intelmq.bots.parsers.openphish package

Submodules

intelmq.bots.parsers.openphish.parser module

intelmq.bots.parsers.openphish.parser.BOT

alias of OpenPhishParserBot

class intelmq.bots.parsers.openphish.parser.OpenPhishParserBot(*args, **kwargs)

Bases: ParserBot

Parse the OpenPhish feed

process()

intelmq.bots.parsers.openphish.parser_commercial module

intelmq.bots.parsers.openphish.parser_commercial.BOT

alias of OpenPhishCommercialParserBot

class intelmq.bots.parsers.openphish.parser_commercial.OpenPhishCommercialParserBot(*args, **kwargs)

Bases: ParserBot

Parse the OpenPhish feed

List of source fields: [

‘asn’, ‘asn_name’, ‘brand’, ‘country_code’, ‘country_name’, ‘discover_time’, ‘emails’, ‘family_id’, ‘host’, ‘ip’, ‘isotime’, ‘page_language’, ‘phishing_kit’, ‘screenshot’, ‘sector’, ‘ssl_cert_issued_by’, ‘ssl_cert_issued_to’, ‘ssl_cert_serial’, ‘tld’, ‘url’,

]

parse(report: Report)

A JSON Stream parses (one JSON data structure per line)

parse_line(line, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

recover_line(line: dict) → str

Reverse of parse for JSON pulses.

Recovers a fully functional report with only the problematic pulse. Using a string as input here is not possible, as the input may span over multiple lines. Output is not identical to the input, but has the same content.

Parameters:

dict. (The line as) –

Returns:

The JSON-encoded line as string.

Return type:

str

Module contents