def __init__(self): try: self.clients = { 'ssl': SslRequest.from_config(), 'dns': DnsRequest.from_config(), 'enrichment': EnrichmentRequest.from_config(), 'whois': WhoisRequest.from_config(), 'attribute': AttributeRequest.from_config(), } except Exception: self.clients = None
from passivetotal.libs.attributes import AttributeRequest from passivetotal.libs.enrichment import EnrichmentRequest def show_tagged(direction, enriched): for host, data in enriched.get("results", {}).iteritems(): if len(data['tags']) == 0: continue print data['queryValue'], ','.join(data['tags']) query = sys.argv[1] direction = sys.argv[2] result_key = {'parents': 'parent', 'children': 'child'} if len(sys.argv) != 3: print "Usage: python host_pair_sentinel.py <query> <parents|children>" sys.exit(1) if direction not in ['children', 'parents']: print "[!] Direction must be 'children' or 'parents' to work" sys.exit(1) client = AttributeRequest.from_config() matches = client.get_host_attribute_pairs(query=query, direction=direction) hostnames = [x[result_key[direction]] for x in matches.get("results", list())] client = EnrichmentRequest.from_config() enriched = client.get_bulk_enrichment(query=hostnames) show_tagged(direction, enriched)
There are times when it's difficult to tell which items have been tagged as something malicious or suspicious. This script will take an initial starting point and print out any tagged items along with their tags. """ __author__ = 'Brandon Dixon ([email protected])' __version__ = '1.0.0' __description__ = "Surface tagged items from a passive DNS query" __keywords__ = ['pdns', 'tags', 'triage', 'analysis'] import sys from passivetotal.libs.dns import DnsRequest from passivetotal.libs.enrichment import EnrichmentRequest query = sys.argv[1] client = DnsRequest.from_config() enricher = EnrichmentRequest.from_config() def main(): """Take an initial seed and identify OSINT tags.""" initial_seed = client.get_unique_resolutions(query=query) all_records = initial_seed.get('results', list()) all_records += query for item in all_records: tmp = enricher.get_enrichment(query=item) tags = tmp.get('tags', list()) if len(tags) > 0: print("%s - %s" % (item, ', '.join(tags))) if __name__ == "__main__":
There are times when it's difficult to tell which items have been tagged as something malicious or suspicious. This script will take an initial starting point and print out any tagged items along with their tags. """ __author__ = 'Brandon Dixon ([email protected])' __version__ = '1.0.0' __description__ = "Surface tagged items from a passive DNS query" __keywords__ = ['pdns', 'tags', 'triage', 'analysis'] import sys from passivetotal.libs.dns import DnsRequest from passivetotal.libs.enrichment import EnrichmentRequest query = sys.argv[1] client = DnsRequest.from_config() enricher = EnrichmentRequest.from_config() def main(): """Take an initial seed and identify OSINT tags.""" initial_seed = client.get_unique_resolutions(query=query) all_records = initial_seed.get('results', list()) all_records += query for item in all_records: tmp = enricher.get_enrichment(query=item) tags = tmp.get('tags', list()) if len(tags) > 0: print("%s - %s" % (item, ', '.join(tags))) if __name__ == "__main__": main()
def call_osint(args): client = EnrichmentRequest.from_config() return client.get_osint(query=args.query)
import sys from passivetotal.libs.attributes import AttributeRequest from passivetotal.libs.enrichment import EnrichmentRequest def show_tagged(direction, enriched): for host, data in enriched.get("results", {}).items(): if len(data['tags']) == 0: continue print(data['queryValue'], ','.join(data['tags'])) query = sys.argv[1] direction = sys.argv[2] result_key = {'parents': 'parent', 'children': 'child'} if len(sys.argv) != 3: print("Usage: python host_pair_sentinel.py <query> <parents|children>") sys.exit(1) if direction not in ['children', 'parents']: print("[!] Direction must be 'children' or 'parents' to work") sys.exit(1) client = AttributeRequest.from_config() matches = client.get_host_attribute_pairs(query=query, direction=direction) hostnames = [x[result_key[direction]] for x in matches.get("results", list())] client = EnrichmentRequest.from_config() enriched = client.get_bulk_enrichment(query=hostnames) show_tagged(direction, enriched)