Exemplo n.º 1
0
    def run(self):
        Analyzer.run(self)

        data = self.getData()

        try:
            # enrichment service
            if self.service == 'enrichment':
                enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
                result = enrichment_request.get_enrichment(query=data)
                self.report(result)

            # malware service
            elif self.service == 'malware':
                enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
                result = enrichment_request.get_malware(query=data)
                self.report(result)

            # osint service
            elif self.service == 'osint':
                enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
                result = enrichment_request.get_osint(query=data)
                self.report(result)

            # passive dns service
            elif self.service == 'passive_dns':
                dns_request = DnsRequest(username=self.username, api_key=self.api_key)
                result = dns_request.get_passive_dns(query=data)
                self.report(result)

            # ssl certificate details service
            elif self.service == 'ssl_certificate_details':
                ssl_request = SslRequest(username=self.username, api_key=self.api_key)
                result = ssl_request.get_ssl_certificate_details(query=data)
                self.report(result)

            # ssl certificate history service
            elif self.service == 'ssl_certificate_history':
                ssl_request = SslRequest(username=self.username, api_key=self.api_key)
                result = ssl_request.get_ssl_certificate_history(query=data)
                self.report(result)

            # unique resolutions service
            elif self.service == 'unique_resolutions':
                dns_request = DnsRequest(username=self.username, api_key=self.api_key)
                result = dns_request.get_unique_resolutions(query=data)
                self.report(result)

            # whois details service
            elif self.service == 'whois_details':
                whois_request = WhoisRequest(username=self.username, api_key=self.api_key)
                result = whois_request.get_whois_details(query=data)
                self.report(result)

            else:
                self.error('Unknown PassiveTotal service')

        except Exception as e:
            self.unexpectedError(e)
Exemplo n.º 2
0
    def get_ssl(self, **kwargs):
        client = SslRequest(self.username, self.apikey)

        keys = ['query', 'compact', 'field', 'type']

        params = self._cleanup_params(keys, **kwargs)

        if not params.get('type'):
            return client.get_ssl_certificate_details(**params)
        elif params.get('type') == 'history':
            return client.get_ssl_certificate_history(**params)
        elif params.get('type') == 'search' and params.get('field'):
            return client.search_ssl_certificate_by_field(**params)
        else:
            self.stoq.log.error("No SSL field provided.")
            return None
Exemplo n.º 3
0
    def get_ssl(self, **kwargs):
        client = SslRequest(self.username, self.apikey)

        keys = ['query', 'compact', 'field', 'type']

        params = self._cleanup_params(keys, **kwargs)

        if not params.get('type'):
            return client.get_ssl_certificate_details(**params)
        elif params.get('type') == 'history':
            return client.get_ssl_certificate_history(**params)
        elif params.get('type') == 'search' and params.get('field'):
            return client.search_ssl_certificate_by_field(**params)
        else:
            self.log.error("No SSL field provided.")
            return None
Exemplo n.º 4
0
class SslTestCase(unittest.TestCase):
    """Test case for SSL certificate methods."""

    formats = ['json']

    def setup_class(self):
        self.patcher = patch('passivetotal.api.Client._get', fake_request)
        self.patcher.start()
        self.client = SslRequest('--No-User--', '--No-Key--')

    def teardown_class(self):
        self.patcher.stop()

    def test_ssl_certificate_details(self):
        """Test getting SSL certificate details."""
        payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
        response = self.client.get_ssl_certificate_details(**payload)
        assert (response.get('serialNumber')
                ) == '2317683628587350290823564500811277499'

    def test_process_ssl_certificate_details(self):
        """Test processing SSL certificate details."""
        payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
        response = self.client.get_ssl_certificate_details(**payload)
        wrapped = Response(response)
        for item in self.formats:
            assert (getattr(wrapped, item))

    def test_property_load(self):
        """Test loading properties on a result."""
        payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
        response = self.client.get_ssl_certificate_details(**payload)
        wrapped = Response(response)

