Exemplo n.º 1
0
 def __init__(self):
     try:
         self.clients = {
             'ssl': SslRequest.from_config(),
             'dns': DnsRequest.from_config(),
             'enrichment': EnrichmentRequest.from_config(),
             'whois': WhoisRequest.from_config(),
             'attribute': AttributeRequest.from_config(),
         }
     except Exception:
         self.clients = None
Exemplo n.º 2
0
from passivetotal.libs.attributes import AttributeRequest
from passivetotal.libs.enrichment import EnrichmentRequest


def show_tagged(direction, enriched):
    for host, data in enriched.get("results", {}).iteritems():
        if len(data['tags']) == 0:
            continue
        print data['queryValue'], ','.join(data['tags'])


query = sys.argv[1]
direction = sys.argv[2]
result_key = {'parents': 'parent', 'children': 'child'}

if len(sys.argv) != 3:
    print "Usage: python host_pair_sentinel.py <query> <parents|children>"
    sys.exit(1)
if direction not in ['children', 'parents']:
    print "[!] Direction must be 'children' or 'parents' to work"
    sys.exit(1)

client = AttributeRequest.from_config()
matches = client.get_host_attribute_pairs(query=query, direction=direction)
hostnames = [x[result_key[direction]] for x in matches.get("results", list())]

client = EnrichmentRequest.from_config()
enriched = client.get_bulk_enrichment(query=hostnames)
show_tagged(direction, enriched)
Exemplo n.º 3
0
There are times when it's difficult to tell which items have been tagged as
something malicious or suspicious. This script will take an initial starting
point and print out any tagged items along with their tags.
"""
__author__ = 'Brandon Dixon ([email protected])'
__version__ = '1.0.0'
__description__ = "Surface tagged items from a passive DNS query"
__keywords__ = ['pdns', 'tags', 'triage', 'analysis']

import sys
from passivetotal.libs.dns import DnsRequest
from passivetotal.libs.enrichment import EnrichmentRequest

query = sys.argv[1]
client = DnsRequest.from_config()
enricher = EnrichmentRequest.from_config()


def main():
    """Take an initial seed and identify OSINT tags."""
    initial_seed = client.get_unique_resolutions(query=query)
    all_records = initial_seed.get('results', list())
    all_records += query
    for item in all_records:
        tmp = enricher.get_enrichment(query=item)
        tags = tmp.get('tags', list())
        if len(tags) > 0:
            print("%s - %s" % (item, ', '.join(tags)))


if __name__ == "__main__":
Exemplo n.º 4
0
There are times when it's difficult to tell which items have been tagged as
something malicious or suspicious. This script will take an initial starting
point and print out any tagged items along with their tags.
"""
__author__ = 'Brandon Dixon ([email protected])'
__version__ = '1.0.0'
__description__ = "Surface tagged items from a passive DNS query"
__keywords__ = ['pdns', 'tags', 'triage', 'analysis']

import sys
from passivetotal.libs.dns import DnsRequest
from passivetotal.libs.enrichment import EnrichmentRequest

query = sys.argv[1]
client = DnsRequest.from_config()
enricher = EnrichmentRequest.from_config()


def main():
    """Take an initial seed and identify OSINT tags."""
    initial_seed = client.get_unique_resolutions(query=query)
    all_records = initial_seed.get('results', list())
    all_records += query
    for item in all_records:
        tmp = enricher.get_enrichment(query=item)
        tags = tmp.get('tags', list())
        if len(tags) > 0:
            print("%s - %s" % (item, ', '.join(tags)))

if __name__ == "__main__":
    main()
Exemplo n.º 5
0
def call_osint(args):
    client = EnrichmentRequest.from_config()
    return client.get_osint(query=args.query)
Exemplo n.º 6
0
import sys

from passivetotal.libs.attributes import AttributeRequest
from passivetotal.libs.enrichment import EnrichmentRequest


def show_tagged(direction, enriched):
    for host, data in enriched.get("results", {}).items():
        if len(data['tags']) == 0:
            continue
        print(data['queryValue'], ','.join(data['tags']))

query = sys.argv[1]
direction = sys.argv[2]
result_key = {'parents': 'parent', 'children': 'child'}

if len(sys.argv) != 3:
    print("Usage: python host_pair_sentinel.py <query> <parents|children>")
    sys.exit(1)
if direction not in ['children', 'parents']:
    print("[!] Direction must be 'children' or 'parents' to work")
    sys.exit(1)

client = AttributeRequest.from_config()
matches = client.get_host_attribute_pairs(query=query, direction=direction)
hostnames = [x[result_key[direction]] for x in matches.get("results", list())]

client = EnrichmentRequest.from_config()
enriched = client.get_bulk_enrichment(query=hostnames)
show_tagged(direction, enriched)