def download(uid):
if '/download/campaigns/' in request.path:
try:
if uid == 'Unknown':
uid = ""
rows = Indicator.query.filter_by(campaign=uid).all()
indlist = []
for i in rows:
indicator = helpers.row_to_dict(i)
for key, value in indicator.iteritems():
if value is None or value == "":
indicator[key] = '-'
indlist.append(indicator)
out_file = io.BytesIO()
fieldnames = indlist[0].keys()
w = csv.DictWriter(out_file, fieldnames=fieldnames)
w.writeheader()
w.writerows(indlist)
response = make_response(out_file.getvalue())
response.headers[
"Content-Disposition"] = "attachment; filename=" + uid + "-campaign.csv"
response.headers["Content-type"] = "text/csv"
return response
except Exception as e:
return render_template('error.html', error=e)
elif '/download/tags/' in request.path:
try:
# Grab tags
taglist = dict()
rows = Indicator.query.distinct(Indicator.tags).all()
if rows:
for row in rows:
if row.tags:
for tag in row.tags.split(','):
taglist[tag.strip()] = list()
# Match indicators to tags
del rows, row
for tag, indicators in taglist.iteritems():
if tag == uid:
indlist = []
rows = Indicator.query.filter(Indicator.tags.like('%' + tag + '%')).all()
for i in rows:
indicator = helpers.row_to_dict(i)
indlist.append(indicator)
out_file = io.BytesIO()
fieldnames = indlist[0].keys()
w = csv.DictWriter(out_file, fieldnames=fieldnames)
w.writeheader()
w.writerows(indlist)
response = make_response(out_file.getvalue())
response.headers[
"Content-Disposition"] = "attachment; filename=" + uid + "-tags.csv"
response.headers["Content-type"] = "text/csv"
return response
except Exception as e:
return render_template('error.html', error=e)
def filesobject(uid):
try:
http = Indicator.query.filter(Indicator.object == uid).first()
newdict = helpers.row_to_dict(http)
settings = Setting.query.filter_by(_id=1).first()
taglist = http.tags.split(",")
temprel = {}
if http.relationships:
rellist = http.relationships.split(",")
for rel in rellist:
reltype = Indicator.query.filter(
Indicator.object == rel).first()
temprel[reltype.object] = reltype.type
reldata = len(temprel)
if settings.vtfile == "on":
jsonvt = virustotal.vt_hash_lookup(str(http.object))
else:
jsonvt = ""
return render_template('fileobject.html',
records=newdict,
settingsvars=settings,
address=http.object,
temprel=temprel,
reldata=reldata,
jsonvt=jsonvt,
taglist=taglist)
except Exception as e:
return render_template('error.html', error=e)
def download(uid):
if uid == 'Unknown':
uid = ""
rows = Indicator.query.filter_by(campaign=uid).all()
# Lazy hack. This takes care of downloading indicators by Tags, could be put into its own app.route
if not rows:
rows = Indicator.query.filter(Indicator.tags.like('%' + uid + '%')).all()
indlist = []
for i in rows:
indicator = helpers.row_to_dict(i)
for key, value in indicator.iteritems():
if value is None or value == "":
indicator[key] = '-'
indlist.append(indicator)
out_file = io.BytesIO()
fieldnames = indlist[0].keys()
w = csv.DictWriter(out_file, fieldnames=fieldnames)
w.writeheader()
w.writerows(indlist)
response = make_response(out_file.getvalue())
response.headers[
"Content-Disposition"] = "attachment; filename=" + uid + "-campaign.csv"
response.headers["Content-type"] = "text/csv"
return response
def editobject(uid):
try:
http = Indicator.query.filter_by(object=uid).first()
newdict = helpers.row_to_dict(http)
return render_template('neweditobject.html', entry=newdict)
except Exception as e:
return render_template('error.html', error=e)
def download(uid):
if uid == 'Unknown':
uid = ""
rows = Indicator.query.filter_by(campaign=uid).all()
# Lazy hack. This takes care of downloading indicators by Tags, could be put into its own app.route
if not rows:
rows = Indicator.query.filter(Indicator.tags.like('%' + uid + '%')).all()
indlist = []
for i in rows:
indicator = helpers.row_to_dict(i)
for key, value in indicator.iteritems():
if value is None or value == "":
