print gfx.PIPE + entry['url'].replace("http", "hxxp") + bcolors.ENDC
if entry['positives'] >= 1:
print gfx.PIPE + "Positives: ", bcolors.FAIL + str(entry['positives']) + bcolors.ENDC, "\tTotal:", entry['total'], "\tScan date:", entry['scan_date']
else:
print gfx.PIPE + "Positives: ", entry['positives'], "\tTotal:", entry['total'], "\tScan date:", entry['scan_date']
print gfx.PIPE
else:
print bcolors.WARNING + gfx.MINUS + "Skipping VirusTotal passive DNS, Enable with \"--virustotal\" or \"-vt\"" + bcolors.ENDC
### PASSIVETOTAL
if (commandlineArgument.passivetotal or commandlineArgument.all or commandlineArgument.allnotnoisy) and PassiveTotalAPIKey != "":
#disable passivetotal's error message
requests.packages.urllib3.disable_warnings()
#define API key
pt = PassiveTotal(PassiveTotalAPIKey)
print bcolors.HEADER + gfx.PLUS + "Querying PassiveTotal for " + targetIPaddress + "..." + bcolors.ENDC
print gfx.PIPE + bcolors.ENDC
response = pt.get_passive(targetIPaddress)
if response['success']:
print gfx.PIPE + "Query:", response['raw_query']
print gfx.PIPE + "First Seen:", response['results']['first_seen']
print gfx.PIPE + "Last Seen:", response['results']['last_seen']
print gfx.PIPE + "Resolve Count: ", response['result_count']
print gfx.PIPE + "Resolutions"
response = response['results']
for resolve in response['records']:
print gfx.PIPE + "==> ", resolve['resolve'], "\t", resolve['firstSeen'], "\t", resolve['lastSeen'], "\t", ', '.join([ str(x) for x in resolve['source'] ])
else:
print bcolors.FAIL + "[!] Error when getting passive for %s: %s" % (targetIPaddress, response['error']) + bcolors.ENDC
print gfx.PIPE + bcolors.ENDC
--bulk Read values from a file instead of the CLI.
"""
import os
import sys
from docopt import docopt
from IPy import IP
from passivetotal import PassiveTotal
API_KEY = '-YOUR-API-KEY-'
if __name__ == '__main__':
arguments = docopt(__doc__, version='PassiveTotal 1.0')
pt = PassiveTotal(API_KEY)
pt.logger = 'INFO'
if arguments['metadata']:
response = pt.get_metadata(arguments['<indicator>'])
if response['success']:
if arguments['--raw']:
print response
else:
print "[=] Query:", response['raw_query']
type = response['results']['type']
if type == 'domain':
print "[*] Primary Domain:", response['results'][
'primaryDomain']
print "[*] TLD:", response['results']['tld']
print "[*] Dynamic DNS?:", response['results']['dynamic']
parser.add_argument('-l',
'--list',
help='list of indicators to check in PassiveTotal',
action='store',
required=True)
parser.add_argument('-a',
'--apikey',
help='PassiveTotal API key',
action='store',
required=True)
args = parser.parse_args()
if not os.path.exists(args.list):
print 'error: file %s not found' % args.list
sys.exit(1)
iocs = read_list(args.list)
print 'Domains:\t%d\n' % len(iocs)
pt = PassiveTotal(args.apikey)
for host in iocs:
resp = pt.get_passive(host)
if resp['success']:
print 'First:\t%s' % resp['results']['first_seen']
print 'Last: \t%s' % resp['results']['last_seen']
print 'Hosts:\n'
r = resp['results']
for d in r['records']:
print "\t%s" % d['resolve']
--bulk Read values from a file instead of the CLI. """ import os import sys from docopt import docopt from IPy import IP from passivetotal import PassiveTotal API_KEY = '-YOUR-API-KEY-' if __name__ == '__main__': arguments = docopt(__doc__, version='PassiveTotal 1.0') pt = PassiveTotal(API_KEY) pt.logger = 'INFO' if arguments['metadata']: response = pt.get_metadata(arguments['<indicator>']) if response['success']: if arguments['--raw']: print response else: print "[=] Query:", response['raw_query'] type = response['results']['type'] if type == 'domain': print "[*] Primary Domain:", response['results']['primaryDomain'] print "[*] TLD:", response['results']['tld'] print "[*] Dynamic DNS?:", response['results']['dynamic'] else:
#!/usr/bin/env python
from passivetotal import PassiveTotal
# create a new instance
pt = PassiveTotal('9240860a2790ca058fac39f2c39c86dace50f44dc020e3dd4d6308e152b354fb')
# set our logging
pt.logger = 'DEBUG'
# get pdns information
print pt.get_passive('www.passivetotal.org')
# set classification
print pt.set_classification('www.passivetotal.org', classification='benign')
# set a tag
print pt.add_tag('www.passivetotal.org', tag='security')
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('-l', '--list', help='list of indicators to check in PassiveTotal', action='store', required=True)
parser.add_argument('-a', '--apikey', help='PassiveTotal API key', action='store', required=True)
args = parser.parse_args()
if not os.path.exists(args.list):
print 'error: file %s not found' % args.list
sys.exit(1)
iocs = read_list(args.list)
print 'Domains:\t%d\n' % len(iocs)
pt = PassiveTotal(args.apikey)
for host in iocs:
resp = pt.get_passive(host)
if resp['success']:
print 'First:\t%s' % resp['results']['first_seen']
print 'Last: \t%s' % resp['results']['last_seen']
print 'Hosts:\n'
r = resp['results']
for d in r['records']:
print "\t%s" % d['resolve']