Code Overview

PhishMe Intelligence

class core.intelligence.Malware(malware)

Malware class holds a single PhishMe Intelligence object.

class BlockSet(block_set)
malware_family
Parameters:self
Returns:
malware_family_description
Returns:
watchlist_ioc
Returns:
watchlist_ioc_host
Returns:
watchlist_ioc_path
Returns:
class DomainSet(domain_set)
class ExecutableSet(executable_set)
malware_family
Parameters:self
Returns:
malware_family_description
Returns:
subtype
Parameters:self
Returns:
class SenderEmailSet(sender_email_set)
class SenderIPSet(sender_ip_set)
class SpamURLSet(spam_url_set)
class SubjectSet(subject_set)
block_set
Returns:
brand
Returns:
domain_set
Returns:
executable_set
Returns:
malware_family
Parameters:self
Returns:
sender_email_set
Returns:
sender_ip_set
Returns:
spam_url_set
Returns:
subject_set
Returns:

PhishMe Brand Intelligence

class core.brand_intelligence.Phish(phish)

Phish class holds a single PhishMe Brand Intelligence object.

action_url_list
Returns:
brand
Returns:
ip
Returns:
phish_url
Returns:
reported_url_list
Returns:
screenshot_url
Returns:

Entry point for using this library

Copyright 2013-2017 PhishMe, Inc. All rights reserved.

This software is provided by PhishMe, Inc. (“PhishMe”) on an “as is” basis and any express or implied warranties, including but not limited to the implied warranties of merchantability and fitness for a particular purpose, are disclaimed in all aspects. In no event will PhishMe be liable for any direct, indirect, special, incidental or consequential damages relating to the use of this software, even if advised of the possibility of such damage. Use of this software is pursuant to, and permitted only in accordance with, the agreement between you and PhishMe.

Support: support@phishme.com

class core.phishme.PhishMeIntelligence(config, config_file_location)

Contains helper methods for interacting with PhishMe Intelligence RESTful API, handling lock file to prevent concurrent execution, reading command line arguments, and reading a ConfigParser config file.

search()

Use this method to search PhishMe Intelligence for one or more IOCs. This method will be implemented at a later date.

Returns:This method will return either core.intelligence.Malware or core.brand_intelligence.Phish
sync()

This will contact the PhishMe Intelligence API, retrieve any new or modified threat intelligence since the last successful check-in, process it into the output(s) designated by config.ini, and return.

Returns:This method does not return anything.
core.phishme.read_args(script_description)

Parse all input arguments.

Parameters:script_description
Returns:
core.phishme.read_config(config_file)

Read configuration file.

Parameters:config_file
Returns:

Helpers for interacting with PhishMe Intelligence API

class core.config_check.ConfigCheck(config)
validate_config()
Returns:
class core.rest_api.RestApi(config, product)
connect_to_api(verb, url, auth=None, data=None, headers=None, params=None, proxies=None)
Parameters:
  • verb
  • url
  • auth
  • data
  • headers
  • params
  • proxies
Returns:
class core.sqlite.SQLite(location, data_retention_days)
add_threat_id(intel)
Parameters:intel
Returns:
get_threats()
Returns:
class core.supported_integrations.SupportedIntegration(config_name, mrti_format, output_product_module, class_name)
class core.syslog.Syslog(config, product)
send(mrti)

Send syslog message.

Parameters:mrti
Returns:

Helpers for developing new integrations.

class output.base_integration.BaseIntegration(config, product)
post_run(config_file_location)
Parameters:config_file_location
Returns:
process(mrti, threat_id)
Parameters:
  • mrti
  • threat_id
Returns: