TheHive-Project · milesflo · Feb 8, 2020 · Feb 8, 2020 · Feb 9, 2020 · Feb 9, 2020
diff --git a/analyzers/AbuseIPDB/AbuseIPDB.json b/analyzers/AbuseIPDB/AbuseIPDB.json
@@ -1,6 +1,6 @@
 {
     "name": "AbuseIPDB",
-    "version": "1.0",
+    "version": "1.0.0",
     "author": "Matteo Lodi",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "AGPL-v3",

diff --git a/analyzers/AbuseIPDB/Dockerfile b/analyzers/AbuseIPDB/Dockerfile
@@ -0,0 +1,24 @@
+### AUTOGEN ###
+# THIS FILE IS UPDATED BY `utils/dockerfile_builder.py`
+# DO NOT EDIT IT DIRECTLY
+
+# Guessing base image from source code shebang
+FROM python:3-alpine
+
+LABEL author="Matteo Lodi" \
+      description="Determine whether an IP was reported or not as malicious by AbuseIPDB" \
+      license="AGPL-v3" \
+      source="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      title="AbuseIPDB" \
+      url="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      vendor="TheHive" \
+      version="1.0.0"
+
+WORKDIR /worker
+
+COPY . AbuseIPDB
+
+# Project determined to be Python, installing deps
+RUN pip install --no-cache-dir -r AbuseIPDB/requirements.txt
+
+ENTRYPOINT AbuseIPDB/abuseipdb.py
diff --git a/analyzers/Abuse_Finder/Abuse_Finder.json b/analyzers/Abuse_Finder/Abuse_Finder.json
@@ -1,11 +1,12 @@
 {
   "name": "Abuse_Finder",
-  "version": "3.0",
+  "version": "3.0.0",
   "author": "CERT-BDF",
   "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",
   "description": "Find abuse contacts associated with domain names, URLs, IPs and email addresses.",
   "dataTypeList": ["ip", "domain", "fqdn", "url", "mail"],
   "baseConfig": "Abuse_Finder",
-  "command": "Abuse_Finder/abusefinder.py"
+  "command": "Abuse_Finder/abusefinder.py",
+  "dockerImage": "cortexneurons/abuseipdb:1"
 }
diff --git a/analyzers/Abuse_Finder/Dockerfile b/analyzers/Abuse_Finder/Dockerfile
@@ -1,6 +1,24 @@
-FROM python:3
+### AUTOGEN ###
+# THIS FILE IS UPDATED BY `utils/dockerfile_builder.py`
+# DO NOT EDIT IT DIRECTLY
+
+# Guessing base image from source code shebang
+FROM python:3-alpine
+
+LABEL author="CERT-BDF" \
+      description="Find abuse contacts associated with domain names, URLs, IPs and email addresses." \
+      license="AGPL-V3" \
+      source="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      title="Abuse_Finder" \
+      url="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      vendor="TheHive" \
+      version="3.0.0"
 
 WORKDIR /worker
+
 COPY . Abuse_Finder
+
+# Project determined to be Python, installing deps
 RUN pip install --no-cache-dir -r Abuse_Finder/requirements.txt
-ENTRYPOINT Abuse_Finder/abusefinder.py
+
+ENTRYPOINT Abuse_Finder/abusefinder.py
diff --git a/analyzers/Abuse_Finder/requirements.txt b/analyzers/Abuse_Finder/requirements.txt
@@ -1,2 +1,4 @@
 cortexutils
+future
 abuse_finder
+pythonwhois==2.2.2
diff --git a/...utofocus/AUTOFOCUS_GetSampleAnalysis.json → ...utoFocus/AutoFocus_GetSampleAnalysis.json b/...utofocus/AUTOFOCUS_GetSampleAnalysis.json → ...utoFocus/AutoFocus_GetSampleAnalysis.json
@@ -1,20 +1,20 @@
 {
-    "name": "AUTOFOCUS_GetSampleAnalysis",
-    "version": "1.0",
+    "name": "AutoFocus_GetSampleAnalysis",
+    "version": "1.0.0",
     "author": "ANSSI",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "AGPL-V3",
-    "baseConfig": "Autofocus",
+    "baseConfig": "AutoFocus",
     "config": {
         "service": "get_sample_analysis"
     },
     "description": "Get full analysis from a sample based on its hash",
     "dataTypeList": ["hash"],
-    "command": "Autofocus/analyzer.py",
+    "command": "AutoFocus/analyzer.py",
     "configurationItems": [
         {
           "name": "apikey",
-          "description": "Autofocus API key",
+          "description": "AutoFocus API key",
           "type": "string",
           "multi": false,
           "required": true

