misp-modules/misp_modules/modules/expansion/securitytrails.py

import json
import logging
import sys
import time

from dnstrails import APIError
from dnstrails import DnsTrails

log = logging.getLogger('dnstrails')
log.setLevel(logging.DEBUG)
ch = logging.StreamHandler(sys.stdout)
ch.setLevel(logging.DEBUG)
formatter = logging.Formatter(
    '%(asctime)s - %(name)s - %(levelname)s - %(message)s')
ch.setFormatter(formatter)
log.addHandler(ch)

misperrors = {'error': 'Error'}
mispattributes = {
    'input': ['hostname', 'domain', 'ip-src', 'ip-dst'],
    'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'dns-soa-email',
               'whois-registrant-email', 'whois-registrant-phone',
               'whois-registrant-name',
               'whois-registrar', 'whois-creation-date', 'domain']
}

moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven',
              'description': 'Query on securitytrails.com',
              'module-types': ['expansion', 'hover']}

# config fields that your code expects from the site admin
moduleconfig = ['apikey']


def handler(q=False):
    if q:

        request = json.loads(q)

        if not request.get('config') and not (request['config'].get('apikey')):
            misperrors['error'] = 'DNS authentication is missing'
            return misperrors

        api = DnsTrails(request['config'].get('apikey'))

        if not api:
            misperrors['error'] = 'Onyphe Error instance api'

        ip = ""
        dns_name = ""

        ip = ''
        if request.get('ip-src'):
            ip = request['ip-src']
            return handle_ip(api, ip, misperrors)
        elif request.get('ip-dst'):
            ip = request['ip-dst']
            return handle_ip(api, ip, misperrors)
        elif request.get('domain'):
            domain = request['domain']
            return handle_domain(api, domain, misperrors)
        elif request.get('hostname'):
            hostname = request['hostname']
            return handle_domain(api, hostname, misperrors)
        else:
            misperrors['error'] = "Unsupported attributes types"
            return misperrors
    else:
        return False


def handle_domain(api, domain, misperrors):
    result_filtered = {"results": []}

    r, status_ok = expand_domain_info(api, misperrors, domain)
    #
    if status_ok:
        if r:
            result_filtered['results'].extend(r)
    else:
        misperrors['error'] = misperrors['error'] + ' Error DNS result'
        return misperrors

    time.sleep(1)
    r, status_ok = expand_subdomains(api, domain)

    if status_ok:
        if r:
            result_filtered['results'].extend(r)
    else:
        misperrors['error'] = misperrors['error'] + ' Error subdomains result'
        return misperrors

    time.sleep(1)
    r, status_ok = expand_whois(api, domain)

    if status_ok:
        if r:
            result_filtered['results'].extend(r)
    else:
        misperrors['error'] = misperrors['error'] + ' Error whois result'
        return misperrors

    time.sleep(1)
    r, status_ok = expand_history_ipv4_ipv6(api, domain)
    #

    if status_ok:
        if r:
            result_filtered['results'].extend(r)
    else:
        misperrors['error'] = misperrors['error'] + ' Error history ipv4'
        return misperrors

    time.sleep(1)

    r, status_ok = expand_history_dns(api, domain)

    if status_ok:
        if r:
            result_filtered['results'].extend(r)
    else:
        misperrors['error'] = misperrors[
                                  'error'] + ' Error in expand History DNS'
        return misperrors
    print(result_filtered)
    print(misperrors)
    return result_filtered


def handle_ip(api, ip, misperrors):
    pass


def expand_domain_info(api, misperror, domain):
    r = []
    status_ok = False
    ns_servers = []
    list_ipv4 = []
    list_ipv6 = []
    servers_mx = []
    soa_hostnames = []

    results = api.domain(domain)

