예제 #1
0
    def __init__(self, api_key, eiq_instance="default"):
        self.api_key = api_key
        self.api_url = self.api_url.format(eiq_instance)
        self.request_session = internet.retry_request_session(
            headers={
                'Authorization': 'Bearer {}'.format(api_key),
                'Content-Type': 'application/json'
            })

        self.cache = APICache('eclecticiq')
예제 #2
0
    def __init__(self):
        self.request_session = internet.retry_request_session()
        self.local_db_directory = "./iana"
        self.local_db = "./iana/iana_service_names_port_numbers.sqlite"
        self.cache = APICache('iana_service_names_port_numbers')
        self.iana_csv = '{}/{}'.format(self.local_db_directory,
                                       'service-names-port-numbers.csv')
        self.last_lookup = 0
        self.data = None

        if not os.path.exists(self.local_db_directory):
            os.mkdir(self.local_db_directory)

        self.__check_for_updates()
예제 #3
0
class EclecticIQ:

    api_url = '"https://{}.eiq-platform.com/private/search-all/"'

    def __init__(self, api_key, eiq_instance="default"):
        self.api_key = api_key
        self.api_url = self.api_url.format(eiq_instance)
        self.request_session = internet.retry_request_session(
            headers={
                'Authorization': 'Bearer {}'.format(api_key),
                'Content-Type': 'application/json'
            })

        self.cache = APICache('eclecticiq')

    def __lookup(self, query_payload):
        try:
            logging.debug(
                'Performing EclecticIQ Lookup for: {}'.format(query_payload))
            post_query = {"query": {"query_string": {"query": query_payload}}}
            response = self.request_session.post(self.api_url, json=post_query)
            if response.status_code != 200:
                raise Exception(
                    'Status code {} encountered while looking up IP address.  Error: {}'
                    .format(str(response.status_code), response.content))

            return response.json()
        except Exception as ex:
            logging.exception(ex)
            return {'error': str(ex)}

    def ip_lookups(self):
        return EclecticIQIPAddress(self.request_session, self.cache,
                                   self.api_url, self.__lookup)

    def domain_lookups(self):
        return EclecticIQDomain(self.request_session, self.cache, self.api_url,
                                self.__lookup)

    # def url_lookups(self):
    #     return VirusTotalURL(self.request_session, self.cache, self.api_url, self.__lookup)

    def search(self, query):
        query_payload = 'search?query={}'.format(query)
        return self.cache.lookup(self.__lookup, query_payload=query_payload)

    def eclecticiq_metadata(self):
        query_payload = 'metadata'
        return self.cache.lookup(self.__lookup, query_payload=query_payload)
예제 #4
0
class IPStack:
    api_url = 'http://api.ipstack.com/{}?access_key={}&hostname=1&security=1'

    def __init__(self, api_key):
        self.api_key = api_key
        self.request_session = internet.retry_request_session(
            headers={'Key': self.api_key})

        self.cache = APICache('ipstack')

    def __lookup_ip(self, ip_address):
        try:
            logging.debug(
                'Performing IPStack Lookup for: {}'.format(ip_address))
            url = self.api_url.format(ip_address, self.api_key)
            response = self.request_session.get(url)
            if response.status_code != 200:
                raise Exception(
                    'Status code {} encountered while looking up IP address.  Error: {}'
                    .format(str(response.status_code), response.content))

            return response.json()

        except Exception as ex:
            logging.exception(ex)
            return {'error': str(ex)}

    def lookup(self, ip_address):
        return self.cache.lookup(self.__lookup_ip, ip_address=ip_address)
예제 #5
0
class VirusTotal:
    api_url = 'https://www.virustotal.com/api/v3/{}'

    def __init__(self, api_key):
        self.api_key = api_key
        self.request_session = internet.retry_request_session(
            headers={'x-apikey': api_key})

        self.cache = APICache('virus_total')

    def __lookup(self, query_url):
        try:
            logging.debug(
                'Performing VirusTotal Lookup for: {}'.format(query_url))
            url = self.api_url.format(query_url)
            response = self.request_session.get(url)
            if response.status_code != 200:
                raise Exception(
                    'Status code {} encountered while looking up IP address.  Error: {}'
                    .format(str(response.status_code), response.content))

            return response.json()
        except Exception as ex:
            logging.exception(ex)
            return {'error': str(ex)}

    def ip_lookups(self):
        return VirusTotalIPAddress(self.request_session, self.cache,
                                   self.api_url, self.__lookup)

    def domain_lookups(self):
        return VirusTotalDomain(self.request_session, self.cache, self.api_url,
                                self.__lookup)

    # def url_lookups(self):
    #     return VirusTotalURL(self.request_session, self.cache, self.api_url, self.__lookup)

    def search(self, query):
        query_url = 'search?query={}'.format(query)
        return self.cache.lookup(self.__lookup, query_url=query_url)

    def virus_total_metadata(self):
        query_url = 'metadata'
        return self.cache.lookup(self.__lookup, query_url=query_url)
예제 #6
0
class IPAbuseDB:
    categories = {'1': 'DNS Compromise', '3': 'Fraud Orders', '4': 'DDoS Attack', '5': 'FTP Brute-Force', '6': 'Ping of Death',
                  '7': 'Phishing', '8': 'Fraud VoIP', '9': 'Open Proxy', '10': 'Web Spam', '11': 'Email Spam',
                  '12': 'Blog Spam', '13': 'VPN IP', '14': 'Port Scan', '15': 'Hacking', '16': 'SQL Injection',
                  '17': 'Spoofing', '18': 'Brute-Force', '19': 'Bad Web Bot', '20': 'Exploited Host',
                  '21': 'Web App Attack', '22': 'SSH' , '23': 'IoT Targeted', '2': 'DNS Poisoning'}

    api_url = 'https://api.abuseipdb.com/api/v2/check'

    def __init__(self, api_key):
        self.api_key = api_key
        self.request_session = internet.retry_request_session(headers={'Key': self.api_key})

        self.cache = APICache('abuseipdb')

    def __lookup_ip(self, ip_address, max_age_in_days):
        try:
            logging.debug('Performing AbuseIP Database Lookup for: {}'.format(ip_address))
            url = '{}?ipAddress={}&maxAgeInDays={}&verbose=true'.format(self.api_url, ip_address, str(max_age_in_days))
            response = self.request_session.get(url)
            if response.status_code != 200:
                raise Exception('Status code {} encountered while looking up IP address.  Error: {}'
                                .format(str(response.status_code), response.content))

            resp = response.json()
            abuse_response = {}
            if 'errors' not in resp:
                abuse_response['ip_address'] = resp['data']['ipAddress']
                abuse_response['abuse_total_reports'] = resp['data']['totalReports']
                abuse_response['country_name'] = resp['data']['countryName']
                abuse_response['usage_type'] = resp['data']['usageType']
                abuse_response['isp'] = resp['data']['isp']
                abuse_response['original_encoded_response'] = base64.b64encode(json.dumps(resp).encode('UTF-8')) \
                    .decode('UTF-8')

                categories = []
                if resp['data']['totalReports'] > 0:
                    abuse_response['abuse_lastReportedAt'] = resp['data']['lastReportedAt']
                    for report in resp['data']['reports']:
                        for cat in report['categories']:
                            try:
                                if self.categories[str(cat)] not in categories:
                                    categories.append(self.categories[str(cat)])
                            except Exception as ex:
                                logging.exception(ex)
                                continue
                    abuse_response['abuse_categories'] = categories

            return abuse_response
        except Exception as ex:
            logging.exception(ex)
            return {'error': str(ex)}

    def lookup(self, ip_address, max_age_in_days=90):
        return self.cache.lookup(self.__lookup_ip, ip_address=ip_address, max_age_in_days=max_age_in_days)
예제 #7
0
class Shodan:
    api_url = 'https://api.shodan.io/{}'

    def __init__(self, api_key):
        self.api_key = api_key
        self.request_session = internet.retry_request_session()

        self.cache = APICache('shodan')

    def __lookup(self, query_url):
        try:
            logging.debug('Performing Shodan Lookup for: {}'.format(query_url))

            url = self.api_url.format(query_url) + 'key={}'.format(
                self.api_key)
            response = self.request_session.get(url)
            if response.status_code != 200:
                raise Exception(
                    'Status code {} encountered while looking up IP address.  Error: {}'
                    .format(str(response.status_code), response.content))

            try:
                return response.json()
            except Exception as ex:
                logging.exception(response.text)
                raise Exception(response.text)
        except Exception as ex:
            logging.exception(ex)
            return {'error': str(ex)}

    def lookup_ip(self, ip_address):
        query_url = 'shodan/host/{}?'.format(ip_address)
        return self.cache.lookup(self.__lookup, query_url=query_url)

    def query(self, query):
        query_url = 'shodan/host/search?query={}&'.format(query)
        return self.cache.lookup(self.__lookup, query_url=query_url)

    def api_info(self):
        query_url = 'api-info?'
        return self.cache.lookup(self.__lookup, query_url=query_url)
예제 #8
0
    def __init__(self, api_key):
        self.api_key = api_key
        self.request_session = internet.retry_request_session()
        self.local_db_directory = "./maxmind"
        self.local_db = "./maxmind/GeoLite2-ASN-Blocks.sqlite"
        self.cache = APICache('max_mind')
        self.asn_ipv4_db = '{}/{}'.format(self.local_db_directory,
                                          'GeoLite2-ASN-Blocks-IPv4.csv')
        self.asn_ipv6_db = '{}/{}'.format(self.local_db_directory,
                                          'GeoLite2-ASN-Blocks-IPv6.csv')
        self.asn_db_gzip = '{}/{}'.format(self.local_db_directory,
                                          'GeoLite2-ASN.zip')
        self.asn_db_sha256 = '{}/{}'.format(self.local_db_directory,
                                            'GeoLite2-ASN.sha256')
        self.last_lookup = 0
        self.data = None

        if not os.path.exists(self.local_db_directory):
            os.mkdir(self.local_db_directory)

        self.__check_for_updates()
예제 #9
0
    def __init__(self, api_key):
        self.api_key = api_key
        self.request_session = internet.retry_request_session(
            headers={'Key': self.api_key})

        self.cache = APICache('ipstack')
예제 #10
0
class IanaPortServiceNames:
    api_url = 'https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.csv'
    refresh_period = 86400000  # 24 hours

    def __init__(self):
        self.request_session = internet.retry_request_session()
        self.local_db_directory = "./iana"
        self.local_db = "./iana/iana_service_names_port_numbers.sqlite"
        self.cache = APICache('iana_service_names_port_numbers')
        self.iana_csv = '{}/{}'.format(self.local_db_directory,
                                       'service-names-port-numbers.csv')
        self.last_lookup = 0
        self.data = None

        if not os.path.exists(self.local_db_directory):
            os.mkdir(self.local_db_directory)

        self.__check_for_updates()

    def __load_data(self, new_data=False):
        if self.data is not None:
            self.data.close()

        if os.path.exists(self.local_db) and new_data:
            os.remove(self.local_db)
        self.data = _sqlite3.connect(self.local_db, check_same_thread=False)

        if new_data:
            create_cache_table = """ CREATE TABLE IF NOT EXISTS iana (
                                                                    id integer PRIMARY KEY,
                                                                    service text,
                                                                    port text,
                                                                    protocol text,
                                                                    description text,
                                                                    assignee text,
                                                                    contact text,
                                                                    registration_date text,
                                                                    modification_date text,
                                                                    reference text,
                                                                    service_code text,
                                                                    unauthorized_user_reported text,
                                                                    notes text
                                                                ); """
            self.data.execute(create_cache_table)

            with open(self.iana_csv, 'r') as db_file:
                for line in csv.DictReader(db_file):
                    cursor = self.data.cursor()
                    cursor.execute(
                        "INSERT INTO iana(service, port, protocol, description, assignee, contact, registration_date, modification_date, reference, service_code, "
                        "unauthorized_user_reported, notes)"
                        " VALUES(?,?,?,?,?,?,?,?,?,?,?,?)",
                        (line['Service Name'], line['Port Number'],
                         line['Transport Protocol'], line['Description'],
                         line['Assignee'], line['Contact'],
                         line['Registration Date'], line['Modification Date'],
                         line['Reference'], line['Service Code'],
                         line['Unauthorized Use Reported'],
                         line['Assignment Notes']))
            self.data.commit()

    def __check_for_updates(self):
        logging.info('Checking for iana updates')
        if self.last_lookup == 0 or (date_utils.convert_to_epoch_mills(
                datetime.now()) - self.last_lookup) >= self.refresh_period:
            with open(self.iana_csv, 'wb') as iana_csv:
                resp = self.request_session.get(self.api_url)
                iana_csv.write(resp.content)

            logging.info('Applying iana updates')
            self.__load_data(new_data=True)
            self.last_lookup = date_utils.convert_to_epoch_mills(
                datetime.now())

    def __build_from_row(self, row):
        return {
            'service': row[0],
            'port': row[1],
            'protocol': row[2],
            'description': row[3],
            'assignee': row[4],
            'contact': row[5],
            'registration_date': row[6],
            'modification_date': row[7],
            'reference': row[8],
            'service_code': row[9],
            'unauthorized_use_reported': row[10],
            'notes': row[11]
        }

    def __lookup_port(self, port):
        logging.debug('Performing iana Lookup for: {}'.format(port))
        self.__check_for_updates()
        cursor = self.data.cursor()
        cursor.execute(
            "SELECT service, port, protocol, description, assignee, contact, registration_date, modification_date, reference, service_code, "
            "unauthorized_user_reported, notes FROM iana WHERE port=" + port)

        response = []
        for row in cursor.fetchall():
            response.append(self.__build_from_row(row))
        return response

    def lookup_port(self, port):
        port = str(port)
        return self.cache.lookup(self.__lookup_port, port=port)

    def __lookup_service(self, service):
        logging.debug('Performing iana Lookup for: {}'.format(service))
        self.__check_for_updates()
        cursor = self.data.cursor()
        cursor.execute(
            "SELECT service, port, protocol, description, assignee, contact, registration_date, modification_date, reference, service_code, "
            "unauthorized_user_reported, notes FROM iana WHERE service=" +
            "'" + service + "'")

        response = []
        for row in cursor.fetchall():
            response.append(self.__build_from_row(row))
        return response

    def lookup_service(self, service):
        return self.cache.lookup(self.__lookup_service, service=service)

    def __lookup_protocol(self, protocol):
        logging.debug('Performing iana Lookup for: {}'.format(protocol))
        self.__check_for_updates()
        cursor = self.data.cursor()
        cursor.execute(
            "SELECT service, port, protocol, description, assignee, contact, registration_date, modification_date, reference, service_code, "
            "unauthorized_user_reported, notes FROM iana WHERE protocol=" +
            "'" + protocol + "'")

        response = []
        for row in cursor.fetchall():
            response.append(self.__build_from_row(row))
        return response

    def lookup_protocol(self, protocol):
        return self.cache.lookup(self.__lookup_protocol, protocol=protocol)

    def __lookup_unauthorised_use(self):
        logging.debug(
            'Performing iana Lookup for: {}'.format('unauthorised_use'))
        self.__check_for_updates()
        cursor = self.data.cursor()
        cursor.execute(
            "SELECT service, port, protocol, description, assignee, contact, registration_date, modification_date, reference, service_code, "
            "unauthorized_user_reported, notes FROM iana WHERE unauthorized_user_reported IS NOT ''"
        )

        response = []
        for row in cursor.fetchall():
            response.append(self.__build_from_row(row))
        return response

    def lookup_unauthorised_use(self):
        return self.cache.lookup(self.__lookup_unauthorised_use)
예제 #11
0
    def __init__(self, api_key):
        self.api_key = api_key
        self.request_session = internet.retry_request_session(
            headers={'x-apikey': api_key})

        self.cache = APICache('virus_total')
예제 #12
0
class MaxMind:
    api_url = 'https://download.maxmind.com/app/geoip_download?'
    refresh_period = 86400000  # 24 hours

    def __init__(self, api_key):
        self.api_key = api_key
        self.request_session = internet.retry_request_session()
        self.local_db_directory = "./maxmind"
        self.local_db = "./maxmind/GeoLite2-ASN-Blocks.sqlite"
        self.cache = APICache('max_mind')
        self.asn_ipv4_db = '{}/{}'.format(self.local_db_directory,
                                          'GeoLite2-ASN-Blocks-IPv4.csv')
        self.asn_ipv6_db = '{}/{}'.format(self.local_db_directory,
                                          'GeoLite2-ASN-Blocks-IPv6.csv')
        self.asn_db_gzip = '{}/{}'.format(self.local_db_directory,
                                          'GeoLite2-ASN.zip')
        self.asn_db_sha256 = '{}/{}'.format(self.local_db_directory,
                                            'GeoLite2-ASN.sha256')
        self.last_lookup = 0
        self.data = None

        if not os.path.exists(self.local_db_directory):
            os.mkdir(self.local_db_directory)

        self.__check_for_updates()

    def __load_data(self, new_data=False):
        if self.data is not None:
            self.data.close()

        if os.path.exists(self.local_db) and new_data:
            os.remove(self.local_db)
        self.data = _sqlite3.connect(self.local_db, check_same_thread=False)

        if new_data:
            create_cache_table = """ CREATE TABLE IF NOT EXISTS GeoLite2ASN (
                                                            id integer PRIMARY KEY,
                                                            network text,
                                                            autonomous_system_number text ,
                                                            autonomous_system_organization text,
                                                            version integer 
                                                        ); """
            self.data.execute(create_cache_table)

            with open(self.asn_ipv4_db, 'r') as db_file:
                for line in csv.DictReader(db_file):
                    cursor = self.data.cursor()
                    cursor.execute(
                        "INSERT INTO GeoLite2ASN(network, autonomous_system_number, autonomous_system_organization, version)"
                        " VALUES(?,?,?,?)",
                        (line['network'], line['autonomous_system_number'],
                         line['autonomous_system_organization'], 4))

            with open(self.asn_ipv6_db, 'r') as db_file:
                for line in csv.DictReader(db_file):
                    cursor = self.data.cursor()
                    cursor.execute(
                        "INSERT INTO GeoLite2ASN(network, autonomous_system_number, autonomous_system_organization, version)"
                        " VALUES(?,?,?,?)",
                        (line['network'], line['autonomous_system_number'],
                         line['autonomous_system_organization'], 6))

            self.data.commit()

    def __check_for_updates(self):
        logging.info('Checking for maxmind updates')
        if self.last_lookup == 0 or (date_utils.convert_to_epoch_mills(
                datetime.now()) - self.last_lookup) >= self.refresh_period:
            resp = self.request_session.get(
                self.api_url +
                'edition_id=GeoLite2-ASN-CSV&license_key={}&suffix=zip.sha256'.
                format(self.api_key))
            sha256 = ""
            if os.path.exists(self.asn_db_sha256):
                with open(self.asn_db_sha256, 'r') as sha256_file:
                    sha256 = sha256_file.readline()

            if sha256 != resp.text:
                logging.info('Applying maxmind updates')
                with open(self.asn_db_sha256, 'w') as sha256_file:
                    sha256_file.write(resp.text)
                with open(self.asn_db_gzip, 'wb') as asn_db_gzip:
                    resp = self.request_session.get(
                        self.api_url +
                        'edition_id=GeoLite2-ASN-CSV&license_key={}&suffix=zip'
                        .format(self.api_key))
                    asn_db_gzip.write(resp.content)

                with zipfile.ZipFile(self.asn_db_gzip) as zip_obj:
                    zip_obj.extractall(self.local_db_directory + '/temp')

                for template_file in glob.glob(self.local_db_directory +
                                               '/temp/**/*.csv'):
                    if "GeoLite2-ASN-Blocks-IPv4" in template_file:
                        if os.path.exists(self.asn_ipv4_db):
                            os.remove(self.asn_ipv4_db)
                        copyfile(template_file, self.asn_ipv4_db)
                    if "GeoLite2-ASN-Blocks-IPv6" in template_file:
                        if os.path.exists(self.asn_ipv6_db):
                            os.remove(self.asn_ipv6_db)
                        copyfile(template_file, self.asn_ipv6_db)

                shutil.rmtree(self.local_db_directory + '/temp')
                os.remove(self.asn_db_gzip)
                self.__load_data(new_data=True)
                self.last_lookup = date_utils.convert_to_epoch_mills(
                    datetime.now())

            if self.data is None:
                self.__load_data()

    def __lookup_asn(self, asn):
        logging.debug('Performing maxmind Lookup for: {}'.format(asn))
        self.__check_for_updates()
        cursor = self.data.cursor()
        cursor.execute(
            "SELECT network, autonomous_system_number, autonomous_system_organization, version FROM GeoLite2ASN WHERE autonomous_system_number="
            + str(asn))

