From aa70b8fc2368acbe66158cbbff1dcbffc63c2ff9 Mon Sep 17 00:00:00 2001 From: Jerome Leonard Date: Fri, 16 Jun 2017 00:08:07 +0200 Subject: [PATCH] #56 update Domaintools summary() and short reports --- analyzers/DomainTools/domaintools.py | 47 +++++++++++++++---- .../DomainTools_ReverseIP_1_0/short.html | 4 +- .../short.html | 4 +- .../DomainTools_ReverseWhois_1_0/short.html | 6 +-- .../DomainTools_WhoisHistory_1_0/short.html | 5 +- .../DomainTools_WhoisLookup_1_0/short.html | 5 +- .../DomainTools_WhoisLookup_IP_1_0/short.html | 5 +- 7 files changed, 57 insertions(+), 19 deletions(-) diff --git a/analyzers/DomainTools/domaintools.py b/analyzers/DomainTools/domaintools.py index 15c1d6546..03df83956 100755 --- a/analyzers/DomainTools/domaintools.py +++ b/analyzers/DomainTools/domaintools.py @@ -21,35 +21,66 @@ def __init__(self): 'config.service', None, 'Service parameter is missing') def summary(self, raw): - result = { + r = { "service": self.service, "dataType": self.data_type } + taxonomy = {"level": "info", "namespace": "DT", "predicate": "Info", "value": 0} + taxonomies = [] + if("ip_addresses" in raw): - result["ip"] = { + r["ip"] = { "address": raw["ip_addresses"]["ip_address"], "domain_count": raw["ip_addresses"]["domain_count"] } if("domain_count" in raw): - result["domain_count"] = { + r["domain_count"] = { "current": raw["domain_count"]["current"], "historic": raw["domain_count"]["historic"] } if("registrant" in raw): - result["registrant"] = raw["registrant"] + r["registrant"] = raw["registrant"] elif("response" in raw and "registrant" in raw["response"]): - result["registrant"] = raw["response"]["registrant"] + r["registrant"] = raw["response"]["registrant"] if("parsed_whois" in raw): - result["registrar"] = raw["parsed_whois"]["registrar"]["name"] + r["registrar"] = raw["parsed_whois"]["registrar"]["name"] + # if("name_server" in raw): - result["name_server"] = raw["name_server"]["hostname"] - result["domain_count"] = raw["name_server"]["total"] + r["name_server"] = raw["name_server"]["hostname"] + r["domain_count"] = raw["name_server"]["total"] + + + + # Prepare predicate and value for each service + if r["service"] == "reverse-ip": + report["predicate"] = "Reverse_IP" + taxonomy["value"] = "\"{}, {} domains\"".format(r["ip"]["address"], r["ip"]["domain_count"]) + + if r["service"] == "name-server-domains": + taxonomy["predicate"] = "Reverse_Name_Server" + taxonomy["value"] = "\"{}, {} domains\"".format(r["name_server"], r["domain_count"]) + + if r["service"] == "reverse-whois": + taxonomy["predicate"] = "Reverse_Whois" + taxonomy["value"] = "\"curr:{} / hist:{} domains\"".format(r["domain_count"]["current"], r["domain_count"]["historic"]) + + if r["service"] == "whois/history": + taxonomy["predicate"] = "Whois_History" + taxonomy["value"] = "\"{}, {} domains \"".format(r["name_server"], r["domain_count"]) + + if (r["service"] == "whois/parsed") or (r['service'] == "whois"): + taxonomy["predicate"] = "Whois" + taxonomy["value"] = "\"REGISTRAR:{}\"".format(r["registrar"]) + taxonomies.append(taxonomy) + taxonomy["value"] = "\"REGISTRANT:{}\"".format(r["registrant"]) + taxonomies.append(taxonomy) + result = {'taxonomies': taxonomies} return result def run(self): diff --git a/thehive-templates/DomainTools_ReverseIP_1_0/short.html b/thehive-templates/DomainTools_ReverseIP_1_0/short.html index f3071cca5..563ca58f3 100644 --- a/thehive-templates/DomainTools_ReverseIP_1_0/short.html +++ b/thehive-templates/DomainTools_ReverseIP_1_0/short.html @@ -1 +1,3 @@ -DT:ReverseIP={{content.ip.address}}: {{content.ip.domain_count}} domains found + + {{t.namespace}}:{{t.predicate}}={{t.value}} +  diff --git a/thehive-templates/DomainTools_ReverseNameServer_1_0/short.html b/thehive-templates/DomainTools_ReverseNameServer_1_0/short.html index 02c3fe71e..563ca58f3 100644 --- a/thehive-templates/DomainTools_ReverseNameServer_1_0/short.html +++ b/thehive-templates/DomainTools_ReverseNameServer_1_0/short.html @@ -1 +1,3 @@ -DT:ReverseNameServer= {{content.name_server}}, {{content.domain_count}} domains + + {{t.namespace}}:{{t.predicate}}={{t.value}} +  diff --git a/thehive-templates/DomainTools_ReverseWhois_1_0/short.html b/thehive-templates/DomainTools_ReverseWhois_1_0/short.html index 7940edca5..563ca58f3 100644 --- a/thehive-templates/DomainTools_ReverseWhois_1_0/short.html +++ b/thehive-templates/DomainTools_ReverseWhois_1_0/short.html @@ -1,3 +1,3 @@ - - DT:ReverseWhois= curr:{{content.domain_count.current}}/hist:{{content.domain_count.historic}} domains found - + + {{t.namespace}}:{{t.predicate}}={{t.value}} +  diff --git a/thehive-templates/DomainTools_WhoisHistory_1_0/short.html b/thehive-templates/DomainTools_WhoisHistory_1_0/short.html index 485ddcb0e..563ca58f3 100644 --- a/thehive-templates/DomainTools_WhoisHistory_1_0/short.html +++ b/thehive-templates/DomainTools_WhoisHistory_1_0/short.html @@ -1,2 +1,3 @@ -DT:WhoisHistory,REGISTRANT= {{content.registrant}} -DT:WhoisHistory,REGISTRAR= {{content.registrar}} + + {{t.namespace}}:{{t.predicate}}={{t.value}} +  diff --git a/thehive-templates/DomainTools_WhoisLookup_1_0/short.html b/thehive-templates/DomainTools_WhoisLookup_1_0/short.html index 706b49831..563ca58f3 100644 --- a/thehive-templates/DomainTools_WhoisLookup_1_0/short.html +++ b/thehive-templates/DomainTools_WhoisLookup_1_0/short.html @@ -1,2 +1,3 @@ -DT:Whois,REGISTRANT= {{content.registrant}} -DT:Whois,REGISTRAR= {{content.registrar}} + + {{t.namespace}}:{{t.predicate}}={{t.value}} +  diff --git a/thehive-templates/DomainTools_WhoisLookup_IP_1_0/short.html b/thehive-templates/DomainTools_WhoisLookup_IP_1_0/short.html index 706b49831..563ca58f3 100644 --- a/thehive-templates/DomainTools_WhoisLookup_IP_1_0/short.html +++ b/thehive-templates/DomainTools_WhoisLookup_IP_1_0/short.html @@ -1,2 +1,3 @@ -DT:Whois,REGISTRANT= {{content.registrant}} -DT:Whois,REGISTRAR= {{content.registrar}} + + {{t.namespace}}:{{t.predicate}}={{t.value}} +