def get_email_from_domain(self, domain_name, elastic_output):
global email_list
domain3 = domains.Domains(domain_name)
domain3.get_tld()
domain3.wayback()
whois_history = domain3.whois_history(conf['keys']['whoxy'], elastic_output)
whois = domain3.whois(conf['keys']['whoxy'], elastic_output)
new_emails = []
# KeyErrors are here because sometimes contact does not contain email address. API does not give key in that case.
try:
if whois:
if whois[domain_name]['contact']['email_address'] not in email_list:
email_list.append(whois[domain_name]['contact']['email_address'])
new_emails.append(whois[domain_name]['contact']['email_address'])
except KeyError:
pass
try:
if whois_history:
for j in whois_history:
if whois_history[j]['contact']['email_address'] not in email_list:
email_list.append(whois_history[j]['contact']['email_address'])
new_emails.append(whois_history[j]['contact']['email_address'])
except KeyError:
pass
return new_emails
def get_ip_from_domain(self, domain_name, elastic_output):
domain2 = domains.Domains(domain_name)
# domain2.get_tld()
# domain2.wayback()
# domain2.virustotal()
domain2.threatcrowd(elastic_output)
domain_virustotal = domain2.virustotal(conf['keys']['virustotal'], elastic_output)
domain2.whois_history(conf['keys']['whoxy'], elastic_output)
new_ip = []
if domain_virustotal:
if len(domain_virustotal) > 0:
for i in domain_virustotal[domain_name]:
new_ip.append(i)
else:
print("Nothing found")
return new_ip
N = 3
conf = d.sanitize_config(Nints=N, init_offset=False, tag=tag)
conf['center'] = (0, -3, 0)
dgen = d.generate_concentric_dict(conf)
cmds = d.write_params_geo(conf, file_geo='geo/sphere-concentric.script.geo')
call(cmds)
dgens.append(dgen)
tag += N
N = 3
conf = d.sanitize_config(Nints=N, init_offset=False, tag=tag)
conf['center'] = (0, 0, 3)
dgen = d.generate_concentric_dict(conf)
cmds = d.write_params_geo(conf, file_geo='geo/sphere-concentric.script.geo')
call(cmds)
dgens.append(dgen)
tag += N
N = 3
conf = d.sanitize_config(Nints=N, init_offset=False, tag=tag)
conf['center'] = (0, 0, -3)
dgen = d.generate_concentric_dict(conf)
cmds = d.write_params_geo(conf, file_geo='geo/sphere-concentric.script.geo')
call(cmds)
dgens.append(dgen)
dicts = d.merge_msh(dgens)
doms = d.Domains(dicts)
doms.write2dot('graph.dot')
call(['dot', '-Teps', 'graph.dot'], stdout=open('graph.eps', 'wb'))
console = logging.StreamHandler()
console.setLevel(logging.INFO)
formatter = logging.Formatter(' %(name)-8s: %(levelname)-8s %(message)s')
console.setFormatter(formatter)
logger.addHandler(console)
logger.info("------------------------------------------------------------")
logger.info("main, domain path : %s " % (domain_path))
logger.info("main, data path : %s " % (data_path))
logger.info("main, run log path : %s " % (data_path))
logger.info("main, tlow,thigh: %d, %d; dlow,dhigh: %d, %d " %
(tlow, thigh, dlow, dhigh))
data_file = os.path.join(data_path, '2014-01-08')
d = domains.Domains(domain_path, tlow, thigh, dlow, dhigh)
d.load_all()
all_domain_info = logdb.dcache(data_file, 'domain', domains=d)
domain_all = logdb.get_keys(all_domain_info)
domain_train_all = logdb.get_keys(all_domain_info, d.malware | d.train_w)
relative_ips = logdb.get_rip(all_domain_info, domain_train_all)
domain_train_r = logdb.get_rd(all_domain_info, relative_ips)
logger.info("main, relative ips : %d" % (len(relative_ips)))
d.stat(domain_all, 'all domains')
d.stat(domain_train_all, 'train domains before pre process')
d.stat(domain_train_r, 'relative domains of train domain(before preproc)')
