Example #1
0
def victimobject(uid):
    try:
        http = Indicator.query.filter(Indicator.object == uid).first()
        newdict = helpers.row_to_dict(http)
        settings = Setting.query.filter_by(_id=1).first()
        taglist = http.tags.split(",")

        temprel = {}
        if http.relationships:
            rellist = http.relationships.split(",")
            for rel in rellist:
                reltype = Indicator.query.filter(Indicator.object == rel)
                temprel[reltype.object] = reltype.type

        reldata = len(temprel)
        jsonvt = ""
        whoisdata = ""
        odnsdata = ""
        circldata = ""
        circlssl = ""
        pt_pdns_data = ""
        pt_whois_data = ""
        pt_pssl_data = ""
        pt_host_attr_data = ""
        farsightdata = ""
        # shodaninfo = ""
        # Run ipwhois or domainwhois based on the type of indicator
        if str(http.type) == "IPv4" or str(http.type) == "IPv6":
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_ipv4_lookup(str(http.object))
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.ipwhois(str(http.object))
            if settings.odnsinfo == "on":
                odnsdata = opendns.ip_investigate(str(http.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(http.object))
            if settings.circlssl == "on":
                circlssl = circl.circlssl(str(http.object))
            if settings.pt_pdns == "on":
                pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object))
            if settings.pt_whois == "on":
                pt_whois_data = passivetotal.pt_lookup('whois', str(http.object))
            if settings.pt_pssl == "on":
                pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object))
            if settings.pt_host_attr == "on":
                pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightip(str(http.object))
        elif str(http.type) == "Domain":
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.domainwhois(str(http.object))
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_domain_lookup(str(http.object))
            if settings.odnsinfo == "on":
                odnsdata = opendns.domains_investigate(
                    str(http.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(http.object))
            if settings.pt_pdns == "on":
                pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object))
            if settings.pt_whois == "on":
                pt_whois_data = passivetotal.pt_lookup('whois', str(http.object))
            if settings.pt_pssl == "on":
                pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object))
            if settings.pt_host_attr == "on":
                pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object))
        if settings.whoisinfo == "on":
            if str(http.type) == "Domain":
                address = str(whoisdata['city']) + ", " + str(
                    whoisdata['country'])
            else:
                address = str(whoisdata['nets'][0]['city']) + ", " + str(
                    whoisdata['nets'][0]['country'])
        else:
            address = "Information about " + str(http.object)
        return render_template('victimobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
                               odnsdata=odnsdata, circldata=circldata, circlssl=circlssl, settingsvars=settings,
                               address=address, temprel=temprel, reldata=reldata, taglist=taglist, farsightdata=farsightdata,
                               pt_pdns_data=pt_pdns_data, pt_whois_data=pt_whois_data, pt_pssl_data=pt_pssl_data,
                               pt_host_attr_data=pt_host_attr_data)
    except Exception as e:
        return render_template('error.html', error=e)
Example #2
0
def victimobject(uid):
    try:
        http = Indicator.query.filter(Indicator.object == uid).first()
        newdict = helpers.row_to_dict(http)
        settings = Setting.query.filter_by(_id=1).first()
        taglist = http.tags.split(",")

        temprel = {}
        if http.relationships:
            rellist = http.relationships.split(",")
            for rel in rellist:
                reltype = Indicator.query.filter(Indicator.object == rel)
                temprel[reltype.object] = reltype.type

