def victimobject(uid): try: http = Indicator.query.filter(Indicator.object == uid).first() newdict = helpers.row_to_dict(http) settings = Setting.query.filter_by(_id=1).first() taglist = http.tags.split(",") temprel = {} if http.relationships: rellist = http.relationships.split(",") for rel in rellist: reltype = Indicator.query.filter(Indicator.object == rel) temprel[reltype.object] = reltype.type reldata = len(temprel) jsonvt = "" whoisdata = "" odnsdata = "" circldata = "" circlssl = "" pt_pdns_data = "" pt_whois_data = "" pt_pssl_data = "" pt_host_attr_data = "" farsightdata = "" # shodaninfo = "" # Run ipwhois or domainwhois based on the type of indicator if str(http.type) == "IPv4" or str(http.type) == "IPv6": if settings.vtinfo == "on": jsonvt = virustotal.vt_ipv4_lookup(str(http.object)) if settings.whoisinfo == "on": whoisdata = whoisinfo.ipwhois(str(http.object)) if settings.odnsinfo == "on": odnsdata = opendns.ip_investigate(str(http.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(http.object)) if settings.circlssl == "on": circlssl = circl.circlssl(str(http.object)) if settings.pt_pdns == "on": pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object)) if settings.pt_whois == "on": pt_whois_data = passivetotal.pt_lookup('whois', str(http.object)) if settings.pt_pssl == "on": pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object)) if settings.pt_host_attr == "on": pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object)) if settings.farsightinfo == "on": farsightdata = farsight.farsightip(str(http.object)) elif str(http.type) == "Domain": if settings.whoisinfo == "on": whoisdata = whoisinfo.domainwhois(str(http.object)) if settings.vtinfo == "on": jsonvt = virustotal.vt_domain_lookup(str(http.object)) if settings.odnsinfo == "on": odnsdata = opendns.domains_investigate( str(http.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(http.object)) if settings.pt_pdns == "on": pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object)) if settings.pt_whois == "on": pt_whois_data = passivetotal.pt_lookup('whois', str(http.object)) if settings.pt_pssl == "on": pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object)) if settings.pt_host_attr == "on": pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object)) if settings.whoisinfo == "on": if str(http.type) == "Domain": address = str(whoisdata['city']) + ", " + str( whoisdata['country']) else: address = str(whoisdata['nets'][0]['city']) + ", " + str( whoisdata['nets'][0]['country']) else: address = "Information about " + str(http.object) return render_template('victimobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata, odnsdata=odnsdata, circldata=circldata, circlssl=circlssl, settingsvars=settings, address=address, temprel=temprel, reldata=reldata, taglist=taglist, farsightdata=farsightdata, pt_pdns_data=pt_pdns_data, pt_whois_data=pt_whois_data, pt_pssl_data=pt_pssl_data, pt_host_attr_data=pt_host_attr_data) except Exception as e: return render_template('error.html', error=e)
def objectsummary(uid): try: row = Indicator.query.filter_by(object=uid).first() newdict = helpers.row_to_dict(row) settings = Setting.query.filter_by(_id=1).first() taglist = row.tags.split(",") temprel = {} if row.relationships: rellist = row.relationships.split(",") for rel in rellist: row = Indicator.query.filter_by(object=rel).first() temprel[row.object] = row.type reldata = len(temprel) jsonvt = "" whoisdata = "" odnsdata = "" circldata = "" circlssl = "" ptdata = "" farsightdata = "" shodandata = "" # Run ipwhois or domainwhois based on the type of indicator if str(row.type) == "IPv4" or str(row.type) == "IPv6": if settings.vtinfo == "on": jsonvt = virustotal.vt_ipv4_lookup(str(row.object)) if settings.whoisinfo == "on": whoisdata = whoisinfo.ipwhois(str(row.object)) if settings.odnsinfo == "on": odnsdata = investigate.ip_query(str(row.