new node types

2025-09-17 22:42:08 +02:00
parent cd14198452
commit 98e1b2280b
4 changed files with 45 additions and 15 deletions
--- a/providers/crtsh_provider.py
+++ b/providers/crtsh_provider.py
@@ -298,7 +298,7 @@ class CrtShProvider(BaseProvider):
                result.add_relationship(
                    source_node=domain,
                    target_node=issuer_name,
-                    relationship_type='issued_by',
+                    relationship_type='crtsh_cert_issuer',
                    provider=self.name,
                    confidence=0.95
                )
--- a/providers/shodan_provider.py
+++ b/providers/shodan_provider.py
@@ -211,31 +211,48 @@ class ShodanProvider(BaseProvider):

    def _process_shodan_data(self, ip: str, data: Dict[str, Any]) -> ProviderResult:
        """
-        UPDATED: Process Shodan data with raw attribute names and values.
+        VERIFIED: Process Shodan data creating ISP nodes with ASN attributes and proper relationships.
        """
        result = ProviderResult()

+        # VERIFIED: Extract ISP information and create proper ISP node with ASN
        isp_name = data.get('org')
        asn_value = data.get('asn')

        if isp_name and asn_value:
+            # Create relationship from IP to ISP
            result.add_relationship(
                source_node=ip,
                target_node=isp_name,
-                relationship_type='ip_to_isp',
+                relationship_type='shodan_isp',
                provider=self.name,
                confidence=0.9,
-                raw_data={'asn': asn_value}
+                raw_data={'asn': asn_value, 'shodan_org': isp_name}
            )
+            
+            # Add ASN as attribute to the ISP node
            result.add_attribute(
                target_node=isp_name,
                name='asn',
                value=asn_value,
                attr_type='isp_info',
                provider=self.name,
-                confidence=0.9
+                confidence=0.9,
+                metadata={'description': 'Autonomous System Number from Shodan'}
+            )
+            
+            # Also add organization name as attribute to ISP node for completeness
+            result.add_attribute(
+                target_node=isp_name,
+                name='organization_name',
+                value=isp_name,
+                attr_type='isp_info',
+                provider=self.name,
+                confidence=0.9,
+                metadata={'description': 'Organization name from Shodan'}
            )

+        # Process hostnames (reverse DNS)
        for key, value in data.items():
            if key == 'hostnames':
                for hostname in value:
@@ -257,6 +274,7 @@ class ShodanProvider(BaseProvider):
                            discovery_method="shodan_host_lookup"
                        )
            elif key == 'ports':
+                # Add open ports as attributes to the IP
                for port in value:
                    result.add_attribute(
                        target_node=ip,
@@ -267,7 +285,7 @@ class ShodanProvider(BaseProvider):
                        confidence=0.9
                    )
            elif isinstance(value, (str, int, float, bool)) and value is not None:
-                # UPDATED: Keep raw Shodan field names (no "shodan_" prefix)
+                # Add other Shodan fields as IP attributes (keep raw field names)
                result.add_attribute(
                    target_node=ip,
                    name=key,  # Raw field name from Shodan API