Merge pull request #30 from mpast/dev

Integrate Maltrail
mpast · Apr 24, 2021 · 1042ac8 · 1042ac8
2 parents 8bc6d93 + 6a24a9e
commit 1042ac8
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 6 deletions.
diff --git a/.env.example b/.env.example
@@ -14,8 +14,9 @@ DEFECTDOJO_URL=http://defectdojo:8080/finding/
 DEFECTDOJO_API_URL=http://defectdojo:8080/api/v2/
 DEFECTDOJO_API_KEY=DEFECTDOJO_API_KEY
 DEFECTDOJO_ENABLED=False
-MALWAREDB_ENABLED=False
+MALWARE_ENABLED=False
 MALWAREDB_URL=https://www.malwaredomainlist.com/mdlcsv.php
+MALTRAILDB_URL=https://raw.githubusercontent.com/stamparm/aux/master/maltrail-malware-domains.txt
 VIRUSTOTAL_ENABLED=False
 VIRUSTOTAL_URL=https://www.virustotal.com/
 VIRUSTOTAL_FILE_URL=https://www.virustotal.com/gui/file/

diff --git a/README.md b/README.md
@@ -84,7 +84,7 @@ It checks if there has been an scan of the APK and extract all its information.
 
 It is possible to upload the findings to the defect manager.
 
-#### MalwareDB
+#### MalwareDB & MaltrailDB
 
 It checks in the database if there are URLs in the APK that are related with Malware.
 
@@ -208,8 +208,9 @@ All the environment variables are in a `.env` file, there is an `.env.example` w
 ```py
 CWE_URL = env('CWE_URL', 'https://cwe.mitre.org/data/definitions/')
 
-MALWAREDB_ENABLED = env('MALWAREDB_ENABLED', True)
+MALWARE_ENABLED = env('MALWARE_ENABLED', True)
 MALWAREDB_URL = env('MALWAREDB_URL', 'https://www.malwaredomainlist.com/mdlcsv.php')
+MALTRAILDB_URL = env('MALTRAILDB_URL', 'https://raw.githubusercontent.com/stamparm/aux/master/maltrail-malware-domains.txt')
 
 VIRUSTOTAL_ENABLED = env('VIRUSTOTAL_ENABLED', False)
 VIRUSTOTAL_URL = env('VIRUSTOTAL_URL', 'https://www.virustotal.com/')

diff --git a/app/analysis.py b/app/analysis.py
@@ -261,7 +261,7 @@ def find_patterns(i, prev_line, line, name, dir, scan):
                         if "schemas.android.com" in line:
                             break
                         url = urllib.parse.urlsplit(match_str)
-                        if (settings.MALWAREDB_ENABLED):
+                        if (settings.MALWARE_ENABLED):
                             m = Malware.objects.get(url__icontains=url.netloc)
                     except Exception as e:
                         logger.error("not found " + match_str)

diff --git a/app/config/settings.py b/app/config/settings.py
@@ -57,6 +57,7 @@
 
 WSGI_APPLICATION = 'app.config.wsgi'
 
+DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
 
 SECRET_KEY = env("SECRET_KEY", "<SECRET_KEY>")
 
@@ -151,8 +152,9 @@
 # OTHER TOOLS
 CWE_URL = env('CWE_URL', 'https://cwe.mitre.org/data/definitions/')
 
-MALWAREDB_ENABLED = env('MALWAREDB_ENABLED', True)
+MALWARE_ENABLED = env('MALWARE_ENABLED', True)
 MALWAREDB_URL = env('MALWAREDB_URL', 'https://www.malwaredomainlist.com/mdlcsv.php')
+MALTRAILDB_URL = env('MALTRAILDB_URL', 'https://raw.githubusercontent.com/stamparm/aux/master/maltrail-malware-domains.txt')
 
 VIRUSTOTAL_ENABLED = env('VIRUSTOTAL_ENABLED', False)
 VIRUSTOTAL_URL = env('VIRUSTOTAL_URL', 'https://www.virustotal.com/')

diff --git a/app/fixtures/data.json b/app/fixtures/data.json