parser.add_argument('-l', '--list', help='list of indicators to check in PassiveTotal', action='store', required=True) parser.add_argument('-a', '--apikey', help='PassiveTotal API key', action='store', required=True) args = parser.parse_args() if not os.path.exists(args.list): print 'error: file %s not found' % args.list sys.exit(1) iocs = read_list(args.list) print 'Domains:\t%d\n' % len(iocs) pt = PassiveTotal(args.apikey) for host in iocs: resp = pt.get_passive(host) if resp['success']: print 'First:\t%s' % resp['results']['first_seen'] print 'Last: \t%s' % resp['results']['last_seen'] print 'Hosts:\n' r = resp['results'] for d in r['records']: print "\t%s" % d['resolve']
--bulk Read values from a file instead of the CLI. """ import os import sys from docopt import docopt from IPy import IP from passivetotal import PassiveTotal API_KEY = '-YOUR-API-KEY-' if __name__ == '__main__': arguments = docopt(__doc__, version='PassiveTotal 1.0') pt = PassiveTotal(API_KEY) pt.logger = 'INFO' if arguments['metadata']: response = pt.get_metadata(arguments['<indicator>']) if response['success']: if arguments['--raw']: print response else: print "[=] Query:", response['raw_query'] type = response['results']['type'] if type == 'domain': print "[*] Primary Domain:", response['results'][ 'primaryDomain'] print "[*] TLD:", response['results']['tld'] print "[*] Dynamic DNS?:", response['results']['dynamic']
#!/usr/bin/env python from passivetotal import PassiveTotal # create a new instance pt = PassiveTotal('9240860a2790ca058fac39f2c39c86dace50f44dc020e3dd4d6308e152b354fb') # set our logging pt.logger = 'DEBUG' # get pdns information print pt.get_passive('www.passivetotal.org') # set classification print pt.set_classification('www.passivetotal.org', classification='benign') # set a tag print pt.add_tag('www.passivetotal.org', tag='security')