    if results:
        status_ok = True
        if 'current_dns' in results:
            if 'values' in results['current_dns']['ns']:
                ns_servers = [ns_entry['nameserver'] for ns_entry in
                              results['current_dns']['ns']['values']
                              if 'nameserver' in ns_entry]
            if 'values' in results['current_dns']['a']:
                list_ipv4 = [a_entry['ip'] for a_entry in
                             results['current_dns']['a']['values'] if
                             'ip' in a_entry]

            if 'values' in results['current_dns']['aaaa']:
                list_ipv6 = [ipv6_entry['ipv6'] for ipv6_entry in
                             results['current_dns']['aaaa']['values'] if
                             'ipv6' in ipv6_entry]

            if 'values' in results['current_dns']['mx']:
                servers_mx = [mx_entry['hostname'] for mx_entry in
                              results['current_dns']['mx']['values'] if
                              'hostname' in mx_entry]
            if 'values' in results['current_dns']['soa']:
                soa_hostnames = [soa_entry['email'] for soa_entry in
                                 results['current_dns']['soa']['values'] if
                                 'email' in soa_entry]

        if ns_servers:
            r.append({'types': ['domain'],
                      'values': ns_servers,
                      'categories': ['Network activity'],
                      'comment': 'List of name servers  of %s first seen %s ' %
                                 (domain,
                                  results['current_dns']['ns']['first_seen'])
                      })

        if list_ipv4:
            r.append({'types': ['domain|ip'],
                      'values': ['%s|%s' % (domain, ipv4) for ipv4 in
                                 list_ipv4],
                      'categories': ['Network activity'],

                      'comment': ' List ipv4 of %s first seen %s' %
                                 (domain,
                                  results['current_dns']['a']['first_seen'])

                      })
        if list_ipv6:
            r.append({'types': ['domain|ip'],
                      'values': ['%s|%s' % (domain, ipv6) for ipv6 in
                                 list_ipv6],
                      'categories': ['Network activity'],
                      'comment': ' List ipv6 of %s first seen %s' %
                                 (domain,
                                  results['current_dns']['aaaa']['first_seen'])

                      })

        if servers_mx:
            r.append({'types': ['domain'],
                      'values': servers_mx,
                      'categories': ['Network activity'],
                      'comment': ' List mx of %s first seen %s' %
                                 (domain,
                                  results['current_dns']['mx']['first_seen'])

                      })
        if soa_hostnames:
            r.append({'types': ['domain'],
                      'values': soa_hostnames,
                      'categories': ['Network activity'],
                      'comment': ' List soa of %s first seen %s' %
                                 (domain,
                                  results['current_dns']['soa']['first_seen'])
                      })

    return r, status_ok


def expand_subdomains(api, domain):
    r = []
    status_ok = False

    try:
        results = api.subdomains(domain)

        if results:
            status_ok = True
            if 'subdomains' in results:
                r.append({
                    'types': ['domain'],
                    'values': ['%s.%s' % (sub, domain)
                               for sub in results['subdomains']],
                    'categories': ['Network activity'],
                    'comment': 'subdomains of %s' % domain
                }

                )
    except APIError as e:
        misperrors['error'] = e

    return r, status_ok


def expand_whois(api, domain):
    r = []
    status_ok = False

    try:
        results = api.whois(domain)

        if results:
            status_ok = True
            item_registrant = __select_registrant_item(results)
            if item_registrant:

                if 'email' in item_registrant:
                    r.append(
                        {
                            'types': ['whois-registrant-email'],
                            'values': [item_registrant['email']],
                            'categories': ['Attribution'],
                            'comment': 'Whois information of %s by securitytrails'
                                       % domain
                        }
                    )

                if 'telephone' in item_registrant:
                    r.append(
                        {
                            'types': ['whois-registrant-phone'],
                            'values': [item_registrant['telephone']],
                            'categories': ['Attribution'],
                            'comment': 'Whois information of %s by securitytrails'
                                       % domain
                        }
                    )