indicator[key] = '-'
indlist.append(indicator)
out_file = io.BytesIO()
fieldnames = indlist[0].keys()
w = csv.DictWriter(out_file, fieldnames=fieldnames)
w.writeheader()
w.writerows(indlist)
response = make_response(out_file.getvalue())
response.headers[
"Content-Disposition"] = "attachment; filename=" + uid + "-campaign.csv"
response.headers["Content-type"] = "text/csv"
return response
def objectdetails1(uid):
try:
row = Indicator.query.filter(Indicator.indicator == uid).first()
records = helpers.row_to_dict(row)
campaign_name = Campaign.query.filter_by(
_id=row.campaign_id).first().name
records['campaign'] = campaign_name
settings = Setting.query.filter_by(_id=1).first()
taglist = row.tags.split(",")
temprel = {}
if row.relationships:
rellist = row.relationships.split(",")
for rel in rellist:
reltype = Indicator.query.filter(
Indicator.indicator == rel).first()
temprel[reltype.object] = reltype.type
reldata = len(temprel)
if settings.vtfile == "on":
jsonvt = virustotal.vt_hash_lookup(str(row))
else:
jsonvt = ""
return render_template('indicatordetails.html', **locals())
except Exception as e:
return render_template('error.html', error=e)
def filesobject(uid):
try:
http = Indicator.query.filter(Indicator.object == uid).first()
newdict = helpers.row_to_dict(http)
settings = Setting.query.filter_by(_id=1).first()
taglist = http.tags.split(",")
temprel = {}
if http.relationships:
rellist = http.relationships.split(",")
for rel in rellist:
reltype = Indicator.query.filter(Indicator.object == rel).first()
temprel[reltype.object] = reltype.type
reldata = len(temprel)
if settings.vtfile == "on":
jsonvt = virustotal.vt_hash_lookup(str(http.object))
else:
jsonvt = ""
return render_template(
"fileobject.html",
records=newdict,
settingsvars=settings,
address=http.object,
temprel=temprel,
reldata=reldata,
jsonvt=jsonvt,
taglist=taglist,
)
except Exception as e:
return render_template("error.html", error=e)
def editobject(uid):
try:
http = Indicator.query.filter_by(object=uid).first()
newdict = helpers.row_to_dict(http)
return render_template('neweditobject.html', entry=newdict)
except Exception as e:
return render_template('error.html', error=e)
def editobject(uid):
try:
currentdate = time.strftime("%Y-%m-%d")
row = Indicator.query.filter_by(indicator=uid).first()
records = helpers.row_to_dict(row)
records['campaign'] = row.campaign.name
return render_template('editobject.html', entry=records, currentdate=currentdate)
except Exception as e:
return render_template('error.html', error=e)
def editobject(uid):
try:
currentdate = time.strftime("%Y-%m-%d")
row = Indicator.query.filter_by(indicator=uid).first()
records = helpers.row_to_dict(row)
records['campaign'] = row.campaign.name
return render_template('editobject.html',
entry=records,
currentdate=currentdate)
except Exception as e:
return render_template('error.html', error=e)
def threatactorobject(uid):
try:
row = Indicator.query.filter(Indicator.object == uid).first()
newdict = helpers.row_to_dict(row)
temprel = {}
if row.relationships:
rellist = row.relationships.split(",")
for rel in rellist:
reltype = Indicator.query.filter(Indicator.object == rel)
temprel[reltype.object] = reltype.type
reldata = len(temprel)
return render_template('threatactorobject.html', records=newdict, temprel=temprel, reldata=reldata)
except Exception as e:
return render_template('error.html', error=e)
def threatactorobject(uid):
try:
row = Indicator.query.filter(Indicator.object == uid).first()
newdict = helpers.row_to_dict(row)
temprel = {}
if row.relationships:
rellist = row.relationships.split(",")
for rel in rellist:
reltype = Indicator.query.filter(Indicator.object == rel)
temprel[reltype.object] = reltype.type
reldata = len(temprel)
return render_template('threatactorobject.html', records=newdict, temprel=temprel, reldata=reldata)
except Exception as e:
return render_template('error.html', error=e)
def download(uid):
if uid == "unknown":
uid = ""
rows = Indicator.query.filter_by(campaign=uid).all()
indlist = []
for i in rows:
indicator = helpers.row_to_dict(i)
for key, value in indicator.iteritems():
if value is None or value == "":
indicator[key] = "-"
indlist.append(indicator)
out_file = io.BytesIO()
fieldnames = indlist[0].keys()
w = csv.DictWriter(out_file, fieldnames=fieldnames)
w.writeheader()
w.writerows(indlist)
response = make_response(out_file.getvalue())
response.headers["Content-Disposition"] = "attachment; filename=" + uid + "-campaign.csv"
response.headers["Content-type"] = "text/csv"
return response
def download(uid):
if uid == 'unknown':
uid = ""
rows = Indicator.query.filter_by(campaign=uid).all()
indlist = []
for i in rows:
indicator = helpers.row_to_dict(i)
for key, value in indicator.iteritems():
if value is None or value == "":
indicator[key] = '-'
indlist.append(indicator)
out_file = io.BytesIO()
fieldnames = indlist[0].keys()
w = csv.DictWriter(out_file, fieldnames=fieldnames)
w.writeheader()
w.writerows(indlist)
response = make_response(out_file.getvalue())
response.headers[
"Content-Disposition"] = "attachment; filename=" + uid + "-campaign.csv"
response.headers["Content-type"] = "text/csv"
return response
def objectdetails1(uid):
try:
row = Indicator.query.filter(Indicator.indicator == uid).first()
records = helpers.row_to_dict(row)
campaign_name = Campaign.query.filter_by(_id=row.campaign_id).first().name
records['campaign'] = campaign_name
settings = Setting.query.filter_by(_id=1).first()
taglist = row.tags.split(",")
temprel = {}
if row.relationships:
rellist = row.relationships.split(",")
for rel in rellist:
reltype = Indicator.query.filter(Indicator.indicator == rel).first()
temprel[reltype.object] = reltype.type
reldata = len(temprel)
if settings.vtfile == "on":
jsonvt = virustotal.vt_hash_lookup(str(row))
else:
jsonvt = ""
return render_template('indicatordetails.html', **locals())
except Exception as e:
return render_template('error.html', error=e)
def victimobject(uid):
try:
http = Indicator.query.filter(Indicator.object == uid).first()
newdict = helpers.row_to_dict(http)
settings = Setting.query.filter_by(_id=1).first()
taglist = http.tags.split(",")
temprel = {}
if http.relationships:
rellist = http.relationships.split(",")
for rel in rellist:
reltype = Indicator.query.filter(Indicator.object == rel)
temprel[reltype.object] = reltype.type
reldata = len(temprel)
jsonvt = ""
whoisdata = ""
odnsdata = ""
circldata = ""
circlssl = ""
pt_pdns_data = ""
pt_whois_data = ""
pt_pssl_data = ""
pt_host_attr_data = ""
farsightdata = ""
# shodaninfo = ""
# Run ipwhois or domainwhois based on the type of indicator
if str(http.type) == "IPv4" or str(http.type) == "IPv6":
if settings.vtinfo == "on":
jsonvt = virustotal.vt_ipv4_lookup(str(http.object))
if settings.whoisinfo == "on":
whoisdata = whoisinfo.ipwhois(str(http.object))
if settings.odnsinfo == "on":
odnsdata = opendns.ip_investigate(str(http.object))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(http.object))
if settings.circlssl == "on":
circlssl = circl.circlssl(str(http.object))
if settings.pt_pdns == "on":
pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object))
if settings.pt_whois == "on":
pt_whois_data = passivetotal.pt_lookup('whois', str(http.object))
if settings.pt_pssl == "on":
pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object))
if settings.pt_host_attr == "on":
pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object))
if settings.farsightinfo == "on":
farsightdata = farsight.farsightip(str(http.object))
elif str(http.type) == "Domain":
if settings.whoisinfo == "on":
whoisdata = whoisinfo.domainwhois(str(http.object))
if settings.vtinfo == "on":
jsonvt = virustotal.vt_domain_lookup(str(http.object))
if settings.odnsinfo == "on":
odnsdata = opendns.domains_investigate(
