parser.add_argument('-l',
'--list',
help='list of indicators to check in PassiveTotal',
action='store',
required=True)
parser.add_argument('-a',
'--apikey',
help='PassiveTotal API key',
action='store',
required=True)
args = parser.parse_args()
if not os.path.exists(args.list):
print 'error: file %s not found' % args.list
sys.exit(1)
iocs = read_list(args.list)
print 'Domains:\t%d\n' % len(iocs)
pt = PassiveTotal(args.apikey)
for host in iocs:
resp = pt.get_passive(host)
if resp['success']:
print 'First:\t%s' % resp['results']['first_seen']
print 'Last: \t%s' % resp['results']['last_seen']
print 'Hosts:\n'
r = resp['results']
for d in r['records']:
print "\t%s" % d['resolve']
--bulk Read values from a file instead of the CLI.
"""
import os
import sys
from docopt import docopt
from IPy import IP
from passivetotal import PassiveTotal
API_KEY = '-YOUR-API-KEY-'
if __name__ == '__main__':
arguments = docopt(__doc__, version='PassiveTotal 1.0')
pt = PassiveTotal(API_KEY)
pt.logger = 'INFO'
if arguments['metadata']:
response = pt.get_metadata(arguments['<indicator>'])
if response['success']:
if arguments['--raw']:
print response
else:
print "[=] Query:", response['raw_query']
type = response['results']['type']
if type == 'domain':
print "[*] Primary Domain:", response['results'][
'primaryDomain']
print "[*] TLD:", response['results']['tld']
print "[*] Dynamic DNS?:", response['results']['dynamic']
#!/usr/bin/env python
from passivetotal import PassiveTotal
# create a new instance
pt = PassiveTotal('9240860a2790ca058fac39f2c39c86dace50f44dc020e3dd4d6308e152b354fb')
# set our logging
pt.logger = 'DEBUG'
# get pdns information
print pt.get_passive('www.passivetotal.org')
# set classification
print pt.set_classification('www.passivetotal.org', classification='benign')
# set a tag
print pt.add_tag('www.passivetotal.org', tag='security')
