diff --git a/README.md b/README.md index 019cc58..7528a00 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,12 @@ This is a Python project to learn working with Flask. To make it useful for my d ![](./screenshots/30-01-2025.png) +Testing a Mermaid graph to work out the flow of the website: +```mermaid +graph TD +Start --> End +``` + ## Todos - [ ] reorganize the SPF, DMARC and DKIM results (organize the SPF to match ['record'] with ['parsed']) 📧 - [ ] try to incorporate OTX Alienvault results (unfortunately the historical telemetry is not possible via the API...) 👽 diff --git a/flask_soc_site/src/host_lookup.py b/flask_soc_site/src/host_lookup.py index 28505fb..29bf81e 100644 --- a/flask_soc_site/src/host_lookup.py +++ b/flask_soc_site/src/host_lookup.py @@ -8,6 +8,7 @@ import validators from ipwhois import IPWhois from whois import whois import requests +import socket # from constants import DOMAIN, EMAIL, IPV4, IPV6, URL from . import abuseipdb_api, virustotal_api @@ -36,23 +37,26 @@ class Lookedup(object): def url_lookup(self): self.domain = urlparse(self.host).netloc self.ip_address = socket.gethostbyname(self.domain) - self.metadata = domain(self.domain) + self.metadata = domain_info(self.domain) self.email_security = spf_dmarc(self.domain) self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type) self.abuseipdb = abuseipdb_api.analyse(self.ip_address) return self def ip_lookup(self): - self.metadata = domain(self.host) + self.ip_address = self.host + self.domain = socket.gethostbyaddr(self.host)[0] + self.metadata = domain_info(self.host) self.domain = self.metadata["domain_name"] self.email_security = spf_dmarc(self.domain) - self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type) + # self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type) + self.vt = virustotal_api.analyse2(self.host, self.host_type) self.abuseipdb = abuseipdb_api.analyse(self.host) return self def domain_lookup(self): self.ip_address = socket.gethostbyname(self.host) - self.metadata = domain(self.host) + self.metadata = domain_info(self.host) self.domain = self.metadata["domain_name"] self.email_security = spf_dmarc(self.domain) # self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type) @@ -62,7 +66,7 @@ class Lookedup(object): def email_lookup(self): self.domain = self.host.split("@")[1] - self.metadata = domain(self.domain) + self.metadata = domain_info(self.domain) self.ip_address = socket.gethostbyname(self.domain) self.email_security = spf_dmarc(self.domain) self.vt, self.vt_dict = virustotal_api.analyse2(self.domain, self.host_type) @@ -142,19 +146,24 @@ def extract(user_input): return hosts, errors -def domain(host): +# FIX: This function doesn't work for IP addresses, no usable whois() results +def domain_info(host): result = dict(whois(host)) print("RESULT IS: ", result) - if type(result["creation_date"]) is list: - result["creation_date"] = result["creation_date"][0].strftime("%d-%m-%Y") - else: - result["creation_date"] = result["creation_date"].strftime("%d-%m-%Y") - if type(result["domain_name"]) is list: - result["domain_name"] = result["domain_name"][0] - # result["creation_date"] = result["creation_date"].isoformat() + if result["domain_name"] is not None: + if type(result["creation_date"]) is list: + result["creation_date"] = result["creation_date"][0].strftime("%d-%m-%Y") + elif type(result["creation_date"]) is not list: + result["creation_date"] = result["creation_date"].strftime("%d-%m-%Y") + if type(result["domain_name"]) is list: + result["domain_name"] = result["domain_name"][0] + elif result["domain_name"] == None: + result["creation_date"] = "Not available" + result["domain_name"] = "Not available" + result["registrar"] = "Not available" + result["regitrar_country"] = "Not available" included = {"domain_name", "creation_date", "registrar", "registrar_country"} filtered = {key: value for key, value in result.items() if key in included} - print("FILTERED IS: ", filtered) return filtered diff --git a/flask_soc_site/src/virustotal_api.py b/flask_soc_site/src/virustotal_api.py index 57405ef..d1cd6cb 100644 --- a/flask_soc_site/src/virustotal_api.py +++ b/flask_soc_site/src/virustotal_api.py @@ -59,7 +59,8 @@ def analyse_IP(api_key, host): analysis_json = requests.get(analysis_url, headers=headers) response_dict = json.loads(analysis_json.text) # Implement this: https://docs.virustotal.com/reference/ip-info - return response_dict, analysis_json + # return response_dict, analysis_json + return response_dict def analyse(host, host_type): @@ -70,7 +71,8 @@ def analyse(host, host_type): elif host_type == DOMAIN: result, analysis_json = analyse_domain(api_key, host) elif host_type == IPV4 or IPV6: - result, analysis_json = analyse_IP(api_key, host) + result = analyse_IP(api_key, host) + # result, analysis_json = analyse_IP(api_key, host) return result, analysis_json @@ -81,8 +83,10 @@ def analyse2(host, host_type): result, analysis_json = analyse_URL(api_key, response_id) elif host_type == "domain" or host_type == "email address": result, analysis_json = analyse_domain(api_key, host) + # print("DOMAIN VT LOOKUP IS: ", result) elif host_type == "ip": - result, analysis_json = analyse_IP(api_key, host) + # result, analysis_json = analyse_IP(api_key, host) + result = analyse_IP(api_key, host) if host_type == "url": vt_stats = result["data"]["attributes"]["stats"] vt_results = result["data"]["attributes"]["results"]