def _api_login(self):
data = {
"username": self.api_key.split(":")[0],
"password": self.api_key.split(":")[1],
"realm": "intel",
}
response = requests.request("POST", url=self.api_url, data=json.dumps(data))
if response.status_code == 200:
self._token = response.json()["token"]
self._expires = response.json()["expires"]
elif response.status_code == 401:
raise SpamhausError("Authentication Failed!")
def check_ip(self):
"""Checks IP reputation
Checks reverse DNS lookup query for a given IP and maps return codes to
appropriate data source.
:return: dict
"""
result_list = []
for rbl in self.RBL:
answer = self._resolve(blocklist=rbl, type="ip")
if answer:
results = {}
bl = rbl.split(".")[1]
if answer[0].host in ["127.0.0.2", "127.0.0.3", "127.0.0.9"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-SBL"
result_list.append(results)
elif answer[0].host in [
"127.0.0.4",
"127.0.0.5",
"127.0.0.6",
"127.0.0.7",
]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-XBL"
result_list.append(results)
elif answer[0].host in ["127.0.0.10", "127.0.0.11"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-PBL"
result_list.append(results)
elif answer[0].host in [
"127.255.255.252",
"127.255.255.254",
"127.255.255.255",
]:
raise SpamhausError("Error in query!")
else:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-unknown"
result_list.append(results)
return result_list
def check_ip(self, limit=None, since=None, until=None, type="live", mask="32"):
"""
:param limit: default None
:param since: default 12 months ago (unix timestamp)
:param until: default current time (unix timestamp)
:param type: default live (history - other option)
:param ip: IP Address to check reputation
:param mask: default 32
:return: dict
"""
get = self._api_get(
limit=limit, since=since, until=until, type=type, ip=self.ip, mask=mask
)
if get.status_code == 200:
return get.json()
elif get.status_code == 404:
return "Not found!"
else:
raise SpamhausError(get.text)
def check_domain(self):
"""Checks Domain reputation
Checks DNS lookup query for a given domain and maps return codes to
appropriate data source.
:return: dict
"""
result_list = []
for dbl in self.DBL:
answer = self._resolve(blocklist=dbl, type="domain")
if answer:
results = {}
bl = dbl.split(".")[1]
if answer[0].host in ["127.0.1.2"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-spam"
result_list.append(results)
elif answer[0].host in ["127.0.1.4"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-phish"
result_list.append(results)
elif answer[0].host in ["127.0.1.5"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-malware"
result_list.append(results)
elif answer[0].host in ["127.0.1.6"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-botnet-c2"
result_list.append(results)
elif answer[0].host in ["127.0.1.102"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-abused-legit"
result_list.append(results)
elif answer[0].host in ["127.0.1.103"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-abused-redirector"
result_list.append(results)
elif answer[0].host in ["127.0.1.104"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-abused-phish"
result_list.append(results)
elif answer[0].host in ["127.0.1.105"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-abused-malware"
result_list.append(results)
elif answer[0].host in ["127.0.1.106"]:
results["address"] = answer[0].host
results["blocklist"] = f"{bl}-abused-botnet-c2"
result_list.append(results)
elif answer[0].host in ["127.0.1.255"]:
raise SpamhausError("IP queries prohibited!")
elif answer[0].host in [
"127.255.255.252",
"127.255.255.254",
"127.255.255.255",
]:
raise SpamhausError("Error in query!")
return result_list