else: print gfx.PIPE + "Positives: ", entry['positives'], "\tTotal:", entry['total'], "\tScan date:", entry['scan_date'] print gfx.PIPE else: print bcolors.WARNING + gfx.MINUS + "Skipping VirusTotal passive DNS, Enable with \"--virustotal\" or \"-vt\"" + bcolors.ENDC ### PASSIVETOTAL if (commandlineArgument.passivetotal or commandlineArgument.all or commandlineArgument.allnotnoisy) and PassiveTotalAPIKey != "": #disable passivetotal's error message requests.packages.urllib3.disable_warnings() #define API key pt = PassiveTotal(PassiveTotalAPIKey) print bcolors.HEADER + gfx.PLUS + "Querying PassiveTotal for " + targetIPaddress + "..." + bcolors.ENDC print gfx.PIPE + bcolors.ENDC response = pt.get_passive(targetIPaddress) if response['success']: print gfx.PIPE + "Query:", response['raw_query'] print gfx.PIPE + "First Seen:", response['results']['first_seen'] print gfx.PIPE + "Last Seen:", response['results']['last_seen'] print gfx.PIPE + "Resolve Count: ", response['result_count'] print gfx.PIPE + "Resolutions" response = response['results'] for resolve in response['records']: print gfx.PIPE + "==> ", resolve['resolve'], "\t", resolve['firstSeen'], "\t", resolve['lastSeen'], "\t", ', '.join([ str(x) for x in resolve['source'] ]) else: print bcolors.FAIL + "[!] Error when getting passive for %s: %s" % (targetIPaddress, response['error']) + bcolors.ENDC print gfx.PIPE + bcolors.ENDC else: print bcolors.WARNING + gfx.MINUS + "Skipping PassiveTotal. Enable with argument \"--passive\" or \"-p\"" + bcolors.ENDC
print "[*] Network:", response['results']['network'] print "[*] AS Number:", response['results']['asn'] print "[*] AS Name:", response['results']['as_name'] print "[*] Sinkhole?:", response['results']['sinkhole'] print "[*] Ever Compromised?:", response['results'][ 'ever_compromised'] print "[*] Tags:", ', '.join( [str(x) for x in response['results']['tags']]) else: print "[!] Error when getting metadata for %s: %s" % ( arguments['<indicator>'], response['error']) if arguments['passive']: response = pt.get_passive(arguments['<indicator>']) if response['success']: if arguments['--raw']: print response else: print "[=] Query:", response['raw_query'] print "[*] First Seen:", response['results']['first_seen'] print "[*] Last Seen:", response['results']['last_seen'] print "[*] Resolve Count: ", response['result_count'] print "[*] Resolutions" response = response['results'] for resolve in response['records']: print "=>", resolve['resolve'], "\t", resolve[ 'firstSeen'], "\t", resolve[ 'lastSeen'], "\t", ', '.join( [str(x) for x in resolve['source']])
parser.add_argument('-l', '--list', help='list of indicators to check in PassiveTotal', action='store', required=True) parser.add_argument('-a', '--apikey', help='PassiveTotal API key', action='store', required=True) args = parser.parse_args() if not os.path.exists(args.list): print 'error: file %s not found' % args.list sys.exit(1) iocs = read_list(args.list) print 'Domains:\t%d\n' % len(iocs) pt = PassiveTotal(args.apikey) for host in iocs: resp = pt.get_passive(host) if resp['success']: print 'First:\t%s' % resp['results']['first_seen'] print 'Last: \t%s' % resp['results']['last_seen'] print 'Hosts:\n' r = resp['results'] for d in r['records']: print "\t%s" % d['resolve']
print "[*] Dynamic DNS?:", response['results']['dynamic'] else: print "[*] Country:", response['results']['country'] print "[*] Network:", response['results']['network'] print "[*] AS Number:", response['results']['asn'] print "[*] AS Name:", response['results']['as_name'] print "[*] Sinkhole?:", response['results']['sinkhole'] print "[*] Ever Compromised?:", response['results']['ever_compromised'] print "[*] Tags:", ', '.join([ str(x) for x in response['results']['tags'] ]) else: print "[!] Error when getting metadata for %s: %s" % (arguments['<indicator>'], response['error']) if arguments['passive']: response = pt.get_passive(arguments['<indicator>']) if response['success']: if arguments['--raw']: print response else: print "[=] Query:", response['raw_query'] print "[*] First Seen:", response['results']['first_seen'] print "[*] Last Seen:", response['results']['last_seen'] print "[*] Resolve Count: ", response['result_count'] print "[*] Resolutions" response = response['results'] for resolve in response['records']: print "=>", resolve['resolve'], "\t", resolve['firstSeen'], "\t", resolve['lastSeen'], "\t", ', '.join([ str(x) for x in resolve['source'] ]) else: print "[!] Error when getting passive for %s: %s" % (arguments['<indicator>'], response['error'])
#!/usr/bin/env python from passivetotal import PassiveTotal # create a new instance pt = PassiveTotal('9240860a2790ca058fac39f2c39c86dace50f44dc020e3dd4d6308e152b354fb') # set our logging pt.logger = 'DEBUG' # get pdns information print pt.get_passive('www.passivetotal.org') # set classification print pt.set_classification('www.passivetotal.org', classification='benign') # set a tag print pt.add_tag('www.passivetotal.org', tag='security')
if __name__ == '__main__': parser = argparse.ArgumentParser() parser.add_argument('-l', '--list', help='list of indicators to check in PassiveTotal', action='store', required=True) parser.add_argument('-a', '--apikey', help='PassiveTotal API key', action='store', required=True) args = parser.parse_args() if not os.path.exists(args.list): print 'error: file %s not found' % args.list sys.exit(1) iocs = read_list(args.list) print 'Domains:\t%d\n' % len(iocs) pt = PassiveTotal(args.apikey) for host in iocs: resp = pt.get_passive(host) if resp['success']: print 'First:\t%s' % resp['results']['first_seen'] print 'Last: \t%s' % resp['results']['last_seen'] print 'Hosts:\n' r = resp['results'] for d in r['records']: print "\t%s" % d['resolve']