str(http.object))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(http.object))
if settings.pt_pdns == "on":
pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object))
if settings.pt_whois == "on":
pt_whois_data = passivetotal.pt_lookup('whois', str(http.object))
if settings.pt_pssl == "on":
pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object))
if settings.pt_host_attr == "on":
pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object))
if settings.whoisinfo == "on":
if str(http.type) == "Domain":
address = str(whoisdata['city']) + ", " + str(
whoisdata['country'])
else:
address = str(whoisdata['nets'][0]['city']) + ", " + str(
whoisdata['nets'][0]['country'])
else:
address = "Information about " + str(http.object)
return render_template('victimobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
odnsdata=odnsdata, circldata=circldata, circlssl=circlssl, settingsvars=settings,
address=address, temprel=temprel, reldata=reldata, taglist=taglist, farsightdata=farsightdata,
pt_pdns_data=pt_pdns_data, pt_whois_data=pt_whois_data, pt_pssl_data=pt_pssl_data,
pt_host_attr_data=pt_host_attr_data)
except Exception as e:
return render_template('error.html', error=e)
def objectsummary(uid):
try:
row = Indicator.query.filter_by(object=uid).first()
newdict = helpers.row_to_dict(row)
settings = Setting.query.filter_by(_id=1).first()
taglist = row.tags.split(",")
temprel = {}
if row.relationships:
rellist = row.relationships.split(",")
for rel in rellist:
# Won't this make the 3rd party lookups use the relationship object rather than the original object?
row_rel = Indicator.query.filter_by(object=rel).first()
temprel[row_rel.object] = row.type
reldata = len(temprel)
jsonvt = ""
whoisdata = ""
odnsdata = ""
circldata = ""
circlssl = ""
ptdata = ""
farsightdata = ""
shodandata = ""
# Run ipwhois or domainwhois based on the type of indicator
if str(row.type) == "IPv4" or str(row.type) == "IPv6":
if settings.vtinfo == "on":
jsonvt = virustotal.vt_ipv4_lookup(str(row.object))
if settings.whoisinfo == "on":
whoisdata = whoisinfo.ipwhois(str(row.object))
if settings.odnsinfo == "on":
odnsdata = investigate.ip_query(str(row.object))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(row.object))
if settings.circlssl == "on":
circlssl = circl.circlssl(str(row.object))
if settings.ptinfo == "on":
ptdata = passivetotal.pt(str(row.object))
if settings.farsightinfo == "on":
farsightdata = farsight.farsightip(str(row.object))
if settings.shodaninfo == "on":
shodandata = shodan.shodan(str(row.object))
elif str(row.type) == "Domain":
if settings.whoisinfo == "on":
whoisdata = whoisinfo.domainwhois(str(row.object))
if settings.vtinfo == "on":
jsonvt = virustotal.vt_domain_lookup(str(row.object))
if settings.odnsinfo == "on":
odnsdata = investigate.domain_categories(str(row.object))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(row.object))
if settings.ptinfo == "on":
ptdata = passivetotal.pt(str(row.object))
if settings.farsightinfo == "on":
farsightdata = farsight.farsightdomain(str(row.object))
if settings.shodaninfo == "on":
shodandata = shodan.shodan(str(row.object))
if settings.whoisinfo == "on":
if whoisdata:
if str(row.type) == "Domain":
address = str(whoisdata['city']) + ", " + str(whoisdata['country'])
else:
address = str(whoisdata['nets'][0]['city']) + ", " + str(
whoisdata['nets'][0]['country'])
else:
address = None
else:
address = "Information about " + str(row.object)
return render_template('networkobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
odnsdata=odnsdata, settingsvars=settings, address=address,
ptdata=ptdata, temprel=temprel, circldata=circldata, circlssl=circlssl, reldata=reldata,
taglist=taglist, farsightdata=farsightdata, shodandata=shodandata)
except Exception as e:
return render_template('error.html', error=e)
def objectsummary(uid):
try:
row = Indicator.query.filter_by(object=uid).first()
newdict = helpers.row_to_dict(row)
settings = Setting.query.filter_by(_id=1).first()
taglist = row.tags.split(",")
temprel = {}
if row.relationships:
rellist = row.relationships.split(",")
for rel in rellist:
row = Indicator.query.filter_by(object=rel).first()
temprel[row.object] = row.type
reldata = len(temprel)
jsonvt = ""
whoisdata = ""
odnsdata = ""
circldata = ""
circlssl = ""
ptdata = ""
farsightdata = ""
shodandata = ""
# Run ipwhois or domainwhois based on the type of indicator
if str(row.type) == "IPv4" or str(row.type) == "IPv6":
if settings.vtinfo == "on":
jsonvt = virustotal.vt_ipv4_lookup(str(row.object))
if settings.whoisinfo == "on":
whoisdata = whoisinfo.ipwhois(str(row.object))
if settings.odnsinfo == "on":
odnsdata = investigate.ip_query(str(row.object))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(row.object))
if settings.circlssl == "on":
circlssl = circl.circlssl(str(row.object))
if settings.ptinfo == "on":
ptdata = passivetotal.pt(str(row.object))
if settings.farsightinfo == "on":
farsightdata = farsight.farsightip(str(row.object))
if settings.shodaninfo == "on":
shodandata = shodan.shodan(str(row.object))
elif str(row.type) == "Domain":
if settings.whoisinfo == "on":
whoisdata = whoisinfo.domainwhois(str(row.object))
if settings.vtinfo == "on":
jsonvt = virustotal.vt_domain_lookup(str(row.object))
if settings.odnsinfo == "on":
odnsdata = investigate.domain_categories(str(row.object))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(row.object))
if settings.ptinfo == "on":
ptdata = passivetotal.pt(str(row.object))
if settings.farsightinfo == "on":
farsightdata = farsight.farsightdomain(str(row.object))
if settings.shodaninfo == "on":
shodandata = shodan.shodan(str(row.object))
if settings.whoisinfo == "on":
if str(row.type) == "Domain":
address = str(whoisdata['city']) + ", " + str(whoisdata['country'])
else:
address = str(whoisdata['nets'][0]['city']) + ", " + str(
whoisdata['nets'][0]['country'])
else:
address = "Information about " + str(row.object)
return render_template('networkobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
odnsdata=odnsdata, settingsvars=settings, address=address,
ptdata=ptdata, temprel=temprel, circldata=circldata, circlssl=circlssl, reldata=reldata,
taglist=taglist, farsightdata=farsightdata, shodandata=shodandata)
except Exception as e:
return render_template('error.html', error=e)
def objectdetails(uid):
try:
row = Indicator.query.filter_by(indicator=uid).first()
records = helpers.row_to_dict(row)
records['campaign'] = row.campaign.name
settings = Setting.query.filter_by(_id=1).first()
taglist = row.tags.split(",")
temprel = {}
if row.relationships:
rellist = row.relationships.split(",")
for rel in rellist:
row = Indicator.query.filter_by(indicator=rel).first()
temprel[row.object] = row.indicator_type
reldata = len(temprel)
jsonvt = ""
whoisdata = ""
odnsdata = ""
circldata = ""
circlssl = ""
farsightdata = ""
shodandata = ""
pt_pdns_data = ""
pt_whois_data = ""
pt_pssl_data = ""
pt_host_attr_data = ""
# Run ipwhois or domainwhois based on the type of indicator
if str(row.indicator_type) == "IPv4" or str(
row.indicator_type) == "IPv6":
if settings.vtinfo == "on":
jsonvt = virustotal.vt_ipv4_lookup(str(row.indicator))
if settings.whoisinfo == "on":
whoisdata = whoisinfo.ipwhois(str(row.indicator))
if settings.odnsinfo == "on":
odnsdata = opendns.ip_investigate(str(row.indicator))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(row.indicator))
if settings.circlssl == "on":
circlssl = circl.circlssl(str(row.indicator))
if settings.pt_pdns == "on":
pt_pdns_data = passivetotal.pt_lookup('dns',
str(row.indicator))
if settings.pt_whois == "on":
pt_whois_data = passivetotal.pt_lookup('whois',
str(row.indicator))
if settings.pt_pssl == "on":
pt_pssl_data = passivetotal.pt_lookup('ssl',
str(row.indicator))
if settings.pt_host_attr == "on":
pt_host_attr_data = passivetotal.pt_lookup(
'attributes', str(row.indicator))
if settings.farsightinfo == "on":
farsightdata = farsight.farsightip(str(row.indicator))
if settings.shodaninfo == "on":
shodandata = shodan.shodan(str(row.indicator))
elif str(row.indicator_type) == "Domain":
if settings.whoisinfo == "on":
whoisdata = whoisinfo.domainwhois(str(row.indicator))
if settings.vtinfo == "on":
jsonvt = virustotal.vt_domain_lookup(str(row.indicator))
if settings.odnsinfo == "on":
odnsdata = opendns.domains_investigate(str(row.indicator))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(row.indicator))
if settings.pt_pdns == "on":
pt_pdns_data = passivetotal.pt_lookup('dns',
str(row.indicator))
if settings.pt_whois == "on":
pt_whois_data = passivetotal.pt_lookup('whois',
str(row.indicator))
if settings.pt_pssl == "on":
pt_pssl_data = passivetotal.pt_lookup('ssl',
str(row.indicator))
if settings.pt_host_attr == "on":
pt_host_attr_data = passivetotal.pt_lookup(
'attributes', str(row.indicator))
if settings.farsightinfo == "on":
farsightdata = farsight.farsightdomain(str(row.indicator))
if settings.shodaninfo == "on":
shodandata = shodan.shodan(str(row.indicator))
if settings.whoisinfo == "on":
if whoisdata:
if str(row.indicator_type) == "Domain":
address = str(whoisdata['city']) + ", " + str(
whoisdata['country'])
else:
address = str(whoisdata['nets'][0]['city']) + ", " + str(
whoisdata['nets'][0]['country'])
else:
address = "Information about " + str(row.indicator)
return render_template('indicatordetails.html', **locals())
except Exception as e:
return render_template('error.html', error=e)
def victimobject(uid):
try:
http = Indicator.query.filter(Indicator.object == uid).first()
newdict = helpers.row_to_dict(http)
settings = Setting.query.filter_by(_id=1).first()
taglist = http.tags.split(",")
temprel = {}
if http.relationships:
rellist = http.relationships.split(",")
for rel in rellist:
reltype = Indicator.query.filter(Indicator.object == rel)
temprel[reltype.object] = reltype.type
reldata = len(temprel)
jsonvt = ""
whoisdata = ""
odnsdata = ""
circldata = ""
circlssl = ""
pt_pdns_data = ""
pt_whois_data = ""
pt_pssl_data = ""
pt_host_attr_data = ""
farsightdata = ""
# shodaninfo = ""
# Run ipwhois or domainwhois based on the type of indicator
if str(http.type) == "IPv4" or str(http.type) == "IPv6":
if settings.vtinfo == "on":
jsonvt = virustotal.vt_ipv4_lookup(str(http.object))
if settings.whoisinfo == "on":
whoisdata = whoisinfo.ipwhois(str(http.object))
if settings.odnsinfo == "on":
odnsdata = opendns.ip_investigate(str(http.object))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(http.object))
if settings.circlssl == "on":
circlssl = circl.circlssl(str(http.object))
if settings.pt_pdns == "on":
pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object))
if settings.pt_whois == "on":
pt_whois_data = passivetotal.pt_lookup('whois', str(http.object))
if settings.pt_pssl == "on":
pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object))
if settings.pt_host_attr == "on":
pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object))
if settings.farsightinfo == "on":
farsightdata = farsight.farsightip(str(http.object))
elif str(http.type) == "Domain":
if settings.whoisinfo == "on":
whoisdata = whoisinfo.domainwhois(str(http.object))
if settings.vtinfo == "on":
jsonvt = virustotal.vt_domain_lookup(str(http.object))
if settings.odnsinfo == "on":
odnsdata = opendns.domains_investigate(
str(http.object))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(http.object))
if settings.pt_pdns == "on":
pt_pdns_data = passivetotal.pt_lookup('dns', str(http.object))
if settings.pt_whois == "on":
pt_whois_data = passivetotal.pt_lookup('whois', str(http.object))
if settings.pt_pssl == "on":
pt_pssl_data = passivetotal.pt_lookup('ssl', str(http.object))
if settings.pt_host_attr == "on":
pt_host_attr_data = passivetotal.pt_lookup('attributes', str(http.object))
