def call_attribute(args):
"""Abstract call to attribute-based queries."""
client = AttributeRequest.from_config()
pruned = prune_args(query=args.query, type=args.type)
if args.type == 'tracker':
data = client.get_host_attribute_trackers(**pruned)
else:
data = client.get_host_attribute_components(**pruned)
return data
def __init__(self):
try:
self.clients = {
'ssl': SslRequest.from_config(),
'dns': DnsRequest.from_config(),
'enrichment': EnrichmentRequest.from_config(),
'whois': WhoisRequest.from_config(),
'attribute': AttributeRequest.from_config(),
}
except Exception:
self.clients = None
def call_attribute(args):
"""Abstract call to attribute-based queries."""
client = AttributeRequest.from_config()
pruned = prune_args(
query=args.query,
type=args.type
)
if args.type == 'tracker':
data = client.get_host_attribute_trackers(**pruned)
else:
data = client.get_host_attribute_components(**pruned)
return data
from passivetotal.libs.attributes import AttributeRequest
from passivetotal.libs.enrichment import EnrichmentRequest
def show_tagged(direction, enriched):
for host, data in enriched.get("results", {}).iteritems():
if len(data['tags']) == 0:
continue
print data['queryValue'], ','.join(data['tags'])
query = sys.argv[1]
direction = sys.argv[2]
result_key = {'parents': 'parent', 'children': 'child'}
if len(sys.argv) != 3:
print "Usage: python host_pair_sentinel.py <query> <parents|children>"
sys.exit(1)
if direction not in ['children', 'parents']:
print "[!] Direction must be 'children' or 'parents' to work"
sys.exit(1)
client = AttributeRequest.from_config()
matches = client.get_host_attribute_pairs(query=query, direction=direction)
hostnames = [x[result_key[direction]] for x in matches.get("results", list())]
client = EnrichmentRequest.from_config()
enriched = client.get_bulk_enrichment(query=hostnames)
show_tagged(direction, enriched)
1) Take in a domain or IP 2) Identify all tracking codes associated with the query 3) Search for other sites not matching the original query using any codes 4) Construct a table output with data for easy consumption """ __author__ = 'Brandon Dixon ([email protected])' __version__ = '1.0.0' __description__ = "Surface related entities based on tracking codes" __keywords__ = ['trackers', 'phishing', 'crimeware', 'analysis'] import sys from tabulate import tabulate from passivetotal.libs.attributes import AttributeRequest query = sys.argv[1] client = AttributeRequest.from_config() # client.set_debug(True) processed_values = list() def surface_values(item): """Identify items that could be interesting.""" if item.get('attributeValue') in processed_values: return {} children = client.search_trackers( query=item.get('attributeValue'), type=item.get('attributeType') ) interesting = dict()
