MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

updated

pull/615/head
Usama015 2023-06-13 18:57:33 +05:00
parent ee5d503fc4
commit ea2ccc1004
1 changed files with 4 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
misp_modules/modules/expansion/whoisfreaks.py
View File

@ -1,7 +1,10 @@
import json import json
import logging
import requests import requests
from . import check_input_attribute, standard_error_message
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
mispattributes = { mispattributes = {
'input': ['domain'], 'input': ['domain'],
@ -23,7 +26,7 @@ def handler(q=False):
request = json.loads(q) request = json.loads(q)
if 'config' not in request or ('apiKey' not in request['config']): if 'config' not in request or (not (request['config'].get('apikey') or ('apiKey' in request['config']))):
misperrors['error'] = 'WhoisFreaks authentication is missing' + request misperrors['error'] = 'WhoisFreaks authentication is missing' + request
return misperrors return misperrors
@ -32,56 +35,13 @@ def handler(q=False):
if request.get('domain'): if request.get('domain'):
domain = request['domain'] domain = request['domain']
return handle_domain(apiKey, domain, misperrors) return handle_domain(apiKey, domain, misperrors)
elif request.get('email'):
email = request['email']
return handle_email(apiKey, email, misperrors)
else: else:
misperrors['error'] = "Unsupported attributes types" misperrors['error'] = "Unsupported attributes types"
return misperrors return misperrors
else: else:
return False return False
def handle_email(apiKey, email, errors):
result_filtered = {"results": []}
r, status_ok = expand_email(apiKey, email)
if status_ok:
if r:
result_filtered['results'].extend(r)
return result_filtered
def expand_email(apiKey, email):
r = []
domains = []
status_ok = False
try:
results = get_reverse_whois_response(email, apiKey)
if results:
status_ok = True
if 'whois_domains_historical' in results:
for record in results['whois_domains_historical']:
if 'domain_name' in record:
domains.append(record['domain_name'])
r.append(
{
'types': ['domain'],
'values': domains,
'categories': ['Attribution'],
'comment': 'Creation Date for %s by whoisFreaks'
% email
}
)
except Exception:
misperrors['error'] = "Error while processing Whois Data"
return [], False
return r, status_ok
def handle_domain(apiKey, domain, errors): def handle_domain(apiKey, domain, errors):
result_filtered = {"results": []} result_filtered = {"results": []}
r, status_ok = expand_whois(apiKey, domain) r, status_ok = expand_whois(apiKey, domain)
@ -257,15 +217,6 @@ def get_dns_response(domain, apiKey):
return {'error': f'Error while querying whoisfreaks.com - {query.status_code}: {query.reason}'} return {'error': f'Error while querying whoisfreaks.com - {query.status_code}: {query.reason}'}
return query.json() return query.json()
def get_reverse_whois_response(email, apiKey):
query = requests.get(
f"https://api.whoisfreaks.com/v1.0/whois?apiKey={apiKey}&whois=reverse&email={email}"
)
if query.status_code != 200 and query.status_code != 206:
return {'error': f'Error while querying whoisfreaks.com - {query.status_code}: {query.reason}'}
return query.json()
def introspection(): def introspection():
return mispattributes return mispattributes