Пример #1
0
 def __init__(self):
     try:
         self.clients = {
             'ssl': SslRequest.from_config(),
             'dns': DnsRequest.from_config(),
             'enrichment': EnrichmentRequest.from_config(),
             'whois': WhoisRequest.from_config(),
             'attribute': AttributeRequest.from_config(),
         }
     except Exception:
         self.clients = None
Пример #2
0
from passivetotal.libs.attributes import AttributeRequest
from passivetotal.libs.enrichment import EnrichmentRequest


def show_tagged(direction, enriched):
    for host, data in enriched.get("results", {}).iteritems():
        if len(data['tags']) == 0:
            continue
        print data['queryValue'], ','.join(data['tags'])


query = sys.argv[1]
direction = sys.argv[2]
result_key = {'parents': 'parent', 'children': 'child'}

if len(sys.argv) != 3:
    print "Usage: python host_pair_sentinel.py <query> <parents|children>"
    sys.exit(1)
if direction not in ['children', 'parents']:
    print "[!] Direction must be 'children' or 'parents' to work"
    sys.exit(1)

client = AttributeRequest.from_config()
matches = client.get_host_attribute_pairs(query=query, direction=direction)
hostnames = [x[result_key[direction]] for x in matches.get("results", list())]

client = EnrichmentRequest.from_config()
enriched = client.get_bulk_enrichment(query=hostnames)
show_tagged(direction, enriched)
Пример #3
0
There are times when it's difficult to tell which items have been tagged as
something malicious or suspicious. This script will take an initial starting
point and print out any tagged items along with their tags.
"""
__author__ = 'Brandon Dixon ([email protected])'
__version__ = '1.0.0'
__description__ = "Surface tagged items from a passive DNS query"
__keywords__ = ['pdns', 'tags', 'triage', 'analysis']

import sys
from passivetotal.libs.dns import DnsRequest
from passivetotal.libs.enrichment import EnrichmentRequest

query = sys.argv[1]
client = DnsRequest.from_config()
enricher = EnrichmentRequest.from_config()


def main():
    """Take an initial seed and identify OSINT tags."""
    initial_seed = client.get_unique_resolutions(query=query)
    all_records = initial_seed.get('results', list())
    all_records += query
    for item in all_records:
        tmp = enricher.get_enrichment(query=item)
        tags = tmp.get('tags', list())
        if len(tags) > 0:
            print("%s - %s" % (item, ', '.join(tags)))


if __name__ == "__main__":
Пример #4
0
There are times when it's difficult to tell which items have been tagged as
something malicious or suspicious. This script will take an initial starting
point and print out any tagged items along with their tags.
"""
__author__ = 'Brandon Dixon ([email protected])'
__version__ = '1.0.0'
__description__ = "Surface tagged items from a passive DNS query"
__keywords__ = ['pdns', 'tags', 'triage', 'analysis']

import sys
from passivetotal.libs.dns import DnsRequest
from passivetotal.libs.enrichment import EnrichmentRequest

query = sys.argv[1]
client = DnsRequest.from_config()
enricher = EnrichmentRequest.from_config()


def main():
    """Take an initial seed and identify OSINT tags."""
    initial_seed = client.get_unique_resolutions(query=query)
    all_records = initial_seed.get('results', list())
    all_records += query
    for item in all_records:
        tmp = enricher.get_enrichment(query=item)
        tags = tmp.get('tags', list())
        if len(tags) > 0:
            print("%s - %s" % (item, ', '.join(tags)))

if __name__ == "__main__":
    main()
Пример #5
0
def call_osint(args):
    client = EnrichmentRequest.from_config()
    return client.get_osint(query=args.query)
Пример #6
0
import sys

from passivetotal.libs.attributes import AttributeRequest
from passivetotal.libs.enrichment import EnrichmentRequest


def show_tagged(direction, enriched):
    for host, data in enriched.get("results", {}).items():
        if len(data['tags']) == 0:
            continue
        print(data['queryValue'], ','.join(data['tags']))

query = sys.argv[1]
direction = sys.argv[2]
result_key = {'parents': 'parent', 'children': 'child'}

if len(sys.argv) != 3:
    print("Usage: python host_pair_sentinel.py <query> <parents|children>")
    sys.exit(1)
if direction not in ['children', 'parents']:
    print("[!] Direction must be 'children' or 'parents' to work")
    sys.exit(1)

client = AttributeRequest.from_config()
matches = client.get_host_attribute_pairs(query=query, direction=direction)
hostnames = [x[result_key[direction]] for x in matches.get("results", list())]

client = EnrichmentRequest.from_config()
enriched = client.get_bulk_enrichment(query=hostnames)
show_tagged(direction, enriched)