Merge pull request #5 from JMousqueton/v2.1.0

V2.1.0
JMousqueton · Aug 21, 2022 · 9038fd6 · 9038fd6
2 parents 234289e + 7cf3f48
commit 9038fd6
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.0]
+
+## Changed
+
+- None
+
+## Add
+
+- Add Red Flag Domains as new source 
+
 ## [2.0.2]
 
 ## Changed

diff --git a/Config.txt b/Config.txt
@@ -101,4 +101,5 @@ ncc = 2022-08-19T14:30:21
 sans = 2022-08-20T21:51:02
 version = 2022-08-21T10:36:32
 icefire = 2022-08-20 09:50:02.102837
+redflagdomains = 2022-08-21
 
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@ TITB is a fork from [Threat Intelligence Discord Bot from vx-underground](https:
 
 > The vx-underground Threat Intelligence Discord Bot gets updates from various clearnet domains, ransomware threat actor domains This bot will check for updates in intervals of 1800 seconds.
 
-[![MIT License](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE) ![Version](https://img.shields.io/badge/version-2.0.2-blue.svg)  [![Twitter: JMousqueton](https://img.shields.io/twitter/follow/JMousqueton.svg?style=social)](https://twitter.com/JMousqueton) [![Last Run](https://github.com/JMousqueton/CTI-MSTeams-Bot/actions/workflows/fetchCTI.yml/badge.svg)](.github/workflows/fetchCTI.yml)  [![CodeQL](https://github.com/JMousqueton/CTI-MSTeams-Bot/actions/workflows/codeql-analysis.yml/badge.svg)](.github/workflows/codeql-analysis.yml) 
+[![MIT License](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE) ![Version](https://img.shields.io/badge/version-2.1.0-blue.svg)  [![Twitter: JMousqueton](https://img.shields.io/twitter/follow/JMousqueton.svg?style=social)](https://twitter.com/JMousqueton) [![Last Run](https://github.com/JMousqueton/CTI-MSTeams-Bot/actions/workflows/fetchCTI.yml/badge.svg)](.github/workflows/fetchCTI.yml)  [![CodeQL](https://github.com/JMousqueton/CTI-MSTeams-Bot/actions/workflows/codeql-analysis.yml/badge.svg)](.github/workflows/codeql-analysis.yml) 
 
 ## Description
 
@@ -31,6 +31,7 @@ The change I've made :
 * Add a [feedCheck.py](checkFeed.py) script to check the health of the feed from [Feed.csv](Feed.csv) file 
 * Add Options for command line [usage](#usage)
 * Check if a new version is available 
+* Add [new sources](#sources) 
 
 I've decided to remove the TelegramBot because it was not relevant for my needs. 
 
@@ -128,6 +129,7 @@ I've added the following sources :
 * NCC Group 
 * Microsoft Sentinel
 * SANS
+* [Red Flag Domains](https://red.flag.domains/) (for France)
 
 ## ToDo 
 

diff --git a/TeamsIntelBot.py b/TeamsIntelBot.py
@@ -4,22 +4,25 @@
 # Created By  : Julien Mousqueton @JMousqueton
 # Original By : VX-Underground 
 # Created Date: 22/08/2022
-# Version     : 2.0.2
+# Version     : 2.1
 # ---------------------------------------------------------------------------
 
 # ---------------------------------------------------------------------------
 # Imports 
 # ---------------------------------------------------------------------------
 import feedparser
-import time
+import time, requests
 import csv # Feed.csv
 import sys # Python version 
 import json # Ransomware feed via ransomwatch 
 from configparser import ConfigParser
-import requests
 import os # Webhook OS Variable and Github action 
 from os.path import exists
 from optparse import OptionParser
+import urllib.request
+#from urllib.parse import urlparse
+from bs4 import BeautifulSoup
+from datetime import datetime, timedelta
 
 # ---------------------------------------------------------------------------
 # Function to send MS-Teams card 
@@ -181,6 +184,52 @@ def GetRssFromUrl(RssItem):
         FileConfig.write(FileHandle)
 
 
+# ---------------------------------------------------------------------------
+# Function fetch Red Flag domains 
+# ---------------------------------------------------------------------------
+def GetRedFlagDomains():
+    now = datetime.now()
+    format = "%Y-%m-%d"
+    today = now.strftime(format)
+    yesterday = now - timedelta(days=1)
+    yesterday = yesterday.strftime(format)
+
+    try:
+        TmpObject = FileConfig.get('main',"redflagdomains")
+    except:
+        FileConfig.set('main', "redflagdomains", str(yesterday))
+        TmpObject = str(yesterday)
+
+    TmpObject = datetime.strptime(TmpObject, '%Y-%m-%d')
+    today = datetime.strptime(today, '%Y-%m-%d')
+
+    today = today.date()
+    TmpObject = TmpObject.date()
+
+    if(TmpObject < today):
+        FileConfig.set('main', "redflagdomains", str(today))
+        url="https://red.flag.domains/posts/"+ str(today) + "/"
+        try:
+            response = urllib.request.urlopen(url)
+            soup = BeautifulSoup(response, 
+                                'html.parser', 
+                                from_encoding=response.info().get_param('charset'))
+            response_status = response.status
+            if soup.findAll("meta", property="og:description"):
+                OutputMessage = soup.find("meta", property="og:description")["content"][4:].replace('[','').replace(']','')
+                Title = "🚩 Red Flag Domains créés ce jour (" +  str(today) + ")"
+                if options.Debug:
+                    print(Title)
+                else:
+                    Send_Teams(Url,OutputMessage.replace('\n','<br>'),Title)
+                    time.sleep(3)
+        except HTTPError as error:
+            response_status = error.code
+            pass 
+    with open(ConfigurationFilePath, 'w') as FileHandle:
+        FileConfig.write(FileHandle)
+
+
 # ---------------------------------------------------------------------------
 # Log  
 # ---------------------------------------------------------------------------
@@ -197,7 +246,7 @@ def CreateLogString(RssItem):
 # ---------------------------------------------------------------------------    
 if __name__ == '__main__':
     parser = OptionParser(usage="usage: %prog [options]",
-                          version="%prog 2.0.2")
+                          version="%prog 2.1.0")
     parser.add_option("-q", "--quiet",
                       action="store_true",
                       dest="Quiet",
@@ -240,3 +289,5 @@ def CreateLogString(RssItem):
     GetRansomwareUpdates()
     CreateLogString("Ransomware List")
 
+    GetRedFlagDomains()
+    CreateLogString("Red Flag Domain")
diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1,3 @@
 feedparser==6.0.10
-requests==2.28.1
+requests==2.28.1
+beautifulsoup4==4.11.1