Beispiel #1
0
def victimobject(uid):
    try:
        http = Indicator.query.filter(Indicator.object == uid).first()
        newdict = helpers.row_to_dict(http)
        settings = Setting.query.filter_by(_id=1).first()
        taglist = http.tags.split(",")

        temprel = {}
        if http.relationships:
            rellist = http.relationships.split(",")
            for rel in rellist:
                reltype = Indicator.query.filter(Indicator.object == rel)
                if reltype:
                    temprel[reltype.object] = reltype.type

        reldata = len(temprel)
        jsonvt = ""
        whoisdata = ""
        odnsdata = ""
        circldata = ""
        circlssl = ""
        ptdata = ""
        farsightdata = ""
        # shodaninfo = ""
        # Run ipwhois or domainwhois based on the type of indicator
        if str(http.type) == "IPv4" or str(http.type) == "IPv6":
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_ipv4_lookup(str(http.object))
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.ipwhois(str(http.object))
            if settings.odnsinfo == "on":
                odnsdata = investigate.ip_query(str(http.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(http.object))
            if settings.circlssl == "on":
                circlssl = circl.circlssl(str(http.object))
            if settings.ptinfo == "on":
                ptdata = passivetotal.pt(str(http.object))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightip(str(http.object))
        elif str(http.type) == "Domain":
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.domainwhois(str(http.object))
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_domain_lookup(str(http.object))
            if settings.odnsinfo == "on":
                odnsdata = investigate.domain_categories(
                    str(http.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(http.object))
            if settings.ptinfo == "on":
                ptdata = passivetotal.pt(str(http.object))
        if settings.whoisinfo == "on":
            if str(http.type) == "Domain":
                address = str(whoisdata['city']) + ", " + str(
                    whoisdata['country'])
            else:
                address = str(whoisdata['nets'][0]['city']) + ", " + str(
                    whoisdata['nets'][0]['country'])
        else:
            address = "Information about " + str(http.object)
        return render_template('victimobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
                               odnsdata=odnsdata, circldata=circldata, circlssl=circlssl, settingsvars=settings,
                               address=address, temprel=temprel, reldata=reldata, taglist=taglist, ptdata=ptdata,
                               farsightdata=farsightdata)
    except Exception as e:
        return render_template('error.html', error=e)
Beispiel #2
0
def victimobject(uid):
    try:
        http = Indicator.query.filter(Indicator.object == uid).first()
        newdict = helpers.row_to_dict(http)
        settings = Setting.query.filter_by(_id=1).first()
        taglist = http.tags.split(",")

        temprel = {}
        if http.relationships:
            rellist = http.relationships.split(",")
            for rel in rellist:
                reltype = Indicator.query.filter(Indicator.object == rel)
                temprel[reltype.object] = reltype.type

        reldata = len(temprel)
        jsonvt = ""
        whoisdata = ""
        odnsdata = ""
        circldata = ""
        circlssl = ""
        ptdata = ""
        farsightdata = ""
        # shodaninfo = ""
        # Run ipwhois or domainwhois based on the type of indicator
        if str(http.type) == "IPv4" or str(http.type) == "IPv6":
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_ipv4_lookup(str(http.object))
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.ipwhois(str(http.object))
            if settings.odnsinfo == "on":
                odnsdata = investigate.ip_query(str(http.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(http.object))
            if settings.circlssl == "on":
                circlssl = circl.circlssl(str(http.object))
            if settings.ptinfo == "on":
                ptdata = passivetotal.pt(str(http.object))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightip(str(http.object))
        elif str(http.type) == "Domain":
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.domainwhois(str(http.object))
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_domain_lookup(str(http.object))
            if settings.odnsinfo == "on":
                odnsdata = investigate.domain_categories(
                    str(http.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(http.object))
            if settings.ptinfo == "on":
                ptdata = passivetotal.pt(str(http.object))
        if settings.whoisinfo == "on":
            if str(http.type) == "Domain":
                address = str(whoisdata['city']) + ", " + str(
                    whoisdata['country'])
            else:
                address = str(whoisdata['nets'][0]['city']) + ", " + str(
                    whoisdata['nets'][0]['country'])
        else:
            address = "Information about " + str(http.object)
        return render_template('victimobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
                               odnsdata=odnsdata, circldata=circldata, circlssl=circlssl, settingsvars=settings,
                               address=address, temprel=temprel, reldata=reldata, taglist=taglist, ptdata=ptdata,
                               farsightdata=farsightdata)
    except Exception as e:
        return render_template('error.html', error=e)
Beispiel #3
0
def objectsummary(uid):
    try:
        row = Indicator.query.filter_by(object=uid).first()
        newdict = helpers.row_to_dict(row)
        settings = Setting.query.filter_by(_id=1).first()
        taglist = row.tags.split(",")

        temprel = {}
        if row.relationships:
            rellist = row.relationships.split(",")
            for rel in rellist:
                # Won't this make the 3rd party lookups use the relationship object rather than the original object?
                row_rel = Indicator.query.filter_by(object=rel).first()
                temprel[row_rel.object] = row.type

        reldata = len(temprel)
        jsonvt = ""
        whoisdata = ""
        odnsdata = ""
        circldata = ""
        circlssl = ""
        ptdata = ""
        farsightdata = ""
        shodandata = ""
        # Run ipwhois or domainwhois based on the type of indicator
        if str(row.type) == "IPv4" or str(row.type) == "IPv6":
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_ipv4_lookup(str(row.object))
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.ipwhois(str(row.object))
            if settings.odnsinfo == "on":
                odnsdata = investigate.ip_query(str(row.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(row.object))
            if settings.circlssl == "on":
                circlssl = circl.circlssl(str(row.object))
            if settings.ptinfo == "on":
                ptdata = passivetotal.pt(str(row.object))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightip(str(row.object))
            if settings.shodaninfo == "on":
                shodandata = shodan.shodan(str(row.object))

        elif str(row.type) == "Domain":
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.domainwhois(str(row.object))
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_domain_lookup(str(row.object))
            if settings.odnsinfo == "on":
                odnsdata = investigate.domain_categories(str(row.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(row.object))
            if settings.ptinfo == "on":
                ptdata = passivetotal.pt(str(row.object))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightdomain(str(row.object))
            if settings.shodaninfo == "on":
                shodandata = shodan.shodan(str(row.object))

        if settings.whoisinfo == "on":
            if whoisdata:
                if str(row.type) == "Domain":
                    address = str(whoisdata['city']) + ", " + str(whoisdata['country'])
                else:
                    address = str(whoisdata['nets'][0]['city']) + ", " + str(
                        whoisdata['nets'][0]['country'])
            else:
                address = None
        else:
            address = "Information about " + str(row.object)
        return render_template('networkobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
                               odnsdata=odnsdata, settingsvars=settings, address=address,
                               ptdata=ptdata, temprel=temprel, circldata=circldata, circlssl=circlssl, reldata=reldata,
                               taglist=taglist, farsightdata=farsightdata, shodandata=shodandata)
    except Exception as e:
        return render_template('error.html', error=e)