                if 'name' in item_registrant:
                    r.append(
                        {
                            'types': ['whois-registrant-name'],
                            'values': [item_registrant['name']],
                            'categories': ['Attribution'],
                            'comment': 'Whois information of %s by securitytrails'
                                       % domain
                        }
                    )

                if 'registrarName' in item_registrant:
                    r.append(
                        {
                            'types': ['whois-registrar'],
                            'values': [item_registrant['registrarName']],
                            'categories': ['Attribution'],
                            'comment': 'Whois information of %s by securitytrails'
                                       % domain
                        }
                    )

                if 'createdDate' in item_registrant:
                    r.append(
                        {
                            'types': ['whois-creation-date'],
                            'values': [item_registrant['createdDate']],
                            'categories': ['Attribution'],
                            'comment': 'Whois information of %s by securitytrails'
                                       % domain
                        }
                    )

    except APIError as e:
        misperrors['error'] = e
        print(e)

    return r, status_ok


def expand_history_ipv4_ipv6(api, domain):
    r = []
    status_ok = False

    try:
        results = api.history_dns_ipv4(domain)

        if results:
            status_ok = True
            r.extend(__history_ip(results, domain))

        time.sleep(1)
        results = api.history_dns_aaaa(domain)

        if results:
            status_ok = True
            r.extend(__history_ip(results, domain, type_ip='ipv6'))

    except APIError as e:
        misperrors['error'] = e
        print(e)

    return r, status_ok


def expand_history_dns(api, domain):
    r = []
    status_ok = False

    try:

        results = api.history_dns_ns(domain)
        if results:
            r.extend(__history_dns(results, domain, 'nameserver', 'ns'))

        time.sleep(1)

        results = api.history_dns_soa(domain)

        if results:
            r.extend(__history_dns(results, domain, 'email', 'soa'))

        time.sleep(1)

        results = api.history_dns_mx(domain)

        if results:
            status_ok = True
            r.extend(__history_dns(results, domain, 'host', 'mx'))

    except APIError as e:
        misperrors['error'] = e

    status_ok = True

    return r, status_ok


def __history_ip(results, domain, type_ip='ip'):
    r = []
    if 'records' in results:
        for record in results['records']:
            if 'values' in record:
                for item in record['values']:
                    r.append(
                        {'types': ['domain|ip'],
                         'values': ['%s|%s' % (domain, item[type_ip])],
                         'categories': ['Network activity'],
                         'comment': 'History IP on securitytrails %s '
                                    'last seen: %s first seen: %s' %
                                    (domain, record['last_seen'],
                                     record['first_seen'])
                         }
                    )

    return r


def __history_dns(results, domain, type_serv, service):
    r = []

    if 'records' in results:
        for record in results['records']:
            if 'values' in record:
                values = record['values']
                if type(values) is list:

                    for item in record['values']:
                        r.append(
                            {'types': ['domain|ip'],
                             'values': [item[type_serv]],
                             'categories': ['Network activity'],
                             'comment': 'history %s of %s last seen: %s first seen: %s' %
                                        (service, domain, record['last_seen'],
                                         record['first_seen'])
                             }
                        )
                else:
                    r.append(
                        {'types': ['domain|ip'],
                         'values': [values[type_serv]],
                         'categories': ['Network activity'],
                         'comment': 'history %s of %s last seen: %s first seen: %s' %
                                    (service, domain, record['last_seen'],
                                     record['first_seen'])
                         }
                    )
    return r

def introspection():
    return mispattributes


def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo


def __select_registrant_item(entry):
    if 'contacts' in entry:
        for c in entry['contacts']:

            if c['type'] == 'registrant':
                return c
add expand domains 2018-06-29 15:50:26 +02:00			`import json`
add new module dnstrails 2018-06-29 11:27:36 +02:00			`import logging`
			`import sys`
add time sleep in each request 2018-07-10 16:41:44 +02:00			`import time`
add expand subdomains 2018-06-29 17:22:19 +02:00
add expand subdomains 2018-06-29 17:19:21 +02:00			`from dnstrails import APIError`
add expand subdomains 2018-06-29 17:22:19 +02:00			`from dnstrails import DnsTrails`
add new module dnstrails 2018-06-29 11:27:36 +02:00
			`log = logging.getLogger('dnstrails')`
			`log.setLevel(logging.DEBUG)`
			`ch = logging.StreamHandler(sys.stdout)`
			`ch.setLevel(logging.DEBUG)`
add history ipv4 2018-07-10 16:31:39 +02:00			`formatter = logging.Formatter(`
			`'%(asctime)s - %(name)s - %(levelname)s - %(message)s')`
add new module dnstrails 2018-06-29 11:27:36 +02:00			`ch.setFormatter(formatter)`
			`log.addHandler(ch)`

			`misperrors = {'error': 'Error'}`
			`mispattributes = {`
			`'input': ['hostname', 'domain', 'ip-src', 'ip-dst'],`
add expand whois 2018-06-29 17:57:11 +02:00			`'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'dns-soa-email',`
			`'whois-registrant-email', 'whois-registrant-phone',`
			`'whois-registrant-name',`
			`'whois-registrar', 'whois-creation-date', 'domain']`
add new module dnstrails 2018-06-29 11:27:36 +02:00			`}`

			`moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven',`
			`'description': 'Query on securitytrails.com',`
changes keys 2018-06-29 16:20:35 +02:00			`'module-types': ['expansion', 'hover']}`
add new module dnstrails 2018-06-29 11:27:36 +02:00
			`# config fields that your code expects from the site admin`
			`moduleconfig = ['apikey']`


add expand domains 2018-06-29 15:50:26 +02:00			`def handler(q=False):`
			`if q:`

			`request = json.loads(q)`

			`if not request.get('config') and not (request['config'].get('apikey')):`
			`misperrors['error'] = 'DNS authentication is missing'`
			`return misperrors`

			`api = DnsTrails(request['config'].get('apikey'))`

			`if not api:`
			`misperrors['error'] = 'Onyphe Error instance api'`

			`ip = ""`
			`dns_name = ""`

			`ip = ''`
			`if request.get('ip-src'):`
			`ip = request['ip-src']`
			`return handle_ip(api, ip, misperrors)`
			`elif request.get('ip-dst'):`
			`ip = request['ip-dst']`
			`return handle_ip(api, ip, misperrors)`
			`elif request.get('domain'):`
			`domain = request['domain']`
			`return handle_domain(api, domain, misperrors)`
			`elif request.get('hostname'):`
			`hostname = request['hostname']`
			`return handle_domain(api, hostname, misperrors)`
			`else:`
changes keys 2018-06-29 16:20:35 +02:00			`misperrors['error'] = "Unsupported attributes types"`
add expand domains 2018-06-29 15:50:26 +02:00			`return misperrors`
			`else:`
			`return False`


			`def handle_domain(api, domain, misperrors):`
			`result_filtered = {"results": []}`

add a test to check if the list is not empty 2018-07-11 12:08:01 +02:00			`r, status_ok = expand_domain_info(api, misperrors, domain)`
debug 2018-07-11 11:55:31 +02:00			`#`
add a test to check if the list is not empty 2018-07-11 12:08:01 +02:00			`if status_ok:`
			`if r:`
			`result_filtered['results'].extend(r)`
			`else:`
			`misperrors['error'] = misperrors['error'] + ' Error DNS result'`
			`return misperrors`

			`time.sleep(1)`
			`r, status_ok = expand_subdomains(api, domain)`

			`if status_ok:`
			`if r:`
			`result_filtered['results'].extend(r)`
			`else:`
			`misperrors['error'] = misperrors['error'] + ' Error subdomains result'`
			`return misperrors`

