pymisp 2.5.3__py3-none-any.whl → 2.5.7__py3-none-any.whl

examples/add_attributes_from_csv.py

@@ -0,0 +1,74 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import csv
+from pymisp import PyMISP
+from pymisp import ExpandedPyMISP, MISPAttribute
+from keys import misp_url, misp_key, misp_verifycert
+from requests.packages.urllib3.exceptions import InsecureRequestWarning
+import argparse
+import urllib3
+import requests
+requests.packages.urllib3.disable_warnings() 
+
+
+"""
+
+Sample usage:
+
+python3 add_filetype_object_from_csv.py -e <Event_UUID> -f <formated_file_with_attributes>.csv
+
+
+Attribute CSV file (aach line is an entry):
+
+value;category;type;comment;to_ids;first_seen;last_seen;tag1;tag2
+test.pdf;Payload delivery;filename;Email attachment;0;1970-01-01;1970-01-01;tlp:green;ransomware
+127.0.0.1;Network activity;ip-dst;C2 server;1;;;tlp:white;
+
+value = IOC's value
+category = its MISP category (https://www.circl.lu/doc/misp/categories-and-types/)
+type = its MISP type (https://www.circl.lu/doc/misp/categories-and-types/)
+comment = IOC's description
+to_ids = Boolean expected (0 = IDS flag not checked // 1 = IDS flag checked)
+first_seen = First seen date, if any (left empty if not)
+last_seen = Last seen date, if any (left empty if not)
+tag = IOC tag, if any 
+
+"""
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Add attributes to a MISP event from a semi-colon formated csv file')
+    parser.add_argument("-e", "--event_uuid", required=True, help="Event UUID to update")
+    parser.add_argument("-f", "--attr_file", required=True, help="Attribute CSV file path")
+    args = parser.parse_args()
+
+    pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
+
+    f = open(args.attr_file, newline='')
+    csv_reader = csv.reader(f, delimiter=";")
+
+    for line in csv_reader:
+       value = line[0]
+       category = line[1]
+       type = line[2]
+       comment = line[3]
+       ids = line[4]
+       fseen = line[5]
+       lseen = line[6]
+       tags = line[7:]
+
+       misp_attribute = MISPAttribute()
+       misp_attribute.value = str(value)
+       misp_attribute.category = str(category)
+       misp_attribute.type = str(type)
+       misp_attribute.comment = str(comment)
+       misp_attribute.to_ids = str(ids)
+       if fseen != '':
+          misp_attribute.first_seen = str(fseen)
+       if lseen != '':
+          misp_attribute.last_seen = str(lseen)
+       for x in tags:
+            misp_attribute.add_tag(x)
+       r = pymisp.add_attribute(args.event_uuid, misp_attribute)
+       print(line)
+    print("\nAttributes successfully saved :)")

examples/add_email_object.py

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+
+from pymisp import PyMISP
+from pymisp.tools import EMailObject
+import traceback
+from keys import misp_url, misp_key, misp_verifycert  # type: ignore
+import glob
+import argparse
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Extract indicators out of binaries and add MISP objects to a MISP instance.')
+    parser.add_argument("-e", "--event", required=True, help="Event ID to update.")
+    parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
+    args = parser.parse_args()
+
+    pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True)
+
+    for f in glob.glob(args.path):
+        try:
+            eo = EMailObject(f)
+        except Exception:
+            traceback.print_exc()
+            continue
+
+        if eo:
+            response = pymisp.add_object(args.event, eo, pythonify=True)
+            for ref in eo.ObjectReference:
+                r = pymisp.add_object_reference(ref)

