CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2eaefab6eb30e4ca69050a3a8c33ea12b9800c8
securityonion/salt/sensoroni/files/analyzers/whoislookup/whoislookup.py
Wes Lambert 766e9748c5 Add Whoislookup RDAP-based analyzer
2022-05-17 15:52:12 +00:00

56 lines
1.4 KiB
Python
Executable File
Raw Blame History

import json
import helpers
import argparse
import whoisit
def sendReq(domain):
whoisit.bootstrap()
try:
results = whoisit.domain(domain, raw=True)
except whoisit.errors.ResourceDoesNotExist:
results = "Not found."
except whoisit.errors.QueryError as error:
results = "QueryError: " + str(error)
return results
def prepareResults(raw):
if raw:
if "Not found." in raw:
status = "info"
summary = "no_results"
elif "QueryError" in raw:
status = "caution"
summary = "invalid_input"
else:
status = "info"
summary = "analysis_complete"
else:
status = "caution"
summary = "internal_failure"
results = {'response': raw, 'summary': summary, 'status': status}
return results
def analyze(input):
meta = helpers.loadMetadata(__file__)
data = helpers.parseArtifact(input)
helpers.checkSupportedType(meta, data["artifactType"])
response = sendReq(data["value"])
return prepareResults(response)
def main():
parser = argparse.ArgumentParser(description='Query RDAP server for WHOIS-like information for a given artifact')
parser.add_argument('artifact', help='the artifact represented in JSON format')
args = parser.parse_args()
if args.artifact:
results = analyze(args.artifact)
print(json.dumps(results))
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink