "Unknown: Infrastructure state is unknown or can't be evaluated",
 95 |                                                 "Active: Infrastructure state is active and actively being used by adversary",
 96 |                                                 "Down: Infrastructure state is known to be down.",
 97 |                                         ]
 98 | 
 99 | data_simple['infrastructure_type']     =   [
100 |                                                 "Unknown: Infrastructure usage by the adversary is unknown",
101 |                                                 "Proxy: Infrastructure used as proxy between the target and the adversary",
102 |                                                 "Drop-Zone: Infrastructure used by the adversary to store information related to his campaigns",
103 |                                                 "Exploit-Distribution Point: Infrastructure used to distribute exploit towards target(s)",
104 |                                                 "Virtual Private Network (VPN): Infrastructure used by the adversary as VPN to hide activities and reduce traffic",
105 |                                                 "Panel: Panel used by adversary to control or maintain his infrastructure",
106 |                                                 "Traffic Distribution Systems (TDS): TDS including exploit delivery and/or web monetization channels"                      
107 |                                         ]
108 | 
109 | data_simple['detection_rule']          =   [
110 |                                                 "Snort",
111 |                                                 "Yara"
112 |                                         ]
113 | 
114 | data_pc = {}
115 | 
116 | #tpx classifications
117 | data_pc['tpx_classification'] = [
118 |     {
119 |         "parent" : "Malware",
120 |         "child" : "APT",
121 |         "score" :  90
122 |     },
123 |     {
124 |         "parent" : "Malware",
125 |         "child" : "Adware",
126 |         "score" :  40
127 |     },
128 |     {
129 |         "parent" : "Malware",
130 |         "child" : "Ransomware",
131 |         "score" :  70
132 |     },
133 |     {
134 |         "parent" : "Malware",
135 |         "child" : "Web Shell",
136 |         "score" :  65
137 |     },
138 |     {
139 |         "parent" : "Malware",
140 |         "child" : "Remote Access Trojan",
141 |         "score" :  80
142 |     },
143 |     {
144 |         "parent" : "Malware",
145 |         "child" : "Rogue Antivirus",
146 |         "score" :  40
147 |     },
148 |     {
149 |         "parent" : "Malware",
150 |         "child" : "Worm",
151 |         "score" :  60
152 |     },
153 |     {
154 |         "parent" : "Malware",
155 |         "child" : "Rootkit",
156 |         "score" :  60
157 |     },
158 |     {
159 |         "parent" : "Malware",
160 |         "child" : "Exploit Kit",
161 |         "score" :  50
162 |     },
163 |     {
164 |         "parent" : "Malware",
165 |         "child" : "Automatic Transfer System",
166 |         "score" : 80
167 |     },
168 |     {
169 |         "parent" : "Malware",
170 |         "child" : "Malware Artifacts",
171 |         "score" :  30
172 |     },
173 |     {
174 |         "parent" : "Malware",
175 |         "child" : "Dialer",
176 |         "score" :  40
177 |     },
178 |     {
179 |         "parent" : "Malware",
180 |         "child" : "Credential Theft",
181 |         "score" :  60
182 |     },
183 |     {
184 |         "parent" : "Malware",
185 |         "child" : "DDoS",
186 |         "score" :  60
187 |     },
188 |     {
189 |         "parent" : "Malware",
190 |         "child" : "Downloader",
191 |         "score" : 30
192 |     },
193 |     {
194 |         "parent" : "Malware",
195 |         "child" : "Spam",
196 |         "score" :  5
197 |     },
198 |     {
199 |         "parent" : "Malware",
200 |         "child" : "Click Fraud",
201 |         "score" :  40
202 |     },
203 |     {
204 |         "parent" : "Malware",
205 |         "child" : "Financial",
206 |         "score" :  60
207 |     },
208 |     {
209 |         "parent" : "Malware",
210 |         "child" : "Participant",
211 |         "score" :  60
212 |     },
213 |     {
214 |         "parent" : "Malware",
215 |         "child" : "Script",
216 |         "score" :  10
217 |     },
