def analyze(observable, results):
links = set()
parts = extract(observable.value)
if parts.subdomain == '':
data = DomainToolsApi.get("/{}/whois/history".format(observable.value), results.settings)
results.update(raw=json.dumps(data, indent=2))
for record in data['response']['history']:
created = datetime.strptime(record['whois']['registration']['created'], "%Y-%m-%d")
expires = datetime.strptime(record['whois']['registration']['expires'], "%Y-%m-%d")
registrar = Company.get_or_create(name=record['whois']['registration']['registrar'])
registrant = Text.get_or_create(value=record['whois']['registrant'])
links.update(observable.link_to(registrar, 'Registrar', 'DomainTools', created, expires))
links.update(observable.link_to(registrant, 'Registrant', 'DomainTools', created, expires))
parsed = parse_raw_whois([record['whois']['record']], normalized=True)
email = get_value_at(parsed, 'contacts.registrant.email')
if email:
email = Email.get_or_create(value=email)
links.update(observable.link_to(email, 'Registrant Email', 'DomainTools', created, expires))
return list(links)
def domain_abuse(domain, registrant=False):
parts = extract(domain)
domain = parts.registered_domain
try:
data = get_whois_raw(domain)
parsed = parse_raw_whois(data, ['Domain', 'contacts'])
except Exception as e:
print("Could not get WHOIS for {} ({})".format(domain, e))
return {
"value": domain,
"names": [],
"abuse": [],
"raw": ""
}
if registrant:
results = _get_registrant_abuse(domain, parsed)
else:
results = _get_registrar_abuse(domain, parsed)
results['raw'] = "\n\n".join(data)
return results
def domain_abuse(domain, registrant=False):
parts = extract(domain)
domain = parts.registered_domain
try:
data = get_whois_raw(domain)
parsed = parse_raw_whois(data, ['Domain', 'contacts'])
except Exception, e:
print "Could not get WHOIS for {} ({})".format(domain, e)
return {"value": domain, "names": [], "abuse": [], "raw": ""}
def parse_whois(payload):
try:
js = parse.parse_raw_whois([payload])
if 'raw' in js:
del js['raw']
return js
except KeyError:
print("KEYERROR!")
return {}
except ValueError:
print("VALUEERROR")
return {}
def check_whois_V1(domain: str):
if domain is not None and len(domain) > 0:
try:
server = net.get_root_server(domain)
raw = net.get_whois_raw(domain, server=server)
parsed = parse.parse_raw_whois(raw_data=raw)
if len(parsed) > 0:
return False, None, True
else:
return True, None, True
except:
return False, None, True
def check_whois(domain: str):
"""
:param domain:
:return: True domain might avaiable to buy now, date time of expire, True if action is 100% sure
"""
if domain is not None and len(domain) > 0:
try:
match = re.match(
"^[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,10}$", domain)
if match is None:
raise ValueError("domain name error.")
