def load_client(context): """Get an instance of a loaded client.""" username = context.getTransformSetting('username') api_key = context.getTransformSetting('aKey') test_status = context.getTransformSetting('test_local') if test_status and test_status == 'True': server = context.getTransformSetting('server') version = context.getTransformSetting('version') return SslRequest(username, api_key, server, version) else: return SslRequest(username, api_key, headers=gen_debug(request))
def get_ssl(self, **kwargs): client = SslRequest(self.username, self.apikey) keys = ['query', 'compact', 'field', 'type'] params = self._cleanup_params(keys, **kwargs) if not params.get('type'): return client.get_ssl_certificate_details(**params) elif params.get('type') == 'history': return client.get_ssl_certificate_history(**params) elif params.get('type') == 'search' and params.get('field'): return client.search_ssl_certificate_by_field(**params) else: self.stoq.log.error("No SSL field provided.") return None
def call_ssl(args): """Abstract call to SSL-based queries.""" client = SslRequest.from_config() pruned = prune_args( query=args.query, compact_record=args.compact, field=args.field, ) valid_types = ['search', 'history'] if args.type and args.type not in valid_types: raise ValueError("Invalid type specified.") if not args.type: data = SSLResponse.process( {'results': [client.get_ssl_certificate_details(**pruned)]}) elif args.type == 'history': data = SSLHistoryResponse.process( client.get_ssl_certificate_history(**pruned)) elif args.type == 'search' and args.field: data = SSLResponse.process( client.search_ssl_certificate_by_field(**pruned)) else: raise ValueError("Field argument was missing from the call.") return data
def get_ssl(self, **kwargs): client = SslRequest(self.username, self.apikey) keys = ['query', 'compact', 'field', 'type'] params = self._cleanup_params(keys, **kwargs) if not params.get('type'): return client.get_ssl_certificate_details(**params) elif params.get('type') == 'history': return client.get_ssl_certificate_history(**params) elif params.get('type') == 'search' and params.get('field'): return client.search_ssl_certificate_by_field(**params) else: self.log.error("No SSL field provided.") return None
def __init__(self): try: self.clients = { 'ssl': SslRequest.from_config(), 'dns': DnsRequest.from_config(), 'enrichment': EnrichmentRequest.from_config(), 'whois': WhoisRequest.from_config(), 'attribute': AttributeRequest.from_config(), } except Exception: self.clients = None
def run(self): Analyzer.run(self) data = self.getData() try: # enrichment service if self.service == 'enrichment': enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key) result = enrichment_request.get_enrichment(query=data) self.report(result) # malware service elif self.service == 'malware': enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key) result = enrichment_request.get_malware(query=data) self.report(result) # osint service elif self.service == 'osint': enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key) result = enrichment_request.get_osint(query=data) self.report(result) # passive dns service elif self.service == 'passive_dns': dns_request = DnsRequest(username=self.username, api_key=self.api_key) result = dns_request.get_passive_dns(query=data) self.report(result) # ssl certificate details service elif self.service == 'ssl_certificate_details': ssl_request = SslRequest(username=self.username, api_key=self.api_key) result = ssl_request.get_ssl_certificate_details(query=data) self.report(result) # ssl certificate history service elif self.service == 'ssl_certificate_history': ssl_request = SslRequest(username=self.username, api_key=self.api_key) result = ssl_request.get_ssl_certificate_history(query=data) self.report(result) # unique resolutions service elif self.service == 'unique_resolutions': dns_request = DnsRequest(username=self.username, api_key=self.api_key) result = dns_request.get_unique_resolutions(query=data) self.report(result) # whois details service elif self.service == 'whois_details': whois_request = WhoisRequest(username=self.username, api_key=self.api_key) result = whois_request.get_whois_details(query=data) self.report(result) else: self.error('Unknown PassiveTotal service') except Exception as e: self.unexpectedError(e)
def call_ssl(args): """Abstract call to SSL-based queries.""" client = SslRequest.from_config() pruned = prune_args( query=args.query, compact_record=args.compact, field=args.field, type=args.type ) valid_types = ['search', 'history'] if args.type and args.type not in valid_types: raise ValueError("Invalid type specified.") if not args.type: data = client.get_ssl_certificate_details(**pruned) elif args.type == 'history': data = client.get_ssl_certificate_history(**pruned) elif args.type == 'search' and args.field: data = client.search_ssl_certificate_by_field(**pruned) else: raise ValueError("Field argument was missing from the call.") return data
