mirror of https://github.com/MISP/misp-modules
added Reverse API
parent
bb60e4742e
commit
5b5eaddf5e
misp_modules/modules/expansion
|
@ -26,7 +26,7 @@ def handler(q=False):
|
|||
|
||||
request = json.loads(q)
|
||||
|
||||
if 'config' not in request or (not (request['config'].get('apikey') or ('apiKey' in request['config']))):
|
||||
if 'config' not in request or (not ('apiKey' in request['config'])):
|
||||
misperrors['error'] = 'WhoisFreaks authentication is missing' + request
|
||||
return misperrors
|
||||
|
||||
|
@ -35,13 +35,56 @@ def handler(q=False):
|
|||
if request.get('domain'):
|
||||
domain = request['domain']
|
||||
return handle_domain(apiKey, domain, misperrors)
|
||||
elif request.get('email'):
|
||||
email = request['email']
|
||||
return handle_email(apiKey, email, misperrors)
|
||||
else:
|
||||
misperrors['error'] = "Unsupported attributes types"
|
||||
return misperrors
|
||||
else:
|
||||
return False
|
||||
|
||||
def handle_email(apiKey, email, errors):
|
||||
result_filtered = {"results": []}
|
||||
r, status_ok = expand_email(apiKey, email)
|
||||
if status_ok:
|
||||
if r:
|
||||
result_filtered['results'].extend(r)
|
||||
|
||||
return result_filtered
|
||||
|
||||
def expand_email(apiKey, email):
|
||||
r = []
|
||||
domains = []
|
||||
status_ok = False
|
||||
|
||||
try:
|
||||
results = get_reverse_whois_response(email, apiKey)
|
||||
|
||||
if results:
|
||||
status_ok = True
|
||||
|
||||
if 'whois_domains_historical' in results:
|
||||
for record in results['whois_domains_historical']:
|
||||
if 'domain_name' in record:
|
||||
domains.append(record['domain_name'])
|
||||
|
||||
r.append(
|
||||
{
|
||||
'types': ['domain'],
|
||||
'values': domains,
|
||||
'categories': ['Attribution'],
|
||||
'comment': 'Creation Date for %s by whoisFreaks'
|
||||
% email
|
||||
}
|
||||
)
|
||||
|
||||
except Exception:
|
||||
misperrors['error'] = "Error while processing Whois Data"
|
||||
return [], False
|
||||
|
||||
return r, status_ok
|
||||
|
||||
def handle_domain(apiKey, domain, errors):
|
||||
result_filtered = {"results": []}
|
||||
r, status_ok = expand_whois(apiKey, domain)
|
||||
|
@ -217,6 +260,15 @@ def get_dns_response(domain, apiKey):
|
|||
return {'error': f'Error while querying whoisfreaks.com - {query.status_code}: {query.reason}'}
|
||||
return query.json()
|
||||
|
||||
|
||||
def get_reverse_whois_response(email, apiKey):
|
||||
query = requests.get(
|
||||
f"https://api.whoisfreaks.com/v1.0/whois?apiKey={apiKey}&whois=reverse&email={email}"
|
||||
)
|
||||
if query.status_code != 200 and query.status_code != 206:
|
||||
return {'error': f'Error while querying whoisfreaks.com - {query.status_code}: {query.reason}'}
|
||||
return query.json()
|
||||
|
||||
def introspection():
|
||||
return mispattributes
|
||||
|
||||
|
|
Loading…
Reference in New Issue