Esempio n. 1
0
def domain_categories(enity):
    api_url = 'https://investigate.api.opendns.com/'
    api_key = get_odns_apikey()
    if api_key:
        headers = {'Authorization': 'Bearer ' + api_key}
        endpoint = 'domains/categorization/'
        labels = '?showLabels'
        response = requests.get(api_url + endpoint + enity + labels,
                                headers=headers,
                                proxies=helpers.get_proxy()).json()
        for domain, values in response.iteritems():
            if values['status'] == -1:  # -1 if domain is malicious
                data = {}
                tags = domain_tag(domain)
                sec = domain_security(domain)
                feat = domain_features(domain)
                x = data.copy()
                x.update(feat)
                x.update(sec)
                return x

            elif values['status'] == 0:
                data = {'Category': 'Unclassified'}
                sec = domain_security(domain)
                feat = domain_features(domain)
                x = data.copy()
                x.update(feat)
                x.update(sec)
                return x
            elif values['status'] == 1:
                return {'Category': ', '.join(values['content_categories'])}
    else:
        return {}
Esempio n. 2
0
def vt_hash_lookup(filehash):
    try:
        settings = Setting.query.filter_by(_id=1).first()
        apikey = settings.apikey
        url = "https://www.virustotal.com/vtapi/v2/file/report"
        params = {'resource': filehash, 'apikey': apikey}
        r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
        j = json.loads(r.text)
        return j
    except:
        pass
Esempio n. 3
0
def vt_hash_lookup(filehash):
    try:
        settings = Setting.query.filter_by(_id=1).first()
        apikey = settings.apikey
        url = "https://www.virustotal.com/vtapi/v2/file/report"
        params = {'resource': filehash, 'apikey': apikey}
        r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
        j = json.loads(r.text)
        return j
    except:
        pass
Esempio n. 4
0
def vt_ipv4_lookup(ipv4):
    try:
        settings = Setting.query.filter_by(_id=1).first()
        apikey = settings.apikey
        url = "https://www.virustotal.com/vtapi/v2/ip-address/report"
        params = {'ip': ipv4, 'apikey': apikey}
        r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
        j = json.loads(r.text)
        j['resolutions'] = sorted(j['resolutions'], key=lambda k: k['last_resolved'], reverse=True)
        return j
    except:
        pass
Esempio n. 5
0
def vt_ipv4_lookup(ipv4):
    try:
        settings = Setting.query.filter_by(_id=1).first()
        apikey = settings.apikey
        url = "https://www.virustotal.com/vtapi/v2/ip-address/report"
        params = {'ip': ipv4, 'apikey': apikey}
        r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
        j = json.loads(r.text)
        j['resolutions'] = sorted(j['resolutions'], key=lambda k: k['last_resolved'], reverse=True)
        return j
    except:
        pass
Esempio n. 6
0
def vt_domain_lookup(domain):
    try:
        settings = Setting.query.filter_by(_id=1).first()
        apikey = settings.apikey
        url = "https://www.virustotal.com/vtapi/v2/domain/report"
        params = {'domain': domain, 'apikey': apikey}
        r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
        j = json.loads(r.text)
        j['resolutions'] = sorted(j['resolutions'], key=lambda k: k['last_resolved'], reverse=True)
        if len(j) < 20:
            pass
        else:
            return j
    except:
        pass
Esempio n. 7
0
def vt_domain_lookup(domain):
    try:
        settings = Setting.query.filter_by(_id=1).first()
        apikey = settings.apikey
        url = "https://www.virustotal.com/vtapi/v2/domain/report"
        params = {'domain': domain, 'apikey': apikey}
        r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
        j = json.loads(r.text)
        j['resolutions'] = sorted(j['resolutions'], key=lambda k: k['last_resolved'], reverse=True)
        if len(j) < 20:
            pass
        else:
            return j
    except:
        pass
Esempio n. 8
0
def domain_security(domain):
    api_url = 'https://investigate.api.opendns.com/'
    api_key = get_odns_apikey()
    headers = {'Authorization': 'Bearer ' + api_key}
    endpoint = 'security/name/{}.json'
    response = requests.get(api_url + endpoint.format(domain),
                            headers=headers,
                            proxies=helpers.get_proxy()).json()
    newdict = {}
    newdict['Domain'] = domain
    newdict['ASN Score'] = response['asn_score']
    newdict['DGA Score'] = response['dga_score']
    newdict['Prefix Score'] = response['prefix_score']
    newdict['Fast Flux'] = response['fastflux']
    newdict['Securerank2'] = response['securerank2']
    #newdict['threat_type'] = response['threat_type']
    #newdict['attack'] = response['attack']
    return newdict
Esempio n. 9
0
def ip_query(entity):
    api_url = 'https://investigate.api.opendns.com/'
    api_key = get_odns_apikey()
    if api_key:
        headers = {'Authorization': 'Bearer ' + api_key}
        mal_domains = []
        ip = entity.strip()
        endpoint = 'ips/{ip}/latest_domains'.format(ip=ip)
        response = requests.get(api_url + endpoint, headers=headers, proxies=helpers.get_proxy())
        if response.text != '[]':
            results = response.json()
            for entry in results:
                mal_domains.append(entry['name'])
        else:
            mal_domains.append('None')
        return mal_domains
