From f47a64b3647fde0cf70d582dac831beada066779 Mon Sep 17 00:00:00 2001 From: Sebdraven Date: Wed, 11 Jul 2018 11:24:49 +0200 Subject: [PATCH] add history mx and soa --- misp_modules/modules/expansion/dnstrails.py | 49 +++++++++++++++------ 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/misp_modules/modules/expansion/dnstrails.py b/misp_modules/modules/expansion/dnstrails.py index 89e45ec..0e79ad0 100644 --- a/misp_modules/modules/expansion/dnstrails.py +++ b/misp_modules/modules/expansion/dnstrails.py @@ -346,20 +346,23 @@ def expand_history_dns(api, domain): if results: status_ok = True - if 'records' in results: - for record in results['records']: - if 'values' in record: - for item in record['values']: - r.append( - {'types': ['domain|ip'], - 'values': [ - '%s|%s' % (domain, item['nameserver'])], - 'categories': ['Network activity'], - 'comment': 'history DNS of %s last seen: %s first seen: %s' % - (domain, record['last_seen'], - record['first_seen']) - } - ) + r.extend(__history_dns(results, domain, 'nameserver', 'ns')) + + time.sleep(1) + + results = api.history_dns_soa(results, domain) + + if results: + status_ok = True + r.extend(__history_dns(results, domain, 'email', 'soa')) + + time.sleep(1) + + results = api.history_dns_mx(domain) + + if results: + status_ok = True + r.extend(__history_dns(results, domain, 'host', 'mx')) except APIError as e: misperrors['error'] = e @@ -387,6 +390,24 @@ def __history_ip(results, domain, type_ip='ip'): return r +def __history_dns(results, domain, type_serv, service): + r = [] + + if 'records' in results: + for record in results['records']: + if 'values' in record: + for item in record['values']: + r.append( + {'types': ['domain|ip'], + 'values': [item[type_serv]], + 'categories': ['Network activity'], + 'comment': 'history %s of %s last seen: %s first seen: %s' % + (service, domain, record['last_seen'], + record['first_seen']) + } + ) + return r + def introspection(): return mispattributes