def run(self, conf, args, plugins):
be = BinaryEdge(conf['BinaryEdge']['key'])
try:
if hasattr(args, 'which'):
if args.which == 'ip':
if args.score:
res = be.host_score(unbracket(args.IP))
elif args.image:
res = be.image_ip(unbracket(args.IP))
elif args.torrent:
if args.historical:
res = be.torrent_historical_ip(unbracket(args.IP))
else:
res = be.torrent_ip(unbracket(args.IP))
elif args.historical:
res = be.host_historical(unbracket(args.IP))
elif args.dns:
res = be.domain_ip(args.IP, page=args.page)
else:
res = be.host(unbracket(args.IP))
print(json.dumps(res, sort_keys=True, indent=4))
elif args.which == 'search':
if args.image:
res = be.image_search(args.SEARCH, page=args.page)
else:
res = be.host_search(args.SEARCH, page=args.page)
print(json.dumps(res, sort_keys=True, indent=4))
elif args.which == 'dataleaks':
if args.domain:
res = be.dataleaks_organization(args.EMAIL)
else:
res = be.dataleaks_email(args.EMAIL)
print(json.dumps(res, sort_keys=True, indent=4))
elif args.which == 'domain':
if args.subdomains:
res = be.domain_subdomains(args.DOMAIN, page=args.page)
else:
res = be.domain_dns(args.DOMAIN, page=args.page)
print(json.dumps(res, sort_keys=True, indent=4))
else:
self.parser.print_help()
else:
self.parser.print_help()
except ValueError as e:
print('Invalid Value: %s' % e.message)
except BinaryEdgeNotFound:
print('Search term not found')
except BinaryEdgeException as e:
print('Error: %s' % e.message)
def intel(self, type, query, data, conf):
if type == "domain":
print("[+] Downloading BinaryEdge information....")
try:
be = BinaryEdge(conf["BinaryEdge"]["key"])
res = be.domain_dns(query)
for d in res["events"]:
if "A" in d:
for a in d["A"]:
data["passive_dns"].append({
"ip":
a,
"first":
parse(d["updated_at"]).astimezone(pytz.utc),
"last":
parse(d["updated_at"]).astimezone(pytz.utc),
"source":
"BinaryEdge",
})
except BinaryEdgeException:
print(
"You need a paid BinaryEdge subscription for this request")
elif type == "ip":
print("[+] Downloading BinaryEdge information....")
try:
be = BinaryEdge(conf["BinaryEdge"]["key"])
res = be.domain_ip(query)
for d in res["events"]:
data["passive_dns"].append({
"domain":
d["domain"],
"first":
parse(d["updated_at"]).astimezone(pytz.utc),
"last":
"",
"source":
"BinaryEdge",
})
res = be.host(query)
for d in res["events"]:
data["ports"].append({
"port": d["port"],
"info": "",
"source": "BinaryEdge"
})
except BinaryEdgeException:
print(
"You need a paid BinaryEdge subscription for this request")
def do_transform(self, request, response, config):
be = BinaryEdge(config['binaryedge.local.api_key'])
ip = request.entity.value
try:
res = be.host(ip)
except BinaryEdgeException as e:
raise MaltegoException('BinaryEdge error: %s' % e.msg)
else:
already = []
for port in res['events']:
response += Port(port['port'])
for result in port['results']:
if result['origin']['type'] == 'ssl':
cert = result['result']['data']['cert_info'][
'certificate_chain'][0]
# How to return a certificate ?
if 'commonName' in cert['as_dict']['subject']:
d = cert['as_dict']['subject']['commonName']
if d not in already:
response += Domain(d)
already.append(d)
if 'extensions' in cert['as_dict']:
if 'X509v3 Subject Alternative Name' in cert[
'as_dict']['extensions']:
for domain in cert['as_dict']['extensions'][
'X509v3 Subject Alternative Name'][
'DNS']:
if domain not in already:
response += Domain(domain)
already.append(domain)
if result['origin']['type'] in ['http', 'grabber']:
if 'server' in result['result']['data']['response'][
'headers']:
banner = result['result']['data']['response'][
'headers']['server']
if banner not in already:
response += Banner(banner)
already.append(banner)
return response