218 |     {
219 |         "parent" : "Malware",
220 |         "child" : "Stress Test Tool",
221 |         "score" :  60
222 |     },
223 |     {
224 |         "parent" : "Malware",
225 |         "child" : "POS - ATM",
226 |         "score" :  75
227 |     },
228 |     {
229 |         "parent" : "Malware",
230 |         "child" : "Spyware",
231 |         "score" :  40
232 |     },
233 |     {
234 |         "parent" : "Malicious",
235 |         "child" : "Email",
236 |         "score" :  15
237 |     },
238 |     {
239 |         "parent" : "Malicious",
240 |         "child" : "Password cracking",
241 |         "score" :  40
242 |     },
243 |     {
244 |         "parent" : "Malicious",
245 |         "child" : "backdoor",
246 |         "score" :  60
247 |     },
248 |     {
249 |         "parent" : "Malicious",
250 |         "child" : "SMTP Abuse",
251 |         "score" :  20
252 |     },
253 |     {
254 |         "parent" : "Malicious",
255 |         "child" : "DNS",
256 |         "score" :  60
257 |     },
258 |     {
259 |         "parent" : "Malicious",
260 |         "child" : "BGP",
261 |         "score" :  60
262 |     },
263 |     {
264 |         "parent" : "Malicious",
265 |         "child" : "Russian Business Network",
266 |         "score" :  20
267 |     },
268 |     {
269 |         "parent" : "Recon",
270 |         "child" : "Port Scanner",
271 |         "score" :  20
272 |     },
273 |     {
274 |         "parent" : "Recon",
275 |         "child" : "Scanning",
276 |         "score" :  30
277 |     },
278 |     {
279 |         "parent" : "Recon",
280 |         "child" : "Probes",
281 |         "score" :  30
282 |     },
283 |     {
284 |         "parent" : "Recon",
285 |         "child" : "Vulnerability Scanner",
286 |         "score" : 40
287 |     },
288 |     {
289 |         "parent" : "Attack",
290 |         "child" : "Bruteforce",
291 |         "score" :  30
292 |     },
293 |     {
294 |         "parent" : "Attack",
295 |         "child" : "Sending Spam",
296 |         "score" :  20
297 |     },
298 |     {
299 |         "parent" : "Attack",
300 |         "child" : "DDoS",
301 |         "score" :  60
302 |     },
303 |     {
304 |         "parent" : "Attack",
305 |         "child" : "Phishing",
306 |         "score" :  50
307 |     },
308 |     {
309 |         "parent" : "Attack",
310 |         "child" : "Malicious Email",
311 |         "score" :  15
312 |     },
313 |     {
314 |         "parent" : "Attack",
315 |         "child" : "Hacktivism",
316 |         "score" :  40
317 |     },
318 |     {
319 |         "parent" : "Attack",
320 |         "child" : "Hijack",
321 |         "score" :  60
322 |     },
323 |     {
324 |         "parent" : "Attack",
325 |         "child" : "Exploit Kit",
326 |         "score" :  50
327 |     },
328 |     {
329 |         "parent" : "Attack",
330 |         "child" : "Malvertising",
331 |         "score" :  40
332 |     },
333 |     {
334 |         "parent" : "Attack",
335 |         "child" : "DoS",
336 |         "score" :  60
337 |     },
338 |     {
339 |         "parent" : "Infrastructure",
340 |         "child" : "Education",
341 |         "score" :  5
342 |     },
343 |     {
344 |         "parent" : "Infrastructure",
345 |         "child" : "Corporate",
346 |         "score" :  5
347 |     },
348 |     {
349 |         "parent" : "Infrastructure",
350 |         "child" : "Public",
351 |         "score" :  5
352 |     },
353 |     {
354 |         "parent" : "Infrastructure",
355 |         "child" : "Transparent",
356 |         "score" :  5
357 |     },
358 |     {
359 |         "parent" : "Infrastructure",
360 |         "child" : "Hosting",
361 |         "score" :  5
362 |     },
363 |     {
364 |         "parent" : "Infrastructure",
365 |         "child" : "AOL",
366 |         "score" :  5
367 |     },
368 |     {
369 |         "parent" : "Infrastructure",
370 |         "child" : "Exit Node",
371 |         "score" :  50
372 |     },
373 |     {
374 |         "parent" : "Infrastructure",
375 |         "child" : "VPN",
376 |         "score" :  5
377 |     },
378 |     {
379 |         "parent" : "Infrastructure",
380 |         "child" : "I2P",
381 |         "score" : 5
382 |     },
383 |     {
384 |         "parent" : "Infrastructure",
385 |         "child" : "Web Panel",
386 |         "score" :  75
387 |     },
