def call_attribute(args): """Abstract call to attribute-based queries.""" client = AttributeRequest.from_config() pruned = prune_args(query=args.query, type=args.type) if args.type == 'tracker': data = client.get_host_attribute_trackers(**pruned) else: data = client.get_host_attribute_components(**pruned) return data
def __init__(self): try: self.clients = { 'ssl': SslRequest.from_config(), 'dns': DnsRequest.from_config(), 'enrichment': EnrichmentRequest.from_config(), 'whois': WhoisRequest.from_config(), 'attribute': AttributeRequest.from_config(), } except Exception: self.clients = None
def call_attribute(args): """Abstract call to attribute-based queries.""" client = AttributeRequest.from_config() pruned = prune_args( query=args.query, type=args.type ) if args.type == 'tracker': data = client.get_host_attribute_trackers(**pruned) else: data = client.get_host_attribute_components(**pruned) return data
from passivetotal.libs.attributes import AttributeRequest from passivetotal.libs.enrichment import EnrichmentRequest def show_tagged(direction, enriched): for host, data in enriched.get("results", {}).iteritems(): if len(data['tags']) == 0: continue print data['queryValue'], ','.join(data['tags']) query = sys.argv[1] direction = sys.argv[2] result_key = {'parents': 'parent', 'children': 'child'} if len(sys.argv) != 3: print "Usage: python host_pair_sentinel.py <query> <parents|children>" sys.exit(1) if direction not in ['children', 'parents']: print "[!] Direction must be 'children' or 'parents' to work" sys.exit(1) client = AttributeRequest.from_config() matches = client.get_host_attribute_pairs(query=query, direction=direction) hostnames = [x[result_key[direction]] for x in matches.get("results", list())] client = EnrichmentRequest.from_config() enriched = client.get_bulk_enrichment(query=hostnames) show_tagged(direction, enriched)
1) Take in a domain or IP 2) Identify all tracking codes associated with the query 3) Search for other sites not matching the original query using any codes 4) Construct a table output with data for easy consumption """ __author__ = 'Brandon Dixon ([email protected])' __version__ = '1.0.0' __description__ = "Surface related entities based on tracking codes" __keywords__ = ['trackers', 'phishing', 'crimeware', 'analysis'] import sys from tabulate import tabulate from passivetotal.libs.attributes import AttributeRequest query = sys.argv[1] client = AttributeRequest.from_config() # client.set_debug(True) processed_values = list() def surface_values(item): """Identify items that could be interesting.""" if item.get('attributeValue') in processed_values: return {} children = client.search_trackers( query=item.get('attributeValue'), type=item.get('attributeType') ) interesting = dict()