        reldata = len(temprel)
        jsonvt = ""
        whoisdata = ""
        odnsdata = ""
        circldata = ""
        circlssl = ""
        pt_pdns_data = ""
        pt_whois_data = ""
        pt_pssl_data = ""
        pt_host_attr_data = ""
        farsightdata = ""
        # shodaninfo = ""
        # Run ipwhois or domainwhois based on the type of indicator
        if str(http.type) == "IPv4" or str(http.type) == "IPv6":
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_ipv4_lookup(str(http.object))
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.ipwhois(str(http.object))
            if settings.odnsinfo == "on":
                odnsdata = opendns.ip_investigate(str(http.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(http.object))
            if settings.circlssl == "on":
                circlssl = circl.circlssl(str(http.object))
            if settings.pt_pdns == "on":
                pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object))
            if settings.pt_whois == "on":
                pt_whois_data = passivetotal.pt_lookup('whois', str(http.object))
            if settings.pt_pssl == "on":
                pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object))
            if settings.pt_host_attr == "on":
                pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightip(str(http.object))
        elif str(http.type) == "Domain":
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.domainwhois(str(http.object))
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_domain_lookup(str(http.object))
            if settings.odnsinfo == "on":
                odnsdata = opendns.domains_investigate(
                    str(http.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(http.object))
            if settings.pt_pdns == "on":
                pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object))
            if settings.pt_whois == "on":
                pt_whois_data = passivetotal.pt_lookup('whois', str(http.object))
            if settings.pt_pssl == "on":
                pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object))
            if settings.pt_host_attr == "on":
                pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object))
        if settings.whoisinfo == "on":
            if str(http.type) == "Domain":
                address = str(whoisdata['city']) + ", " + str(
                    whoisdata['country'])
            else:
                address = str(whoisdata['nets'][0]['city']) + ", " + str(
                    whoisdata['nets'][0]['country'])
        else:
            address = "Information about " + str(http.object)
        return render_template('victimobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
                               odnsdata=odnsdata, circldata=circldata, circlssl=circlssl, settingsvars=settings,
                               address=address, temprel=temprel, reldata=reldata, taglist=taglist, farsightdata=farsightdata,
                               pt_pdns_data=pt_pdns_data, pt_whois_data=pt_whois_data, pt_pssl_data=pt_pssl_data,
                               pt_host_attr_data=pt_host_attr_data)
    except Exception as e:
        return render_template('error.html', error=e)
Example #3
0
def objectsummary(uid):
    try:
        row = Indicator.query.filter_by(object=uid).first()
        newdict = helpers.row_to_dict(row)
        settings = Setting.query.filter_by(_id=1).first()
        taglist = row.tags.split(",")

        temprel = {}
        if row.relationships:
            rellist = row.relationships.split(",")
            for rel in rellist:
                row = Indicator.query.filter_by(object=rel).first()
                temprel[row.object] = row.type

        reldata = len(temprel)
        jsonvt = ""
        whoisdata = ""
        odnsdata = ""
        circldata = ""
        circlssl = ""
        ptdata = ""
        farsightdata = ""
        shodandata = ""
        # Run ipwhois or domainwhois based on the type of indicator
        if str(row.type) == "IPv4" or str(row.type) == "IPv6":
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_ipv4_lookup(str(row.object))
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.ipwhois(str(row.object))
            if settings.odnsinfo == "on":
                odnsdata = investigate.ip_query(str(row.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(row.object))
            if settings.circlssl == "on":
                circlssl = circl.circlssl(str(row.object))
            if settings.ptinfo == "on":
                ptdata = passivetotal.pt(str(row.object))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightip(str(row.object))
            if settings.shodaninfo == "on":
                shodandata = shodan.shodan(str(row.object))
        elif str(row.type) == "Domain":
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.domainwhois(str(row.object))
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_domain_lookup(str(row.object))
            if settings.odnsinfo == "on":
                odnsdata = investigate.domain_categories(str(row.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(row.object))
            if settings.ptinfo == "on":
                ptdata = passivetotal.pt(str(row.object))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightdomain(str(row.object))
            if settings.shodaninfo == "on":
                shodandata = shodan.shodan(str(row.object))
        if settings.whoisinfo == "on":
            if str(row.type) == "Domain":
                address = str(whoisdata['city']) + ", " + str(whoisdata['country'])
            else:
                address = str(whoisdata['nets'][0]['city']) + ", " + str(
                    whoisdata['nets'][0]['country'])
        else:
            address = "Information about " + str(row.object)
        return render_template('networkobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
                               odnsdata=odnsdata, settingsvars=settings, address=address,
                               ptdata=ptdata, temprel=temprel, circldata=circldata, circlssl=circlssl, reldata=reldata,
                               taglist=taglist, farsightdata=farsightdata, shodandata=shodandata)
    except Exception as e:
        return render_template('error.html', error=e)
Example #4
0
def objectdetails(uid):
    try:
        row = Indicator.query.filter_by(indicator=uid).first()
        records = helpers.row_to_dict(row)
        records['campaign'] = row.campaign.name
        settings = Setting.query.filter_by(_id=1).first()
        taglist = row.tags.split(",")

        temprel = {}
        if row.relationships:
            rellist = row.relationships.split(",")
            for rel in rellist:
                row = Indicator.query.filter_by(indicator=rel).first()
                temprel[row.object] = row.indicator_type

        reldata = len(temprel)
        jsonvt = ""
        whoisdata = ""
        odnsdata = ""
        circldata = ""
        circlssl = ""
        farsightdata = ""
        shodandata = ""
        pt_pdns_data = ""
        pt_whois_data = ""
        pt_pssl_data = ""
        pt_host_attr_data = ""