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.object)) if settings.circlssl == "on": circlssl = circl.circlssl(str(row.object)) if settings.ptinfo == "on": ptdata = passivetotal.pt(str(row.object)) if settings.farsightinfo == "on": farsightdata = farsight.farsightip(str(row.object)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.object)) elif str(row.type) == "Domain": if settings.whoisinfo == "on": whoisdata = whoisinfo.domainwhois(str(row.object)) if settings.vtinfo == "on": jsonvt = virustotal.vt_domain_lookup(str(row.object)) if settings.odnsinfo == "on": odnsdata = investigate.domain_categories(str(row.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.object)) if settings.ptinfo == "on": ptdata = passivetotal.pt(str(row.object)) if settings.farsightinfo == "on": farsightdata = farsight.farsightdomain(str(row.object)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.object)) if settings.whoisinfo == "on": if str(row.type) == "Domain": address = str(whoisdata['city']) + ", " + str(whoisdata['country']) else: address = str(whoisdata['nets'][0]['city']) + ", " + str( whoisdata['nets'][0]['country']) else: address = "Information about " + str(row.object) return render_template('networkobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata, odnsdata=odnsdata, settingsvars=settings, address=address, ptdata=ptdata, temprel=temprel, circldata=circldata, circlssl=circlssl, reldata=reldata, taglist=taglist, farsightdata=farsightdata, shodandata=shodandata) except Exception as e: return render_template('error.html', error=e)
def objectsummary(uid): try: row = Indicator.query.filter_by(object=uid).first() newdict = helpers.row_to_dict(row) settings = Setting.query.filter_by(_id=1).first() taglist = row.tags.split(",") temprel = {} if row.relationships: rellist = row.relationships.split(",") for rel in rellist: # Won't this make the 3rd party lookups use the relationship object rather than the original object? row_rel = Indicator.query.filter_by(object=rel).first() temprel[row_rel.object] = row.type reldata = len(temprel) jsonvt = "" whoisdata = "" odnsdata = "" circldata = "" circlssl = "" ptdata = "" farsightdata = "" shodandata = "" # Run ipwhois or domainwhois based on the type of indicator if str(row.type) == "IPv4" or str(row.type) == "IPv6": if settings.vtinfo == "on": jsonvt = virustotal.vt_ipv4_lookup(str(row.object)) if settings.whoisinfo == "on": whoisdata = whoisinfo.ipwhois(str(row.object)) if settings.odnsinfo == "on": odnsdata = investigate.ip_query(str(row.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.object)) if settings.circlssl == "on": circlssl = circl.circlssl(str(row.object)) if settings.ptinfo == "on": ptdata = passivetotal.pt(str(row.object)) if settings.farsightinfo == "on": farsightdata = farsight.farsightip(str(row.object)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.object)) elif str(row.type) == "Domain": if settings.whoisinfo == "on": whoisdata = whoisinfo.domainwhois(str(row.object)) if settings.vtinfo == "on": jsonvt = virustotal.vt_domain_lookup(str(row.object)) if settings.odnsinfo == "on": odnsdata = investigate.domain_categories(str(row.object)) if settings.circlinfo == "on": circldata = circl.circlquery(str(row.object)) if settings.ptinfo == "on": ptdata = passivetotal.pt(str(row.object)) if settings.farsightinfo == "on": farsightdata = farsight.farsightdomain(str(row.object)) if settings.shodaninfo == "on": shodandata = shodan.shodan(str(row.object)) if settings.whoisinfo == "on": if whoisdata: if str(row.type) == "Domain": address = str(whoisdata['city']) + ", " + str(whoisdata['country']) else: address = str(whoisdata['nets'][0]['city']) + ", " + str( whoisdata['nets'][0]['country']) else: address = None else: address = "Information about " + str(row.object) return render_template('networkobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata, odnsdata=odnsdata, settingsvars=settings, address=address, ptdata=ptdata, temprel=temprel, circldata=circldata, circlssl=circlssl, reldata=reldata, taglist=taglist, farsightdata=farsightdata, shodandata=shodandata) except Exception as e: return render_template('error.html', error=e)