MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

history whois dns

pull/208/head
Sebdraven 2018-07-12 13:40:51 +02:00
parent 51067039da
commit 576b3c9b9b
1 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
misp_modules/modules/expansion/securitytrails.py
View File

@ -340,7 +340,7 @@ def expand_history_ipv4_ipv6(api, domain):
except APIError as e:
misperrors['error'] = e
print(e)
return [], False
return r, status_ok
@ -372,12 +372,71 @@ def expand_history_dns(api, domain):
except APIError as e:
misperrors['error'] = e
return [], False
status_ok = True
return r, status_ok
def expand_history_whois(api, domain):
r = []
status_ok = False
try:
results = api.history_whois(domain)
if results:
if 'items' in results['results']:
for item in results['results']['items']:
item_registrant = __select_registrant_item(item)
r.extend(
{
'type': ['domain'],
'values': item['nameServers'],
'categories': ['Network activity'],
'comment': 'Whois history Name Servers of %s '
'Status: %s ' % (domain, item['status'])
}
)
if 'email' in item_registrant:
r.append(
{
'types': ['whois-registrant-email'],
'values': [item_registrant['email']],
'categories': ['Attribution'],
'comment': 'Whois history registrant email of %s'
'Status: %s' % (
domain, item['status'])
}
)
if 'telephone' in item_registrant:
r.append(
{
'types': ['whois-registrant-phone'],
'values': [item_registrant['telephone']],
'categories': ['Attribution'],
'comment': 'Whois history registrant phone of %s'
'Status: %s' % (
domain, item['status'])
}
)
except APIError as e:
misperrors['error'] = e
return [], False
return r, status_ok
def __history_ip(results, domain, type_ip='ip'):
r = []
if 'records' in results: