2016-03-02 21:17:37 +01:00
import json
import requests
misperrors = { ' error ' : ' Error ' }
mispattributes = { ' input ' : [ ' hostname ' , ' domain ' , ' ip-src ' , ' ip-dst ' , ' module-username ' , ' module-password ' ] , ' output ' : [ ' ip-src ' , ' ip-dst ' , ' hostname ' , ' domain ' ] }
2016-03-09 08:59:12 +01:00
moduleinfo = { ' version ' : ' 0.1 ' , ' author ' : ' Alexandre Dulaunoy ' , ' description ' : ' PassiveTotal expansion service to expand values with multiple Passive DNS sources ' }
2016-03-16 07:43:44 +01:00
moduleconfig = [ ' username ' , ' password ' ]
2016-03-02 21:17:37 +01:00
passivetotal_url = ' https://api.passivetotal.org/v2/dns/passive?query= '
2016-03-16 07:43:44 +01:00
2016-03-02 21:17:37 +01:00
def handler ( q = False ) :
if q is False :
return False
request = json . loads ( q )
2016-03-16 07:43:44 +01:00
if ( request . get ( ' config ' ) ) :
if ( request [ ' config ' ] . get ( ' username ' ) is None ) or ( request [ ' config ' ] . get ( ' password ' ) is None ) :
misperrors [ ' error ' ] = ' Passivetotal authentication is missing '
return misperrors
else :
misperrors [ ' error ' ] = ' config is missing '
2016-03-02 21:17:37 +01:00
return misperrors
if request . get ( ' hostname ' ) :
toquery = request [ ' hostname ' ]
queryhost = True
elif request . get ( ' domain ' ) :
toquery = request [ ' domain ' ]
queryhost = True
elif request . get ( ' ip-src ' ) :
toquery = request [ ' ip-src ' ]
queryhost = False
elif request . get ( ' ip-dst ' ) :
toquery = request [ ' ip-dst ' ]
queryhost = False
else :
return False
2016-03-16 07:43:44 +01:00
r = requests . get ( passivetotal_url + toquery , auth = ( request [ ' config ' ] . get ( ' username ' ) , request [ ' config ' ] . get ( ' password ' ) ) )
2016-03-02 21:17:37 +01:00
if r . status_code == 200 :
x = json . loads ( r . text )
a = [ ]
if queryhost :
mispattributes [ ' output ' ] = [ ' ip-src ' , ' ip-dst ' ]
else :
mispattributes [ ' output ' ] = [ ' hostname ' ]
for y in x [ ' results ' ] :
if queryhost :
a . append ( y [ ' resolve ' ] )
else :
a . append ( y [ ' resolve ' ] )
elif r . status_code > = 400 and r . status_code < 404 :
misperrors [ ' error ' ] = ' Passivetotal.org incorrect authentication '
return misperrors [ ' error ' ]
else :
misperrors [ ' error ' ] = ' Passivetotal.org is not reachable '
return misperrors [ ' error ' ]
r = { ' results ' : [ { ' types ' : mispattributes [ ' output ' ] , ' values ' : a } ] }
return r
def introspection ( ) :
return mispattributes
def version ( ) :
2016-03-16 07:43:44 +01:00
moduleinfo [ ' config ' ] = moduleconfig
2016-03-02 21:17:37 +01:00
return moduleinfo