examples/add_fail2ban_object.py

@@ -0,0 +1,86 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from pymisp import ExpandedPyMISP, MISPEvent
+from pymisp.tools import Fail2BanObject
+import argparse
+from base64 import b64decode
+from io import BytesIO
+import os
+from datetime import date, datetime
+from dateutil.parser import parse
+
+
+try:
+    from keys import misp_url, misp_key, misp_verifycert
+except Exception:
+    misp_url = 'URL'
+    misp_key = 'AUTH_KEY'
+    misp_verifycert = True
+
+
+def create_new_event():
+    me = MISPEvent()
+    me.info = "Fail2Ban blocking"
+    me.add_tag(args.tag)
+    start = datetime.now()
+    me.add_attribute('datetime', start.isoformat(), comment='Start Time')
+    return me
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Add Fail2ban object.')
+    parser.add_argument("-b", "--banned_ip", required=True, help="Banned IP address.")
+    parser.add_argument("-a", "--attack_type", required=True, help="Type of attack.")
+    parser.add_argument("-t", "--tag", required=True, help="Tag to search on MISP.")
+    parser.add_argument("-p", "--processing_timestamp", help="Processing timestamp.")
+    parser.add_argument("-f", "--failures", help="Amount of failures that lead to the ban.")
+    parser.add_argument("-s", "--sensor", help="Sensor identifier.")
+    parser.add_argument("-v", "--victim", help="Victim identifier.")
+    parser.add_argument("-l", "--logline", help="Logline (base64 encoded).")
+    parser.add_argument("-F", "--logfile", help="Path to a logfile to attach.")
+    parser.add_argument("-n", "--force_new", action='store_true', default=False, help="Force new MISP event.")
+    parser.add_argument("-d", "--disable_new", action='store_true', default=False, help="Do not create a new Event.")
+    args = parser.parse_args()
+
+    pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
+    event_id = -1
+    me = None
+    if args.force_new:
+        me = create_new_event()
+    else:
+        response = pymisp.search_index(tags=args.tag, timestamp='1h', pythonify=True)
+        if response:
+            if args.disable_new:
+                event_id = response[0].id
+            else:
+                last_event_date = parse(response[0].date).date()
+                nb_attr = response[0].attribute_count
+                if last_event_date < date.today() or int(nb_attr) > 1000:
+                    me = create_new_event()
+                else:
+                    event_id = response[0].id
+        else:
+            me = create_new_event()
+
+    parameters = {'banned-ip': args.banned_ip, 'attack-type': args.attack_type}
+    if args.processing_timestamp:
+        parameters['processing-timestamp'] = args.processing_timestamp
+    if args.failures:
+        parameters['failures'] = args.failures
+    if args.sensor:
+        parameters['sensor'] = args.sensor
+    if args.victim:
+        parameters['victim'] = args.victim
+    if args.logline:
+        parameters['logline'] = b64decode(args.logline).decode()
+    if args.logfile:
+        with open(args.logfile, 'rb') as f:
+            parameters['logfile'] = {'value': os.path.basename(args.logfile),
+                                     'data': BytesIO(f.read())}
+    f2b = Fail2BanObject(parameters=parameters, standalone=False)
+    if me:
+        me.add_object(f2b)
+        pymisp.add_event(me)
+    elif event_id:
+        a = pymisp.add_object(event_id, f2b)

examples/add_feed.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import ExpandedPyMISP, MISPFeed
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Add a feed')
+    parser.add_argument("-f", "--format", required=True, choices=['misp', 'csv', 'freetext'], help="Feed source format")
+    parser.add_argument("-u", "--url", required=True, help="URL, or local path")
+    parser.add_argument("-n", "--name", required=True, help="Name of the feed")
+    parser.add_argument("-i", "--input", required=True, choices=['local', 'network'], help="URL, or local path")
+    parser.add_argument("-p", "--provider", required=True, help="Provider name")
+    args = parser.parse_args()
+
+    pm = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
+    feed = MISPFeed()
+    feed.format = args.format
+    feed.url = args.url
+    feed.name = args.name
+    feed.input = args.input
+    feed.provider = args.provider
+    response = pm.add_feed(feed, pythonify=True)
+    print(response.to_json())

examples/add_file_object.py

@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from pymisp.tools import make_binary_objects
+import traceback
+from keys import misp_url, misp_key, misp_verifycert
+import glob
+import argparse
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Extract indicators out of binaries and add MISP objects to a MISP instance.')
+    parser.add_argument("-e", "--event", required=True, help="Event ID to update.")
+    parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
+    args = parser.parse_args()
+
+    pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
+
+    for f in glob.glob(args.path):
+        try:
+            fo, peo, seos = make_binary_objects(f)
+        except Exception:
+            traceback.print_exc()
+            continue
+
+        if seos:
+            for s in seos:
+                r = pymisp.add_object(args.event, s)
+
+        if peo:
+            if hasattr(peo, 'certificates') and hasattr(peo, 'signers'):
+                # special authenticode case for PE objects
+                for c in peo.certificates:
+                    pymisp.add_object(args.event, c, pythonify=True)
+                for s in peo.signers:
+                    pymisp.add_object(args.event, s, pythonify=True)
+                del peo.certificates
+                del peo.signers
+            del peo.sections
+            r = pymisp.add_object(args.event, peo, pythonify=True)
+            for ref in peo.ObjectReference:
+                r = pymisp.add_object_reference(ref)
+
+        if fo:
+            response = pymisp.add_object(args.event, fo, pythonify=True)
+            for ref in fo.ObjectReference:
+                r = pymisp.add_object_reference(ref)

