micrictor / enrichserver Goto Github PK

An asynchronous, modular HTTP server for enrichment of arbitrary data.

Written in Python3, supports HTTP GET/POST requests and in-memory caching of results.

To start the server, execute EnrichServer.py. The server listens on port 8080 by default

API requests roughly follow the format of http://<server>/api/<endpoint>?<param1>=<val1>&<param2>=<val2>...

The following API endpoints are available.

• api/<module>?info - Returns all available metadata on the module
• api/<module>?<params>

If debug is enabled with the --debug flag:

• debug/list - Returns a list of the currently available modules
• debug/cache - Returns the current cache of results

POST requests may be made to the same endpoints, with arguments passed in key-value pairs or as JSON.

JSON body should be in the following format

{
	"action":<enrich|info>,
	"module":<module_name>,
	"args": {"data":"val", "data2","val2", ...}
}

All modules must be stored in ./modules/, relative to pwd of EnrichServer.py.

Modules must implement a class named Enricher as a subset of the BaseEnricher.BaseEnricher class.

Modules should include an override for the do_enrich method, where the arguments to the enricher are passed as a dict.

Modules may enable in-memory caching of results by setting the member variable shouldCache to True.

NOTE: Caching is limited to a default of 100 entries per module by default

Currently provided modules are as follows:

• Sleeper - Sleeps for 10 seconds then echos the data parameter; Used to test asynch
• StrRev - Returns the mirror of the data parameter
• Entropy - Returns the Shannon entropy of the data parameter over an optional charset parameter( Default to DNS ASCII charset )

Planned modules:

• RDAP lookup of IP/domain
• WHOIS - Return WHOIS data for domain provided in data
• ASN - Provide ASN information(including owner) of IP address in data
• ES_Query - Return the result of query against es_server