def setup_class(self): self.patcher = patch('passivetotal.api.Client._get', fake_request) self.patcher.start() self.client = SslRequest('--No-User--', '--No-Key--')
class SslTestCase(unittest.TestCase): """Test case for SSL certificate methods.""" formats = ['json'] def setup_class(self): self.patcher = patch('passivetotal.api.Client._get', fake_request) self.patcher.start() self.client = SslRequest('--No-User--', '--No-Key--') def teardown_class(self): self.patcher.stop() def test_ssl_certificate_details(self): """Test getting SSL certificate details.""" payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'} response = self.client.get_ssl_certificate_details(**payload) assert (response.get('serialNumber') ) == '2317683628587350290823564500811277499' def test_process_ssl_certificate_details(self): """Test processing SSL certificate details.""" payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'} response = self.client.get_ssl_certificate_details(**payload) wrapped = Response(response) for item in self.formats: assert (getattr(wrapped, item)) def test_property_load(self): """Test loading properties on a result.""" payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'} response = self.client.get_ssl_certificate_details(**payload) wrapped = Response(response) for key, value in iteritems(response): assert (getattr(wrapped, key)) == value def test_ssl_certificate_search(self): """Test getting a SSL certificate search.""" payload = { 'query': 'www.passivetotal.org', 'field': 'subjectCommonName' } response = self.client.search_ssl_certificate_by_field(**payload) assert (response['results'][0]['serialNumber'] ) == '2317683628587350290823564500811277499' def test_ssl_certificate_search_bad_field(self): """Test sending a bad field in a search.""" with pytest.raises(INVALID_FIELD_TYPE) as excinfo: def invalid_field(): payload = {'query': 'www.passivetotal.org', 'field': '_'} self.client.search_ssl_certificate_by_field(**payload) invalid_field() assert 'must be one of the following' in str(excinfo.value) def test_ssl_certificate_search_missing_field(self): """Test missing a field in a search.""" with pytest.raises(MISSING_FIELD) as excinfo: def missing_field(): payload = {'query': 'www.passivetotal.org', 'no-field': '_'} self.client.search_ssl_certificate_by_field(**payload) missing_field() assert 'value is required' in str(excinfo.value) def test_process_ssl_certificate_search(self): """Test processing search results.""" payload = { 'query': 'www.passivetotal.org', 'field': 'subjectCommonName' } response = self.client.search_ssl_certificate_by_field(**payload) results = Response(response) assert (Response(results.results[0]).serialNumber ) == '2317683628587350290823564500811277499' def test_process_ssl_certificate_history(self): """Test processing search results.""" payload = {'query': '52.8.228.23'} response = self.client.get_ssl_certificate_history(**payload) wrapped = Response(response) record = Response(wrapped.results.pop(0)) assert (record.sha1) == 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'
class SslTestCase(unittest.TestCase): """Test case for SSL certificate methods.""" formats = ['json', 'xml', 'csv', 'text', 'table'] def setup_class(self): self.patcher = patch('passivetotal.api.Client._get', fake_request) self.patcher.start() self.client = SslRequest('--No-User--', '--No-Key--') def teardown_class(self): self.patcher.stop() def test_ssl_certificate_details(self): """Test getting SSL certificate details.""" payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'} response = self.client.get_ssl_certificate_details(**payload) assert (response.get('serialNumber')) == '2317683628587350290823564500811277499' def test_process_ssl_certificate_details(self): """Test processing SSL certificate details.""" payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'} response = self.client.get_ssl_certificate_details(**payload) wrapped = SslResponse(response) for item in self.formats: assert (getattr(wrapped, item)) def test_property_load(self): """Test loading properties on a result.""" payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'} response = self.client.get_ssl_certificate_details(**payload) wrapped = SslResponse(response) for key, value in iteritems(response): assert (getattr(wrapped, key)) == value def test_ssl_certificate_search(self): """Test getting a SSL certificate search.""" payload = {'query': 'www.passivetotal.org', 'field': 'subjectCommonName'} response = self.client.search_ssl_certificate_by_field(**payload) assert (response['results'][0]['serialNumber']) == '2317683628587350290823564500811277499' def test_ssl_certificate_search_bad_field(self): """Test sending a bad field in a search.""" with pytest.raises(INVALID_FIELD_TYPE) as excinfo: def invalid_field(): payload = {'query': 'www.passivetotal.org', 'field': '_'} self.client.search_ssl_certificate_by_field(**payload) invalid_field() assert 'must be one of