388 |     {
389 |         "parent" : "Infrastructure",
390 |         "child" : "Dynamic DNS",
391 |         "score" :  10
392 |     },
393 |     {
394 |         "parent" : "Infrastructure",
395 |         "child" : "Legitimate Domain Registration Services",
396 |         "score" :  1
397 |     },
398 |     {
399 |         "parent" : "Infrastructure",
400 |         "child" : "Malicious Domain Registrars",
401 |         "score" :  20
402 |     },
403 |     {
404 |         "parent" : "Infrastructure",
405 |         "child" : "Top-Level Domain Registrars",
406 |         "score" :  1
407 |     },
408 |     {
409 |         "parent" : "Infrastructure",
410 |         "child" : "Bulletproof Hosting/Rogue Hosting",
411 |         "score" : 40
412 |     },
413 |     {
414 |         "parent" : "Infrastructure",
415 |         "child" : "Cloud Hosting",
416 |         "score" :  5
417 |     },
418 |     {
419 |         "parent" : "Infrastructure",
420 |         "child" : "Compromised Server",
421 |         "score" :  40
422 |     },
423 |     {
424 |         "parent" : "Infrastructure",
425 |         "child" : "Fast Flux Botnet Hosting",
426 |         "score" :  60
427 |     },
428 |     {
429 |         "parent" : "Infrastructure",
430 |         "child" : "Electronic Payment Methods",
431 |         "score" :  5
432 |     },
433 |     {
434 |         "parent" : "Infrastructure",
435 |         "child" : "Forums",
436 |         "score" :  5
437 |     },
438 |     {
439 |         "parent" : "Infrastructure",
440 |         "child" : "IRC",
441 |         "score" :  5
442 |     },
443 |     {
444 |         "parent" : "Infrastructure",
445 |         "child" : "Jabber",
446 |         "score" :  5
447 |     },
448 |     {
449 |         "parent" : "Infrastructure",
450 |         "child" : "P2P",
451 |         "score" :  5
452 |     },
453 |     {
454 |         "parent" : "Infrastructure",
455 |         "child" : "Mobile Communications",
456 |         "score" :  5
457 |     },
458 |     {
459 |         "parent" : "Infrastructure",
460 |         "child" : "Social Networks",
461 |         "score" :  5
462 |     },
463 |     {
464 |         "parent" : "Infrastructure",
465 |         "child" : "User-Generated Content Websites",
466 |         "score" :  5
467 |     },
468 |     {
469 |         "parent" : "Infrastructure",
470 |         "child" : "Sinkhole",
471 |         "score" :  5
472 |     },
473 |     {
474 |         "parent" : "Infrastructure",
475 |         "child" : "Illegal Activity",
476 |         "score" :  15
477 |     },
478 |     {
479 |         "parent" : "Infrastructure",
480 |         "child" : "SCADA",
481 |         "score" :  75
482 |     },
483 |     {
484 |         "parent" : "Infrastructure",
485 |         "child" : "Darknet",
486 |         "score" :  20
487 |     },
488 |     {
489 |         "parent" : "Intel",
490 |         "child" : "Threat Report",
491 |         "score" :  70
492 |     },
493 |     {
494 |         "parent" : "Intel",
495 |         "child" : "Campaign Characteristics",
496 |         "score" :  70
497 |     },
498 |     {
499 |         "parent" : "Intel",
500 |         "child" : "Endpoint Characteristics",
501 |         "score" :  40
502 |     },
503 |     {
504 |         "parent" : "Intel",
505 |         "child" : "Vulnerable Service",
506 |         "score" : 40
507 |     },
508 |     {
509 |         "parent" : "Intel",
510 |         "child" : "Host Characteristics",
511 |         "score" :  40
512 |     },
513 |     {
514 |         "parent" : "Intel",
515 |         "child" : "Infrastructure",
516 |         "score" :  10
517 |     },
518 |     {
519 |         "parent" : "Intel",
520 |         "child" : "TTP",
521 |         "score" :  70
522 |     },
523 |     { 
524 |         "parent" : "Intel",
525 |         "child" : "Collective Threat Intel",
526 |         "score" :  70
527 |     },
528 |     {
529 |         "parent" : "Intel",
530 |         "child" : "Threat Actor Characterization",
531 |         "score" :  70
532 |     },
533 |     {
534 |         "parent" : "Observed Actions",
535 |         "child" : "Exfiltration",
536 |         "score" :  75
537 |     },
538 |     {
539 |         "parent" : "Observed Actions",
540 |         "child" : "Brand or Image Degradation",
541 |         "score" :  75
542 |     },
543 |     {
544 |         "parent" : "Observed Actions",
545 |         "child" : "Economic",
546 |         "score" :  75
547 |     },
548 |     {
549 |         "parent" : "Observed Actions",
550 |         "child" : "Military",
551 |         "score" :  75
552 |     },
553 |     {
554 |         "parent" : "Observed Actions",
555 |         "child" : "Political",
556 |         "score" :  75
557 |     },
558 |     {
559 |         "parent" : "Observed Actions",
560 |         "child" : "Data Breach or Compromise",
561 |         "score" :  75
562 |     },
563 |     {
564 |         "parent" : "Observed Actions",
565 |         "child" : "Degradation of Service",
566 |         "score" :  75
567 |     },
568 |     {
569 |         "parent" : "Observed Actions",
570 |         "child" : "Destruction",
571 |         "score" :  75
572 |     },
573 |     {
574 |         "parent" : "Observed Actions",
575 |         "child" : "Disruption of Service",
576 |         "score" :  75
577 |     },
578 |     {
579 |         "parent" : "Observed Actions",
580 |         "child" : "Financial Loss",
581 |         "score" :  75
582 |     },
583 |     {
584 |         "parent" : "Observed Actions",
585 |         "child" : "Proprietary Information",
586 |         "score" :  75
587 |     },
588 |     {
589 |         "parent" : "Observed Actions",
590 |         "child" : "Intellectual Property",
591 |         "score" :  75
592 |     },
593 |     {
594 |         "parent" : "Observed Actions",
595 |         "child" : "Confidential Information",
596 |         "score" :  75
597 |     },
598 |     {
599 |         "parent" : "Observed Actions",
600 |         "child" : "Regulatory, Compliance or Legal Impact",
601 |         "score" : 75
602 |     },
603 |     {
604 |         "parent" : "Observed Actions",
605 |         "child" : "Unintended Access",
606 |         "score" :  75
607 |     },
608 |     {
609 |         "parent" : "Observed Actions",
610 |         "child" : "User Data Loss",
611 |         "score" :  75
612 |     },
613 |     {
614 |         "parent" : "Watchlist",
615 |         "child" : "Domain Watchlist",
616 |         "score" :  30
617 |     },
618 |     {
619 |         "parent" : "Watchlist",
620 |         "child" : "File hash watchlist",
621 |         "score" :  30
622 |     },
623 |     {
624 |         "parent" : "Watchlist",
625 |         "child" : "IP Watchlist",
626 |         "score" :  30
627 |     },
628 |     {
629 |         "parent" : "Watchlist",
630 |         "child" : "URL Watchlist",
631 |         "score" :  30
632 |     },
633 |     {
634 |         "parent" : "Actors",
635 |         "child" : "APT",
636 |         "score" :  90
637 |     },
638 |     {
639 |         "parent" : "Actors",
640 |         "child" : "Gray hat",
641 |         "score" :  30
642 |     },
643 |     {
644 |         "parent" : "Actors",
645 |         "child" : "Black hat",
646 |         "score" :  60
647 |     },
648 |     {
649 |         "parent" : "Actors",
650 |         "child" : "Hacktivist",
651 |         "score" : 60
652 |     },
653 |     {
654 |         "parent" : "Actors",
655 |         "child" : "White hat",
656 |         "score" :  5
657 |     },
658 |     {
659 |         "parent" : "Actors",
660 |         "child" : "State Actor or Agency",
661 |         "score" :  85
662 |     },
663 |     {
664 |         "parent" : "Actors",
665 |         "child" : "Underground Call Service",
666 |         "score" :  60
667 |     },
668 |     {
669 |         "parent" : "Actors",
670 |         "child" : "Spam Service",
671 |         "score" :  20
672 |     },
673 |     {
674 |         "parent" : "Actors",
675 |         "child" : "Credential Theft Botnet Operator",
676 |         "score" :  50
677 |     },
678 |     {
679 |         "parent" : "Actors",
680 |         "child" : "Credential Theft Botnet Service",
681 |         "score" :  50
682 |     },
683 |     {
684 |         "parent" : "Actors",
685 |         "child" : "Malware Developer",
686 |         "score" :  60
687 |     },
688 |     {
689 |         "parent" : "Actors",
690 |         "child" : "Money Laundering Network",
691 |         "score" :  40
692 |     },
693 |     {
694 |         "parent" : "Actors",
695 |         "child" : "Organized Crime Actor",
696 |         "score" :  60
697 |     },
698 |     {
699 |         "parent" : "Actors",
700 |         "child" : "Traffic Service",
701 |         "score" :  30
702 |     },
703 |     {
704 |         "parent" : "Actors",
705 |         "child" : "Insider Threat",
706 |         "score" :  75
707 |     },
708 |     {
709 |         "parent" : "Actors",
710 |         "child" : "Disgruntled User",
711 |         "score" :  75
712 |     },
713 |     {
714 |         "parent" : "Actors",
715 |         "child" : "Jihadist",
716 |         "score" :  75
717 |     },
718 |     {
719 |         "parent" : "Actors",
720 |         "child" : "White Supremacist",
721 |         "score" : 65
722 |     },
723 |     {
724 |         "parent" : "Actors",
725 |         "child" : "Cyber Espionage Operations",
726 |         "score" : 99
727 |     },
728 |     {
729 |         "parent" : "Actors",
730 |         "child" : "Malware Developer",
731 |         "score" : 60
732 |     },
733 |     {
734 |         "parent" : "Actors",
735 |         "child" : "CBRN Chemical, biological, radiological and nuclear",
736 |         "score" : 75
737 |     }
738 | ]
739 | 
740 | 
741 | '''
742 | Example Pull
743 | '''
744 | def insert_bulk(docs):
745 |     results = bulk(es, docs, raise_on_error=False, raise_on_exception=False)
746 |     for error in results[1]:
747 |         try:
748 |             m = error['create']['error']['caused_by']['type']
749 |         except:
750 |             try:
751 |                 m = error['create']['error']['type']
752 |             except Exception as e1:
753 |                 print(error)
754 |                 print(str(e1))
755 | 
756 | bulk_docs = []
757 | for k,v in data_simple.items():
758 |     for i in v:
759 |         my_id = k.strip() + " " + i.strip()
760 |         source = { 
761 |             'value' :   i.strip(),
762 |             'type'  :   k.strip()
763 |         }
764 | 
765 |         #print(es.index(ES_PREFIX + 'threat_actor_simple','data',source,my_id))
766 |         
767 |         action = {
768 |             "_op_type"  :   "create", 
769 |             "_index"    :   ES_PREFIX + 'threat_actor_simple',
770 |             "_type"     :   "data",
771 |             "_id"       :   my_id,
772 |             "_source"   :   source
773 |         }
774 |         bulk_docs.append(action)
775 | 
776 |         if len(bulk_docs) > 100:
777 |             insert_bulk(bulk_docs)
778 |             bulk_docs = []
779 |         
780 | 
781 | for k,v in data_pc.items():
782 |     for d in v:
783 | 
784 |         parent_id = k.strip() + " " + d['parent'].strip()
785 |         parent = {
786 |             'value' : d['parent'].strip(),
787 |             'type' : k
788 |         }
789 |         parent_action = {
790 |             "_op_type"  :   "create", 
791 |             "_index"    :   ES_PREFIX + 'threat_actor_pc',
792 |             "_type"     :   "parent",
793 |             "_id"       :   parent_id, 
794 |             "_source"   :   parent
795 |         }
796 |         bulk_docs.append(parent_action)
797 | 
798 |         my_id = parent_id.strip() + " " + d['child'].strip()
799 |         source = { 
800 |             'value' :   d['child'].strip(),
801 |             'score' :   d['score']
802 |         }
803 | 
804 |         action = {
805 |             "_op_type"  : "create", 
806 |             "_index"    : ES_PREFIX + 'threat_actor_pc',
807 |             "_type"     : "child",
808 |             "_id"       : my_id,
809 |             "_parent"   : parent_id,
810 |             "_source"   : source
811 |         }
812 |         bulk_docs.append(action)
813 | 
814 |         if len(bulk_docs) > 100:
815 |             insert_bulk(bulk_docs)
816 |             bulk_docs = []
817 | 
818 | if len(bulk_docs) > 0:
819 |     insert_bulk(bulk_docs)
820 |     bulk_docs = []
821 | 
822 | '''
823 | Example Pull
824 | '''
825 | 
826 | '''
827 | body = {
828 |     "query" : {
829 |         "term" : {
830 |             "type" : "ttp"
831 |         }
832 |     },
833 |     "sort": {
834 |         "value": {
835 |             "order": "asc"
836 |         }
837 |     }
838 | }
839 | 
840 | results = es.search(ES_PREFIX + 'threat_actor_simple', 'data', body)
841 | d = []
842 | for r in results['hits']['hits']:
843 |     d.append(r['_source']['value'])
844 | '''
845 | 
846 | 


--------------------------------------------------------------------------------
/setup/schema.sql:
--------------------------------------------------------------------------------
 1 | -- phpMyAdmin SQL Dump
 2 | -- version 4.0.10deb1
 3 | -- http://www.phpmyadmin.net
 4 | --
 5 | -- Host: localhost
 6 | -- Generation Time: May 25, 2016 at 07:20 PM
 7 | -- Server version: 10.1.13-MariaDB-1~trusty
 8 | -- PHP Version: 5.5.9-1ubuntu4.17
 9 | 
10 | SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
11 | SET time_zone = "+00:00";
12 | 
13 | 
14 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
15 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
16 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
17 | /*!40101 SET NAMES utf8 */;
18 | 
19 | --
20 | -- Database: `threat_actors`
21 | --
22 | CREATE DATABASE IF NOT EXISTS `threat_actors` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
23 | USE `threat_actors`;
24 | 
25 | -- --------------------------------------------------------
26 | 
27 | --
28 | -- Table structure for table `password_reset_hashes`
29 | --
30 | 
31 | CREATE TABLE `password_reset_hashes` (
32 |   `id` int(11) NOT NULL AUTO_INCREMENT,
33 |   `user_id` int(11) NOT NULL,
34 |   `hash` varchar(64) NOT NULL,
35 |   PRIMARY KEY (`id`),
36 |   KEY `user_id` (`user_id`,`hash`)
37 | ) ENGINE=MyISAM  DEFAULT CHARSET=latin1;
38 | 
39 | -- --------------------------------------------------------
40 | 
41 | --
42 | -- Table structure for table `users`
43 | --
44 | 
45 | CREATE TABLE `users` (
46 |   `id` int(11) NOT NULL AUTO_INCREMENT,
47 |   `email` varchar(256) NOT NULL,
48 |   `password` varchar(64) NOT NULL,
49 |   `name` varchar(256) NOT NULL,
50 |   `company` varchar(256) DEFAULT NULL,
51 |   `justification` varchar(2048) NOT NULL DEFAULT 'Grandfathered in',
52 |   `email_verified` int(1) NOT NULL DEFAULT '0',
53 |   `verification_hash` varchar(64) NOT NULL,
54 |   `approved` int(1) NOT NULL DEFAULT '0',
55 |   `write_permission` int(1) NOT NULL DEFAULT '0',
56 |   `delete_permission` int(1) NOT NULL DEFAULT '0',
57 |   `admin` int(1) NOT NULL DEFAULT '0',
58 |   `created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
59 |   `last_login` timestamp NULL DEFAULT NULL,
60 |   PRIMARY KEY (`id`),
61 |   KEY `verification_hash` (`verification_hash`)
62 | ) ENGINE=MyISAM  DEFAULT CHARSET=latin1;
63 | 
64 | /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
65 | /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
66 | /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
67 | 


--------------------------------------------------------------------------------
/setup/setup_steps.sh:
--------------------------------------------------------------------------------
  1 | #Actor DB Web Server setup
  2 | 
  3 | ###################################################################
  4 | # Apache
  5 | ###################################################################
  6 | 
  7 | apt-get -y install apache2
  8 | apt-get -y install libapache2-mod-wsgi-py3
  9 | 
 10 | ###################################################################
 11 | # MariaDB
 12 | ###################################################################
 13 | 
 14 | #Important note root password when going thru this, its needed for phpmyadmin and the application
 15 | 
 16 | sudo apt-get install software-properties-common
 17 | sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
 18 | sudo add-apt-repository 'deb [arch=amd64,i386] http://mirror.jmu.edu/pub/mariadb/repo/10.1/ubuntu trusty main'
 19 | sudo apt-get update
 20 | sudo apt-get install mariadb-server
 21 | 
 22 | #command line client, also need for python lib
 23 | sudo apt-get install mysql-client
 24 | 
 25 | ###################################################################
 26 | # phpmyadmin (optional), make sure its not on port 80
 27 | ###################################################################
 28 | sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt
 29 | 
 30 | vim /etc/apache2/mods-enabled/dir.conf
 31 | 
 32 | #move index.php to front of list
 33 | <IfModule mod_dir.c>
 34 |     DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
 35 | </IfModule>
 36 | 
 37 | sudo service apache2 restart
 38 | 
 39 | sudo apt-get update
 40 | sudo apt-get install phpmyadmin
 41 | 
 42 | sudo php5enmod mcrypt
 43 | sudo service apache2 restart
 44 | 
 45 | ###################################################################
 46 | # Install pip
