def run(self):
Analyzer.run(self)
data = self.getData()
try:
# enrichment service
if self.service == 'enrichment':
enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
result = enrichment_request.get_enrichment(query=data)
self.report(result)
# malware service
elif self.service == 'malware':
enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
result = enrichment_request.get_malware(query=data)
self.report(result)
# osint service
elif self.service == 'osint':
enrichment_request = EnrichmentRequest(username=self.username, api_key=self.api_key)
result = enrichment_request.get_osint(query=data)
self.report(result)
# passive dns service
elif self.service == 'passive_dns':
dns_request = DnsRequest(username=self.username, api_key=self.api_key)
result = dns_request.get_passive_dns(query=data)
self.report(result)
# ssl certificate details service
elif self.service == 'ssl_certificate_details':
ssl_request = SslRequest(username=self.username, api_key=self.api_key)
result = ssl_request.get_ssl_certificate_details(query=data)
self.report(result)
# ssl certificate history service
elif self.service == 'ssl_certificate_history':
ssl_request = SslRequest(username=self.username, api_key=self.api_key)
result = ssl_request.get_ssl_certificate_history(query=data)
self.report(result)
# unique resolutions service
elif self.service == 'unique_resolutions':
dns_request = DnsRequest(username=self.username, api_key=self.api_key)
result = dns_request.get_unique_resolutions(query=data)
self.report(result)
# whois details service
elif self.service == 'whois_details':
whois_request = WhoisRequest(username=self.username, api_key=self.api_key)
result = whois_request.get_whois_details(query=data)
self.report(result)
else:
self.error('Unknown PassiveTotal service')
except Exception as e:
self.unexpectedError(e)
def get_ssl(self, **kwargs):
client = SslRequest(self.username, self.apikey)
keys = ['query', 'compact', 'field', 'type']
params = self._cleanup_params(keys, **kwargs)
if not params.get('type'):
return client.get_ssl_certificate_details(**params)
elif params.get('type') == 'history':
return client.get_ssl_certificate_history(**params)
elif params.get('type') == 'search' and params.get('field'):
return client.search_ssl_certificate_by_field(**params)
else:
self.stoq.log.error("No SSL field provided.")
return None
def get_ssl(self, **kwargs):
client = SslRequest(self.username, self.apikey)
keys = ['query', 'compact', 'field', 'type']
params = self._cleanup_params(keys, **kwargs)
if not params.get('type'):
return client.get_ssl_certificate_details(**params)
elif params.get('type') == 'history':
return client.get_ssl_certificate_history(**params)
elif params.get('type') == 'search' and params.get('field'):
return client.search_ssl_certificate_by_field(**params)
else:
self.log.error("No SSL field provided.")
return None
class SslTestCase(unittest.TestCase):
"""Test case for SSL certificate methods."""
formats = ['json']
def setup_class(self):
self.patcher = patch('passivetotal.api.Client._get', fake_request)
self.patcher.start()
self.client = SslRequest('--No-User--', '--No-Key--')
def teardown_class(self):
self.patcher.stop()
def test_ssl_certificate_details(self):
"""Test getting SSL certificate details."""
payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
response = self.client.get_ssl_certificate_details(**payload)
assert (response.get('serialNumber')
) == '2317683628587350290823564500811277499'
def test_process_ssl_certificate_details(self):
"""Test processing SSL certificate details."""
payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
response = self.client.get_ssl_certificate_details(**payload)
wrapped = Response(response)
for item in self.formats:
assert (getattr(wrapped, item))
def test_property_load(self):
"""Test loading properties on a result."""
payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
response = self.client.get_ssl_certificate_details(**payload)
wrapped = Response(response)
for key, value in iteritems(response):
assert (getattr(wrapped, key)) == value
def test_ssl_certificate_search(self):
"""Test getting a SSL certificate search."""
payload = {
'query': 'www.passivetotal.org',
'field': 'subjectCommonName'
}
response = self.client.search_ssl_certificate_by_field(**payload)
assert (response['results'][0]['serialNumber']
) == '2317683628587350290823564500811277499'
def test_ssl_certificate_search_bad_field(self):
"""Test sending a bad field in a search."""
with pytest.raises(INVALID_FIELD_TYPE) as excinfo:
def invalid_field():
payload = {'query': 'www.passivetotal.org', 'field': '_'}
self.client.search_ssl_certificate_by_field(**payload)
invalid_field()
assert 'must be one of the following' in str(excinfo.value)
def test_ssl_certificate_search_missing_field(self):
"""Test missing a field in a search."""
with pytest.raises(MISSING_FIELD) as excinfo:
def missing_field():
payload = {'query': 'www.passivetotal.org', 'no-field': '_'}
self.client.search_ssl_certificate_by_field(**payload)
missing_field()
assert 'value is required' in str(excinfo.value)
def test_process_ssl_certificate_search(self):
"""Test processing search results."""
payload = {
'query': 'www.passivetotal.org',
'field': 'subjectCommonName'
}
response = self.client.search_ssl_certificate_by_field(**payload)
results = Response(response)
assert (Response(results.results[0]).serialNumber
) == '2317683628587350290823564500811277499'
def test_process_ssl_certificate_history(self):
"""Test processing search results."""
payload = {'query': '52.8.228.23'}
response = self.client.get_ssl_certificate_history(**payload)
wrapped = Response(response)
record = Response(wrapped.results.pop(0))
assert (record.sha1) == 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'
class SslTestCase(unittest.TestCase):
"""Test case for SSL certificate methods."""
