def domain_categories(enity):
api_url = 'https://investigate.api.opendns.com/'
api_key = get_odns_apikey()
if api_key:
headers = {'Authorization': 'Bearer ' + api_key}
endpoint = 'domains/categorization/'
labels = '?showLabels'
response = requests.get(api_url + endpoint + enity + labels,
headers=headers,
proxies=helpers.get_proxy()).json()
for domain, values in response.iteritems():
if values['status'] == -1: # -1 if domain is malicious
data = {}
tags = domain_tag(domain)
sec = domain_security(domain)
feat = domain_features(domain)
x = data.copy()
x.update(feat)
x.update(sec)
return x
elif values['status'] == 0:
data = {'Category': 'Unclassified'}
sec = domain_security(domain)
feat = domain_features(domain)
x = data.copy()
x.update(feat)
x.update(sec)
return x
elif values['status'] == 1:
return {'Category': ', '.join(values['content_categories'])}
else:
return {}
def vt_hash_lookup(filehash):
try:
settings = Setting.query.filter_by(_id=1).first()
apikey = settings.apikey
url = "https://www.virustotal.com/vtapi/v2/file/report"
params = {'resource': filehash, 'apikey': apikey}
r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
j = json.loads(r.text)
return j
except:
pass
def vt_hash_lookup(filehash):
try:
settings = Setting.query.filter_by(_id=1).first()
apikey = settings.apikey
url = "https://www.virustotal.com/vtapi/v2/file/report"
params = {'resource': filehash, 'apikey': apikey}
r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
j = json.loads(r.text)
return j
except:
pass
def vt_ipv4_lookup(ipv4):
try:
settings = Setting.query.filter_by(_id=1).first()
apikey = settings.apikey
url = "https://www.virustotal.com/vtapi/v2/ip-address/report"
params = {'ip': ipv4, 'apikey': apikey}
r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
j = json.loads(r.text)
j['resolutions'] = sorted(j['resolutions'], key=lambda k: k['last_resolved'], reverse=True)
return j
except:
pass
def vt_ipv4_lookup(ipv4):
try:
settings = Setting.query.filter_by(_id=1).first()
apikey = settings.apikey
url = "https://www.virustotal.com/vtapi/v2/ip-address/report"
params = {'ip': ipv4, 'apikey': apikey}
r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
j = json.loads(r.text)
j['resolutions'] = sorted(j['resolutions'], key=lambda k: k['last_resolved'], reverse=True)
return j
except:
pass
def vt_domain_lookup(domain):
try:
settings = Setting.query.filter_by(_id=1).first()
apikey = settings.apikey
url = "https://www.virustotal.com/vtapi/v2/domain/report"
params = {'domain': domain, 'apikey': apikey}
r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
j = json.loads(r.text)
j['resolutions'] = sorted(j['resolutions'], key=lambda k: k['last_resolved'], reverse=True)
if len(j) < 20:
pass
else:
return j
except:
pass
def vt_domain_lookup(domain):
try:
settings = Setting.query.filter_by(_id=1).first()
apikey = settings.apikey
url = "https://www.virustotal.com/vtapi/v2/domain/report"
params = {'domain': domain, 'apikey': apikey}
r = requests.get(url, params=params, verify=False, proxies=helpers.get_proxy())
j = json.loads(r.text)
j['resolutions'] = sorted(j['resolutions'], key=lambda k: k['last_resolved'], reverse=True)
if len(j) < 20:
pass
else:
return j
except:
pass
def domain_security(domain):
api_url = 'https://investigate.api.opendns.com/'
api_key = get_odns_apikey()
headers = {'Authorization': 'Bearer ' + api_key}
endpoint = 'security/name/{}.json'
response = requests.get(api_url + endpoint.format(domain),
headers=headers,
proxies=helpers.get_proxy()).json()
newdict = {}
newdict['Domain'] = domain
newdict['ASN Score'] = response['asn_score']
newdict['DGA Score'] = response['dga_score']
newdict['Prefix Score'] = response['prefix_score']
newdict['Fast Flux'] = response['fastflux']
newdict['Securerank2'] = response['securerank2']
#newdict['threat_type'] = response['threat_type']
#newdict['attack'] = response['attack']
return newdict
def ip_query(entity):
api_url = 'https://investigate.api.opendns.com/'
api_key = get_odns_apikey()
if api_key:
headers = {'Authorization': 'Bearer ' + api_key}
mal_domains = []
ip = entity.strip()
endpoint = 'ips/{ip}/latest_domains'.format(ip=ip)
response = requests.get(api_url + endpoint, headers=headers, proxies=helpers.get_proxy())
if response.text != '[]':
results = response.json()
for entry in results:
mal_domains.append(entry['name'])
else:
mal_domains.append('None')
return mal_domains
else:
return []
def domain_features(domain):
api_url = 'https://investigate.api.opendns.com/'
api_key = get_odns_apikey()
headers = {'Authorization': 'Bearer ' + api_key}
endpoint = 'dnsdb/name/a/{}.json'
response = requests.get(api_url + endpoint.format(domain),
headers=headers,
proxies=helpers.get_proxy()).json()
newdict = {}
for k, v in response.iteritems():
if 'features' in k:
if v['asns']:
newdict['ASN'] = v['asns']
else:
newdict['ASN'] = 'N/A'
newdict['Prefix'] = ' '.join(v['prefixes'])
newdict['Country'] = ' '.join(v['country_codes'])
newdict['Age'] = str(v['age']) + ' days'
return newdict
def ip_query(entity):
api_url = 'https://investigate.api.opendns.com/'
api_key = get_odns_apikey()
if api_key:
headers = {'Authorization': 'Bearer ' + api_key}
mal_domains = []
ip = entity.strip()
endpoint = 'ips/{ip}/latest_domains'.format(ip=ip)
response = requests.get(api_url + endpoint,
headers=headers,
proxies=helpers.get_proxy())
if response.text != '[]':
results = response.json()
for entry in results:
mal_domains.append(entry['name'])
else:
mal_domains.append('None')
return mal_domains
else:
return []
def domain_tag(domain):
api_url = 'https://investigate.api.opendns.com/'
api_key = get_odns_apikey()
headers = {'Authorization': 'Bearer ' + api_key}
endpoint = 'domains/{}/latest_tags'
response = requests.get(api_url + endpoint.format(domain),
headers=headers,
proxies=helpers.get_proxy()).json()
newlist = []
for row in response:
newdict = {}
begin_date = row['period']['begin']
end_date = row['period']['end']
newdict['begin'] = begin_date
newdict['end'] = end_date
if row['url'] is None:
newdict['url'] = 'None'
else:
newdict['url'] = row['url']
newdict['domain'] = domain
newdict['category'] = row['category']
newlist.append(newdict)
return newlist
def domain_categories(enity):
api_url = 'https://investigate.api.opendns.com/'
api_key = get_odns_apikey()
if api_key:
headers = {'Authorization': 'Bearer ' + api_key}
endpoint = 'domains/categorization/'
labels = '?showLabels'
response = requests.get(api_url + endpoint + enity + labels, headers=headers, proxies=helpers.get_proxy()).json()
for domain, values in response.iteritems():
if values['status'] == -1: # -1 if domain is malicous
sec = domain_security(enity)
for row in domain_tag(enity):
c = row.copy()
c.update(sec)
return c
elif values['status'] == 0:
return {'Category': 'Unclassified'}
elif values['status'] == 1:
return {'Category': ', '.join(values['content_categories'])}
else:
return {}
def domain_tag(enity):
api_url = 'https://investigate.api.opendns.com/'
api_key = get_odns_apikey()
headers = {'Authorization': 'Bearer ' + api_key}
domain = enity
endpoint = 'domains/{}/latest_tags'
response = requests.get(api_url + endpoint.format(domain), headers=headers, proxies=helpers.get_proxy()).json()
newlist = []
for row in response:
newdict = {}
begin_date = row['period']['begin']
end_date = row['period']['end']
newdict['begin'] = begin_date
newdict['end'] = end_date
if row['url'] is None:
newdict['url'] = 'None'
else:
newdict['url'] = row['url']
newdict['domain'] = domain
newdict['category'] = row['category']
newlist.append(newdict)
return newlist
def domain_security(enity):
api_url = 'https://investigate.api.opendns.com/'
api_key = get_odns_apikey()
headers = {'Authorization': 'Bearer ' + api_key}
domain = enity
endpoint = 'security/name/{}.json'
response = requests.get(api_url + endpoint.format(domain), headers=headers, proxies=helpers.get_proxy()).json()
newdict = {}
newdict['domain'] = domain
newdict['attack'] = response['attack']
newdict['asn_score'] = response['asn_score']
newdict['dga_score'] = response['dga_score']
newdict['prefix_score'] = response['prefix_score']
newdict['fastflux'] = response['fastflux']
newdict['securerank2'] = response['securerank2']
newdict['threat_type'] = response['threat_type']
return newdict
def domain_features(domain):
api_url = 'https://investigate.api.opendns.com/'
api_key = get_odns_apikey()
headers = {'Authorization': 'Bearer ' + api_key}
endpoint = 'dnsdb/name/a/{}.json'
response = requests.get(api_url + endpoint.format(domain), headers=headers, proxies=helpers.get_proxy()).json()
newdict = {}
for k, v in response.iteritems():
if 'features' in k:
if v['asns']:
newdict['ASN'] = v['asns']
else:
newdict['ASN'] = 'N/A'
newdict['Prefix'] = ' '.join(v['prefixes'])
newdict['Country'] = ' '.join(v['country_codes'])
newdict['Age'] = str(v['age']) + ' days'
return newdict