diff --git a/analyzers/Autofocus/AUTOFOCUS_SearchIOC.json → analyzers/AutoFocus/AutoFocus_SearchIOC.json b/analyzers/Autofocus/AUTOFOCUS_SearchIOC.json → analyzers/AutoFocus/AutoFocus_SearchIOC.json
@@ -1,20 +1,20 @@
 {
-    "name": "AUTOFOCUS_SearchIOC",
-    "version": "1.0",
+    "name": "AutoFocus_SearchIOC",
+    "version": "1.0.0",
     "author": "ANSSI",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "AGPL-V3",
-    "baseConfig": "Autofocus",
+    "baseConfig": "AutoFocus",
     "config": {
         "service": "search_ioc"
     },
-    "description": "Search samples in Autofocus based on a single IOC",
+    "description": "Search samples in AutoFocus based on a single IOC",
     "dataTypeList": ["domain","fqdn","user-agent","imphash","ip","mutex","tag","url"],
-    "command": "Autofocus/analyzer.py",
+    "command": "AutoFocus/analyzer.py",
     "configurationItems": [
         {
           "name": "apikey",
-          "description": "Autofocus API key",
+          "description": "AutoFocus API key",
           "type": "string",
           "multi": false,
           "required": true

diff --git a/...yzers/Autofocus/AUTOFOCUS_SearchJSON.json → ...yzers/AutoFocus/AutoFocus_SearchJSON.json b/...yzers/Autofocus/AUTOFOCUS_SearchJSON.json → ...yzers/AutoFocus/AutoFocus_SearchJSON.json
@@ -1,20 +1,20 @@
 {
-    "name": "AUTOFOCUS_SearchJSON",
-    "version": "1.0",
+    "name": "AutoFocus_SearchJSON",
+    "version": "1.0.0",
     "author": "ANSSI",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "AGPL-V3",
-    "baseConfig": "Autofocus",
+    "baseConfig": "AutoFocus",
     "config": {
         "service": "search_json"
     },
-    "description": "Search samples in Autofocus with a full search query in JSON",
+    "description": "Search samples in AutoFocus with a full search query in JSON",
     "dataTypeList": ["other"],
-    "command": "Autofocus/analyzer.py",
+    "command": "AutoFocus/analyzer.py",
     "configurationItems": [
         {
           "name": "apikey",
-          "description": "Autofocus API key",
+          "description": "AutoFocus API key",
           "type": "string",
           "multi": false,
           "required": true

diff --git a/analyzers/AutoFocus/Dockerfile b/analyzers/AutoFocus/Dockerfile
@@ -0,0 +1,25 @@
+### AUTOGEN ###
+# THIS FILE IS UPDATED BY `utils/dockerfile_builder.py`
+# DO NOT EDIT IT DIRECTLY
+
+# Guessing base image from source code shebang
+FROM python:3-alpine
+
+RUN apk add --no-cache gcc git musl-dev
+
+LABEL author="ANSSI" \
+      license="AGPL-V3" \
+      source="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      title="AutoFocus" \
+      url="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      vendor="TheHive" \
+      version="1.0.0"
+
+WORKDIR /worker
+
+COPY . AutoFocus
+
+# Project determined to be Python, installing deps
+RUN pip install --no-cache-dir -r AutoFocus/requirements.txt
+
+ENTRYPOINT AutoFocus/analyzer.py
diff --git a/analyzers/Autofocus/analyzer.py → analyzers/AutoFocus/analyzer.py b/analyzers/Autofocus/analyzer.py → analyzers/AutoFocus/analyzer.py
@@ -128,14 +128,14 @@ def run(self):
             records = self.execute_autofocus_service()
             self.report(records)
 