        # Run ipwhois or domainwhois based on the type of indicator
        if str(row.indicator_type) == "IPv4" or str(row.indicator_type) == "IPv6":
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_ipv4_lookup(str(row.indicator))
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.ipwhois(str(row.indicator))
            if settings.odnsinfo == "on":
                odnsdata = opendns.ip_investigate(str(row.indicator))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(row.indicator))
            if settings.circlssl == "on":
                circlssl = circl.circlssl(str(row.indicator))
            if settings.pt_pdns == "on":
                pt_pdns_data = passivetotal.pt_lookup('dns', str(row.indicator))
            if settings.pt_whois == "on":
                pt_whois_data = passivetotal.pt_lookup('whois', str(row.indicator))
            if settings.pt_pssl == "on":
                pt_pssl_data = passivetotal.pt_lookup('ssl', str(row.indicator))
            if settings.pt_host_attr == "on":
                pt_host_attr_data = passivetotal.pt_lookup('attributes', str(row.indicator))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightip(str(row.indicator))
            if settings.shodaninfo == "on":
                shodandata = shodan.shodan(str(row.indicator))

        elif str(row.indicator_type) == "Domain":
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.domainwhois(str(row.indicator))
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_domain_lookup(str(row.indicator))
            if settings.odnsinfo == "on":
                odnsdata = opendns.domains_investigate(str(row.indicator))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(row.indicator))
            if settings.pt_pdns == "on":
                pt_pdns_data = passivetotal.pt_lookup('dns', str(row.indicator))
            if settings.pt_whois == "on":
                pt_whois_data = passivetotal.pt_lookup('whois', str(row.indicator))
            if settings.pt_pssl == "on":
                pt_pssl_data = passivetotal.pt_lookup('ssl', str(row.indicator))
            if settings.pt_host_attr == "on":
                pt_host_attr_data = passivetotal.pt_lookup('attributes', str(row.indicator))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightdomain(str(row.indicator))
            if settings.shodaninfo == "on":
                shodandata = shodan.shodan(str(row.indicator))

        if settings.whoisinfo == "on":
            if whoisdata:
                if str(row.indicator_type) == "Domain":
                    address = str(whoisdata['city']) + ", " + str(whoisdata['country'])
                else:
                    address = str(whoisdata['nets'][0]['city']) + ", " + str(whoisdata['nets'][0]['country'])

        else:
            address = "Information about " + str(row.indicator)
        return render_template('indicatordetails.html', **locals())
    except Exception as e:
        return render_template('error.html', error=e)
Example #5
0
def objectsummary(uid):
    try:
        row = Indicator.query.filter_by(object=uid).first()
        newdict = helpers.row_to_dict(row)
        settings = Setting.query.filter_by(_id=1).first()
        taglist = row.tags.split(",")

        temprel = {}
        if row.relationships:
            rellist = row.relationships.split(",")
            for rel in rellist:
                # Won't this make the 3rd party lookups use the relationship object rather than the original object?
                row_rel = Indicator.query.filter_by(object=rel).first()
                temprel[row_rel.object] = row.type

        reldata = len(temprel)
        jsonvt = ""
        whoisdata = ""
        odnsdata = ""
        circldata = ""
        circlssl = ""
        ptdata = ""
        farsightdata = ""
        shodandata = ""
        # Run ipwhois or domainwhois based on the type of indicator
        if str(row.type) == "IPv4" or str(row.type) == "IPv6":
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_ipv4_lookup(str(row.object))
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.ipwhois(str(row.object))
            if settings.odnsinfo == "on":
                odnsdata = investigate.ip_query(str(row.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(row.object))
            if settings.circlssl == "on":
                circlssl = circl.circlssl(str(row.object))
            if settings.ptinfo == "on":
                ptdata = passivetotal.pt(str(row.object))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightip(str(row.object))
            if settings.shodaninfo == "on":
                shodandata = shodan.shodan(str(row.object))

        elif str(row.type) == "Domain":
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.domainwhois(str(row.object))
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_domain_lookup(str(row.object))
            if settings.odnsinfo == "on":
                odnsdata = investigate.domain_categories(str(row.object))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(row.object))
            if settings.ptinfo == "on":
                ptdata = passivetotal.pt(str(row.object))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightdomain(str(row.object))
            if settings.shodaninfo == "on":
                shodandata = shodan.shodan(str(row.object))

