chg: re-implement uwhois module

Fix #684

misp_modules/modules/expansion/whois.py

@@ -1,10 +1,7 @@
 # -*- coding: utf-8 -*-
 
 import json
-try:
-    from uwhois import Uwhois
-except ImportError:
-    print("uwhois module not installed.")
+import socket
 
 misperrors = {'error': 'Error'}
 mispattributes = {'input': ['domain', 'ip-src', 'ip-dst'], 'output': ['freetext']}
@@ -17,7 +14,7 @@
     'logo': '',
     'requirements': ['uwhois: A whois python library'],
     'features': "This module takes a domain or IP address attribute as input and queries a 'Univseral Whois proxy server' to get the correct details of the Whois query on the input value (check the references for more details about this whois server).",
-    'references': ['https://github.com/rafiot/uwhoisd'],
+    'references': ['https://github.com/Lookyloo/uwhoisd'],
     'input': 'A domain or IP address attribute.',
     'output': 'Text describing the result of a whois request for the input value.',
 }
@@ -43,14 +40,21 @@ def handler(q=False):
         misperrors['error'] = 'Whois local instance address is missing'
         return misperrors
 
-    uwhois = Uwhois(request['config']['server'], int(request['config']['port']))
-
     if 'event_id' in request:
-        return handle_expansion(uwhois, toquery)
+        return handle_expansion(request['config']['server'], int(request['config']['port']), toquery)
 
 
-def handle_expansion(w, domain):
-    return {'results': [{'types': mispattributes['output'], 'values': w.query(domain)}]}
+def handle_expansion(server, port, query):
+    bytes_whois = b''
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
+        sock.connect((server, port))
+        sock.sendall(f'{query}\n'.encode())
+        while True:
+            data = sock.recv(2048)
+            if not data:
+                break
+            bytes_whois += data
+    return {'results': [{'types': mispattributes['output'], 'values': bytes_whois.decode()}]}
 
 
 def introspection():