examples/add_filetype_object_from_csv.py

@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import csv
+from pymisp import ExpandedPyMISP, MISPObject
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+
+
+"""
+
+Sample usage:
+
+python3 ./add_filetype_object_from_csv.py -e 77bcc9f4-21a8-4252-9353-f4615d6121e3 -f ./attributes.csv
+
+
+Attribute csv file (2 lines. Each line will be a file MISP Object):
+
+test.pdf;6ff19f8b680df260883d61d7c00db14a8bc57aa0;ea307d60ad0bd1df83ab5119df0bf638;b6c9903c9c38400345ad21faa2df50211d8878c96079c43ae64f35b17c9f74a1
+test2.xml;0dcef3d68f43e2badb0bfe3d47fd19633264cd1d;15f453625882f6123e239c9ce2b0fe24;b064514fcc52a769e064c4d61ce0c554fbc81e446af31dddac810879a5ca5b17
+
+"""
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Create a file type MISP Object starting from attributes in a csv file')
+    parser.add_argument("-e", "--event_uuid", required=True, help="Event UUID to update")
+    parser.add_argument("-f", "--attr_file", required=True, help="Attribute CSV file path")
+    args = parser.parse_args()
+
+    pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
+
+    f = open(args.attr_file, newline='')
+    csv_reader = csv.reader(f, delimiter=";")
+
+    for line in csv_reader:
+       filename = line[0]
+       sha1 = line[1]
+       md5 = line[2]
+       sha256 = line[3]
+
+       misp_object = MISPObject(name='file', filename=filename)
+       obj1 = misp_object.add_attribute("filename", value = filename)
+       obj1.add_tag('tlp:green')
+       obj2 = misp_object.add_attribute("sha1", value = sha1)
+       obj2.add_tag('tlp:amber')
+       obj3 = misp_object.add_attribute("md5", value = md5)
+       obj3.add_tag('tlp:amber')
+       obj4 = misp_object.add_attribute("sha256", value = sha256)
+       obj4.add_tag('tlp:amber')
+       r = pymisp.add_object(args.event_uuid, misp_object)
+       print(line)
+    print("\nObjects created :)")

examples/add_generic_object.py

@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+import json
+from pymisp import ExpandedPyMISP
+from pymisp.tools import GenericObjectGenerator
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+
+"""
+Sample usage:
+./add_generic_object.py -e 5065 -t email -l '[{"to": "undisclosed@ppp.com"}, {"to": "second.to@mail.com"}]'
+"""
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Create a MISP Object selectable by type starting from a dictionary')
+    parser.add_argument("-e", "--event", required=True, help="Event ID to update")
+    parser.add_argument("-t", "--type", required=True, help="Type of the generic object")
+    parser.add_argument("-l", "--attr_list", required=True, help="List of attributes")
+    args = parser.parse_args()
+
+    pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
+
+    misp_object = GenericObjectGenerator(args.type.replace("|", "-"))
+    misp_object.generate_attributes(json.loads(args.attr_list))
+    r = pymisp.add_object(args.event, misp_object)