			`time.sleep(1)`
debug whois 2018-07-11 12:00:59 +02:00			`r, status_ok = expand_whois(api, domain)`
add history dns and handler exception 2018-07-11 09:48:14 +02:00
			`if status_ok:`
add a test to check if the list is not empty 2018-07-11 12:08:01 +02:00			`if r:`
			`result_filtered['results'].extend(r)`
add history dns and handler exception 2018-07-11 09:48:14 +02:00			`else:`
debug whois 2018-07-11 12:00:59 +02:00			`misperrors['error'] = misperrors['error'] + ' Error whois result'`
add history dns and handler exception 2018-07-11 09:48:14 +02:00			`return misperrors`
add a test to check if the list is not empty 2018-07-11 12:08:01 +02:00
			`time.sleep(1)`
			`r, status_ok = expand_history_ipv4_ipv6(api, domain)`
debug whois 2018-07-11 12:00:59 +02:00			`#`
debug ipv4 or ipv6 2018-07-11 11:58:42 +02:00
add a test to check if the list is not empty 2018-07-11 12:08:01 +02:00			`if status_ok:`
			`if r:`
			`result_filtered['results'].extend(r)`
			`else:`
			`misperrors['error'] = misperrors['error'] + ' Error history ipv4'`
			`return misperrors`
debug ipv4 or ipv6 2018-07-11 11:58:42 +02:00
add a test to check if the list is not empty 2018-07-11 12:08:01 +02:00			`time.sleep(1)`

			`r, status_ok = expand_history_dns(api, domain)`

			`if status_ok:`
			`if r:`
			`result_filtered['results'].extend(r)`
			`else:`
			`misperrors['error'] = misperrors[`
			`'error'] + ' Error in expand History DNS'`
			`return misperrors`
add a test to check if the list is not empty 2018-07-11 12:09:34 +02:00			`print(result_filtered)`
			`print(misperrors)`
add expand domains 2018-06-29 15:50:26 +02:00			`return result_filtered`

add history ipv4 2018-07-10 16:31:39 +02:00
add expand domains 2018-06-29 15:50:26 +02:00			`def handle_ip(api, ip, misperrors):`
			`pass`


add history ipv4 2018-07-10 16:31:39 +02:00			`def expand_domain_info(api, misperror, domain):`
add expand domains 2018-06-29 15:50:26 +02:00			`r = []`
			`status_ok = False`
			`ns_servers = []`
			`list_ipv4 = []`
			`list_ipv6 = []`
			`servers_mx = []`
			`soa_hostnames = []`

			`results = api.domain(domain)`

			`if results:`
add status ! 2018-06-29 16:17:32 +02:00			`status_ok = True`
add expand domains 2018-06-29 15:50:26 +02:00			`if 'current_dns' in results:`
			`if 'values' in results['current_dns']['ns']:`
			`ns_servers = [ns_entry['nameserver'] for ns_entry in`
			`results['current_dns']['ns']['values']`
			`if 'nameserver' in ns_entry]`
			`if 'values' in results['current_dns']['a']:`
			`list_ipv4 = [a_entry['ip'] for a_entry in`
			`results['current_dns']['a']['values'] if`
			`'ip' in a_entry]`

			`if 'values' in results['current_dns']['aaaa']:`
			`list_ipv6 = [ipv6_entry['ipv6'] for ipv6_entry in`
correct typo 2018-07-11 08:49:59 +02:00			`results['current_dns']['aaaa']['values'] if`
add expand domains 2018-06-29 15:50:26 +02:00			`'ipv6' in ipv6_entry]`

