def do_pdns_query(self, obj):
"""Perform a passive DNS lookup on the query value."""
client = self._generate_request_instance('dns')
query = self._get_query_type(obj)
results = client.get_passive_dns(query=query)
self._check_response(results)
results = DnsResponse(results)
for record in results.get_records():
stats = {
'First Seen': record.firstSeen,
'Last Seen': record.lastSeen,
'Sources': ','.join(record.source)
}
self._add_result('Passive DNS', record.resolve, stats)
def do_pdns_query(self, obj):
"""Perform a passive DNS lookup on the query value."""
client = self._generate_request_instance('dns')
query = self._get_query_type(obj)
results = client.get_passive_dns(query=query)
self._check_response(results)
results = DnsResponse(results)
for record in results.get_records():
stats = {
'First Seen': record.firstSeen,
'Last Seen': record.lastSeen,
'Sources': ','.join(record.source)
}
self._add_result('Passive DNS', record.resolve, stats)
def call_dns(args):
"""Abstract call to DNS-based queries."""
client = DnsRequest.from_config()
pruned = prune_args(query=args.query,
end=args.end,
start=args.start,
timeout=args.timeout,
sources=args.sources)
if args.unique:
data = DnsResponse.process(client.get_unique_resolutions(**pruned))
else:
data = DnsResponse.process(client.get_passive_dns(**pruned))
return data
def write_output(results, arguments):
"""Format data based on the type.
:param results: Result data from one of the various calls
:param arguments: Supplied arguments from the CLI
:return: Formatted list of output data
"""
if arguments.cmd == 'pdns':
if not arguments.format:
arguments.format = 'table'
if not arguments.unique:
data = DnsResponse.process(results)
else:
data = DnsUniqueResponse.process(results)
data = [getattr(data, arguments.format)]
elif arguments.cmd == 'whois':
if not arguments.format:
arguments.format = 'text'
if not arguments.field:
tmp = WhoisResponse.process(results)
data = [getattr(tmp, arguments.format)]
else:
data = list()
results = WhoisSearchResponse(results)
for record in results.get_records():
data.append(getattr(record, arguments.format))
elif arguments.cmd == 'ssl':
if not arguments.format:
arguments.format = 'text'
if not arguments.type:
tmp = SslResponse.process(results)
data = [getattr(tmp, arguments.format)]
elif arguments.type == 'search':
data = list()
for record in results.get('records', []):
tmp = SslResponse.process(record)
data.append(getattr(tmp, arguments.format))
else:
tmp = SslHistoryResponse.process(results)
data = [getattr(tmp, arguments.format)]
elif arguments.cmd == 'attribute':
if not arguments.format:
arguments.format = 'table'
tmp = AttributeResponse.process(results)
data = [getattr(tmp, arguments.format)]
else:
return [str(results)]
return data
def main():
"""Perform a passive DNS lookup and save the output."""
if len(sys.argv) <= 1:
print "Usage: python pdns_multiput <query>"
sys.exit(1)
query = sys.argv[1]
output_formats = ['json', 'xml', 'stix', 'csv', 'table']
client = DnsRequest.from_config()
raw_results = client.get_passive_dns(query=query)
pdns_results = DnsResponse(raw_results)
for format_type in output_formats:
save_location = "/tmp/%s.pdns.%s" % (query, format_type)
tmp = open(save_location, "w")
tmp.write(getattr(pdns_results, format_type))
tmp.close()
print "Saved results inside of /tmp/%s" % (query)