        if settings.whoisinfo == "on":
            if whoisdata:
                if str(row.type) == "Domain":
                    address = str(whoisdata['city']) + ", " + str(whoisdata['country'])
                else:
                    address = str(whoisdata['nets'][0]['city']) + ", " + str(
                        whoisdata['nets'][0]['country'])
            else:
                address = None
        else:
            address = "Information about " + str(row.object)
        return render_template('networkobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
                               odnsdata=odnsdata, settingsvars=settings, address=address,
                               ptdata=ptdata, temprel=temprel, circldata=circldata, circlssl=circlssl, reldata=reldata,
                               taglist=taglist, farsightdata=farsightdata, shodandata=shodandata)
    except Exception as e:
        return render_template('error.html', error=e)
Example #6
0
def objectdetails(uid):
    try:
        row = Indicator.query.filter_by(indicator=uid).first()
        records = helpers.row_to_dict(row)
        records['campaign'] = row.campaign.name
        settings = Setting.query.filter_by(_id=1).first()
        taglist = row.tags.split(",")

        temprel = {}
        if row.relationships:
            rellist = row.relationships.split(",")
            for rel in rellist:
                row = Indicator.query.filter_by(indicator=rel).first()
                temprel[row.object] = row.indicator_type

        reldata = len(temprel)
        jsonvt = ""
        whoisdata = ""
        odnsdata = ""
        circldata = ""
        circlssl = ""
        farsightdata = ""
        shodandata = ""
        pt_pdns_data = ""
        pt_whois_data = ""
        pt_pssl_data = ""
        pt_host_attr_data = ""

        # Run ipwhois or domainwhois based on the type of indicator
        if str(row.indicator_type) == "IPv4" or str(
                row.indicator_type) == "IPv6":
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_ipv4_lookup(str(row.indicator))
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.ipwhois(str(row.indicator))
            if settings.odnsinfo == "on":
                odnsdata = opendns.ip_investigate(str(row.indicator))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(row.indicator))
            if settings.circlssl == "on":
                circlssl = circl.circlssl(str(row.indicator))
            if settings.pt_pdns == "on":
                pt_pdns_data = passivetotal.pt_lookup('dns',
                                                      str(row.indicator))
            if settings.pt_whois == "on":
                pt_whois_data = passivetotal.pt_lookup('whois',
                                                       str(row.indicator))
            if settings.pt_pssl == "on":
                pt_pssl_data = passivetotal.pt_lookup('ssl',
                                                      str(row.indicator))
            if settings.pt_host_attr == "on":
                pt_host_attr_data = passivetotal.pt_lookup(
                    'attributes', str(row.indicator))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightip(str(row.indicator))
            if settings.shodaninfo == "on":
                shodandata = shodan.shodan(str(row.indicator))

        elif str(row.indicator_type) == "Domain":
            if settings.whoisinfo == "on":
                whoisdata = whoisinfo.domainwhois(str(row.indicator))
            if settings.vtinfo == "on":
                jsonvt = virustotal.vt_domain_lookup(str(row.indicator))
            if settings.odnsinfo == "on":
                odnsdata = opendns.domains_investigate(str(row.indicator))
            if settings.circlinfo == "on":
                circldata = circl.circlquery(str(row.indicator))
            if settings.pt_pdns == "on":
                pt_pdns_data = passivetotal.pt_lookup('dns',
                                                      str(row.indicator))
            if settings.pt_whois == "on":
                pt_whois_data = passivetotal.pt_lookup('whois',
                                                       str(row.indicator))
            if settings.pt_pssl == "on":
                pt_pssl_data = passivetotal.pt_lookup('ssl',
                                                      str(row.indicator))
            if settings.pt_host_attr == "on":
                pt_host_attr_data = passivetotal.pt_lookup(
                    'attributes', str(row.indicator))
            if settings.farsightinfo == "on":
                farsightdata = farsight.farsightdomain(str(row.indicator))
            if settings.shodaninfo == "on":
                shodandata = shodan.shodan(str(row.indicator))

        if settings.whoisinfo == "on":
            if whoisdata:
                if str(row.indicator_type) == "Domain":
                    address = str(whoisdata['city']) + ", " + str(
                        whoisdata['country'])
                else:
                    address = str(whoisdata['nets'][0]['city']) + ", " + str(
                        whoisdata['nets'][0]['country'])

        else:
            address = "Information about " + str(row.indicator)
        return render_template('indicatordetails.html', **locals())
    except Exception as e:
        return render_template('error.html', error=e)