			`if 'values' in results['current_dns']['mx']:`
			`servers_mx = [mx_entry['hostname'] for mx_entry in`
add history ipv4 2018-07-10 16:31:39 +02:00			`results['current_dns']['mx']['values'] if`
			`'hostname' in mx_entry]`
add expand domains 2018-06-29 15:50:26 +02:00			`if 'values' in results['current_dns']['soa']:`
			`soa_hostnames = [soa_entry['email'] for soa_entry in`
add history ipv4 2018-07-10 16:31:39 +02:00			`results['current_dns']['soa']['values'] if`
			`'email' in soa_entry]`
add expand domains 2018-06-29 15:50:26 +02:00
			`if ns_servers:`
changes keys 2018-06-29 16:20:35 +02:00			`r.append({'types': ['domain'],`
add expand domains 2018-06-29 15:50:26 +02:00			`'values': ns_servers,`
change categories 2018-06-29 16:30:47 +02:00			`'categories': ['Network activity'],`
add expand domains 2018-06-29 15:50:26 +02:00			`'comment': 'List of name servers of %s first seen %s ' %`
add history ipv4 2018-07-10 16:31:39 +02:00			`(domain,`
			`results['current_dns']['ns']['first_seen'])`
			`})`
add expand domains 2018-06-29 15:50:26 +02:00
			`if list_ipv4:`
changes keys 2018-06-29 16:20:35 +02:00			`r.append({'types': ['domain\|ip'],`
add history ipv4 2018-07-10 16:31:39 +02:00			`'values': ['%s\|%s' % (domain, ipv4) for ipv4 in`
			`list_ipv4],`
change categories 2018-06-29 16:30:47 +02:00			`'categories': ['Network activity'],`

add expand domains 2018-06-29 15:50:26 +02:00			`'comment': ' List ipv4 of %s first seen %s' %`
			`(domain,`
			`results['current_dns']['a']['first_seen'])`

add history ipv4 2018-07-10 16:31:39 +02:00			`})`
add expand domains 2018-06-29 15:50:26 +02:00			`if list_ipv6:`
changes keys 2018-06-29 16:20:35 +02:00			`r.append({'types': ['domain\|ip'],`
add expand domains 2018-06-29 15:50:26 +02:00			`'values': ['%s\|%s' % (domain, ipv6) for ipv6 in`
			`list_ipv6],`
change categories 2018-06-29 16:30:47 +02:00			`'categories': ['Network activity'],`
add expand domains 2018-06-29 15:50:26 +02:00			`'comment': ' List ipv6 of %s first seen %s' %`
			`(domain,`
			`results['current_dns']['aaaa']['first_seen'])`

			`})`

			`if servers_mx:`
changes keys 2018-06-29 16:20:35 +02:00			`r.append({'types': ['domain'],`
add expand domains 2018-06-29 15:50:26 +02:00			`'values': servers_mx,`
change categories 2018-06-29 16:30:47 +02:00			`'categories': ['Network activity'],`
add expand domains 2018-06-29 15:50:26 +02:00			`'comment': ' List mx of %s first seen %s' %`
			`(domain,`
			`results['current_dns']['mx']['first_seen'])`

			`})`
			`if soa_hostnames:`
changes keys 2018-06-29 16:20:35 +02:00			`r.append({'types': ['domain'],`
add expand domains 2018-06-29 15:50:26 +02:00			`'values': soa_hostnames,`
change categories 2018-06-29 16:30:47 +02:00			`'categories': ['Network activity'],`
add expand domains 2018-06-29 15:50:26 +02:00			`'comment': ' List soa of %s first seen %s' %`
			`(domain,`
			`results['current_dns']['soa']['first_seen'])`
			`})`

add expand subdomains 2018-06-29 17:19:21 +02:00			`return r, status_ok`


			`def expand_subdomains(api, domain):`
			`r = []`
			`status_ok = False`

			`try:`
			`results = api.subdomains(domain)`

			`if results:`
			`status_ok = True`
			`if 'subdomains' in results:`
			`r.append({`
typo 2018-06-29 17:26:56 +02:00			`'types': ['domain'],`
add history ipv4 2018-07-10 16:31:39 +02:00			`'values': ['%s.%s' % (sub, domain)`
			`for sub in results['subdomains']],`
add categories and comments 2018-06-29 17:25:37 +02:00			`'categories': ['Network activity'],`
			`'comment': 'subdomains of %s' % domain`
add expand subdomains 2018-06-29 17:19:21 +02:00			`}`