server = net.get_root_server(domain)
raw = net.get_whois_raw(domain, server=server)
parsed = parse.parse_raw_whois(raw_data=raw)
expire_record = parsed.get("expiration_date")
name_servers = parsed.get("nameservers")
if len(parsed) <= 1:
return True, None, True
else:
if expire_record is not None and len(expire_record) > 0:
temp = expire_record[0]
else:
if name_servers is None:
return True, None, True
else:
return False, None, False
expire_dates = len(expire_record)
if expire_dates > 1:
for i in range(1, expire_dates):
data = expire_record[i]
if data > temp:
temp = data
date = datetime.datetime.utcnow()
if temp is not None:
if date < temp:
#print(domain + " is not expired")
return False, temp, True
else:
if name_servers is None:
return True, temp, True
else:
return True, temp, False
else:
return True, None, False
except Exception as ex:
msg = "error in LinkChecker.check_whois(), checking " + domain
ErrorLogger.log_error("LinkChecker", ex, msg)
return False, None, False
else:
return False, None, True
def run(self, tld):
_abuse_contact = ""
names = list()
emails = list()
try:
data = get_whois_raw(tld)
parsed_whois = parse_raw_whois(data, ['Domain', 'contacts'])
_abuse_contact = parsed_whois['emails'][0]
except Exception as e:
self.logger.error('Abuse finder ended with error %s', e)
return False, _abuse_contact
return True, _abuse_contact
def parse_whois(uri: Dict):
logger.debug("Parsing Whois info for '%s'...", uri["domain"])
whois = parse_raw_whois([uri["whois"]["raw"]],
normalized=True,
never_query_handles=False,
handle_server=uri["whois"]["servers"][-1])
logger.debug(f"Whois info:\n{whois}")
uri["domain_id"] = whois["id"][0] if "id" in whois and len(
whois["id"]) > 0 else ""
uri["status"] = whois["status"] if "status" in whois else []
if "registrar" in whois is not None and len(whois["registrar"]) > 0:
uri["registrar"] = whois["registrar"][0]
else:
uri["registrar"] = ""
parse_whois_dates(uri, whois)
parse_whois_servers(uri, whois)
parse_whois_contacts(uri, whois)
parse_whois_status(uri)
def analyze(hostname, results):
links = set()
parts = extract(hostname.value)
if parts.subdomain == '':
should_add_context = False
for context in hostname.context:
if context['source'] == 'whois':
break
else:
should_add_context = True
context = {'source': 'whois'}
data = get_whois_raw(hostname.value)
results.update(raw=data[0])
parsed = parse_raw_whois(data, normalized=True)
context['raw'] = data[0]
if 'creation_date' in parsed:
context['creation_date'] = parsed['creation_date'][0]
if 'registrant' in parsed['contacts']:
fields_to_extract = [
('email', Email, 'Registrant Email'),
('name', Text, 'Registrant Name'),
('organization', Text, 'Registrant Organization'),
('phone', Text, 'Registrant Phone Number'),
]
for field, klass, description in fields_to_extract:
links.update(
link_from_contact_info(
hostname, parsed['contacts']['registrant'], field,
klass, description))
if should_add_context:
hostname.add_context(context)
else:
hostname.save()
return list(links)
def analyze(hostname):
links = []
parts = extract(hostname.value)
if parts.subdomain == "":
should_add_context = False
for context in hostname.context:
if context["source"] == "Whois":
break
else:
should_add_context = True
context = {"source": "Whois"}
data = get_whois_raw(hostname.value)
parsed = parse_raw_whois(data, normalized=True)
context["raw"] = data[0]
if "creation_date" in parsed:
context["creation_date"] = parsed["creation_date"][0]
if "registrant" in parsed["contacts"]:
fields_to_extract = [
("email", Email, "Registrant", "Registrant Email"),
("name", Text, "Registrant", "Registrant Name"),
("organization", Text, "Registrant", "Registrant Organization"),
("phone", Text, "Registrant", "Registrant Phone Number"),
]
for field, klass, tag, description in fields_to_extract:
link = link_from_contact_info(
hostname, parsed["contacts"]["registrant"], field, klass, tag, description
)
if link is not None:
links.append(link)
if should_add_context:
hostname.add_context(context)
else:
hostname.save()
return links
def analyze(hostname, results):
links = set()
parts = extract(hostname.value)
if parts.subdomain == '':
should_add_context = False
for context in hostname.context:
if context['source'] == 'whois':
break
else:
should_add_context = True
context = {'source': 'whois'}
data = get_whois_raw(hostname.value)
results.update(raw=data[0])
parsed = parse_raw_whois(data, normalized=True)
context['raw'] = data[0]
if 'creation_date' in parsed:
context['creation_date'] = parsed['creation_date'][0]
if 'registrant' in parsed['contacts']:
fields_to_extract = [
('email', Email, 'Registrant Email'),
('name', Text, 'Registrant Name'),
('organization', Text, 'Registrant Organization'),
('phone', Text, 'Registrant Phone Number'),
]
for field, klass, description in fields_to_extract:
links.update(
link_from_contact_info(
hostname, parsed['contacts']['registrant'], field,
klass, description))
if should_add_context:
hostname.add_context(context)
else:
hostname.save()
return list(links)