 47 | ###################################################################
 48 | 
 49 | #for python 3.4
 50 | cd ~
 51 | wget https://bootstrap.pypa.io/get-pip.py
 52 | python3.4 get-pip.py
 53 | rm get-pip.py
 54 | 
 55 | ###################################################################
 56 | # Python modules
 57 | ###################################################################
 58 | 
 59 | python3.4 -m pip install flask #flask
 60 | python3.4 -m pip install Flask-WTF #flask forms
 61 | python3.4 -m pip install flask-compress #flask gzip compression extension
 62 | python3.4 -m pip install requests #requests
 63 | python3.4 -m pip install elasticsearch
 64 | python3.4 -m pip install PyMySQL
 65 | 
 66 | ###################################################################
 67 | # Configuration
 68 | ###################################################################
 69 | 
 70 | ###########################################
 71 | #/etc/apache2/sites-enabled/actortrackr.com.conf
 72 | 
 73 | <VirtualHost *:80>
 74 |     ServerAdmin ctig@lookingglasscyber.com
 75 |     DocumentRoot /var/www/actortrackr.com
 76 |     ServerName actortrackr.com
 77 |     ServerAlias www.actortrackr.com
 78 |     RewriteEngine On
 79 |     RewriteOptions inherit
 80 |     CustomLog /var/log/apache2/actortrackr.com.log combined
 81 |     Options -Indexes
 82 | 
 83 |     WSGIScriptAlias         /       /var/www/actortrackr.com/actor.wsgi
 84 | 
 85 |     <Directory /var/www/actortrackr.com>
 86 |         Require         all     granted
 87 |         WSGIScriptReloading On
 88 |     </Directory>
 89 | 
 90 |     <Location />
 91 |         LimitRequestBody 52428800
 92 |     </Location>
 93 | 
 94 | </VirtualHost>
 95 | 
 96 | ###########################################
 97 | #/etc/apache2/ports.conf
 98 | 
 99 | #where phpmyadmin is running
100 | Listen 8080
101 | 
102 | 
103 | ###################################################################
104 | # Start Server, hit some pages, and check for errors
105 | ###################################################################
106 | clear; service apache2 restart; tail -f /var/log/apache2/error.log
107 | 
108 | 


--------------------------------------------------------------------------------
/updates/2016_05_24/update_mappings.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3.4
  2 | # update_mappings.py
  3 | #
  4 | # adds new mappings to each index to track which users modified an item
  5 | # this is a multi step script
  6 | # step 1. export all of the data from each index to a temp file
  7 | # step 2. delete the index/template for each index, recreate the template
  8 | # step 3. upload the dumped data
  9 | 
 10 | #import ES
 11 | try:
 12 |     from elasticsearch import Elasticsearch
 13 |     from elasticsearch import exceptions
 14 |     from elasticsearch.helpers import scan
 15 | except Exception as e:
 16 |     print("Error: {}\nElasticsearch library is not installed, try 'pip install elasticsearch'".format(e))
 17 |     exit(1)
 18 | 
 19 | # set up the path so this can be run and use the settings.py file
 20 | import json
 21 | import os
 22 | import requests
 23 | import sys
 24 | import time
 25 | 
 26 | # set PATH so imports are correct
 27 | TOP_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.realpath(__file__))))
 28 | 
 29 | APP_PATH = TOP_DIR+"/app"
 30 | 
 31 | sys.path.insert(0, TOP_DIR)
 32 | sys.path.insert(0, APP_PATH)
 33 | 
 34 | # Import our settings
 35 | from config.settings import *
 36 | 
 37 | #import the new mappings
 38 | import mappings_file
 39 | 
 40 | PERFORM_DELETE = True
 41 | NOOP = False
 42 | 
 43 | def getIndicesMatchingPattern(name):
 44 |     if name == '*' or name=='_all':
 45 |         raise Exception("Invalid Argument")
 46 | 
 47 |     print(name)
 48 |     url = "{}/{}".format(ES_HOSTS[0],name)
 49 |     print(url)
 50 |     r = requests.get(url)
 51 | 
 52 |     response = json.loads(r.content.decode('utf-8'))
 53 | 
 54 |     indices = []
 55 |     for k in response:
 56 |         indices.append(k)
 57 | 
 58 |     return indices
 59 | 
 60 | def delete_index_pattern(es, index):
 61 |     if not PERFORM_DELETE:
 62 |         print("NOT PERFORM INDEX DELETE DUE TO SETTINGS")
 63 |         return
 64 | 
 65 |     #Delete the Index 
 66 |     try:
 67 |         print("deleting indexes...")
