def analyze(observable, results): links = set() parts = extract(observable.value) if parts.subdomain == '': data = DomainToolsApi.get("/{}/whois/history".format(observable.value), results.settings) results.update(raw=json.dumps(data, indent=2)) for record in data['response']['history']: created = datetime.strptime(record['whois']['registration']['created'], "%Y-%m-%d") expires = datetime.strptime(record['whois']['registration']['expires'], "%Y-%m-%d") registrar = Company.get_or_create(name=record['whois']['registration']['registrar']) registrant = Text.get_or_create(value=record['whois']['registrant']) links.update(observable.link_to(registrar, 'Registrar', 'DomainTools', created, expires)) links.update(observable.link_to(registrant, 'Registrant', 'DomainTools', created, expires)) parsed = parse_raw_whois([record['whois']['record']], normalized=True) email = get_value_at(parsed, 'contacts.registrant.email') if email: email = Email.get_or_create(value=email) links.update(observable.link_to(email, 'Registrant Email', 'DomainTools', created, expires)) return list(links)
def domain_abuse(domain, registrant=False): parts = extract(domain) domain = parts.registered_domain try: data = get_whois_raw(domain) parsed = parse_raw_whois(data, ['Domain', 'contacts']) except Exception as e: print("Could not get WHOIS for {} ({})".format(domain, e)) return { "value": domain, "names": [], "abuse": [], "raw": "" } if registrant: results = _get_registrant_abuse(domain, parsed) else: results = _get_registrar_abuse(domain, parsed) results['raw'] = "\n\n".join(data) return results
def domain_abuse(domain, registrant=False): parts = extract(domain) domain = parts.registered_domain try: data = get_whois_raw(domain) parsed = parse_raw_whois(data, ['Domain', 'contacts']) except Exception, e: print "Could not get WHOIS for {} ({})".format(domain, e) return {"value": domain, "names": [], "abuse": [], "raw": ""}
def parse_whois(payload): try: js = parse.parse_raw_whois([payload]) if 'raw' in js: del js['raw'] return js except KeyError: print("KEYERROR!") return {} except ValueError: print("VALUEERROR") return {}
def check_whois_V1(domain: str): if domain is not None and len(domain) > 0: try: server = net.get_root_server(domain) raw = net.get_whois_raw(domain, server=server) parsed = parse.parse_raw_whois(raw_data=raw) if len(parsed) > 0: return False, None, True else: return True, None, True except: return False, None, True
def check_whois(domain: str): """ :param domain: :return: True domain might avaiable to buy now, date time of expire, True if action is 100% sure """ if domain is not None and len(domain) > 0: try: match = re.match( "^[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,10}$", domain) if match is None: raise ValueError("domain name error.") server = net.get_root_server(domain) raw = net.get_whois_raw(domain, server=server) parsed = parse.parse_raw_whois(raw_data=raw) expire_record = parsed.get("expiration_date") name_servers = parsed.get("nameservers") if len(parsed) <= 1: return True, None, True else: if expire_record is not None and len(expire_record) > 0: temp = expire_record[0] else: if name_servers is None: return True, None, True else: return False, None, False expire_dates = len(expire_record) if expire_dates > 1: for i in range(1, expire_dates): data = expire_record[i] if data > temp: temp = data date = datetime.datetime.utcnow() if temp is not None: if date < temp: #print(domain + " is not expired") return False, temp, True else: if name_servers is None: return True, temp, True else: return True, temp, False else: return True, None, False except Exception as ex: msg = "error in LinkChecker.check_whois(), checking " + domain ErrorLogger.log_error("LinkChecker", ex, msg) return False, None, False else: return False, None, True
def run(self, tld): _abuse_contact = "" names = list() emails = list() try: data = get_whois_raw(tld) parsed_whois = parse_raw_whois(data, ['Domain', 'contacts']) _abuse_contact = parsed_whois['emails'][0] except Exception as e: self.logger.error('Abuse finder ended with error %s', e) return False, _abuse_contact return True, _abuse_contact
def parse_whois(uri: Dict): logger.debug("Parsing Whois info for '%s'...", uri["domain"]) whois = parse_raw_whois([uri["whois"]["raw"]], normalized=True, never_query_handles=False, handle_server=uri["whois"]["servers"][-1]) logger.debug(f"Whois info:\n{whois}") uri["domain_id"] = whois["id"][0] if "id" in whois and len( whois["id"]) > 0 else "" uri["status"] = whois["status"] if "status" in whois else [] if "registrar" in whois is not None and len(whois["registrar"]) > 0: uri["registrar"] = whois["registrar"][0] else: uri["registrar"] = "" parse_whois_dates(uri, whois) parse_whois_servers(uri, whois) parse_whois_contacts(uri, whois) parse_whois_status(uri)
def analyze(hostname, results): links = set() parts = extract(hostname.value) if parts.subdomain == '': should_add_context = False for context in hostname.context: if context['source'] == 'whois': break else: should_add_context = True context = {'source': 'whois'} data = get_whois_raw(hostname.value) results.update(raw=data[0]) parsed = parse_raw_whois(data, normalized=True) context['raw'] = data[0] if 'creation_date' in parsed: context['creation_date'] = parsed['creation_date'][0] if 'registrant' in parsed['contacts']: fields_to_extract = [ ('email', Email, 'Registrant Email'), ('name', Text, 'Registrant Name'), ('organization', Text, 'Registrant Organization'), ('phone', Text, 'Registrant Phone Number'), ] for field, klass, description in fields_to_extract: links.update( link_from_contact_info( hostname, parsed['contacts']['registrant'], field, klass, description)) if should_add_context: hostname.add_context(context) else: hostname.save() return list(links)
def analyze(hostname): links = [] parts = extract(hostname.value) if parts.subdomain == "": should_add_context = False for context in hostname.context: if context["source"] == "Whois": break else: should_add_context = True context = {"source": "Whois"} data = get_whois_raw(hostname.value) parsed = parse_raw_whois(data, normalized=True) context["raw"] = data[0] if "creation_date" in parsed: context["creation_date"] = parsed["creation_date"][0] if "registrant" in parsed["contacts"]: fields_to_extract = [ ("email", Email, "Registrant", "Registrant Email"), ("name", Text, "Registrant", "Registrant Name"), ("organization", Text, "Registrant", "Registrant Organization"), ("phone", Text, "Registrant", "Registrant Phone Number"), ] for field, klass, tag, description in fields_to_extract: link = link_from_contact_info( hostname, parsed["contacts"]["registrant"], field, klass, tag, description ) if link is not None: links.append(link) if should_add_context: hostname.add_context(context) else: hostname.save() return links