class EnrichmentTestCase(unittest.TestCase):
"""Test case for DNS methods."""
formats = ['json', 'xml', 'csv', 'text', 'table']
def setup_class(self):
self.patcher = patch('passivetotal.api.Client._get', fake_request)
self.patcher.start()
self.client = EnrichmentRequest('--No-User--', '--No-Key--')
def teardown_class(self):
self.patcher.stop()
def test_enrichment(self):
"""Test various actions for enrichment."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_enrichment(**payload)
assert (response['queryValue'])
def test_process_enrichment(self):
"""Test processing enrichment data."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_enrichment(**payload)
wrapped = Response(response)
assert (wrapped.queryValue) == 'passivetotal.org'
def test_osint(self):
"""Test getting unique passive DNS records."""
payload = {'query': 'xxxvideotube.org'}
response = self.client.get_osint(**payload)
wrapped = Response(response)
assert (response['results'])
record = wrapped.results.pop(0)
record = Response(record)
assert (record.source) == 'RiskIQ'
assert (
record.sourceUrl
) == "https://www.riskiq.com/blog/riskiq-labs/post/a-brief-encounter-with-slempo"
def test_malware(self):
"""Test processing malware."""
payload = {'query': 'noorno.com'}
response = self.client.get_malware(**payload)
wrapped = Response(response)
assert (response['results'])
record = wrapped.results.pop(0)
record = Response(record)
assert (record.source) == 'Threatexpert'
assert (record.sample) == "7ebf1e2d0c89b1c8124275688c9e8e98"
def test_subdomains(self):
"""Test processing subdomains."""
payload = {'query': '*.passivetotal.org'}
response = self.client.get_subdomains(**payload)
wrapped = Response(response)
assert (wrapped.queryValue) == '*.passivetotal.org'
assert ('www' in wrapped.subdomains)
class EnrichmentTestCase(unittest.TestCase):
"""Test case for DNS methods."""
formats = ['json', 'xml', 'csv', 'text', 'table']
def setup_class(self):
self.patcher = patch('passivetotal.api.Client._get', fake_request)
self.patcher.start()
self.client = EnrichmentRequest('--No-User--', '--No-Key--')
def teardown_class(self):
self.patcher.stop()
def test_enrichment(self):
"""Test various actions for enrichment."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_enrichment(**payload)
assert(response['queryValue'])
def test_process_enrichment(self):
"""Test processing enrichment data."""
payload = {'query': 'passivetotal.org'}
response = self.client.get_enrichment(**payload)
wrapped = Response(response)
assert (wrapped.queryValue) == 'passivetotal.org'
def test_osint(self):
"""Test getting unique passive DNS records."""
payload = {'query': 'xxxvideotube.org'}
response = self.client.get_osint(**payload)
wrapped = Response(response)
assert (response['results'])
record = wrapped.results.pop(0)
record = Response(record)
assert (record.source) == 'RiskIQ'
assert (record.sourceUrl) == "https://www.riskiq.com/blog/riskiq-labs/post/a-brief-encounter-with-slempo"
def test_malware(self):
"""Test processing malware."""
payload = {'query': 'noorno.com'}
response = self.client.get_malware(**payload)
wrapped = Response(response)
assert (response['results'])
record = wrapped.results.pop(0)
record = Response(record)
assert (record.source) == 'Threatexpert'
assert (record.sample) == "7ebf1e2d0c89b1c8124275688c9e8e98"
def test_subdomains(self):
"""Test processing subdomains."""
