Merge branch 'main' of code.joostagterhoek.nl:joost/flask-soc-site

2025-07-09 22:16:13 +02:00 · 2025-07-09 22:16:13 +02:00 · 872e165131
commit 872e165131
parent 7dd36f8156 23b0e869fc
3 changed files with 36 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -4,6 +4,12 @@ This is a Python project to learn working with Flask. To make it useful for my d

 ![](./screenshots/30-01-2025.png)

+Testing a Mermaid graph to work out the flow of the website:
+```mermaid
+graph TD
+Start --> End
+```
+
 ## Todos
 - [ ] reorganize the SPF, DMARC and DKIM results (organize the SPF to match ['record'] with ['parsed']) 📧
 - [ ]  try to incorporate OTX Alienvault results (unfortunately the historical telemetry is not possible via the API...) 👽
--- a/flask_soc_site/src/host_lookup.py
+++ b/flask_soc_site/src/host_lookup.py
@ -8,6 +8,7 @@ import validators
 from ipwhois import IPWhois
 from whois import whois
 import requests
+import socket

 # from constants import DOMAIN, EMAIL, IPV4, IPV6, URL
 from . import abuseipdb_api, virustotal_api
@ -36,23 +37,26 @@ class Lookedup(object):
    def url_lookup(self):
        self.domain = urlparse(self.host).netloc
        self.ip_address = socket.gethostbyname(self.domain)
-        self.metadata = domain(self.domain)
+        self.metadata = domain_info(self.domain)
        self.email_security = spf_dmarc(self.domain)
        self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
        self.abuseipdb = abuseipdb_api.analyse(self.ip_address)
        return self

    def ip_lookup(self):
-        self.metadata = domain(self.host)
+        self.ip_address = self.host
+        self.domain = socket.gethostbyaddr(self.host)[0]
+        self.metadata = domain_info(self.host)
        self.domain = self.metadata["domain_name"]
        self.email_security = spf_dmarc(self.domain)
-        self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
+        # self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
+        self.vt = virustotal_api.analyse2(self.host, self.host_type)
        self.abuseipdb = abuseipdb_api.analyse(self.host)
        return self

    def domain_lookup(self):
        self.ip_address = socket.gethostbyname(self.host)
-        self.metadata = domain(self.host)
+        self.metadata = domain_info(self.host)
        self.domain = self.metadata["domain_name"]
        self.email_security = spf_dmarc(self.domain)
        # self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
@ -62,7 +66,7 @@ class Lookedup(object):

    def email_lookup(self):
        self.domain = self.host.split("@")[1]
-        self.metadata = domain(self.domain)
+        self.metadata = domain_info(self.domain)
        self.ip_address = socket.gethostbyname(self.domain)
        self.email_security = spf_dmarc(self.domain)
        self.vt, self.vt_dict = virustotal_api.analyse2(self.domain, self.host_type)
@ -142,19 +146,24 @@ def extract(user_input):
    return hosts, errors


-def domain(host):
+# FIX: This function doesn't work for IP addresses, no usable whois() results
+def domain_info(host):
    result = dict(whois(host))
    print("RESULT IS: ", result)
-    if type(result["creation_date"]) is list:
-        result["creation_date"] = result["creation_date"][0].strftime("%d-%m-%Y")
-    else:
-        result["creation_date"] = result["creation_date"].strftime("%d-%m-%Y")
-    if type(result["domain_name"]) is list:
-        result["domain_name"] = result["domain_name"][0]
-    # result["creation_date"] = result["creation_date"].isoformat()
+    if result["domain_name"] is not None:
+        if type(result["creation_date"]) is list:
+            result["creation_date"] = result["creation_date"][0].strftime("%d-%m-%Y")
+        elif type(result["creation_date"]) is not list:
+            result["creation_date"] = result["creation_date"].strftime("%d-%m-%Y")
+        if type(result["domain_name"]) is list:
+            result["domain_name"] = result["domain_name"][0]
+    elif result["domain_name"] == None:
+        result["creation_date"] = "Not available"
+        result["domain_name"] = "Not available"
+        result["registrar"] = "Not available"
+        result["regitrar_country"] = "Not available"
    included = {"domain_name", "creation_date", "registrar", "registrar_country"}
    filtered = {key: value for key, value in result.items() if key in included}
-    print("FILTERED IS: ", filtered)
    return filtered


--- a/flask_soc_site/src/virustotal_api.py
+++ b/flask_soc_site/src/virustotal_api.py
@ -59,7 +59,8 @@ def analyse_IP(api_key, host):
    analysis_json = requests.get(analysis_url, headers=headers)
    response_dict = json.loads(analysis_json.text)
    # Implement this: https://docs.virustotal.com/reference/ip-info
-    return response_dict, analysis_json
+    # return response_dict, analysis_json
+    return response_dict


 def analyse(host, host_type):
@ -70,7 +71,8 @@ def analyse(host, host_type):
    elif host_type == DOMAIN:
        result, analysis_json = analyse_domain(api_key, host)
    elif host_type == IPV4 or IPV6:
-        result, analysis_json = analyse_IP(api_key, host)
+        result = analyse_IP(api_key, host)
+        # result, analysis_json = analyse_IP(api_key, host)
    return result, analysis_json


@ -81,8 +83,10 @@ def analyse2(host, host_type):
        result, analysis_json = analyse_URL(api_key, response_id)
    elif host_type == "domain" or host_type == "email address":
        result, analysis_json = analyse_domain(api_key, host)
+        # print("DOMAIN VT LOOKUP IS: ", result)
    elif host_type == "ip":
-        result, analysis_json = analyse_IP(api_key, host)
+        # result, analysis_json = analyse_IP(api_key, host)
+        result = analyse_IP(api_key, host)
    if host_type == "url":
        vt_stats = result["data"]["attributes"]["stats"]
        vt_results = result["data"]["attributes"]["results"]