the following' in str(excinfo.value) def test_ssl_certificate_search_missing_field(self): """Test missing a field in a search.""" with pytest.raises(MISSING_FIELD) as excinfo: def missing_field(): payload = {'query': 'www.passivetotal.org', 'no-field': '_'} self.client.search_ssl_certificate_by_field(**payload) missing_field() assert 'value is required' in str(excinfo.value) def test_process_ssl_certificate_search(self): """Test processing search results.""" payload = {'query': 'www.passivetotal.org', 'field': 'subjectCommonName'} response = self.client.search_ssl_certificate_by_field(**payload) results = SslSearchResponse(response) assert (results.get_records()[0].serialNumber) == '2317683628587350290823564500811277499' def test_process_ssl_certificate_history(self): """Test processing search results.""" payload = {'query': '52.8.228.23'} response = self.client.get_ssl_certificate_history(**payload) wrapped = SslHistoryResponse(response) record = wrapped.get_records().pop(0) assert (record.sha1) == 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'
logger.info("Starting command processing") input_events, dummyresults, settings = splunk.Intersplunk.getOrganizedResults( ) keywords, options = splunk.Intersplunk.getKeywordsAndOptions() query_value = options.get("query", "") logger.info("Query target: %s" % query_value) logger.debug("Raw options: %s" % str(options)) configuration = get_config("passivetotal", "api-setup") username = configuration.get('username', None) api_key = configuration.get('apikey', None) output_events = list() ssl = SslRequest( username, api_key, headers=build_headers()).get_ssl_certificate_history(query=query_value) if 'error' in ssl: raise Exception( "Whoa there, looks like you reached your quota for today! Please come back tomorrow to resume your investigation or contact support for details on enterprise plans." ) for result in ssl.get("results", []): ip_addresses = result.get('ipAddresses', []) result.pop('ipAddresses', None) for ip in ip_addresses: result['resolve'] = ip output_events.append(result) output_events.append(result) splunk.Intersplunk.outputResults(output_events) except Exception, e:
def run(self): data = self.get_data() try: # enrichment service if self.service == 'enrichment': enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key) result = enrichment_request.get_enrichment(query=data) self.report(result) # malware service elif self.service == 'malware': enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key) result = enrichment_request.get_malware(query=data) self.report(result) # osint service elif self.service == 'osint': enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key) result = enrichment_request.get_osint(query=data) self.report(result) # passive dns service elif self.service == 'passive_dns': dns_request = DnsRequest(username=self.username, api_key=self.api_key) result = dns_request.get_passive_dns(query=data) self.report(result) # ssl certificate details service elif self.service == 'ssl_certificate_details': ssl_request = SslRequest(username=self.username, api_key=self.api_key) result = ssl_request.get_ssl_certificate_details(query=data) self.report(result) # ssl certificate history service elif self.service == 'ssl_certificate_history': ssl_request = SslRequest(username=self.username, api_key=self.api_key) result = ssl_request.get_ssl_certificate_history(query=data) print(len(result['results'])) if len(result['results'] ) == 1 and result['results'][0]['ipAddresses'] == 'N/A': print("ok") self.report({'results': []}) else: self.report(result) # unique resolutions service elif self.service == 'unique_resolutions': dns_request = DnsRequest(username=self.username, api_key=self.api_key) result = dns_request.get_unique_resolutions(query=data) self.report(result) # whois details service elif self.service == 'whois_details': whois_request = WhoisRequest(username=self.username, api_key=self.api_key) result = whois_request.get_whois_details(query=data) self.report(result) # components service elif self.service == 'components': host_attr_request = HostAttributeRequest( username=self.username, api_key=self.api_key) result = host_attr_request.get_components(query=data) self.report(result) # trackers service elif self.service == 'trackers': host_attr_request = HostAttributeRequest( username=self.username, api_key=self.api_key) result = host_attr_request.get_trackers(query=data) self.report(result) # host pairs service elif self.service == 'host_pairs': host_attr_request = HostAttributeRequest( username=self.username, api_key=self.api_key) result = host_attr_request.get_host_pairs(query=data, direction='parents') children = host_attr_request.get_host_pairs( query=data, direction='children') result['totalRecords'] += children['totalRecords'] result['results'] = result['results'] + children['results'] self.report(result) else: self.error('Unknown PassiveTotal service') except Exception as e: self.unexpectedError(e)