payload = {'query': '*.passivetotal.org'}
response = self.client.get_subdomains(**payload)
wrapped = Response(response)
assert (wrapped.queryValue) == '*.passivetotal.org'
assert ('www' in wrapped.subdomains)
def run(self):
Analyzer.run(self)
data = self.getData()
try:
# enrichment service
if self.service == 'enrichment':
enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
result = enrichment_request.get_enrichment(query=data)
self.report(result)
# malware service
elif self.service == 'malware':
enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
result = enrichment_request.get_malware(query=data)
self.report(result)
# osint service
elif self.service == 'osint':
enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
result = enrichment_request.get_osint(query=data)
self.report(result)
# passive dns service
elif self.service == 'passive_dns':
dns_request = DnsRequest(username=self.username, api_key=self.api_key)
result = dns_request.get_passive_dns(query=data)
self.report(result)
# ssl certificate details service
elif self.service == 'ssl_certificate_details':
ssl_request = SslRequest(username=self.username, api_key=self.api_key)
result = ssl_request.get_ssl_certificate_details(query=data)
self.report(result)
# ssl certificate history service
elif self.service == 'ssl_certificate_history':
ssl_request = SslRequest(username=self.username, api_key=self.api_key)
result = ssl_request.get_ssl_certificate_history(query=data)
self.report(result)
# unique resolutions service
elif self.service == 'unique_resolutions':
dns_request = DnsRequest(username=self.username, api_key=self.api_key)
result = dns_request.get_unique_resolutions(query=data)
self.report(result)
# whois details service
elif self.service == 'whois_details':
whois_request = WhoisRequest(username=self.username, api_key=self.api_key)
result = whois_request.get_whois_details(query=data)
self.report(result)
else:
self.error('Unknown PassiveTotal service')
except Exception as e:
self.unexpectedError(e)
def run(self):
data = self.get_data()
try:
# enrichment service
if self.service == 'enrichment':
enrichment_request = EnrichmentRequest(username=self.username,
api_key=self.api_key)
result = enrichment_request.get_enrichment(query=data)
self.report(result)
# malware service
elif self.service == 'malware':
enrichment_request = EnrichmentRequest(username=self.username,
api_key=self.api_key)
result = enrichment_request.get_malware(query=data)
self.report(result)
# osint service
elif self.service == 'osint':
enrichment_request = EnrichmentRequest(username=self.username,
api_key=self.api_key)
result = enrichment_request.get_osint(query=data)
self.report(result)
# passive dns service
elif self.service == 'passive_dns':
dns_request = DnsRequest(username=self.username,
api_key=self.api_key)
result = dns_request.get_passive_dns(query=data)
self.report(result)
# ssl certificate details service
elif self.service == 'ssl_certificate_details':
ssl_request = SslRequest(username=self.username,
api_key=self.api_key)
result = ssl_request.get_ssl_certificate_details(query=data)
self.report(result)
# ssl certificate history service
elif self.service == 'ssl_certificate_history':
ssl_request = SslRequest(username=self.username,
api_key=self.api_key)
result = ssl_request.get_ssl_certificate_history(query=data)
print(len(result['results']))
if len(result['results']
) == 1 and result['results'][0]['ipAddresses'] == 'N/A':
print("ok")
self.report({'results': []})
else:
self.report(result)
# unique resolutions service
elif self.service == 'unique_resolutions':
dns_request = DnsRequest(username=self.username,
api_key=self.api_key)
result = dns_request.get_unique_resolutions(query=data)
self.report(result)
# whois details service
elif self.service == 'whois_details':
whois_request = WhoisRequest(username=self.username,
api_key=self.api_key)
result = whois_request.get_whois_details(query=data)
self.report(result)
# components service
elif self.service == 'components':
host_attr_request = HostAttributeRequest(
username=self.username, api_key=self.api_key)
result = host_attr_request.get_components(query=data)
self.report(result)
# trackers service
elif self.service == 'trackers':
host_attr_request = HostAttributeRequest(
username=self.username, api_key=self.api_key)
result = host_attr_request.get_trackers(query=data)
self.report(result)
# host pairs service
elif self.service == 'host_pairs':
host_attr_request = HostAttributeRequest(
username=self.username, api_key=self.api_key)
result = host_attr_request.get_host_pairs(query=data,
direction='parents')
children = host_attr_request.get_host_pairs(
query=data, direction='children')
result['totalRecords'] += children['totalRecords']
result['results'] = result['results'] + children['results']
self.report(result)
else:
self.error('Unknown PassiveTotal service')
except Exception as e:
self.unexpectedError(e)
