added Reverse API

2023-06-13 16:38:56 +05:00 · 2023-06-13 16:38:56 +05:00 · 5b5eaddf5e
parent bb60e4742e
commit 5b5eaddf5e
1 changed files with 53 additions and 1 deletions
--- a/misp_modules/modules/expansion/whoisfreaks.py
+++ b/misp_modules/modules/expansion/whoisfreaks.py
@ -26,7 +26,7 @@ def handler(q=False):

        request = json.loads(q)

-        if 'config' not in request or (not (request['config'].get('apikey') or ('apiKey' in request['config']))):
+        if 'config' not in request or (not ('apiKey' in request['config'])):
            misperrors['error'] = 'WhoisFreaks authentication is missing' + request
            return misperrors

@ -35,13 +35,56 @@ def handler(q=False):
        if request.get('domain'):
            domain = request['domain']
            return handle_domain(apiKey, domain, misperrors)
+        elif request.get('email'):
+            email = request['email']
+            return handle_email(apiKey, email, misperrors)
        else:
            misperrors['error'] = "Unsupported attributes types"
            return misperrors
    else:
        return False

+def handle_email(apiKey, email, errors):
+    result_filtered = {"results": []}
+    r, status_ok = expand_email(apiKey, email)
+    if status_ok:
+        if r:
+            result_filtered['results'].extend(r)
+    
+    return result_filtered
+    
+def expand_email(apiKey, email):
+    r = []
+    domains = []
+    status_ok = False

+    try:
+        results = get_reverse_whois_response(email, apiKey)
+
+        if results:
+            status_ok = True
+            
+            if 'whois_domains_historical' in results:
+                for record in results['whois_domains_historical']:
+                    if 'domain_name' in record:
+                        domains.append(record['domain_name'])
+                        
+                r.append(
+                    {
+                        'types': ['domain'],
+                        'values': domains,
+                        'categories': ['Attribution'],
+                        'comment': 'Creation Date for %s by whoisFreaks'
+                                   % email
+                    }
+                )
+
+    except Exception:
+        misperrors['error'] = "Error while processing Whois Data"
+        return [], False
+
+    return r, status_ok
+    
 def handle_domain(apiKey, domain, errors):
    result_filtered = {"results": []}
    r, status_ok = expand_whois(apiKey, domain)
@ -217,6 +260,15 @@ def get_dns_response(domain, apiKey):
        return {'error': f'Error while querying whoisfreaks.com - {query.status_code}: {query.reason}'}
    return query.json()

+
+def get_reverse_whois_response(email, apiKey):
+    query = requests.get(
+        f"https://api.whoisfreaks.com/v1.0/whois?apiKey={apiKey}&whois=reverse&email={email}"
+    )
+    if query.status_code != 200 and query.status_code != 206:
+        return {'error': f'Error while querying whoisfreaks.com - {query.status_code}: {query.reason}'}
+    return query.json()
+
 def introspection():
    return mispattributes