MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

added Reverse API

pull/615/head
Usama015 2023-06-13 16:38:56 +05:00
parent bb60e4742e
commit 5b5eaddf5e
1 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
misp_modules/modules/expansion/whoisfreaks.py
View File

@ -26,7 +26,7 @@ def handler(q=False):
request = json.loads(q) request = json.loads(q)
if 'config' not in request or (not (request['config'].get('apikey') or ('apiKey' in request['config']))): if 'config' not in request or (not ('apiKey' in request['config'])):
misperrors['error'] = 'WhoisFreaks authentication is missing' + request misperrors['error'] = 'WhoisFreaks authentication is missing' + request
return misperrors return misperrors
@ -35,12 +35,55 @@ def handler(q=False):
if request.get('domain'): if request.get('domain'):
domain = request['domain'] domain = request['domain']
return handle_domain(apiKey, domain, misperrors) return handle_domain(apiKey, domain, misperrors)
elif request.get('email'):
email = request['email']
return handle_email(apiKey, email, misperrors)
else: else:
misperrors['error'] = "Unsupported attributes types" misperrors['error'] = "Unsupported attributes types"
return misperrors return misperrors
else: else:
return False return False
def handle_email(apiKey, email, errors):
result_filtered = {"results": []}
r, status_ok = expand_email(apiKey, email)
if status_ok:
if r:
result_filtered['results'].extend(r)
return result_filtered
def expand_email(apiKey, email):
r = []
domains = []
status_ok = False
try:
results = get_reverse_whois_response(email, apiKey)
if results:
status_ok = True
if 'whois_domains_historical' in results:
for record in results['whois_domains_historical']:
if 'domain_name' in record:
domains.append(record['domain_name'])
r.append(
{
'types': ['domain'],
'values': domains,
'categories': ['Attribution'],
'comment': 'Creation Date for %s by whoisFreaks'
% email
}
)
except Exception:
misperrors['error'] = "Error while processing Whois Data"
return [], False
return r, status_ok
def handle_domain(apiKey, domain, errors): def handle_domain(apiKey, domain, errors):
result_filtered = {"results": []} result_filtered = {"results": []}
@ -217,6 +260,15 @@ def get_dns_response(domain, apiKey):
return {'error': f'Error while querying whoisfreaks.com - {query.status_code}: {query.reason}'} return {'error': f'Error while querying whoisfreaks.com - {query.status_code}: {query.reason}'}
return query.json() return query.json()
def get_reverse_whois_response(email, apiKey):
query = requests.get(
f"https://api.whoisfreaks.com/v1.0/whois?apiKey={apiKey}&whois=reverse&email={email}"
)
if query.status_code != 200 and query.status_code != 206:
return {'error': f'Error while querying whoisfreaks.com - {query.status_code}: {query.reason}'}
return query.json()
def introspection(): def introspection():
return mispattributes return mispattributes