-        except AFSampleAbsent as e: # Sample not in Autofocus
-            self.error('Unknown sample in Autofocus')
+        except AFSampleAbsent as e: # Sample not in AutoFocus
+            self.error('Unknown sample in AutoFocus')
         except AFServerError as e: # Server error
             self.unexpectedError(e)
         except AFClientError as e: # Client error
             self.unexpectedError(e)
         except Exception: # Unknown error
-            self.unexpectedError("Unknown error while running Autofocus analyzer")
+            self.unexpectedError("Unknown error while running AutoFocus analyzer")
 
 if __name__ == '__main__':
     AutoFocusAnalyzer().run()
diff --git a/analyzers/Autofocus/requirements.txt → analyzers/AutoFocus/requirements.txt b/analyzers/Autofocus/requirements.txt → analyzers/AutoFocus/requirements.txt
diff --git a/analyzers/BackscatterIO/BackscatterIO_Enrichment.json b/analyzers/BackscatterIO/BackscatterIO_Enrichment.json
@@ -1,6 +1,6 @@
 {
     "name": "BackscatterIO_Enrichment",
-    "version": "1.0",
+    "version": "1.0.0",
     "author": "brandon@backscatter.io",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "APLv2",

diff --git a/analyzers/BackscatterIO/BackscatterIO_GetObservations.json b/analyzers/BackscatterIO/BackscatterIO_GetObservations.json
@@ -1,6 +1,6 @@
 {
     "name": "BackscatterIO_GetObservations",
-    "version": "1.0",
+    "version": "1.0.0",
     "author": "brandon@backscatter.io",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "APLv2",

diff --git a/analyzers/BackscatterIO/Dockerfile b/analyzers/BackscatterIO/Dockerfile
@@ -0,0 +1,23 @@
+### AUTOGEN ###
+# THIS FILE IS UPDATED BY `utils/dockerfile_builder.py`
+# DO NOT EDIT IT DIRECTLY
+
+# Guessing base image from source code shebang
+FROM python:3-alpine
+
+LABEL author="brandon@backscatter.io" \
+      license="APLv2" \
+      source="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      title="BackscatterIO" \
+      url="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      vendor="TheHive" \
+      version="1.0.0"
+
+WORKDIR /worker
+
+COPY . BackscatterIO
+
+# Project determined to be Python, installing deps
+RUN pip install --no-cache-dir -r BackscatterIO/requirements.txt
+
+ENTRYPOINT BackscatterIO/backscatter-io.py
diff --git a/analyzers/C1fApp/.gitignore b/analyzers/C1fApp/.gitignore
@@ -0,0 +1 @@
+input
diff --git a/analyzers/C1fApp/C1fApp_osint.json b/analyzers/C1fApp/C1fApp_osint.json
@@ -1,6 +1,6 @@
 {
     "name": "C1fApp",
-    "version": "1.0",
+    "version": "1.0.0",
     "author": "etz69",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/C1fApp/Dockerfile b/analyzers/C1fApp/Dockerfile
@@ -0,0 +1,24 @@
+### AUTOGEN ###
+# THIS FILE IS UPDATED BY `utils/dockerfile_builder.py`
+# DO NOT EDIT IT DIRECTLY
+
+# Guessing base image from source code shebang
+FROM python:3-alpine
+
+LABEL author="etz69" \
+      description="Query C1fApp OSINT Aggregator for IPs, domains and URLs" \
+      license="AGPL-V3" \
+      source="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      title="C1fApp" \
+      url="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      vendor="TheHive" \
+      version="1.0.0"
+
+WORKDIR /worker
+
+COPY . C1fApp
+
+# Project determined to be Python, installing deps
+RUN pip install --no-cache-dir -r C1fApp/requirements.txt
+
+ENTRYPOINT C1fApp/cifquery.py
diff --git a/analyzers/C1fApp/README b/analyzers/C1fApp/README
@@ -13,7 +13,7 @@ C1fApp {
 
 To test the analyzer from cmdline
 
-python cifquery.py < input
+python3 cifquery.py < input
 
 Testing
 --------

diff --git a/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json b/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json
@@ -3,7 +3,7 @@
   "author": "Nils Kuhnert, CERT-Bund",
   "license": "AGPL-V3",
   "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-  "version": "2.0",
+  "version": "2.0.0",
   "description": "Checks CERT.at Passive DNS for a given domain.",
   "dataTypeList": ["domain", "fqdn", "ip"],
   "baseConfig": "CERTatPassiveDNS",

diff --git a/analyzers/CERTatPassiveDNS/Dockerfile b/analyzers/CERTatPassiveDNS/Dockerfile
@@ -0,0 +1,24 @@
+### AUTOGEN ###
+# THIS FILE IS UPDATED BY `utils/dockerfile_builder.py`
+# DO NOT EDIT IT DIRECTLY
+
+# Guessing base image from source code shebang
+FROM python:3-alpine
+
+LABEL author="Nils Kuhnert, CERT-Bund" \
+      description="Checks CERT.at Passive DNS for a given domain." \
+      license="AGPL-V3" \
+      source="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      title="CERTatPassiveDNS" \
+      url="https://github.com/BSI-CERT-Bund/cortex-analyzers" \
+      vendor="TheHive" \
+      version="2.0.0"
+
+WORKDIR /worker
+
+COPY . CERTatPassiveDNS
+
+# Project determined to be Python, installing deps
+RUN pip install --no-cache-dir -r CERTatPassiveDNS/requirements.txt
+
+ENTRYPOINT CERTatPassiveDNS/certat_passivedns.py
diff --git a/analyzers/CIRCLPassiveDNS/CIRCLPassiveDNS.json b/analyzers/CIRCLPassiveDNS/CIRCLPassiveDNS.json
@@ -3,7 +3,7 @@
   "author": "Nils Kuhnert, CERT-Bund",
   "license": "AGPL-V3",
   "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-  "version": "2.0",
+  "version": "2.0.0",
   "description": "Check CIRCL's Passive DNS for a given domain or URL.",
   "dataTypeList": ["domain", "url", "ip"],
   "baseConfig": "CIRCL",

diff --git a/analyzers/CIRCLPassiveDNS/Dockerfile b/analyzers/CIRCLPassiveDNS/Dockerfile
@@ -0,0 +1,24 @@
+### AUTOGEN ###
+# THIS FILE IS UPDATED BY `utils/dockerfile_builder.py`
+# DO NOT EDIT IT DIRECTLY
+
+# Guessing base image from source code shebang
+FROM python:3-alpine
+
+LABEL author="Nils Kuhnert, CERT-Bund" \
+      description="Check CIRCL's Passive DNS for a given domain or URL." \
+      license="AGPL-V3" \
+      source="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      title="CIRCLPassiveDNS" \
+      url="https://github.com/BSI-CERT-Bund/cortex-analyzers" \
+      vendor="TheHive" \
+      version="2.0.0"
+
+WORKDIR /worker
+
+COPY . CIRCLPassiveDNS
+
+# Project determined to be Python, installing deps
+RUN pip install --no-cache-dir -r CIRCLPassiveDNS/requirements.txt
+
+ENTRYPOINT CIRCLPassiveDNS/circl_passivedns.py
diff --git a/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json b/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json
@@ -3,7 +3,7 @@
   "author": "Nils Kuhnert, CERT-Bund",
   "license": "AGPL-V3",
   "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-  "version": "2.0",
+  "version": "2.0.0",
   "description": "Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash.",
   "dataTypeList": ["ip", "certificate_hash", "hash"],
   "baseConfig": "CIRCL",

diff --git a/analyzers/CIRCLPassiveSSL/Dockerfile b/analyzers/CIRCLPassiveSSL/Dockerfile
@@ -0,0 +1,24 @@
+### AUTOGEN ###
+# THIS FILE IS UPDATED BY `utils/dockerfile_builder.py`
+# DO NOT EDIT IT DIRECTLY
+
+# Guessing base image from source code shebang
+FROM python:3-alpine
+
+LABEL author="Nils Kuhnert, CERT-Bund" \
+      description="Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash." \
+      license="AGPL-V3" \
+      source="https://github.com/TheHive-Project/Cortex-Analyzers" \
+      title="CIRCLPassiveSSL" \
+      url="https://github.com/BSI-CERT-Bund/cortex-analyzers" \
+      vendor="TheHive" \
+      version="2.0.0"
+
+WORKDIR /worker
+
+COPY . CIRCLPassiveSSL
+
+# Project determined to be Python, installing deps
+RUN pip install --no-cache-dir -r CIRCLPassiveSSL/requirements.txt
+
+ENTRYPOINT CIRCLPassiveSSL/circl_passivessl.py
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,7 +13,7 @@ C1fApp { @@
     To test the analyzer from cmdline
-    python cifquery.py < input
+    python3 cifquery.py < input
     Testing
     --------
@@ Expand Down @@