Browse Source

add expand whois

pull/208/head
Sebdraven 4 years ago
parent
commit
34da5cdb76
  1. 53
      misp_modules/modules/expansion/dnstrails.py

53
misp_modules/modules/expansion/dnstrails.py

@ -16,7 +16,10 @@ log.addHandler(ch)
misperrors = {'error': 'Error'}
mispattributes = {
'input': ['hostname', 'domain', 'ip-src', 'ip-dst'],
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'dns-soa-email']
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'dns-soa-email',
'whois-registrant-email', 'whois-registrant-phone',
'whois-registrant-name',
'whois-registrar', 'whois-creation-date', 'domain']
}
moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven',
@ -77,6 +80,14 @@ def handle_domain(api, domain, misperrors):
r, status_ok = expand_subdomains(api, domain)
if status_ok:
result_filtered['results'].extend(r)
else:
misperrors['error'] = 'Error dns result'
return misperrors
r, status_ok = expand_whois(api, domain)
if status_ok:
result_filtered['results'].extend(r)
else:
@ -181,6 +192,7 @@ def expand_subdomains(api, domain):
r = []
status_ok = False
try:
results = api.subdomains(domain)
@ -200,10 +212,47 @@ def expand_subdomains(api, domain):
return r, status_ok
def expand_whois(api, domain):
r = []
status_ok = False
try:
results = api.whois(domain)
if results:
status_ok = True
item_registrant = __select_registrant_item(results)
r.append({
'types': ['whois-registrant-email', 'whois-registrant-phone',
'whois-registrant-name', 'whois-registrar',
'whois-creation-date'],
'values': [item_registrant['email'],
item_registrant['telephone'],
item_registrant['name'], results['registrarName'],
results['creationDate']],
'categories': ['attribution'],
'comment': 'whois information of %s by securitytrails' % domain
}
)
except APIError as e:
misperrors['error'] = e
return r, status_ok
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo
return moduleinfo
def __select_registrant_item(entry):
if 'contacts' in entry:
for c in entry['contacts']:
if c['type'] == 'registrant':
return entry

Loading…
Cancel
Save