mirror of https://github.com/MISP/misp-modules
add expand whois
parent
f1c6095914
commit
34da5cdb76
|
@ -16,7 +16,10 @@ log.addHandler(ch)
|
|||
misperrors = {'error': 'Error'}
|
||||
mispattributes = {
|
||||
'input': ['hostname', 'domain', 'ip-src', 'ip-dst'],
|
||||
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'dns-soa-email']
|
||||
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'dns-soa-email',
|
||||
'whois-registrant-email', 'whois-registrant-phone',
|
||||
'whois-registrant-name',
|
||||
'whois-registrar', 'whois-creation-date', 'domain']
|
||||
}
|
||||
|
||||
moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven',
|
||||
|
@ -77,6 +80,14 @@ def handle_domain(api, domain, misperrors):
|
|||
|
||||
r, status_ok = expand_subdomains(api, domain)
|
||||
|
||||
if status_ok:
|
||||
result_filtered['results'].extend(r)
|
||||
else:
|
||||
misperrors['error'] = 'Error dns result'
|
||||
return misperrors
|
||||
|
||||
r, status_ok = expand_whois(api, domain)
|
||||
|
||||
if status_ok:
|
||||
result_filtered['results'].extend(r)
|
||||
else:
|
||||
|
@ -181,6 +192,7 @@ def expand_subdomains(api, domain):
|
|||
r = []
|
||||
status_ok = False
|
||||
|
||||
|
||||
try:
|
||||
results = api.subdomains(domain)
|
||||
|
||||
|
@ -200,10 +212,47 @@ def expand_subdomains(api, domain):
|
|||
return r, status_ok
|
||||
|
||||
|
||||
def expand_whois(api, domain):
|
||||
r = []
|
||||
status_ok = False
|
||||
|
||||
try:
|
||||
results = api.whois(domain)
|
||||
|
||||
if results:
|
||||
status_ok = True
|
||||
item_registrant = __select_registrant_item(results)
|
||||
|
||||
r.append({
|
||||
'types': ['whois-registrant-email', 'whois-registrant-phone',
|
||||
'whois-registrant-name', 'whois-registrar',
|
||||
'whois-creation-date'],
|
||||
'values': [item_registrant['email'],
|
||||
item_registrant['telephone'],
|
||||
item_registrant['name'], results['registrarName'],
|
||||
results['creationDate']],
|
||||
'categories': ['attribution'],
|
||||
'comment': 'whois information of %s by securitytrails' % domain
|
||||
}
|
||||
|
||||
)
|
||||
|
||||
except APIError as e:
|
||||
misperrors['error'] = e
|
||||
|
||||
return r, status_ok
|
||||
|
||||
def introspection():
|
||||
return mispattributes
|
||||
|
||||
|
||||
def version():
|
||||
moduleinfo['config'] = moduleconfig
|
||||
return moduleinfo
|
||||
return moduleinfo
|
||||
|
||||
|
||||
def __select_registrant_item(entry):
|
||||
if 'contacts' in entry:
|
||||
for c in entry['contacts']:
|
||||
if c['type'] == 'registrant':
|
||||
return entry
|
||||
|
|
Loading…
Reference in New Issue