examples/add_github_user.py

@@ -0,0 +1,65 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from pymisp import MISPObject
+from pymisp.tools import update_objects
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+import requests
+import sys
+
+
+"""
+
+usage: add_github_user.py [-h] -e EVENT [-f] -u USERNAME
+
+Fetch GitHub user details and add it in object in MISP
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -e EVENT, --event EVENT
+                        Event ID to update
+  -f, --force-template-update
+  -u USERNAME, --username USERNAME
+                        GitHub username to add
+"""
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Fetch GitHub user details and add it in object in MISP')
+    parser.add_argument("-e", "--event", required=True, help="Event ID to update")
+    parser.add_argument("-f", "--force-template-update", required=False, action="store_true")
+    parser.add_argument("-u", "--username", required=True, help="GitHub username to add")
+    args = parser.parse_args()
+
+    r = requests.get("https://api.github.com/users/{}".format(args.username))
+    if r.status_code != 200:
+        sys.exit("HTTP return is {} and not 200 as expected".format(r.status_code))
+    if args.force_template_update:
+        print("Updating MISP Object templates...")
+        update_objects()
+    pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
+
+    misp_object = MISPObject(name="github-user")
+    github_user = r.json()
+    rfollowers = requests.get(github_user['followers_url'])
+    followers = rfollowers.json()
+    rfollowing = requests.get("https://api.github.com/users/{}/following".format(args.username))
+    followings = rfollowing.json()
+    rkeys = requests.get("https://api.github.com/users/{}/keys".format(args.username))
+    keys = rkeys.json()
+    misp_object.add_attributes("follower", *[follower['login'] for follower in followers])
+    misp_object.add_attributes("following", *[following['login'] for following in followings])
+    misp_object.add_attributes("ssh-public-key", *[sshkey['key'] for sshkey in keys])
+    misp_object.add_attribute('bio', github_user['bio'])
+    misp_object.add_attribute('link', github_user['html_url'])
+    misp_object.add_attribute('user-fullname', github_user['name'])
+    misp_object.add_attribute('username', github_user['login'])
+    misp_object.add_attribute('twitter_username', github_user['twitter_username'])
+    misp_object.add_attribute('location', github_user['location'])
+    misp_object.add_attribute('company', github_user['company'])
+    misp_object.add_attribute('public_gists', github_user['public_gists'])
+    misp_object.add_attribute('public_repos', github_user['public_repos'])
+    misp_object.add_attribute('blog', github_user['blog'])
+    misp_object.add_attribute('node_id', github_user['node_id'])
+    retcode = pymisp.add_object(args.event, misp_object)

examples/add_gitlab_user.py

@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from pymisp import MISPObject
+from pymisp.tools import update_objects
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+import requests
+import sys
+
+"""
+usage: add_gitlab_user.py [-h] -e EVENT [-f] -u USERNAME [-l LINK]
+
+Fetch GitLab user details and add it in object in MISP
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -e EVENT, --event EVENT
+                        Event ID to update
+  -f, --force-template-update
+  -u USERNAME, --username USERNAME
+                        GitLab username to add
+  -l LINK, --link LINK  Url to access the GitLab instance, Default is
+                        www.gitlab.com.
+"""
+
+default_url = "http://www.gitlab.com/"
+
+parser = argparse.ArgumentParser(description='Fetch GitLab user details and add it in object in MISP')
+parser.add_argument("-e", "--event", required=True, help="Event ID to update")
+parser.add_argument("-f", "--force-template-update", required=False, action="store_true")
+parser.add_argument("-u", "--username", required=True, help="GitLab username to add")
+parser.add_argument("-l", "--link", required=False, help="Url to access the GitLab instance, Default is www.gitlab.com.", default=default_url)
+args = parser.parse_args()
+
+
+r = requests.get("{}api/v4/users?username={}".format(args.link, args.username))
+if r.status_code != 200:
+    sys.exit("HTTP return is {} and not 200 as expected".format(r.status_code))
+if args.force_template_update:
+    print("Updating MISP Object templates...")
+    update_objects()
+
+gitlab_user = r.json()[0]
+pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
+print(gitlab_user)
+
+misp_object = MISPObject(name="gitlab-user")
+misp_object.add_attribute('username', gitlab_user['username'])
+misp_object.add_attribute('id', gitlab_user['id'])
+misp_object.add_attribute('name', gitlab_user['name'])
+misp_object.add_attribute('state', gitlab_user['state'])
+misp_object.add_attribute('avatar_url', gitlab_user['avatar_url'])
+misp_object.add_attribute('web_url', gitlab_user['web_url'])
+retcode = pymisp.add_object(args.event, misp_object)

examples/add_named_attribute.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import ExpandedPyMISP
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+
+# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
+try:
+    input = raw_input
+except NameError:
+    pass
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Add an attribute to an event')
+    parser.add_argument("-e", "--event", help="The id, uuid or json of the event to update.")
+    parser.add_argument("-t", "--type", help="The type of the added attribute")
+    parser.add_argument("-v", "--value", help="The value of the attribute")
+    args = parser.parse_args()
+
+    misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
+
+    event = misp.add_attribute(args.event, {'type': args.type, 'value': args.value}, pythonify=True)
+    print(event)