 68 |         indices = getIndicesMatchingPattern(index)
 69 | 
 70 |         print(indices)
 71 |         time.sleep(3)
 72 | 
 73 |         for i in indices:
 74 |             if NOOP:
 75 |                 print("NOOP - Deleting Index {}".format(i))
 76 |             else:
 77 |                 print("[DELETE INDEX] Deleting Index {}".format(i))
 78 |                 print(es.indices.delete(index=i))
 79 |         print("done")
 80 |     except exceptions.NotFoundError as e:
 81 |         print("Index not found")
 82 | 
 83 | def delete_template(es, template):
 84 |     if not PERFORM_DELETE:
 85 |         print("NOT PERFORM TEMPLATE DELETE DUE TO SETTINGS")
 86 |         return
 87 |     #Delete the Template
 88 |     try:
 89 |         if NOOP:
 90 |             print("NOOP - Deleting Template {}".format(template))
 91 |         else:
 92 |             print("[DELETE TEMPLATE] Deleting Template {}".format(template))
 93 |             print(es.indices.delete_template(name=template))
 94 |     except exceptions.NotFoundError as e:
 95 |         print("Template not found")
 96 | 
 97 | def create_template(es,name,body):
 98 |     if NOOP:
 99 |         print("NOOP - Creating Template {}".format(name))
100 |     else:
101 |         print("[CREATE TEMPLATE] Creating Template {}".format(name))
102 |         print(es.indices.put_template(name=name, body=body))
103 | 
104 | 
105 | def dump_to_file(es, index, doc_type):
106 |     data = []
107 | 
108 |     query = {
109 |         "query" : {
110 |             "match_all" : {}
111 |         }
112 |     }
113 | 
114 |     results = scan(es,query=query,index=index,doc_type=doc_type)
115 | 
116 |     for i in results:
117 |         data.append(i)
118 | 
119 |     with open(index + "__" + doc_type + ".dat", 'w') as f:
120 |         f.write(json.dumps(data))
121 | 
122 | def delete_recreate(es, index, mapping):
123 |     delete_index_pattern(es, index + "*")
124 |     delete_template(es,index)
125 | 
126 |     create_template(es,name=index, body=mapping)
127 | 
128 | def import_from_file(es, index, doc_type):
129 |     with open(index + "__" + doc_type + ".dat", 'r') as f:
130 |         json_string = ""
131 |         for line in f:
132 |             json_string += line
133 | 
134 |         data = json.loads(json_string)
135 | 
136 |         count = 0
137 |         for i in data:
138 |             source = i['_source']
139 | 
140 |             source['editor'] = []
141 |             count += 1
142 |             print(es.index(index=index,doc_type=doc_type, body=source, id=i['_id']))
143 | 
144 |         print("{}.{} = {}".format(index,doc_type,count))
145 | 
146 | 
147 | 
148 | es = Elasticsearch(ES_HOSTS)
149 | 
150 | try:
151 |     STEP = sys.argv[1]
152 | except:
153 |     STEP = None
154 | 
155 | if not STEP:
156 |     exit("Usage {} <step>\nstep values\n\t1 - Export\n\t2 - Delete\n\t3 - Import".format(sys.argv[0]))
157 | 
158 | if STEP == "1":
159 |     dump_to_file(es, ES_PREFIX + "threat_actors","actor")
160 |     dump_to_file(es, ES_PREFIX + "threat_reports","report")
161 |     dump_to_file(es, ES_PREFIX + "threat_ttps","ttp")
162 | 
163 | elif STEP == "2":
164 |     delete_recreate(es, ES_PREFIX + "threat_actors", mappings_file.get_actor_mapping(ES_PREFIX))
165 |     delete_recreate(es, ES_PREFIX + "threat_reports",mappings_file.get_report_mapping(ES_PREFIX))
166 |     delete_recreate(es, ES_PREFIX + "threat_ttps", mappings_file.get_ttp_mapping(ES_PREFIX))
167 | 
168 | elif STEP == "3":
169 |     import_from_file(es, ES_PREFIX + "threat_actors","actor")
170 |     import_from_file(es, ES_PREFIX + "threat_reports","report")
171 |     import_from_file(es, ES_PREFIX + "threat_ttps","ttp")
172 | 
173 | else:
174 |     print("Invalid step '{}'".format(STEP))
175 | 
176 | 
177 | 


--------------------------------------------------------------------------------