misp-modules icon indicating copy to clipboard operation
misp-modules copied to clipboard

Published 20 hours ago verified publisher icon MISP

New expansion module for Sherlock

Open C00kie- opened this issue 3 years ago • 3 comments

https://github.com/sherlock-project/sherlock

C00kie- avatar Sep 28 '20 09:09 C00kie-

Development discussion

This is a good idea. It seems sherlock is not a library (there is a pending issue). Socialscan sounds another cool project too and this one is available in PyPi (but not really as library). We could call sherlock or socialscan as Subprocess but I'm not a big fan of that. @Rafiot @chrisr3d what's your feeling about this? Library or subprocess. It's more a generic question for all the modules.

adulau avatar Sep 28 '20 09:09 adulau

I see two options here:

  • quick and dirty: the module clones the repository, does a subprocess call to the script, get the CSV output, parses that, and generates a blob usable by MISP
  • long term: get the sherlock devs to make it a library. Needs a setup.py file - maybe upload it on PyPi - and make it usable as a lib (without running as a standalone script), and provide a formatted output (json/csv)

Rafiot avatar Sep 28 '20 10:09 Rafiot

Can for sure already have a look at socialscan, and then think of the options we have for sherlock

chrisr3d avatar Sep 28 '20 10:09 chrisr3d