From 54d996cb00b47046558c5ad30c12bda5066fe9aa Mon Sep 17 00:00:00 2001 From: Sebdraven Date: Wed, 11 Jul 2018 09:39:09 +0200 Subject: [PATCH] add history dns --- misp_modules/modules/expansion/dnstrails.py | 42 +++++++++++++++++---- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/misp_modules/modules/expansion/dnstrails.py b/misp_modules/modules/expansion/dnstrails.py index ee9f1ad..24e252b 100644 --- a/misp_modules/modules/expansion/dnstrails.py +++ b/misp_modules/modules/expansion/dnstrails.py @@ -295,11 +295,6 @@ def expand_whois(api, domain): } ) - - # TODO File "modules/expansion/dnstrails.py", line 230, in expand_whois - # 'values': [item_registrant['email'], - # TypeError: 'NoneType' object is not subscriptable - except APIError as e: misperrors['error'] = e print(e) @@ -332,6 +327,37 @@ def expand_history_ipv4_ipv6(api, domain): return r, status_ok +def expand_history_dns(api, domain): + r = [] + status_ok = False + + try: + + results = api.history_dns_ns(domain) + if results: + status_ok = True + + if 'records' in results: + for record in results['records']: + if 'values' in record: + for item in record['values']: + r.append( + {'types': ['domain|ip'], + 'values': [ + '%s|%s' % (domain, item['nameserver'])], + 'categories': ['Network activity'], + 'comment': 'history DNS of %s last seen: %s first seen: %s' % + (domain, record['last_seen'], + record['first_seen']) + } + ) + + except APIError as e: + misperrors['error'] = e + + return r, status_ok + + def __history_ip(results, domain, type_ip='ip'): r = [] if 'records' in results: @@ -342,14 +368,16 @@ def __history_ip(results, domain, type_ip='ip'): {'types': ['domain|ip'], 'values': ['%s|%s' % (domain, item[type_ip])], 'categories': ['Network activity'], - 'comment': 'last seen: %s first seen: %s' % - (record['last_seen'], + 'comment': 'History IP on securitytrails %s ' + 'last seen: %s first seen: %s' % + (domain, record['last_seen'], record['first_seen']) } ) return r + def introspection(): return mispattributes