def get_pt_domains_single_ip(ip): client = DnsRequest.from_config() while True: try: raw_results = client.get_passive_dns(query=ip) except requests.exceptions.RequestException: eprint('Request timeout, retrying') continue break domains = pyjq.all('.[].resolve', raw_results['results']) return domains
def __init__(self): try: self.clients = { 'ssl': SslRequest.from_config(), 'dns': DnsRequest.from_config(), 'enrichment': EnrichmentRequest.from_config(), 'whois': WhoisRequest.from_config(), 'attribute': AttributeRequest.from_config(), } except Exception: self.clients = None
def call_dns(args): """Abstract call to DNS-based queries.""" client = DnsRequest.from_config() pruned = prune_args(query=args.query, end=args.end, start=args.start, timeout=args.timeout, sources=args.sources) if args.unique: data = client.get_unique_resolutions(**pruned) else: data = client.get_passive_dns(**pruned) return data
def main(): """Perform a passive DNS lookup and save the output.""" if len(sys.argv) <= 1: print "Usage: python pdns_multiput <query>" sys.exit(1) query = sys.argv[1] output_formats = ['json', 'xml', 'stix', 'csv', 'table'] client = DnsRequest.from_config() raw_results = client.get_passive_dns(query=query) pdns_results = DnsResponse(raw_results) for format_type in output_formats: save_location = "/tmp/%s.pdns.%s" % (query, format_type) tmp = open(save_location, "w") tmp.write(getattr(pdns_results, format_type)) tmp.close() print "Saved results inside of /tmp/%s" % (query)
def call_dns(args): """Abstract call to DNS-based queries.""" client = DnsRequest.from_config() pruned = prune_args( query=args.query, end=args.end, start=args.start, timeout=args.timeout, sources=args.sources ) if args.unique: data = client.get_unique_resolutions(**pruned) else: data = client.get_passive_dns(**pruned) return data
There are times when it's difficult to tell which items have been tagged as something malicious or suspicious. This script will take an initial starting point and print out any tagged items along with their tags. """ __author__ = 'Brandon Dixon ([email protected])' __version__ = '1.0.0' __description__ = "Surface tagged items from a passive DNS query" __keywords__ = ['pdns', 'tags', 'triage', 'analysis'] import sys from passivetotal.libs.dns import DnsRequest from passivetotal.libs.enrichment import EnrichmentRequest query = sys.argv[1] client = DnsRequest.from_config() enricher = EnrichmentRequest.from_config() def main(): """Take an initial seed and identify OSINT tags.""" initial_seed = client.get_unique_resolutions(query=query) all_records = initial_seed.get('results', list()) all_records += query for item in all_records: tmp = enricher.get_enrichment(query=item) tags = tmp.get('tags', list()) if len(tags) > 0: print("%s - %s" % (item, ', '.join(tags)))
import sys from passivetotal.libs.dns import DnsRequest from passivetotal.libs.dns import DnsUniqueResponse from passivetotal.libs.whois import WhoisRequest from passivetotal.libs.whois import WhoisResponse from passivetotal.common.utilities import is_ip query = sys.argv[1] if not is_ip(query): raise Exception("This script only accepts valid IP addresses!") sys.exit(1) # look up the unique resolutions client = DnsRequest.from_config() raw_results = client.get_unique_resolutions(query=query) loaded = DnsUniqueResponse(raw_results) whois_client = WhoisRequest.from_config() for record in loaded.get_records()[:3]: raw_whois = whois_client.get_whois_details(query=record.resolve) whois = WhoisResponse(raw_whois) print record.resolve, whois.contactEmail