			`)`
			`except APIError as e:`
			`misperrors['error'] = e`
add logs 2018-07-10 15:17:37 +02:00
add expand domains 2018-06-29 15:50:26 +02:00			`return r, status_ok`
add methods 2018-06-29 16:11:24 +02:00
add expand subdomains 2018-06-29 17:19:21 +02:00
add expand whois 2018-06-29 17:57:11 +02:00			`def expand_whois(api, domain):`
			`r = []`
			`status_ok = False`

			`try:`
			`results = api.whois(domain)`

			`if results:`
			`status_ok = True`
			`item_registrant = __select_registrant_item(results)`
control return of records 2018-07-10 16:35:01 +02:00			`if item_registrant:`
refactoring expand_whois 2018-07-11 09:00:23 +02:00
			`if 'email' in item_registrant:`
			`r.append(`
			`{`
			`'types': ['whois-registrant-email'],`
			`'values': [item_registrant['email']],`
			`'categories': ['Attribution'],`
			`'comment': 'Whois information of %s by securitytrails'`
			`% domain`
			`}`
			`)`

			`if 'telephone' in item_registrant:`
			`r.append(`
			`{`
			`'types': ['whois-registrant-phone'],`
			`'values': [item_registrant['telephone']],`
			`'categories': ['Attribution'],`
			`'comment': 'Whois information of %s by securitytrails'`
			`% domain`
			`}`
			`)`

			`if 'name' in item_registrant:`
			`r.append(`
			`{`
			`'types': ['whois-registrant-name'],`
			`'values': [item_registrant['name']],`
			`'categories': ['Attribution'],`
			`'comment': 'Whois information of %s by securitytrails'`
			`% domain`
			`}`
			`)`

			`if 'registrarName' in item_registrant:`
			`r.append(`
			`{`
			`'types': ['whois-registrar'],`
			`'values': [item_registrant['registrarName']],`
			`'categories': ['Attribution'],`
			`'comment': 'Whois information of %s by securitytrails'`
			`% domain`
			`}`
			`)`

			`if 'createdDate' in item_registrant:`
			`r.append(`
			`{`
			`'types': ['whois-creation-date'],`
			`'values': [item_registrant['createdDate']],`
			`'categories': ['Attribution'],`
			`'comment': 'Whois information of %s by securitytrails'`
			`% domain`
			`}`
			`)`

add expand whois 2018-06-29 17:57:11 +02:00			`except APIError as e:`
			`misperrors['error'] = e`
add logs 2018-07-10 15:17:37 +02:00			`print(e)`
add expand whois 2018-06-29 17:57:11 +02:00
			`return r, status_ok`

add history ipv4 2018-07-10 16:31:39 +02:00
add ipv6 and ipv4 2018-07-11 08:43:23 +02:00			`def expand_history_ipv4_ipv6(api, domain):`
add history ipv4 2018-07-10 16:31:39 +02:00			`r = []`
			`status_ok = False`

			`try:`
			`results = api.history_dns_ipv4(domain)`

			`if results:`
			`status_ok = True`
add ipv6 and ipv4 2018-07-11 08:43:23 +02:00			`r.extend(__history_ip(results, domain))`

			`time.sleep(1)`
			`results = api.history_dns_aaaa(domain)`

			`if results:`
			`status_ok = True`
switch type ip 2018-07-11 09:02:47 +02:00			`r.extend(__history_ip(results, domain, type_ip='ipv6'))`
add history ipv4 2018-07-10 16:31:39 +02:00
			`except APIError as e:`
			`misperrors['error'] = e`
			`print(e)`

			`return r, status_ok`


add history dns 2018-07-11 09:39:09 +02:00			`def expand_history_dns(api, domain):`
			`r = []`
			`status_ok = False`