        for key, value in iteritems(response):
            assert (getattr(wrapped, key)) == value

    def test_ssl_certificate_search(self):
        """Test getting a SSL certificate search."""
        payload = {
            'query': 'www.passivetotal.org',
            'field': 'subjectCommonName'
        }
        response = self.client.search_ssl_certificate_by_field(**payload)
        assert (response['results'][0]['serialNumber']
                ) == '2317683628587350290823564500811277499'

    def test_ssl_certificate_search_bad_field(self):
        """Test sending a bad field in a search."""
        with pytest.raises(INVALID_FIELD_TYPE) as excinfo:

            def invalid_field():
                payload = {'query': 'www.passivetotal.org', 'field': '_'}
                self.client.search_ssl_certificate_by_field(**payload)

            invalid_field()
        assert 'must be one of the following' in str(excinfo.value)

    def test_ssl_certificate_search_missing_field(self):
        """Test missing a field in a search."""
        with pytest.raises(MISSING_FIELD) as excinfo:

            def missing_field():
                payload = {'query': 'www.passivetotal.org', 'no-field': '_'}
                self.client.search_ssl_certificate_by_field(**payload)

            missing_field()
        assert 'value is required' in str(excinfo.value)

    def test_process_ssl_certificate_search(self):
        """Test processing search results."""
        payload = {
            'query': 'www.passivetotal.org',
            'field': 'subjectCommonName'
        }
        response = self.client.search_ssl_certificate_by_field(**payload)
        results = Response(response)
        assert (Response(results.results[0]).serialNumber
                ) == '2317683628587350290823564500811277499'

    def test_process_ssl_certificate_history(self):
        """Test processing search results."""
        payload = {'query': '52.8.228.23'}
        response = self.client.get_ssl_certificate_history(**payload)
        wrapped = Response(response)
        record = Response(wrapped.results.pop(0))
        assert (record.sha1) == 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'
Exemplo n.º 5
0
class SslTestCase(unittest.TestCase):

    """Test case for SSL certificate methods."""

    formats = ['json', 'xml', 'csv', 'text', 'table']

    def setup_class(self):
        self.patcher = patch('passivetotal.api.Client._get', fake_request)
        self.patcher.start()
        self.client = SslRequest('--No-User--', '--No-Key--')

    def teardown_class(self):
        self.patcher.stop()

    def test_ssl_certificate_details(self):
        """Test getting SSL certificate details."""
        payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
        response = self.client.get_ssl_certificate_details(**payload)
        assert (response.get('serialNumber')) == '2317683628587350290823564500811277499'

    def test_process_ssl_certificate_details(self):
        """Test processing SSL certificate details."""
        payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
        response = self.client.get_ssl_certificate_details(**payload)
        wrapped = SslResponse(response)
        for item in self.formats:
            assert (getattr(wrapped, item))

    def test_property_load(self):
        """Test loading properties on a result."""
        payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
        response = self.client.get_ssl_certificate_details(**payload)
        wrapped = SslResponse(response)

        for key, value in iteritems(response):
            assert (getattr(wrapped, key)) == value

    def test_ssl_certificate_search(self):
        """Test getting a SSL certificate search."""
        payload = {'query': 'www.passivetotal.org', 'field': 'subjectCommonName'}
        response = self.client.search_ssl_certificate_by_field(**payload)
        assert (response['results'][0]['serialNumber']) == '2317683628587350290823564500811277499'

    def test_ssl_certificate_search_bad_field(self):
        """Test sending a bad field in a search."""
        with pytest.raises(INVALID_FIELD_TYPE) as excinfo:
            def invalid_field():
                payload = {'query': 'www.passivetotal.org', 'field': '_'}
                self.client.search_ssl_certificate_by_field(**payload)
            invalid_field()
        assert 'must be one of the following' in str(excinfo.value)

