From 576b3c9b9bdb2c8c66268c44b041646a014bcbac Mon Sep 17 00:00:00 2001
From: Sebdraven <slarinier@gmail.com>
Date: Thu, 12 Jul 2018 13:40:51 +0200
Subject: [PATCH] history whois dns

---
 .../modules/expansion/securitytrails.py       | 61 ++++++++++++++++++-
 1 file changed, 60 insertions(+), 1 deletion(-)

diff --git a/misp_modules/modules/expansion/securitytrails.py b/misp_modules/modules/expansion/securitytrails.py
index e97b493..e23184d 100644
--- a/misp_modules/modules/expansion/securitytrails.py
+++ b/misp_modules/modules/expansion/securitytrails.py
@@ -340,7 +340,7 @@ def expand_history_ipv4_ipv6(api, domain):
 
     except APIError as e:
         misperrors['error'] = e
-        print(e)
+        return [], False
 
     return r, status_ok
 
@@ -372,12 +372,71 @@ def expand_history_dns(api, domain):
 
     except APIError as e:
         misperrors['error'] = e
+        return [], False
 
     status_ok = True
 
     return r, status_ok
 
 
+def expand_history_whois(api, domain):
+    r = []
+    status_ok = False
+    try:
+        results = api.history_whois(domain)
+
+        if results:
+
+            if 'items' in results['results']:
+                for item in results['results']['items']:
+                    item_registrant = __select_registrant_item(item)
+
+                    r.extend(
+                        {
+                            'type': ['domain'],
+                            'values': item['nameServers'],
+                            'categories': ['Network activity'],
+                            'comment': 'Whois history Name Servers of %s '
+                                       'Status: %s ' % (domain, item['status'])
+
+                        }
+                    )
+                    if 'email' in item_registrant:
+                        r.append(
+                            {
+                                'types': ['whois-registrant-email'],
+                                'values': [item_registrant['email']],
+                                'categories': ['Attribution'],
+                                'comment': 'Whois history registrant email of %s'
+                                           'Status: %s' % (
+                                               domain, item['status'])
+                            }
+                        )
+
+                    if 'telephone' in item_registrant:
+                        r.append(
+                            {
+                                'types': ['whois-registrant-phone'],
+                                'values': [item_registrant['telephone']],
+                                'categories': ['Attribution'],
+                                'comment': 'Whois history registrant phone of %s'
+                                           'Status: %s' % (
+                                               domain, item['status'])
+                            }
+                        )
+
+
+
+
+    except APIError as e:
+        misperrors['error'] = e
+        return [], False
+
+
+
+    return r, status_ok
+
+
 def __history_ip(results, domain, type_ip='ip'):
     r = []
     if 'records' in results: