def domain_whois(domains): '''Gets whois information for a domain''' inv = investigate.Investigate(config.OPENDNS_APIKEY) if isinstance(domains, list): return [inv.domain_whois(d) for d in domains] else: return inv.domain_whois(domains)
def __init__(self, api_key=None, brand=None, exclude=None, days=1, limit=100, include_category=False): """Create a new Watcher instance Keyword arguments: api_key -- Investigate API Key for making queries brand -- Brand name string to include in pattern searches. Brands that are also very common names may return lots of results exclude -- (Optional) list of domains that should be excluded from searches """ if api_key is None or brand is None: raise Exception('No API key or Brand defined') self.api_key = api_key self.brand = brand self.exclude = exclude self.days = days self.limit = limit self.include_category = include_category self.regex_list = [] self.inv = investigate.Investigate(api_key) self.generate()
def get_latest_malicious_domains(ip): '''Gets the latest known malicious domains associated with the given IP address, if any. Returns the list of malicious domains. ''' inv = investigate.Investigate(config.OPENDNS_APIKEY) results = inv.latest_domains(ip) return results
def ip_investigate(ip): inv = investigate.Investigate(get_odns_apikey()) rrh = inv.rr_history(ip) latest_domains = inv.latest_domains(ip) odns_data = dict() odns_data = {item['rr'][0:-1]: item['type'] for item in rrh['rrs']} #odns_data['Latest Malicious'] = ', '.join(latest_domains) return odns_data
def get_ivg(self): block = self.IVG config_dict = self.my_config.get(block, None) if config_dict is None: raise Exception("Missing %s config" % block) apikey = config_dict.get(self.API_KEY) return investigate.Investigate(apikey)
def domains_investigate(domain): inv = investigate.Investigate(get_odns_apikey()) cat = inv.categorization(domain, labels=True) sec = inv.security(domain) rrh = inv.rr_history(domain) sh = inv.samples(domain, limit=10) # ToDo # tag = inv.domain_tags(domain) # coo = inv.cooccurrences(domain) # rel = inv.related(domain) odns_data = dict() try: odns_data['ASN'] = ', '.join( ['AS' + str(i) for i in rrh['features']['asns']]) except: pass try: odns_data['Prefix'] = ', '.join(rrh['features']['prefixes']) except: pass try: odns_data['Country'] = ' '.join(rrh['features']['country_codes']) except: pass try: odns_data['Age'] = rrh['features']['age'] except: pass try: odns_data['ASN Score'] = round(sec['asn_score'], 2) except: pass try: odns_data['Prefix Score'] = round(sec['prefix_score'], 2) except: pass try: odns_data['Category'] = ', '.join(cat[domain]['content_categories']) except: pass try: odns_data['Security Category'] = ', '.join( cat[domain]['security_categories']) except: pass try: odns_data['Latest IP Address'] = rrh['rrs_tf'][0]['rrs'][0]['rr'] except: pass try: odns_data['Associated Hashes'] = '\n'.join( [h['sha256'] for h in sh['samples']]) except: pass return odns_data
def get_related_domains(domain): '''Get the related domains of the given domain.''' inv = investigate.Investigate(config.OPENDNS_APIKEY) results = inv.related(domain) if 'found' in results and results['found'] is True and 'tb1' in results: results = [r[0] for r in results['tb1']] else: results = {} return results
def get_cooccurrences(domain): '''Get the cooccurrences of the given domain.''' inv = investigate.Investigate(config.OPENDNS_APIKEY) results = inv.cooccurrences(domain) if 'found' in results and results['found'] is True and 'pfs2' in results: results = [r[0] for r in results['pfs2']] else: results = {} return results
def rr_history_ip(ip, query_type): inv = investigate.Investigate(config.OPENDNS_APIKEY) results = inv.rr_history(ip, query_type=query_type)['rrs'] names = [] ips = [] for r in results: names.append(r['rr']) #ips.append(r['name']) return list(set(names + ips))
def rr_history_domain(domain, query_type): inv = investigate.Investigate(config.OPENDNS_APIKEY) results = inv.rr_history(domain, query_type=query_type)['rrs_tf'] rrs = [r['rrs'] for r in results] rr_ips = [] for entry in rrs: for rr in entry: rr_ips.append(rr['rr']) return list(set(rr_ips))
def __init__(self, configuration): self.api = investigate.Investigate(configuration['api_key']) self.regexes = { 'domain' : r"(([a-z0-9-]{,63}\.)+([a-z]{2,63})\.?)", 'url' : r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+", 'ip' : r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" # IPv4 #'ipv6' : r"(?:(?:[0-9A-Fa-f]{1,4}:){6}(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|::(?:[0-9A-Fa-f]{1,4}:){5}(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){4}(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){3}(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:(?:[0-9A-Fa-f]{1,4}:){,2}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){2}(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:(?:[0-9A-Fa-f]{1,4}:){,3}[0-9A-Fa-f]{1,4})?::[0-9A-Fa-f]{1,4}:(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:(?:[0-9A-Fa-f]{1,4}:){,4}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:(?:[0-9A-Fa-f]{1,4}:){,5}[0-9A-Fa-f]{1,4})?::[0-9A-Fa-f]{1,4}|(?:(?:[0-9A-Fa-f]{1,4}:){,6}[0-9A-Fa-f]{1,4})?::)" }
def get_categorization(domain): '''Get the domain status and categorization of a domain or list of domains.''' inv = investigate.Investigate(config.OPENDNS_APIKEY) results = inv.categorization(domain, labels=True)[domain] if 'status' in results and results['status'] == 1: del results['status'] else: results = results return results
def get_security_info(domain): '''Get the Security Information for the given domain.''' inv = investigate.Investigate(config.OPENDNS_APIKEY) results = inv.security(domain) if 'found' in results and results['found'] is True: del results['found'] results = results else: results = results return results
def ip_investigate(ip): inv = investigate.Investigate(get_odns_apikey()) rrh = inv.rr_history(ip) lds = inv.latest_domains(ip) sh = inv.samples(ip, limit=10) odns_data = dict() odns_data['Domains'] = ', '.join([d['rr'][0:-1] for d in rrh['rrs']]) try: odns_data['Associated Hashes'] = '\n'.join([h['sha256'] for h in sh['samples']]) except: pass odns_data['Latest Malicious Domains'] = ', '.join(lds) return odns_data
def domains_investigate(domain): inv = investigate.Investigate(get_odns_apikey()) cat = inv.categorization(domain, labels=True) #coo = inv.cooccurrences(domain) #rel = inv.related(domain) sec = inv.security(domain) #tag = inv.domain_tags(domain) rrh = inv.rr_history(domain) odns_data = dict() odns_data['ASN'] = ', '.join(['AS' + str(i) for i in rrh['features']['asns']]) odns_data['Prefix'] = ', '.join(rrh['features']['prefixes']) odns_data['Country'] = ' '.join(rrh['features']['country_codes']) odns_data['Age'] = rrh['features']['age'] odns_data['ASN Score'] = round(sec['asn_score'], 2) odns_data['Prefix Score'] = round(sec['prefix_score'], 2) odns_data['Category'] = ', '.join(cat[domain]['content_categories']) return odns_data
#!/usr/bin/env python import investigate import json api_key="KEY" inv = investigate.Investigate(api_key) res = inv.categorization('amazon.com') print res
import json import investigate def chunk(dlist, listmax): """Function to take arbitrary lists and split them to chunks of 1000 max.""" listmax = max(1, listmax) return [dlist[i:i + listmax] for i in range(0, len(dlist), listmax)] # Read key, single line with open('api-key.txt', 'r') as k: API_KEY = k.read().rstrip() NEWDATA = {} INV = investigate.Investigate(API_KEY) # Initialize vars i = 0 DOMAINS = {} with open('topsites.txt') as f: DOMAINS = f.read().splitlines() # How many chunks do we need? SIZE = len(DOMAINS) CHUNKS = SIZE / 1000 CHUNKS = chunk(DOMAINS, 1000) print len(CHUNKS) print len(CHUNKS[1])
def process_data(): # Database details: connection = MongoClient(MONGODB_HOST, MONGODB_PORT) collection = connection[DBS_NAME][COLLECTION_NAME] projects = collection.find(projection=fields) # Count the number of times a something is seen: def count_stuff(listofitems): listofitems_counted = Counter() for d in listofitems: t = d.split(',')[0] listofitems_counted[d] += 1 return(listofitems_counted) # Get data from db and save results to a list ############################# timeanddomain = [] # Hold the list of domains for counting for project in projects: dateandtime = project['time'] domain = project['domain'] line = ("{0},{1}").format(dateandtime, domain) timeanddomain.append(line) # Save the time of domain hits all_times = [] # Hold the times for item in timeanddomain: #print item time = item.split(',')[0] all_times.append(time) # Separate IP addresses from Domains ############################# temp1 = [] # Hold the domains that are not IPV4 unique_domains = [] # Hold the domains that are not IPV4 and IPV6. domain_count(domain) will use this to count the domains ip = [] # Hold the IP addresses (IPV4 and IPV6) empty_items = 0 for item in timeanddomain: domain = item.split(',')[1] if valid_ipv4(domain) == True: ip.append(domain) if valid_ipv6(domain) == True: ip.append(domain) # This next one takes all non-ipv4 items (domains) and adds them to the temp1 list: if valid_ipv4(domain) == False: temp1.append(domain) # This one reads the temp1 list that contains both domains and ipv6 addresses and takes only the non-ipv6 entries and adds them to the unique_domains list: for domain in temp1: if valid_ipv6(domain) == False: unique_domains.append(domain) count_of_domains = count_stuff(unique_domains) # Count the domains and save as count_of_domains count_of_times = count_stuff(all_times) # Count the domains and save as count_of_domains # Turn the count_of_domains into a dictionary # Used to set a threshold and view domains contacted over or under a certain number domainslist = [] temp = [] for key, value in count_of_domains.iteritems(): temp = [key,value] domainslist.append(temp) timeslist = [] temp = [] for key, value in count_of_times.iteritems(): temp = [key,value] timeslist.append(temp) ############################# # Determine normal in a loose manner: ############################# normal_traffic = [] suspicious_traffic = [] # Print domains with a certain number of visits for item in domainslist: domain = item[0] count = item[1] # if count is greater than or equal to a number: if count >= 2: #print("{0}, {1}".format(domain,count)) normal_traffic.append(item) # if count is equal to a number: if count < 5: #print("{0}, {1}".format(domain,count)) suspicious_traffic.append(item) # if count is less than or equal to a number: # if count <= 10: # print("{0}, {1}".format(domain,count)) ###################################################### # Take the suspicious domains and unique them, getting them ready to look at using third party tools: domain_counts = [] # firstlevel.tld, count domain_fullrequest_counts = [] # actual request, firstlevel.tld, count temp = [] # Temporary holder to unique the firstlevel.tld, as used below for line in suspicious_traffic: fulldomain = line[0] dom = tldextract.extract(fulldomain) if dom.suffix != '': domain = dom.domain + '.' + dom.suffix # Just the first level domain # Create a newline, which has the firstlevel domain, the full domain with subdomains and the count domain_fullrequest_count = "{0},{1},{2}".format(domain,fulldomain,line[1]) if domain in temp: continue else: domain_count = "{0},{1}".format(domain,line[1]) domain_counts.append(domain_count) domain_fullrequest_counts.append(domain_fullrequest_count) temp.append(domain) # Unique the domains ################################# # Check the suspicious traffic in # OpenDNS Investigate: token = () with open('investigate_token.txt') as API_KEY: token = API_KEY.read() token = token.rstrip() inv = investigate.Investigate(token) categories_list = [] security_categories_list = [] wl_domains = [] bl_domains = [] not_determined_domains = [] for line in domain_fullrequest_counts: line = line.split(',') domain = line[0] domain_fullrequest_count = "{0},{1},{2}".format(line[0],line[1],line[2]) res = inv.categorization(domain, labels=True) status = res[domain]['status'] if status == 0: # Get domain categorization and add it to categories_list content_category = res[domain]['content_categories'] if content_category == []: continue else: for value in content_category: categories_list.append(value) ############## not_determined_domains.append(domain_fullrequest_count) if status == 1: # Get domain categorization and add it to categories_list content_category = res[domain]['content_categories'] if content_category == []: continue else: for value in content_category: categories_list.append(value) ############## wl_domains.append(domain_fullrequest_count) #print domain_fullrequest_count if status == -1: bl_domains.append(domain_fullrequest_count) security_category = res[domain]['security_categories'] if security_category == []: continue else: for value in security_category: security_categories_list.append(value) categories_list.append(value) # Get domain categorization and add it to categories_list content_category = res[domain]['content_categories'] if content_category == []: continue else: for value in content_category: categories_list.append(value) ############## #domain_and_cat = str(domain) + ":" + str(security_category) #print (domain, security_category) count_of_categories = count_stuff(categories_list) # Count the categories and save as count_of_categories # Turn the count_of_categories into a dictionary category_list = [] temp = [] for key, value in count_of_categories.iteritems(): temp = [key,value] category_list.append(temp) count_of_security_categories = count_stuff(security_categories_list) # Count the categories and save as count_of_security_categories # Turn the count_of_security_categories into a dictionary security_category_list = [] temp = [] for key, value in count_of_security_categories.iteritems(): temp = [key,value] security_category_list.append(temp) #print security_categories_list ##################################### # CHART GENERATION ##################################### # Time visit Barchart: xtimedata = [] ytimedata = [] for item in timeanddomain: item = item.split(',') xtimedata.append(item[0]) ytimedata.append(item[1]) ''' timebarchart = discreteBarChart(name='discreteBarChart', height=600, width=1000) timebarchart.add_serie(y=ytimedata, x=xtimedata) timebarchart.buildhtml() timebarchart = discreteBarChart(name='discreteBarChart', height=600, width=1000) timebarchart.add_serie(y=df['date'], x=df['counts']) #timebarchart.add_serie(y=df.index.values, x=df['domain']) timebarchart.buildhtml() writefile = open('../flask/templates/timebar.html','w') writefile.write(timebarchart.htmlcontent)''' ##################################### #alldomains Barchart: xdomaindata = [] ydomaindata = [] for item in domainslist: xdomaindata.append(item[0]) ydomaindata.append(item[1]) ### Plotly does this better. All domains visit Barchart: '''alldomains = discreteBarChart(name='discreteBarChart', height=300, width=1000) alldomains.add_serie(y=ydomaindata, x=xdomaindata) alldomains.buildhtml() writefile = open('../flask/templates/alldomains.html','w') writefile.write(alldomains.htmlcontent)''' ##################################### # For a chart of suspicious domains: xsuspicious = [] ysuspicious = [] for item in domain_counts: item = item.split(',') xsuspicious.append(item[0]) # Domains ysuspicious.append(item[1]) # Count ### Plotly does this better. suspicious visit Barchart: '''suspiciousbarchart = discreteBarChart(name='discreteBarChart', height=600, width=1000) suspiciousbarchart.add_serie(y=ysuspicious, x=xsuspicious) suspiciousbarchart.buildhtml() writefile = open('../flask/templates/suspicious_domains.html','w') writefile.write(suspiciousbarchart.htmlcontent)''' ##################################### # For a chart of blacklisted domains: xblacklisted = [] yblacklisted = [] for item in bl_domains: item = item.split(',') xblacklisted.append(item[0]) # Domains yblacklisted.append(item[2]) # Count ### Plotly does this better. Blacklisted Barchart: '''blacklistedbarchart = discreteBarChart(name='discreteBarChart', height=300, width=600) blacklistedbarchart.add_serie(y=yblacklisted, x=xblacklisted) blacklistedbarchart.buildhtml() writefile = open('../flask/templates/blacklisted_domains.html','w') writefile.write(blacklistedbarchart.htmlcontent)''' ##################################### # For a chart of whitelisted domains: xwhitelisted = [] ywhitelisted = [] for item in wl_domains: item = item.split(',') xwhitelisted.append(item[0]) # Domains ywhitelisted.append(item[2]) # Count ### Plotly does this better. whitelisted Barchart: '''whitelistedbarchart = discreteBarChart(name='discreteBarChart', height=300, width=600) whitelistedbarchart.add_serie(y=ywhitelisted, x=xwhitelisted) whitelistedbarchart.buildhtml() writefile = open('../flask/templates/whitelisted_domains.html','w') writefile.write(whitelistedbarchart.htmlcontent)''' ##################################### # For a Pie Chart of categories: xcategorylist = [] ycategorylist = [] for item in category_list: xcategorylist.append(item[0]) # Categories ycategorylist.append(item[1]) # Count ### Blacklisted Barchart: type = 'pieChart' categorypiechart = pieChart(name=type, color_category='category20c', height=1000, width=1000) xdata = xcategorylist ydata = ycategorylist extra_serie = {"tooltip": {"y_start": "", "y_end": " cal"}} categorypiechart.add_serie(y=ydata, x=xdata, extra=extra_serie) categorypiechart.buildhtml() writefile = open('../flask/templates/category_piechart.html','w') writefile.write(categorypiechart.htmlcontent) df_categories = pd.DataFrame(data=ycategorylist,index=xcategorylist) ##################################### # For a Pie Chart of security categories: xseccategorylist = [] yseccategorylist = [] for item in security_category_list: xseccategorylist.append(item[0]) # Categories yseccategorylist.append(item[1]) # Count ### security category piehart: type = 'pieChart' security_categorypiechart = pieChart(name=type, color_category='category20c', height=450, width=450) xdata = xseccategorylist ydata = yseccategorylist extra_serie = {"tooltip": {"y_start": "", "y_end": ""}} security_categorypiechart.add_serie(y=ydata, x=xdata, extra=extra_serie) security_categorypiechart.buildhtml() writefile = open('../flask/templates/security_category_piechart.html','w') writefile.write(security_categorypiechart.htmlcontent) ##################################### # For a chart of neutral listed domains: xneutrallisted = [] yneutrallisted = [] for item in not_determined_domains: item = item.split(',') xneutrallisted.append(item[0]) # Domains yneutrallisted.append(item[2]) # Count ### Plotly does this better. neutral listed Barchart: '''neutrallistedbarchart = discreteBarChart(name='discreteBarChart', height=300, width=600) neutrallistedbarchart.add_serie(y=yneutrallisted, x=xneutrallisted) neutrallistedbarchart.buildhtml() writefile = open('../flask/templates/neutral_domains.html','w') writefile.write(neutrallistedbarchart.htmlcontent)''' ################################# stats_number_of_u_domains = str(len(unique_domains)) + " unique domains seen<br>" stats_number_of_t_domains = str(len(timeanddomain)) + " total domains<br>" stats_number_of_ips = str(len(ip)) + " total IP addresses<br>" stats_normaltraffic = ('Normal traffic (domains visited over 3 times): {0}<br>').format(len(normal_traffic)) stats_suspicioustraffic = ('Amount of suspicious traffic domains visited under 2 times): {0}<br>').format(len(suspicious_traffic)) stats_wl = ('<br>Of the suspicious domains (uniqued):<br>Whitelisted domains (OpenDNS): {0}<br>'.format(len(wl_domains))) stats_bl = ('Blacklisted domains (OpenDNS): {0}<br>'.format(len(bl_domains))) stats_neutral = ('Neutral domains (OpenDNS): {0}'.format(len(not_determined_domains))) stats_categories_list = ('Number of categories seen: {0}'.format(len(categories_list))) stats = stats_number_of_u_domains + stats_number_of_t_domains + stats_number_of_ips + stats_normaltraffic + stats_suspicioustraffic + stats_wl + stats_bl + stats_neutral writefile = open('../flask/templates/stats.html','w') writefile.write(stats) # This one's for plotly: xtime = [] ytime = [] for item in timeanddomain: item = item.split(',') xtime.append(item[0]) ytime.append(item[1]) d = {'date':xtime,'domain':ytime} df = pd.DataFrame(data=d) df['counts'] = df.groupby('domain').transform('count') # For plotly: df2 = pd.DataFrame(data=ytime,index=xtime) df2.index = pd.to_datetime(df2.index) ############################# # HTML for plotly plots: ############################# html_start = """<html> <head> <script src="../static/plotly-latest.min.js"></script> </head> <body>""" html_end = """ </body> </html>""" # Line plot: '''plot_html, plotdivid, width, height = _plot_html(df2.iplot(asFigure=True, kind ='scatter', subplots=True, shared_xaxes=True, fill=True, title='Count by day',dimensions=(800,800)), False, "", True, '100%', 525, False) html_bar_chart = html_start + plot_html + html_end f = open('../flask/templates/plottest_scatter.html', 'w') f.write(html_bar_chart) f.close()''' # Suspicious domains df_suspicious = pd.DataFrame(ysuspicious, xsuspicious) plot_html, plotdivid, width, height = _plot_html(df_suspicious.iplot(asFigure=True, kind ='bar', subplots=True, shared_xaxes=True, fill=False, title='Suspicious Traffic',dimensions=(600,600)), False, "", True, '100%', 525, False) html_bar_chart = html_start + plot_html + html_end f = open('../flask/templates/suspicious_traffic.html', 'w') f.write(html_bar_chart) f.close() # All domains visited df_alldomains = pd.DataFrame(ydomaindata, xdomaindata) plot_html, plotdivid, width, height = _plot_html(df_alldomains.iplot(asFigure=True, kind ='bar', subplots=True, shared_xaxes=True, fill=False, title='All Traffic',dimensions=(600,300)), False, "", True, '100%', 525, False) html_bar_chart = html_start + plot_html + html_end f = open('../flask/templates/all_traffic.html', 'w') f.write(html_bar_chart) f.close() # Whitelisted df_whitelisted = pd.DataFrame(ywhitelisted, xwhitelisted) plot_html, plotdivid, width, height = _plot_html(df_whitelisted.iplot(asFigure=True, kind ='bar', subplots=True, shared_xaxes=True, fill=False, title='Whitelisted Traffic',dimensions=(600,300)), False, "", True, '100%', 525, False) html_bar_chart = html_start + plot_html + html_end f = open('../flask/templates/whitelisted_traffic.html', 'w') f.write(html_bar_chart) f.close() # Not categorized df_not_categorized = pd.DataFrame(yneutrallisted, xneutrallisted) plot_html, plotdivid, width, height = _plot_html(df_not_categorized.iplot(asFigure=True, kind ='bar', subplots=True, shared_xaxes=True, fill=False, title='Non-categorized Traffic',dimensions=(600,300)), False, "", True, '100%', 525, False) html_bar_chart = html_start + plot_html + html_end f = open('../flask/templates/not_categorized_traffic.html', 'w') f.write(html_bar_chart) f.close() # Blacklisted df_blacklisted = pd.DataFrame(yblacklisted, xblacklisted) plot_html, plotdivid, width, height = _plot_html(df_blacklisted.iplot(asFigure=True, kind ='bar', subplots=True, shared_xaxes=True, fill=False, title='Blacklisted Traffic',dimensions=(600,300)), False, "", True, '100%', 525, False) html_bar_chart = html_start + plot_html + html_end f = open('../flask/templates/blacklisted_traffic.html', 'w') f.write(html_bar_chart) f.close() # Time Series df_timeseries = pd.DataFrame(ytimedata,xtimedata) plot_html, plotdivid, width, height = _plot_html(df_timeseries.iplot(asFigure=True, kind ='bar', subplots=False, shared_xaxes=True, fill=True, title='Time Series',dimensions=(800,450)), False, "", True, '100%', 525, False) html_bar_chart = html_start + plot_html + html_end f = open('../flask/templates/timeseries.html', 'w') f.write(html_bar_chart) f.close()
def inv(): return investigate.Investigate(os.environ['INVESTIGATE_KEY'])
def ns_whois(nameservers): '''Gets the domains that have been registered with a nameserver or nameservers''' inv = investigate.Investigate(config.OPENDNS_APIKEY) return inv.ns_whois(nameservers)
def email_whois(emails): '''Gets the domains that have been registered with a given email address''' inv = investigate.Investigate(config.OPENDNS_APIKEY) return inv.email_whois(emails)