    def test_ssl_certificate_search_missing_field(self):
        """Test missing a field in a search."""
        with pytest.raises(MISSING_FIELD) as excinfo:
            def missing_field():
                payload = {'query': 'www.passivetotal.org', 'no-field': '_'}
                self.client.search_ssl_certificate_by_field(**payload)
            missing_field()
        assert 'value is required' in str(excinfo.value)

    def test_process_ssl_certificate_search(self):
        """Test processing search results."""
        payload = {'query': 'www.passivetotal.org', 'field': 'subjectCommonName'}
        response = self.client.search_ssl_certificate_by_field(**payload)
        results = SslSearchResponse(response)
        assert (results.get_records()[0].serialNumber) == '2317683628587350290823564500811277499'

    def test_process_ssl_certificate_history(self):
        """Test processing search results."""
        payload = {'query': '52.8.228.23'}
        response = self.client.get_ssl_certificate_history(**payload)
        wrapped = SslHistoryResponse(response)
        record = wrapped.get_records().pop(0)
        assert (record.sha1) == 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'
Exemplo n.º 6
0
    def run(self):
        data = self.get_data()

        try:
            # enrichment service
            if self.service == 'enrichment':
                enrichment_request = EnrichmentRequest(username=self.username,
                                                       api_key=self.api_key)
                result = enrichment_request.get_enrichment(query=data)
                self.report(result)

            # malware service
            elif self.service == 'malware':
                enrichment_request = EnrichmentRequest(username=self.username,
                                                       api_key=self.api_key)
                result = enrichment_request.get_malware(query=data)
                self.report(result)

            # osint service
            elif self.service == 'osint':
                enrichment_request = EnrichmentRequest(username=self.username,
                                                       api_key=self.api_key)
                result = enrichment_request.get_osint(query=data)
                self.report(result)

            # passive dns service
            elif self.service == 'passive_dns':
                dns_request = DnsRequest(username=self.username,
                                         api_key=self.api_key)
                result = dns_request.get_passive_dns(query=data)
                self.report(result)

            # ssl certificate details service
            elif self.service == 'ssl_certificate_details':
                ssl_request = SslRequest(username=self.username,
                                         api_key=self.api_key)
                result = ssl_request.get_ssl_certificate_details(query=data)
                self.report(result)

            # ssl certificate history service
            elif self.service == 'ssl_certificate_history':
                ssl_request = SslRequest(username=self.username,
                                         api_key=self.api_key)
                result = ssl_request.get_ssl_certificate_history(query=data)
                print(len(result['results']))
                if len(result['results']
                       ) == 1 and result['results'][0]['ipAddresses'] == 'N/A':
                    print("ok")
                    self.report({'results': []})
                else:
                    self.report(result)

            # unique resolutions service
            elif self.service == 'unique_resolutions':
                dns_request = DnsRequest(username=self.username,
                                         api_key=self.api_key)
                result = dns_request.get_unique_resolutions(query=data)
                self.report(result)

            # whois details service
            elif self.service == 'whois_details':
                whois_request = WhoisRequest(username=self.username,
                                             api_key=self.api_key)
                result = whois_request.get_whois_details(query=data)
                self.report(result)

            # components service
            elif self.service == 'components':
                host_attr_request = HostAttributeRequest(
                    username=self.username, api_key=self.api_key)
                result = host_attr_request.get_components(query=data)
                self.report(result)

            # trackers service
            elif self.service == 'trackers':
                host_attr_request = HostAttributeRequest(
                    username=self.username, api_key=self.api_key)
                result = host_attr_request.get_trackers(query=data)
                self.report(result)

            # host pairs service
            elif self.service == 'host_pairs':
                host_attr_request = HostAttributeRequest(
                    username=self.username, api_key=self.api_key)
                result = host_attr_request.get_host_pairs(query=data,
                                                          direction='parents')
                children = host_attr_request.get_host_pairs(
                    query=data, direction='children')
                result['totalRecords'] += children['totalRecords']
                result['results'] = result['results'] + children['results']
                self.report(result)

            else:
                self.error('Unknown PassiveTotal service')

        except Exception as e:
            self.unexpectedError(e)