examples/add_organisations.py

@@ -0,0 +1,57 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import ExpandedPyMISP, MISPOrganisation, MISPSharingGroup
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+import csv
+
+
+# Suppress those "Unverified HTTPS request is being made"
+import urllib3
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Add organizations from a CSV file')
+    parser.add_argument("-c", "--csv-import", required=True, help="The CSV file containing the organizations. Format 'orgname,nationality,sector,type,contacts,uuid,local,sharingroup_uuid'")
+    args = parser.parse_args()
+
+    misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
+
+    # CSV format
+    #   orgname,nationality,sector,type,contacts,uuid,local,sharingroup
+    with open(args.csv_import) as csv_file:
+        count_orgs = 0
+        csv_reader = csv.reader(csv_file, delimiter=',')
+        for row in csv_reader:
+
+            org = MISPOrganisation()
+            org.name = row[0]
+            print("Process {}".format(org.name))
+            org.nationality = row[1]
+            org.sector = row[2]
+            org.type = row[3]
+            org.contacts = row[4]
+            org.uuid = row[5]
+            org.local = row[6]
+
+            add_org = misp.add_organisation(org, pythonify=True)
+
+            if 'errors' in add_org:
+                print(add_org['errors'])
+            else:
+                count_orgs = count_orgs + 1
+                org_uuid = add_org.uuid
+
+                if org_uuid:
+                    sharinggroup = MISPSharingGroup()
+                    sharinggroup_uuid = row[7]
+
+                    if sharinggroup_uuid:
+                        sharinggroup.uuid = sharinggroup_uuid
+                        add_sharing = misp.add_org_to_sharing_group(sharinggroup, org)
+                    else:
+                        print("Organisation {} not added to sharing group, missing sharing group uuid".format(org.name))
+
+    print("Import finished, {} organisations added".format(count_orgs))

examples/add_ssh_authorized_keys.py

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from pymisp import ExpandedPyMISP
+from pymisp.tools import SSHAuthorizedKeysObject
+import traceback
+from keys import misp_url, misp_key, misp_verifycert
+import glob
+import argparse
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Extract indicators out of authorized_keys file.')
+    parser.add_argument("-e", "--event", required=True, help="Event ID to update.")
+    parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
+    args = parser.parse_args()
+
+    pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
+
+    for f in glob.glob(args.path):
+        try:
+            auth_keys = SSHAuthorizedKeysObject(f)
+        except Exception:
+            traceback.print_exc()
+            continue
+
+        response = pymisp.add_object(args.event, auth_keys, pythonify=True)
+        for ref in auth_keys.ObjectReference:
+            r = pymisp.add_object_reference(ref)

examples/add_user.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import ExpandedPyMISP, MISPUser
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Add a new user by setting the mandory fields.')
+    parser.add_argument("-e", "--email", required=True, help="Email linked to the account.")
+    parser.add_argument("-o", "--org_id", required=True, help="Organisation linked to the user.")
+    parser.add_argument("-r", "--role_id", required=True, help="Role linked to the user.")
+    args = parser.parse_args()
+
+    misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, 'json')
+
+    user = MISPUser()
+    user.email = args.email
+    user.org_id = args.org_id
+    user.role_id = args.role_id
+
+    print(misp.add_user(user, pythonify=True))

examples/add_vehicle_object.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from pymisp.tools import VehicleObject
+import argparse
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Get information for a VehicleObject and add MISP objects to a MISP instance.')
+    parser.add_argument("-u", "--username", required=True, help="Account username.")
+    parser.add_argument("-c", "--country", required=True, help="Country.")
+    parser.add_argument("-r", "--registration", required=True, help="Registration ID.")
+    parser.add_argument("-d", "--dump", action='store_true', help="(Debug) Dump the object in the terminal.")
+    args = parser.parse_args()
+
+    if args.dump:
+        vehicle = VehicleObject(country=args.country, registration=args.registration, username=args.username)
+        print(vehicle.report)
+        print(vehicle.to_json())
+    else:
+        # not Implemented yet.
+        pass