if settings.whoisinfo == "on":
if str(http.type) == "Domain":
address = str(whoisdata['city']) + ", " + str(
whoisdata['country'])
else:
address = str(whoisdata['nets'][0]['city']) + ", " + str(
whoisdata['nets'][0]['country'])
else:
address = "Information about " + str(http.object)
return render_template('victimobject.html', records=newdict, jsonvt=jsonvt, whoisdata=whoisdata,
odnsdata=odnsdata, circldata=circldata, circlssl=circlssl, settingsvars=settings,
address=address, temprel=temprel, reldata=reldata, taglist=taglist, farsightdata=farsightdata,
pt_pdns_data=pt_pdns_data, pt_whois_data=pt_whois_data, pt_pssl_data=pt_pssl_data,
pt_host_attr_data=pt_host_attr_data)
except Exception as e:
return render_template('error.html', error=e)
def objectdetails(uid):
try:
row = Indicator.query.filter_by(indicator=uid).first()
records = helpers.row_to_dict(row)
records['campaign'] = row.campaign.name
settings = Setting.query.filter_by(_id=1).first()
taglist = row.tags.split(",")
temprel = {}
if row.relationships:
rellist = row.relationships.split(",")
for rel in rellist:
row = Indicator.query.filter_by(indicator=rel).first()
temprel[row.object] = row.indicator_type
reldata = len(temprel)
jsonvt = ""
whoisdata = ""
odnsdata = ""
circldata = ""
circlssl = ""
farsightdata = ""
shodandata = ""
pt_pdns_data = ""
pt_whois_data = ""
pt_pssl_data = ""
pt_host_attr_data = ""
# Run ipwhois or domainwhois based on the type of indicator
if str(row.indicator_type) == "IPv4" or str(row.indicator_type) == "IPv6":
if settings.vtinfo == "on":
jsonvt = virustotal.vt_ipv4_lookup(str(row.indicator))
if settings.whoisinfo == "on":
whoisdata = whoisinfo.ipwhois(str(row.indicator))
if settings.odnsinfo == "on":
odnsdata = opendns.ip_investigate(str(row.indicator))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(row.indicator))
if settings.circlssl == "on":
circlssl = circl.circlssl(str(row.indicator))
if settings.pt_pdns == "on":
pt_pdns_data = passivetotal.pt_lookup('dns', str(row.indicator))
if settings.pt_whois == "on":
pt_whois_data = passivetotal.pt_lookup('whois', str(row.indicator))
if settings.pt_pssl == "on":
pt_pssl_data = passivetotal.pt_lookup('ssl', str(row.indicator))
if settings.pt_host_attr == "on":
pt_host_attr_data = passivetotal.pt_lookup('attributes', str(row.indicator))
if settings.farsightinfo == "on":
farsightdata = farsight.farsightip(str(row.indicator))
if settings.shodaninfo == "on":
shodandata = shodan.shodan(str(row.indicator))
elif str(row.indicator_type) == "Domain":
if settings.whoisinfo == "on":
whoisdata = whoisinfo.domainwhois(str(row.indicator))
if settings.vtinfo == "on":
jsonvt = virustotal.vt_domain_lookup(str(row.indicator))
if settings.odnsinfo == "on":
odnsdata = opendns.domains_investigate(str(row.indicator))
if settings.circlinfo == "on":
circldata = circl.circlquery(str(row.indicator))
if settings.pt_pdns == "on":
pt_pdns_data = passivetotal.pt_lookup('dns', str(row.indicator))
if settings.pt_whois == "on":
pt_whois_data = passivetotal.pt_lookup('whois', str(row.indicator))
if settings.pt_pssl == "on":
pt_pssl_data = passivetotal.pt_lookup('ssl', str(row.indicator))
if settings.pt_host_attr == "on":
pt_host_attr_data = passivetotal.pt_lookup('attributes', str(row.indicator))
if settings.farsightinfo == "on":
farsightdata = farsight.farsightdomain(str(row.indicator))
if settings.shodaninfo == "on":
shodandata = shodan.shodan(str(row.indicator))
if settings.whoisinfo == "on":
if whoisdata:
if str(row.indicator_type) == "Domain":
address = str(whoisdata['city']) + ", " + str(whoisdata['country'])
else:
address = str(whoisdata['nets'][0]['city']) + ", " + str(whoisdata['nets'][0]['country'])
else:
address = "Information about " + str(row.indicator)
return render_template('indicatordetails.html', **locals())
except Exception as e:
return render_template('error.html', error=e)
