Example #1
0
      print gfx.PIPE + entry['url'].replace("http", "hxxp") + bcolors.ENDC
      if entry['positives'] >= 1:
        print gfx.PIPE + "Positives: ", bcolors.FAIL + str(entry['positives']) + bcolors.ENDC, "\tTotal:", entry['total'], "\tScan date:", entry['scan_date']
      else:
        print gfx.PIPE + "Positives: ", entry['positives'], "\tTotal:", entry['total'], "\tScan date:", entry['scan_date']
    print gfx.PIPE
else:
  print bcolors.WARNING + gfx.MINUS + "Skipping VirusTotal passive DNS, Enable with \"--virustotal\" or \"-vt\"" + bcolors.ENDC

### PASSIVETOTAL

if (commandlineArgument.passivetotal or commandlineArgument.all or commandlineArgument.allnotnoisy) and PassiveTotalAPIKey != "":
  #disable passivetotal's error message
  requests.packages.urllib3.disable_warnings()
  #define API key
  pt = PassiveTotal(PassiveTotalAPIKey)
  print bcolors.HEADER + gfx.PLUS + "Querying PassiveTotal for " + targetIPaddress + "..." + bcolors.ENDC
  print gfx.PIPE + bcolors.ENDC
  response = pt.get_passive(targetIPaddress)
  if response['success']:
    print gfx.PIPE + "Query:", response['raw_query']
    print gfx.PIPE + "First Seen:", response['results']['first_seen']
    print gfx.PIPE + "Last Seen:", response['results']['last_seen']
    print gfx.PIPE + "Resolve Count: ", response['result_count']
    print gfx.PIPE + "Resolutions"
    response = response['results']
    for resolve in response['records']:
      print gfx.PIPE + "==> ", resolve['resolve'], "\t", resolve['firstSeen'], "\t", resolve['lastSeen'], "\t", ', '.join([ str(x) for x in resolve['source'] ])
  else:
    print bcolors.FAIL + "[!] Error when getting passive for %s: %s" % (targetIPaddress, response['error']) + bcolors.ENDC
  print gfx.PIPE + bcolors.ENDC
Example #2
0
  --bulk        Read values from a file instead of the CLI.

"""

import os
import sys
from docopt import docopt
from IPy import IP
from passivetotal import PassiveTotal

API_KEY = '-YOUR-API-KEY-'

if __name__ == '__main__':
    arguments = docopt(__doc__, version='PassiveTotal 1.0')

    pt = PassiveTotal(API_KEY)
    pt.logger = 'INFO'

    if arguments['metadata']:
        response = pt.get_metadata(arguments['<indicator>'])
        if response['success']:
            if arguments['--raw']:
                print response
            else:
                print "[=] Query:", response['raw_query']
                type = response['results']['type']
                if type == 'domain':
                    print "[*] Primary Domain:", response['results'][
                        'primaryDomain']
                    print "[*] TLD:", response['results']['tld']
                    print "[*] Dynamic DNS?:", response['results']['dynamic']
Example #3
0
    parser.add_argument('-l',
                        '--list',
                        help='list of indicators to check in PassiveTotal',
                        action='store',
                        required=True)
    parser.add_argument('-a',
                        '--apikey',
                        help='PassiveTotal API key',
                        action='store',
                        required=True)
    args = parser.parse_args()

    if not os.path.exists(args.list):
        print 'error: file %s not found' % args.list
        sys.exit(1)

    iocs = read_list(args.list)
    print 'Domains:\t%d\n' % len(iocs)

    pt = PassiveTotal(args.apikey)

    for host in iocs:
        resp = pt.get_passive(host)
        if resp['success']:
            print 'First:\t%s' % resp['results']['first_seen']
            print 'Last: \t%s' % resp['results']['last_seen']
            print 'Hosts:\n'
            r = resp['results']
            for d in r['records']:
                print "\t%s" % d['resolve']
  --bulk        Read values from a file instead of the CLI.

"""

import os
import sys
from docopt import docopt
from IPy import IP
from passivetotal import PassiveTotal

API_KEY = '-YOUR-API-KEY-'

if __name__ == '__main__':
	arguments = docopt(__doc__, version='PassiveTotal 1.0')
	
	pt = PassiveTotal(API_KEY)
	pt.logger = 'INFO'
	
	if arguments['metadata']:
		response = pt.get_metadata(arguments['<indicator>'])
		if response['success']:
			if arguments['--raw']:
				print response
			else:
				print "[=] Query:", response['raw_query']
				type = response['results']['type']
				if type == 'domain':
					print "[*] Primary Domain:", response['results']['primaryDomain']
					print "[*] TLD:", response['results']['tld']
					print "[*] Dynamic DNS?:", response['results']['dynamic']
				else:
Example #5
0
#!/usr/bin/env python

from passivetotal import PassiveTotal
		
# create a new instance
pt = PassiveTotal('9240860a2790ca058fac39f2c39c86dace50f44dc020e3dd4d6308e152b354fb')

# set our logging
pt.logger = 'DEBUG'

# get pdns information
print pt.get_passive('www.passivetotal.org')

# set classification
print pt.set_classification('www.passivetotal.org', classification='benign')

# set a tag
print pt.add_tag('www.passivetotal.org', tag='security')



if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument('-l', '--list', help='list of indicators to check in PassiveTotal', action='store', required=True)
    parser.add_argument('-a', '--apikey', help='PassiveTotal API key', action='store', required=True)
    args = parser.parse_args()

    if not os.path.exists(args.list):
        print 'error: file %s not found' % args.list
        sys.exit(1)

    iocs = read_list(args.list)
    print 'Domains:\t%d\n' % len(iocs)

    pt = PassiveTotal(args.apikey)

    for host in iocs:
        resp = pt.get_passive(host)
        if resp['success']:
            print 'First:\t%s' % resp['results']['first_seen']
            print 'Last: \t%s' % resp['results']['last_seen']
            print 'Hosts:\n'
            r = resp['results']
            for d in r['records']:
                print "\t%s" % d['resolve']