history whois dns

5 years ago · 576b3c9b9b
parent 51067039da
commit 576b3c9b9b
1 changed files with 60 additions and 1 deletions
--- a/misp_modules/modules/expansion/securitytrails.py
+++ b/misp_modules/modules/expansion/securitytrails.py
@ -340,7 +340,7 @@ def expand_history_ipv4_ipv6(api, domain):

    except APIError as e:
        misperrors['error'] = e
-        print(e)
+        return [], False

    return r, status_ok

@ -372,12 +372,71 @@ def expand_history_dns(api, domain):

    except APIError as e:
        misperrors['error'] = e
+        return [], False

    status_ok = True

    return r, status_ok


+def expand_history_whois(api, domain):
+    r = []
+    status_ok = False
+    try:
+        results = api.history_whois(domain)
+
+        if results:
+
+            if 'items' in results['results']:
+                for item in results['results']['items']:
+                    item_registrant = __select_registrant_item(item)
+
+                    r.extend(
+                        {
+                            'type': ['domain'],
+                            'values': item['nameServers'],
+                            'categories': ['Network activity'],
+                            'comment': 'Whois history Name Servers of %s '
+                                       'Status: %s ' % (domain, item['status'])
+
+                        }
+                    )
+                    if 'email' in item_registrant:
+                        r.append(
+                            {
+                                'types': ['whois-registrant-email'],
+                                'values': [item_registrant['email']],
+                                'categories': ['Attribution'],
+                                'comment': 'Whois history registrant email of %s'
+                                           'Status: %s' % (
+                                               domain, item['status'])
+                            }
+                        )
+
+                    if 'telephone' in item_registrant:
+                        r.append(
+                            {
+                                'types': ['whois-registrant-phone'],
+                                'values': [item_registrant['telephone']],
+                                'categories': ['Attribution'],
+                                'comment': 'Whois history registrant phone of %s'
+                                           'Status: %s' % (
+                                               domain, item['status'])
+                            }
+                        )
+
+
+
+
+    except APIError as e:
+        misperrors['error'] = e
+        return [], False
+
+
+
+    return r, status_ok
+
+
 def __history_ip(results, domain, type_ip='ip'):
    r = []
    if 'records' in results: