def run(self):
Analyzer.run(self)
data = self.getData()
try:
# enrichment service
if self.service == 'enrichment':
enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
result = enrichment_request.get_enrichment(query=data)
self.report(result)
# malware service
elif self.service == 'malware':
enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
result = enrichment_request.get_malware(query=data)
self.report(result)
# osint service
elif self.service == 'osint':
enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
result = enrichment_request.get_osint(query=data)
self.report(result)
# passive dns service
elif self.service == 'passive_dns':
dns_request = DnsRequest(username=self.username, api_key=self.api_key)
result = dns_request.get_passive_dns(query=data)
self.report(result)
# ssl certificate details service
elif self.service == 'ssl_certificate_details':
ssl_request = SslRequest(username=self.username, api_key=self.api_key)
result = ssl_request.get_ssl_certificate_details(query=data)
self.report(result)
# ssl certificate history service
elif self.service == 'ssl_certificate_history':
ssl_request = SslRequest(username=self.username, api_key=self.api_key)
result = ssl_request.get_ssl_certificate_history(query=data)
self.report(result)
# unique resolutions service
elif self.service == 'unique_resolutions':
dns_request = DnsRequest(username=self.username, api_key=self.api_key)
result = dns_request.get_unique_resolutions(query=data)
self.report(result)
# whois details service
elif self.service == 'whois_details':
whois_request = WhoisRequest(username=self.username, api_key=self.api_key)
result = whois_request.get_whois_details(query=data)
self.report(result)
else:
self.error('Unknown PassiveTotal service')
except Exception as e:
self.unexpectedError(e)
def get_dns(self, **kwargs):
client = DnsRequest(self.username, self.apikey)
keys = ['query', 'end', 'start', 'timeout', 'sources']
params = self._cleanup_params(keys, **kwargs)
if kwargs.get('unique'):
return client.get_unique_resolutions(**params)
else:
return client.get_passive_dns(**params)
def get_dns(self, **kwargs):
client = DnsRequest(self.username, self.apikey)
keys = ['query', 'end', 'start', 'timeout', 'sources']
params = self._cleanup_params(keys, **kwargs)
if kwargs.get('unique'):
return client.get_unique_resolutions(**params)
else:
return client.get_passive_dns(**params)
class DnsTestCase(unittest.TestCase):
"""Test case for DNS methods."""
formats = ['json']
def setup_class(self):
self.patcher = patch('passivetotal.api.Client._get', fake_request)
self.patcher.start()
self.client = DnsRequest('--No-User--', '--No-Key--')
def teardown_class(self):
self.patcher.stop()
def test_dns_passive(self):
"""Test getting passive DNS records."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_passive_dns(**payload)
assert (response.get('queryValue')) == 'passivetotal.org'
def test_process_dns_passive(self):
"""Test processing passive DNS records."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_passive_dns(**payload)
wrapped = Response(response)
assert (wrapped.queryValue) == 'passivetotal.org'
assert (
Response(wrapped.results.pop(0)).recordHash
) == '6d24bc7754af023afeaaa05ac689ac36e96656aa6519ba435b301b14916b27d3'
def test_dns_passive_unique(self):
"""Test getting unique passive DNS records."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_unique_resolutions(**payload)
wrapped = Response(response)
assert (wrapped.queryValue) == 'passivetotal.org'
record = wrapped.frequency.pop(0)
assert (record[0]) == '107.170.89.121'
assert (record[1]) == 2
class DnsTestCase(unittest.TestCase):
"""Test case for DNS methods."""
formats = ['json']
def setup_class(self):
self.patcher = patch('passivetotal.api.Client._get', fake_request)
self.patcher.start()
self.client = DnsRequest('--No-User--', '--No-Key--')
def teardown_class(self):
self.patcher.stop()
def test_dns_passive(self):
"""Test getting passive DNS records."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_passive_dns(**payload)
assert (response.get('queryValue')) == 'passivetotal.org'
def test_process_dns_passive(self):
"""Test processing passive DNS records."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_passive_dns(**payload)
wrapped = Response(response)
assert (wrapped.queryValue) == 'passivetotal.org'
assert (Response(wrapped.results.pop(0)).recordHash) == '6d24bc7754af023afeaaa05ac689ac36e96656aa6519ba435b301b14916b27d3'
def test_dns_passive_unique(self):
"""Test getting unique passive DNS records."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_unique_resolutions(**payload)
wrapped = Response(response)
assert (wrapped.queryValue) == 'passivetotal.org'
record = wrapped.frequency.pop(0)
assert (record[0]) == '107.170.89.121'
assert (record[1]) == 2
def run(self):
data = self.get_data()
try:
# enrichment service
if self.service == 'enrichment':
enrichment_request = EnrichmentRequest(username=self.username,
api_key=self.api_key)
result = enrichment_request.get_enrichment(query=data)
self.report(result)
# malware service
elif self.service == 'malware':
enrichment_request = EnrichmentRequest(username=self.username,
api_key=self.api_key)
result = enrichment_request.get_malware(query=data)
self.report(result)
# osint service
elif self.service == 'osint':
enrichment_request = EnrichmentRequest(username=self.username,
api_key=self.api_key)
result = enrichment_request.get_osint(query=data)
self.report(result)
# passive dns service
elif self.service == 'passive_dns':
dns_request = DnsRequest(username=self.username,
api_key=self.api_key)
result = dns_request.get_passive_dns(query=data)
self.report(result)
# ssl certificate details service
elif self.service == 'ssl_certificate_details':
ssl_request = SslRequest(username=self.username,
api_key=self.api_key)
result = ssl_request.get_ssl_certificate_details(query=data)
self.report(result)
# ssl certificate history service
elif self.service == 'ssl_certificate_history':
ssl_request = SslRequest(username=self.username,
api_key=self.api_key)
result = ssl_request.get_ssl_certificate_history(query=data)
print(len(result['results']))
if len(result['results']
) == 1 and result['results'][0]['ipAddresses'] == 'N/A':
print("ok")
self.report({'results': []})
else:
self.report(result)
# unique resolutions service
elif self.service == 'unique_resolutions':
dns_request = DnsRequest(username=self.username,
api_key=self.api_key)
result = dns_request.get_unique_resolutions(query=data)
self.report(result)
# whois details service
elif self.service == 'whois_details':
whois_request = WhoisRequest(username=self.username,
api_key=self.api_key)
result = whois_request.get_whois_details(query=data)
self.report(result)
# components service
elif self.service == 'components':
host_attr_request = HostAttributeRequest(
username=self.username, api_key=self.api_key)
result = host_attr_request.get_components(query=data)
self.report(result)
# trackers service
elif self.service == 'trackers':
host_attr_request = HostAttributeRequest(
username=self.username, api_key=self.api_key)
result = host_attr_request.get_trackers(query=data)
self.report(result)
# host pairs service
elif self.service == 'host_pairs':
host_attr_request = HostAttributeRequest(
username=self.username, api_key=self.api_key)
result = host_attr_request.get_host_pairs(query=data,
direction='parents')
children = host_attr_request.get_host_pairs(
query=data, direction='children')
result['totalRecords'] += children['totalRecords']
result['results'] = result['results'] + children['results']
self.report(result)
else:
self.error('Unknown PassiveTotal service')
except Exception as e:
self.unexpectedError(e)
