npm - hawk-soar-app-urlscan-io - Versions diffs - 1.0.0 - Mend

hawk-soar-app-urlscan-io 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/index.js +155 -0
package/package.json +5 -0

package/index.js ADDED Viewed

@@ -0,0 +1,155 @@
+const fs = require('fs')
+const path = __dirname + '/package.json'
+const axios = require('axios')
+let data = fs.readFileSync(path, { encoding: 'utf8', flag: 'r' })
+let pkginfo = JSON.parse(data)
+function sleep(ms) {
+  return new Promise((resolve) => {
+    setTimeout(resolve, ms);
+  });
+}
+module.exports = {
+    ...pkginfo,
+    handler: function(db, socket, redisClient, request, message, exported) {
+        // socket handler
+      console.log('Inside hawk chatgpt handler')
+      console.log(socket)
+      let lmessage
+      let r
+      let data
+      if (!('route' in message)) {
+        lmessage = message
+        lmessage.status = false
+        lmessage.code = 404
+        lmessage.details = 'No cmd field has been specified, unable to continue.'
+        socket.send(JSON.stringify(lmessage))
+        return
+      }
+      if (request.session.userProfile.isAdmin == false && request.session.userProfile.isSOC == false) {
+        lmessage = message
+        lmessage.status = false
+        lmessage.code = 404
+        lmessage.details = 'User has invalid permissions for access; must have SOC or Admin privileges.'
+        socket.send(JSON.stringify(lmessage))
+        return
+      }
+      const cmd = camelize(message.route)
+      console.log(cmd)
+      switch (cmd) {
+        case 'search':
+          if (!('data' in message)) {
+            lmessage = message
+            lmessage.status = false
+            lmessage.code = 404
+            lmessage.details = `No data found in message: ${message.route}`
+            socket.send(JSON.stringify(lmessage))
+            return
+          }
+          r = message
+          module.exports.search(db, request.session, message.data, exported).then((x) => {
+            r.data = x
+            r.status = true
+            r.code = 200
+            console.log("Sending back results")
+            console.log(x)
+            r.details = `Successfully fetched results.`
+            socket.send(JSON.stringify(r))
+          })
+            .catch((e) => {
+              lmessage = message
+              lmessage.status = false
+              lmessage.code = 500
+              lmessage.details = e.toString()
+              socket.send(JSON.stringify(lmessage))
+            })
+          break
+        default:
+          lmessage = message
+          lmessage.status = false
+          lmessage.code = 404
+          lmessage.details = `No known route found matching ${message.route}`
+          socket.send(JSON.stringify(lmessage))
+          break
+      }
+    },
+    registerRoutes: function(app) {
+    },
+};
+const camelize = function (str) {
+  return str.replace(/(?:^\w|[A-Z]|\b\w|\s+)/g, (match, index) => {
+    if (+match === 0) return '' // or if (/\s+/.test(match)) for white spaces
+    return index === 0 ? match.toLowerCase() : match.toUpperCase()
+  })
+}
+module.exports.search = function(db, session, record, exported) {
+  // fetch the given credentials from vault, send err msg on failure
+  // on success make call for categories and severities.
+  console.log(record)
+  console.log('Fetching credential')
+  console.log(exported)
+  return exported['credentials.getCredential'](record.group_id, record.credential_id, record.token).then((x) => {
+    console.log("Caugth credential response from token")
+    console.log(x.data)
+    let xd = x.data
+    console.log(JSON.stringify(x.data))
+    if ('data' in xd && 'data' in xd.data && xd.data.data.tokenSecret) {
+      const tokenSecret = xd.data.data.tokenSecret
+      // fetch action info by id
+      return exported['actions.getEntry'](db, session, record.action_id).then((x) => {
+         console.log("Caught action entry")
+         console.log(x)
+         if (x.length == 0) throw new Error("No action vendor record found.")
+         const escData = x[0]
+        // Your urlscan.io API key
+        const apiKey = tokenSecret
+        // URLScan.io submission endpoint
+        const submissionUrl = 'https://urlscan.io/api/v1/scan/';
+        // Set up the request headers
+        const headers = {
+          'Content-Type': 'application/json',
+          'API-Key': apiKey,
+        };
+        // Set up the request body
+        const requestBody = {
+          url: record.body,
+          // Optionally, you can specify other parameters according to the API documentation
+        };
+        // Make the POST request to submit the URL for scanning
+        return axios.post(submissionUrl, requestBody, { headers })
+          .then(response => {
+            console.log('Submission successful:', response.data);
+            // The response will contain information about the scan, including a UUID and result URL
+            return response.data
+          })
+          .catch(error => {
+            console.error('Error submitting URL to urlscan.io:', error.response.data);
+            throw error.response.data
+          });
+      })
+    } else
+      throw new Error("Credential token failed to match, unable to fetch credential secret.")
+  })
+}

package/package.json ADDED Viewed

@@ -0,0 +1,5 @@
+{
+    "name": "hawk-soar-app-urlscan-io",
+    "version": "1.0.0",
+    "description": "Urlscan.io URL investigation app integration for HAWK.io SOAR"
+}