From 575bc494bfd321974c48edb2ee90d51ddb448a4d Mon Sep 17 00:00:00 2001 From: Ilya Glotov Date: Wed, 1 Nov 2017 23:56:49 +0300 Subject: [PATCH] Fix PhishTank analyzer * Replace http scheme with https due to changes in PhishTank API * Fix error in summary() call as @saadkadhi pointed out --- analyzers/PhishTank/PhishTank_CheckURL.json | 2 +- analyzers/PhishTank/phishtank_checkurl.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/analyzers/PhishTank/PhishTank_CheckURL.json b/analyzers/PhishTank/PhishTank_CheckURL.json index 2f90cc5af..5fa43dc50 100644 --- a/analyzers/PhishTank/PhishTank_CheckURL.json +++ b/analyzers/PhishTank/PhishTank_CheckURL.json @@ -1,6 +1,6 @@ { "name": "PhishTank_CheckURL", - "version": "2.0", + "version": "2.1", "author": "Eric Capuano", "url": "https://github.com/CERT-BDF/Cortex-Analyzers", "license": "AGPL-V3", diff --git a/analyzers/PhishTank/phishtank_checkurl.py b/analyzers/PhishTank/phishtank_checkurl.py index 3f58eb9d6..bae7bc52d 100755 --- a/analyzers/PhishTank/phishtank_checkurl.py +++ b/analyzers/PhishTank/phishtank_checkurl.py @@ -19,7 +19,7 @@ def __init__(self): 'Missing PhishTank API key') def phishtank_checkurl(self, data): - url = 'http://checkurl.phishtank.com/checkurl/' + url = 'https://checkurl.phishtank.com/checkurl/' postdata = {'url': data, 'format':'json','app_key': self.phishtank_key} r = requests.post(url, data=postdata) return json.loads(r.content) @@ -29,7 +29,7 @@ def summary(self, raw): value = "\"False\"" level = "" - if 'in_database' in raw and raw['in_database'] == "True": + if 'in_database' in raw and raw['in_database'] == True: value = "\"{}\"".format(raw['in_database']) if raw.get('verified'): level = "malicious"