formats = ['json', 'xml', 'csv', 'text', 'table']
def setup_class(self):
self.patcher = patch('passivetotal.api.Client._get', fake_request)
self.patcher.start()
self.client = SslRequest('--No-User--', '--No-Key--')
def teardown_class(self):
self.patcher.stop()
def test_ssl_certificate_details(self):
"""Test getting SSL certificate details."""
payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
response = self.client.get_ssl_certificate_details(**payload)
assert (response.get('serialNumber')) == '2317683628587350290823564500811277499'
def test_process_ssl_certificate_details(self):
"""Test processing SSL certificate details."""
payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
response = self.client.get_ssl_certificate_details(**payload)
wrapped = SslResponse(response)
for item in self.formats:
assert (getattr(wrapped, item))
def test_property_load(self):
"""Test loading properties on a result."""
payload = {'query': 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'}
response = self.client.get_ssl_certificate_details(**payload)
wrapped = SslResponse(response)
for key, value in iteritems(response):
assert (getattr(wrapped, key)) == value
def test_ssl_certificate_search(self):
"""Test getting a SSL certificate search."""
payload = {'query': 'www.passivetotal.org', 'field': 'subjectCommonName'}
response = self.client.search_ssl_certificate_by_field(**payload)
assert (response['results'][0]['serialNumber']) == '2317683628587350290823564500811277499'
def test_ssl_certificate_search_bad_field(self):
"""Test sending a bad field in a search."""
with pytest.raises(INVALID_FIELD_TYPE) as excinfo:
def invalid_field():
payload = {'query': 'www.passivetotal.org', 'field': '_'}
self.client.search_ssl_certificate_by_field(**payload)
invalid_field()
assert 'must be one of the following' in str(excinfo.value)
def test_ssl_certificate_search_missing_field(self):
"""Test missing a field in a search."""
with pytest.raises(MISSING_FIELD) as excinfo:
def missing_field():
payload = {'query': 'www.passivetotal.org', 'no-field': '_'}
self.client.search_ssl_certificate_by_field(**payload)
missing_field()
assert 'value is required' in str(excinfo.value)
def test_process_ssl_certificate_search(self):
"""Test processing search results."""
payload = {'query': 'www.passivetotal.org', 'field': 'subjectCommonName'}
response = self.client.search_ssl_certificate_by_field(**payload)
results = SslSearchResponse(response)
assert (results.get_records()[0].serialNumber) == '2317683628587350290823564500811277499'
def test_process_ssl_certificate_history(self):
"""Test processing search results."""
payload = {'query': '52.8.228.23'}
response = self.client.get_ssl_certificate_history(**payload)
wrapped = SslHistoryResponse(response)
record = wrapped.get_records().pop(0)
assert (record.sha1) == 'e9a6647d6aba52dc47b3838c920c9ee59bad7034'
def run(self):
data = self.get_data()
try:
# enrichment service
if self.service == 'enrichment':
enrichment_request = EnrichmentRequest(username=self.username,
api_key=self.api_key)
result = enrichment_request.get_enrichment(query=data)
self.report(result)
# malware service
elif self.service == 'malware':
enrichment_request = EnrichmentRequest(username=self.username,
api_key=self.api_key)
result = enrichment_request.get_malware(query=data)
self.report(result)
# osint service
elif self.service == 'osint':
enrichment_request = EnrichmentRequest(username=self.username,
api_key=self.api_key)
result = enrichment_request.get_osint(query=data)
self.report(result)
# passive dns service
elif self.service == 'passive_dns':
dns_request = DnsRequest(username=self.username,
api_key=self.api_key)
result = dns_request.get_passive_dns(query=data)
self.report(result)
# ssl certificate details service
elif self.service == 'ssl_certificate_details':
ssl_request = SslRequest(username=self.username,
api_key=self.api_key)
result = ssl_request.get_ssl_certificate_details(query=data)
self.report(result)
# ssl certificate history service
elif self.service == 'ssl_certificate_history':
ssl_request = SslRequest(username=self.username,
api_key=self.api_key)
result = ssl_request.get_ssl_certificate_history(query=data)
print(len(result['results']))
if len(result['results']
) == 1 and result['results'][0]['ipAddresses'] == 'N/A':
print("ok")
self.report({'results': []})
else:
self.report(result)
# unique resolutions service
elif self.service == 'unique_resolutions':
dns_request = DnsRequest(username=self.username,
api_key=self.api_key)
result = dns_request.get_unique_resolutions(query=data)
self.report(result)
# whois details service
elif self.service == 'whois_details':
whois_request = WhoisRequest(username=self.username,
api_key=self.api_key)
result = whois_request.get_whois_details(query=data)
self.report(result)
# components service
elif self.service == 'components':
host_attr_request = HostAttributeRequest(
username=self.username, api_key=self.api_key)
result = host_attr_request.get_components(query=data)
self.report(result)
# trackers service
elif self.service == 'trackers':
host_attr_request = HostAttributeRequest(
username=self.username, api_key=self.api_key)
result = host_attr_request.get_trackers(query=data)
self.report(result)
# host pairs service
elif self.service == 'host_pairs':
host_attr_request = HostAttributeRequest(
username=self.username, api_key=self.api_key)
result = host_attr_request.get_host_pairs(query=data,
direction='parents')
children = host_attr_request.get_host_pairs(
query=data, direction='children')
result['totalRecords'] += children['totalRecords']
result['results'] = result['results'] + children['results']
self.report(result)
else:
self.error('Unknown PassiveTotal service')
except Exception as e:
self.unexpectedError(e)