        response = []
        for row in cursor.fetchall():
            response.append({
                'network': row[0],
                'autonomous_system_number': row[1],
                'autonomous_system_organization': row[2],
                'version': row[3]
            })
        return response

    def lookup_asn(self, asn):
        return self.cache.lookup(self.__lookup_asn, asn=asn)

    def __lookup_org(self, org):
        logging.debug('Performing maxmind Lookup for: {}'.format(org))
        self.__check_for_updates()

        cursor = self.data.cursor()
        cursor.execute(
            "SELECT network, autonomous_system_number, autonomous_system_organization, version FROM GeoLite2ASN WHERE autonomous_system_organization="
            + "'" + org + "'")

        response = []
        for row in cursor.fetchall():
            response.append({
                'network': row[0],
                'autonomous_system_number': row[1],
                'autonomous_system_organization': row[2],
                'version': row[3]
            })
        return response

    def lookup_org(self, org):
        return self.cache.lookup(self.__lookup_org, org=org)

    def __lookup_ip(self, ip_address):
        logging.debug('Performing maxmind Lookup for: {}'.format(ip_address))
        self.__check_for_updates()

        cursor = self.data.cursor()
        cursor.execute(
            "SELECT network, autonomous_system_number, autonomous_system_organization, version FROM GeoLite2ASN"
        )

        for row in cursor.fetchall():
            if ipaddress.ip_address(ip_address) in ipaddress.ip_network(
                    row[0]):
                return {
                    'network': row[0],
                    'autonomous_system_number': row[1],
                    'autonomous_system_organization': row[2],
                    'version': row[3]
                }

        return None

    def lookup_ip(self, ip_address):
        return self.cache.lookup(self.__lookup_ip, ip_address=ip_address)
예제 #13
0
    def __init__(self, api_key):
        self.api_key = api_key
        self.request_session = internet.retry_request_session()

        self.cache = APICache('view_dns')
예제 #14
0
class ViewDNS:
    api_url = 'https://api.viewdns.info/{}'

    def __init__(self, api_key):
        self.api_key = api_key
        self.request_session = internet.retry_request_session()

        self.cache = APICache('view_dns')

    def __lookup(self, query_url):
        try:
            logging.debug(
                'Performing ViewDNS Lookup for: {}'.format(query_url))

            url = self.api_url.format(
                query_url) + '&apikey={}&output=json'.format(self.api_key)
            response = self.request_session.get(url)
            if response.status_code != 200:
                raise Exception(
                    'Status code {} encountered while looking up IP address.  Error: {}'
                    .format(str(response.status_code), response.content))

            try:
                return response.json()
            except Exception as ex:
                logging.exception(response.text)
                raise Exception(response.text)
        except Exception as ex:
            logging.exception(ex)
            return {'error': str(ex)}

    def reverseip(self, ip_address):
        query_url = 'reverseip/?host={}'.format(ip_address)
        return self.cache.lookup(self.__lookup, query_url=query_url)

    def whois(self, value):
        query_url = 'whois/?domain={}'.format(value)
        return self.cache.lookup(self.__lookup, query_url=query_url)

    def dnsrecord(self, domain, record_type):
        query_url = 'dnsrecord/?domain={}&recordtype={}'.format(
            domain, record_type)
        return self.cache.lookup(self.__lookup, query_url=query_url)

    def maclookup(self, mac_address):
        query_url = 'maclookup/?mac={}'.format(mac_address)
        return self.cache.lookup(self.__lookup, query_url=query_url)

    def reversedns(self, ip_address):
        query_url = 'reversedns/?ip={}'.format(ip_address)
        return self.cache.lookup(self.__lookup, query_url=query_url)

    def reversemx(self, mail_server):
        query_url = 'reversemx/?mx={}'.format(mail_server)
        return self.cache.lookup(self.__lookup, query_url=query_url)

    def reversens(self, name_server):
        query_url = 'reversens/?ns={}'.format(name_server)
        return self.cache.lookup(self.__lookup, query_url=query_url)

    def reversewhois(self, query):
        query_url = 'reversewhois/?q={}'.format(query)
        return self.cache.lookup(self.__lookup, query_url=query_url)