add history ipv4

pull/208/head
Sebdraven 2018-07-10 16:31:39 +02:00
parent 21794249d0
commit 495c720d0f
1 changed files with 58 additions and 17 deletions

View File

@ -9,7 +9,8 @@ log = logging.getLogger('dnstrails')
log.setLevel(logging.DEBUG) log.setLevel(logging.DEBUG)
ch = logging.StreamHandler(sys.stdout) ch = logging.StreamHandler(sys.stdout)
ch.setLevel(logging.DEBUG) ch.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s') formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s')
ch.setFormatter(formatter) ch.setFormatter(formatter)
log.addHandler(ch) log.addHandler(ch)
@ -94,13 +95,22 @@ def handle_domain(api, domain, misperrors):
misperrors['error'] = 'Error whois result' misperrors['error'] = 'Error whois result'
return misperrors return misperrors
r, status_ok = expand_history_ipv4(api, domain)
if status_ok:
result_filtered['results'].extend(r)
else:
misperrors['error'] = 'Error history ipv4'
return misperrors
return result_filtered return result_filtered
def handle_ip(api, ip, misperrors): def handle_ip(api, ip, misperrors):
pass pass
def expand_domain_info(api, misperror,domain): def expand_domain_info(api, misperror, domain):
r = [] r = []
status_ok = False status_ok = False
ns_servers = [] ns_servers = []
@ -142,12 +152,14 @@ def expand_domain_info(api, misperror,domain):
'values': ns_servers, 'values': ns_servers,
'categories': ['Network activity'], 'categories': ['Network activity'],
'comment': 'List of name servers of %s first seen %s ' % 'comment': 'List of name servers of %s first seen %s ' %
(domain, results['current_dns']['ns']['first_seen']) (domain,
results['current_dns']['ns']['first_seen'])
}) })
if list_ipv4: if list_ipv4:
r.append({'types': ['domain|ip'], r.append({'types': ['domain|ip'],
'values': ['%s|%s' % (domain, ipv4) for ipv4 in list_ipv4], 'values': ['%s|%s' % (domain, ipv4) for ipv4 in
list_ipv4],
'categories': ['Network activity'], 'categories': ['Network activity'],
'comment': ' List ipv4 of %s first seen %s' % 'comment': ' List ipv4 of %s first seen %s' %
@ -188,11 +200,9 @@ def expand_domain_info(api, misperror,domain):
def expand_subdomains(api, domain): def expand_subdomains(api, domain):
r = [] r = []
status_ok = False status_ok = False
try: try:
results = api.subdomains(domain) results = api.subdomains(domain)
@ -201,7 +211,8 @@ def expand_subdomains(api, domain):
if 'subdomains' in results: if 'subdomains' in results:
r.append({ r.append({
'types': ['domain'], 'types': ['domain'],
'values': ['%s.%s' % (sub,domain) for sub in results['subdomains']], 'values': ['%s.%s' % (sub, domain)
for sub in results['subdomains']],
'categories': ['Network activity'], 'categories': ['Network activity'],
'comment': 'subdomains of %s' % domain 'comment': 'subdomains of %s' % domain
} }
@ -248,6 +259,36 @@ def expand_whois(api, domain):
return r, status_ok return r, status_ok
def expand_history_ipv4(api, domain):
r = []
status_ok = False
try:
results = api.history_dns_ipv4(domain)
if results:
status_ok = True
if 'records' in results:
for record in results['records']:
if 'values' in record:
r.append(
{'type': ['domain|ip'],
'values': ['%s|%s' % (domain, record['ip'])],
'categories': ['Newtwork activity'],
'comment': 'last seen: %s first seen: %s' %
(record['last_seen'],
record['first_seen'])
}
)
except APIError as e:
misperrors['error'] = e
print(e)
return r, status_ok
def introspection(): def introspection():
return mispattributes return mispattributes