			`try:`

			`results = api.history_dns_ns(domain)`
			`if results:`
add history mx and soa 2018-07-11 11:24:49 +02:00			`r.extend(__history_dns(results, domain, 'nameserver', 'ns'))`

			`time.sleep(1)`

correct call function 2018-07-11 11:37:07 +02:00			`results = api.history_dns_soa(domain)`
add history mx and soa 2018-07-11 11:24:49 +02:00
			`if results:`
			`r.extend(__history_dns(results, domain, 'email', 'soa'))`

			`time.sleep(1)`

			`results = api.history_dns_mx(domain)`

			`if results:`
			`status_ok = True`
			`r.extend(__history_dns(results, domain, 'host', 'mx'))`
add history dns 2018-07-11 09:39:09 +02:00
			`except APIError as e:`
			`misperrors['error'] = e`

change status 2018-07-11 11:52:10 +02:00			`status_ok = True`

add history dns 2018-07-11 09:39:09 +02:00			`return r, status_ok`


switch type ip 2018-07-11 09:02:47 +02:00			`def __history_ip(results, domain, type_ip='ip'):`
add ipv6 and ipv4 2018-07-11 08:43:23 +02:00			`r = []`
			`if 'records' in results:`
			`for record in results['records']:`
			`if 'values' in record:`
			`for item in record['values']:`
			`r.append(`
			`{'types': ['domain\|ip'],`
switch type ip 2018-07-11 09:02:47 +02:00			`'values': ['%s\|%s' % (domain, item[type_ip])],`
add ipv6 and ipv4 2018-07-11 08:43:23 +02:00			`'categories': ['Network activity'],`
add history dns 2018-07-11 09:39:09 +02:00			`'comment': 'History IP on securitytrails %s '`
			`'last seen: %s first seen: %s' %`
			`(domain, record['last_seen'],`
add ipv6 and ipv4 2018-07-11 08:43:23 +02:00			`record['first_seen'])`
			`}`
			`)`

			`return r`

add history dns 2018-07-11 09:39:09 +02:00
add history mx and soa 2018-07-11 11:24:49 +02:00			`def __history_dns(results, domain, type_serv, service):`
			`r = []`

			`if 'records' in results:`
			`for record in results['records']:`
			`if 'values' in record:`
change history dns 2018-07-11 11:47:10 +02:00			`values = record['values']`
			`if type(values) is list:`

			`for item in record['values']:`
			`r.append(`
			`{'types': ['domain\|ip'],`
			`'values': [item[type_serv]],`
			`'categories': ['Network activity'],`
			`'comment': 'history %s of %s last seen: %s first seen: %s' %`
			`(service, domain, record['last_seen'],`
			`record['first_seen'])`
			`}`
			`)`
			`else:`
add history mx and soa 2018-07-11 11:24:49 +02:00			`r.append(`
			`{'types': ['domain\|ip'],`
change history dns 2018-07-11 11:47:10 +02:00			`'values': [values[type_serv]],`
add history mx and soa 2018-07-11 11:24:49 +02:00			`'categories': ['Network activity'],`
			`'comment': 'history %s of %s last seen: %s first seen: %s' %`
			`(service, domain, record['last_seen'],`
			`record['first_seen'])`
			`}`
			`)`
			`return r`

add methods 2018-06-29 16:11:24 +02:00			`def introspection():`
			`return mispattributes`


			`def version():`
			`moduleinfo['config'] = moduleconfig`
add expand whois 2018-06-29 17:57:11 +02:00			`return moduleinfo`


			`def __select_registrant_item(entry):`
			`if 'contacts' in entry:`
			`for c in entry['contacts']:`
concat results 2018-07-10 15:12:27 +02:00
add expand whois 2018-06-29 17:57:11 +02:00			`if c['type'] == 'registrant':`
change return value 2018-07-10 15:05:10 +02:00			`return c`