    else:
        return []
Esempio n. 10
0
def domain_features(domain):
    api_url = 'https://investigate.api.opendns.com/'
    api_key = get_odns_apikey()
    headers = {'Authorization': 'Bearer ' + api_key}
    endpoint = 'dnsdb/name/a/{}.json'
    response = requests.get(api_url + endpoint.format(domain),
                            headers=headers,
                            proxies=helpers.get_proxy()).json()
    newdict = {}
    for k, v in response.iteritems():
        if 'features' in k:
            if v['asns']:
                newdict['ASN'] = v['asns']
            else:
                newdict['ASN'] = 'N/A'
            newdict['Prefix'] = ' '.join(v['prefixes'])
            newdict['Country'] = ' '.join(v['country_codes'])
            newdict['Age'] = str(v['age']) + ' days'
    return newdict
Esempio n. 11
0
def ip_query(entity):
    api_url = 'https://investigate.api.opendns.com/'
    api_key = get_odns_apikey()
    if api_key:
        headers = {'Authorization': 'Bearer ' + api_key}
        mal_domains = []
        ip = entity.strip()
        endpoint = 'ips/{ip}/latest_domains'.format(ip=ip)
        response = requests.get(api_url + endpoint,
                                headers=headers,
                                proxies=helpers.get_proxy())
        if response.text != '[]':
            results = response.json()
            for entry in results:
                mal_domains.append(entry['name'])
        else:
            mal_domains.append('None')
        return mal_domains
    else:
        return []
Esempio n. 12
0
def domain_tag(domain):
    api_url = 'https://investigate.api.opendns.com/'
    api_key = get_odns_apikey()
    headers = {'Authorization': 'Bearer ' + api_key}
    endpoint = 'domains/{}/latest_tags'
    response = requests.get(api_url + endpoint.format(domain),
                            headers=headers,
                            proxies=helpers.get_proxy()).json()
    newlist = []
    for row in response:
        newdict = {}
        begin_date = row['period']['begin']
        end_date = row['period']['end']
        newdict['begin'] = begin_date
        newdict['end'] = end_date
        if row['url'] is None:
            newdict['url'] = 'None'
        else:
            newdict['url'] = row['url']
        newdict['domain'] = domain
        newdict['category'] = row['category']
        newlist.append(newdict)
    return newlist
Esempio n. 13
0
def domain_categories(enity):
    api_url = 'https://investigate.api.opendns.com/'
    api_key = get_odns_apikey()
    if api_key:
        headers = {'Authorization': 'Bearer ' + api_key}
        endpoint = 'domains/categorization/'
        labels = '?showLabels'
        response = requests.get(api_url + endpoint + enity + labels, headers=headers, proxies=helpers.get_proxy()).json()
        for domain, values in response.iteritems():
            if values['status'] == -1:  # -1 if domain is malicous
                sec = domain_security(enity)
                for row in domain_tag(enity):
                    c = row.copy()
                    c.update(sec)
                return c

            elif values['status'] == 0:
                return {'Category': 'Unclassified'}
            elif values['status'] == 1:
                return {'Category': ', '.join(values['content_categories'])}
    else:
        return {}
Esempio n. 14
0
def domain_tag(enity):
    api_url = 'https://investigate.api.opendns.com/'
    api_key = get_odns_apikey()
    headers = {'Authorization': 'Bearer ' + api_key}
    domain = enity
    endpoint = 'domains/{}/latest_tags'
    response = requests.get(api_url + endpoint.format(domain), headers=headers, proxies=helpers.get_proxy()).json()
    newlist = []
    for row in response:
        newdict = {}
        begin_date = row['period']['begin']
        end_date = row['period']['end']
        newdict['begin'] = begin_date
        newdict['end'] = end_date
        if row['url'] is None:
            newdict['url'] = 'None'
        else:
            newdict['url'] = row['url']
        newdict['domain'] = domain
        newdict['category'] = row['category']
        newlist.append(newdict)
    return newlist
Esempio n. 15
0
def domain_security(enity):
    api_url = 'https://investigate.api.opendns.com/'
    api_key = get_odns_apikey()
    headers = {'Authorization': 'Bearer ' + api_key}
    domain = enity
    endpoint = 'security/name/{}.json'
    response = requests.get(api_url + endpoint.format(domain), headers=headers, proxies=helpers.get_proxy()).json()
    newdict = {}
    newdict['domain'] = domain
    newdict['attack'] = response['attack']
    newdict['asn_score'] = response['asn_score']
    newdict['dga_score'] = response['dga_score']
    newdict['prefix_score'] = response['prefix_score']
    newdict['fastflux'] = response['fastflux']
    newdict['securerank2'] = response['securerank2']
    newdict['threat_type'] = response['threat_type']
    return newdict
Esempio n. 16
0
def domain_features(domain):
    api_url = 'https://investigate.api.opendns.com/'
    api_key = get_odns_apikey()
    headers = {'Authorization': 'Bearer ' + api_key}
    endpoint = 'dnsdb/name/a/{}.json'
    response = requests.get(api_url + endpoint.format(domain), headers=headers, proxies=helpers.get_proxy()).json()
    newdict = {}
    for k, v in response.iteritems():
        if 'features' in k:
            if v['asns']:
                newdict['ASN'] = v['asns']
            else:
                newdict['ASN'] = 'N/A'
            newdict['Prefix'] = ' '.join(v['prefixes'])
            newdict['Country'] = ' '.join(v['country_codes'])
            newdict['Age'] = str(v['age']) + ' days'
    return newdict