update to the crtsh analyzer to fix my errors

TheHive-Project · Feb 19, 2019 · 7b69cfb · 7b69cfb
1 parent ac31aba
commit 7b69cfb
Showing 1 changed file with 29 additions and 15 deletions.
diff --git a/analyzers/Crtsh/crtshquery.py b/analyzers/Crtsh/crtshquery.py
@@ -32,30 +32,44 @@ def search(self, domain, wildcard=True):
         """
         rex = '\<TH\sclass="outer">SHA-1\(Certificate\)\</TH\>\s+\<TD\sclass="outer"\>([^\<]+)\</TD\>'
         base_url = "https://crt.sh/?q={}&output=json"
-        if wildcard:
-            domain = "%25.{}".format(domain)
         url = base_url.format(domain)
 
-        ua = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1'
+        ua = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36'
         req = requests.get(url, headers={'User-Agent': ua})
 
         if req.ok:
             try:
                 content = req.content.decode('utf-8')
                 data = json.loads(content.replace('}{', '},{'))
-		for c in data:
-                    det_url = 'https://crt.sh/?q={}&output=json'.format(c['min_cert_id'])
-                    det_req = requests.get(det_url, headers={'User-Agent': ua})
-                    if det_req.status_code == requests.codes.ok:
-                        det_con = det_req.content.decode('utf-8')
-                        sha1 = re.findall(rex, det_con)[0]
-                        c['sha1'] = sha1
-                    else:
-                        c['sha1'] = ''
-                return data
             except Exception as e:
-                self.error("Error retrieving information. {}".format(e))
-        return None
+                self.error("Error retrieving base domain information. {}".format(e))
+                return None
+
+        if wildcard:
+            url2 = base_url.format("%25{}.".format(domain))
+            req2 = requests.get(url2, headers={'User-Agent': ua})
+            if req2.ok:
+                try:
+                    content2 = req2.content.decode('utf-8')
+                    data2 = json.loads(content2.replace('}{', '},{'))
+                    data.extend(data2)
+                except Exception as e:
+                    self.error("Error retrieving wildcard information. {}".format(e))
+                    return None
+
+        for c in data:
+            det_url = 'https://crt.sh/?q={}&output=json'.format(c['min_cert_id'])
+            try:
+                det_req = requests.get(det_url, headers={'User-Agent': ua})
+                if det_req.status_code == requests.codes.ok:
+                    det_con = det_req.content.decode('utf-8')
+                    sha1 = re.findall(rex, det_con)[0]
+                    c['sha1'] = sha1
+                else:
+                    c['sha1'] = ''
+            except:
+                c['sha1'] = ''
+        return data
 
     def __init__(self):
         Analyzer.__init__(self)