From 49920cd33263d4f467b79ac297685ad28bf870de Mon Sep 17 00:00:00 2001
From: Joost Agterhoek <joostagterhoek@protonmail.com>
Date: Sat, 21 Jun 2025 21:27:58 +0200
Subject: [PATCH 1/5] trying to fix the broken IP lookup, it's related to
 domain registrar information

---
 flask_soc_site/src/host_lookup.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/flask_soc_site/src/host_lookup.py b/flask_soc_site/src/host_lookup.py
index 28505fb..ddddaae 100644
--- a/flask_soc_site/src/host_lookup.py
+++ b/flask_soc_site/src/host_lookup.py
@@ -8,6 +8,7 @@ import validators
 from ipwhois import IPWhois
 from whois import whois
 import requests
+import socket
 
 # from constants import DOMAIN, EMAIL, IPV4, IPV6, URL
 from . import abuseipdb_api, virustotal_api
@@ -43,6 +44,9 @@ class Lookedup(object):
         return self
 
     def ip_lookup(self):
+        self.ip_address = self.host
+        self.domain = socket.gethostbyaddr(self.host)[0]
+        print(f"DOMAIN OF IP IS: {self.domain}")
         self.metadata = domain(self.host)
         self.domain = self.metadata["domain_name"]
         self.email_security = spf_dmarc(self.domain)
@@ -142,6 +146,7 @@ def extract(user_input):
     return hosts, errors
 
 
+# FIX: This function doesn't work for IP addresses, no usable whois() results
 def domain(host):
     result = dict(whois(host))
     print("RESULT IS: ", result)

From 64c09d643c99740e47428da6098239d3f8b9f459 Mon Sep 17 00:00:00 2001
From: Joost Agterhoek <joostagterhoek@protonmail.com>
Date: Sat, 21 Jun 2025 21:41:37 +0200
Subject: [PATCH 2/5] trying out rendering Mermaid.js diagrams

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 019cc58..7528a00 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,12 @@ This is a Python project to learn working with Flask. To make it useful for my d
 
 ![](./screenshots/30-01-2025.png)
 
+Testing a Mermaid graph to work out the flow of the website:
+```mermaid
+graph TD
+Start --> End
+```
+
 ## Todos
  - [ ] reorganize the SPF, DMARC and DKIM results (organize the SPF to match ['record'] with ['parsed']) 📧
  - [ ]  try to incorporate OTX Alienvault results (unfortunately the historical telemetry is not possible via the API...) 👽

From 7bf60eb2107bb70f841fffe462e1b9f74a107113 Mon Sep 17 00:00:00 2001
From: Joost Agterhoek <joostagterhoek@protonmail.com>
Date: Wed, 25 Jun 2025 21:33:17 +0200
Subject: [PATCH 3/5] figured out a way to handle IP address whois lookup to
 give no domain info

---
 flask_soc_site/src/host_lookup.py | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/flask_soc_site/src/host_lookup.py b/flask_soc_site/src/host_lookup.py
index ddddaae..37e9e6b 100644
--- a/flask_soc_site/src/host_lookup.py
+++ b/flask_soc_site/src/host_lookup.py
@@ -37,7 +37,7 @@ class Lookedup(object):
     def url_lookup(self):
         self.domain = urlparse(self.host).netloc
         self.ip_address = socket.gethostbyname(self.domain)
-        self.metadata = domain(self.domain)
+        self.metadata = domain_info(self.domain)
         self.email_security = spf_dmarc(self.domain)
         self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
         self.abuseipdb = abuseipdb_api.analyse(self.ip_address)
@@ -46,8 +46,7 @@ class Lookedup(object):
     def ip_lookup(self):
         self.ip_address = self.host
         self.domain = socket.gethostbyaddr(self.host)[0]
-        print(f"DOMAIN OF IP IS: {self.domain}")
-        self.metadata = domain(self.host)
+        self.metadata = domain_info(self.host)
         self.domain = self.metadata["domain_name"]
         self.email_security = spf_dmarc(self.domain)
         self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
@@ -56,7 +55,7 @@ class Lookedup(object):
 
     def domain_lookup(self):
         self.ip_address = socket.gethostbyname(self.host)
-        self.metadata = domain(self.host)
+        self.metadata = domain_info(self.host)
         self.domain = self.metadata["domain_name"]
         self.email_security = spf_dmarc(self.domain)
         # self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
@@ -66,7 +65,7 @@ class Lookedup(object):
 
     def email_lookup(self):
         self.domain = self.host.split("@")[1]
-        self.metadata = domain(self.domain)
+        self.metadata = domain_info(self.domain)
         self.ip_address = socket.gethostbyname(self.domain)
         self.email_security = spf_dmarc(self.domain)
         self.vt, self.vt_dict = virustotal_api.analyse2(self.domain, self.host_type)
@@ -147,19 +146,23 @@ def extract(user_input):
 
 
 # FIX: This function doesn't work for IP addresses, no usable whois() results
-def domain(host):
+def domain_info(host):
     result = dict(whois(host))
     print("RESULT IS: ", result)
-    if type(result["creation_date"]) is list:
-        result["creation_date"] = result["creation_date"][0].strftime("%d-%m-%Y")
-    else:
-        result["creation_date"] = result["creation_date"].strftime("%d-%m-%Y")
-    if type(result["domain_name"]) is list:
-        result["domain_name"] = result["domain_name"][0]
-    # result["creation_date"] = result["creation_date"].isoformat()
+    if result["domain_name"] is not None:
+        if type(result["creation_date"]) is list:
+            result["creation_date"] = result["creation_date"][0].strftime("%d-%m-%Y")
+        elif type(result["creation_date"]) is not list:
+            result["creation_date"] = result["creation_date"].strftime("%d-%m-%Y")
+        if type(result["domain_name"]) is list:
+            result["domain_name"] = result["domain_name"][0]
+    elif result["domain_name"] == None:
+        result["creation_date"] = "Not available"
+        result["domain_name"] = "Not available"
+        result["registrar"] = "Not available"
+        result["regitrar_country"] = "Not available"
     included = {"domain_name", "creation_date", "registrar", "registrar_country"}
     filtered = {key: value for key, value in result.items() if key in included}
-    print("FILTERED IS: ", filtered)
     return filtered
 
 

From 1f3929838624f8e1fb471bf330d32822d008b05b Mon Sep 17 00:00:00 2001
From: Joost Agterhoek <joostagterhoek@protonmail.com>
Date: Wed, 25 Jun 2025 21:33:44 +0200
Subject: [PATCH 4/5] deleted print statement

---
 flask_soc_site/src/virustotal_api.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/flask_soc_site/src/virustotal_api.py b/flask_soc_site/src/virustotal_api.py
index 57405ef..476a8e9 100644
--- a/flask_soc_site/src/virustotal_api.py
+++ b/flask_soc_site/src/virustotal_api.py
@@ -81,6 +81,7 @@ def analyse2(host, host_type):
         result, analysis_json = analyse_URL(api_key, response_id)
     elif host_type == "domain" or host_type == "email address":
         result, analysis_json = analyse_domain(api_key, host)
+        print("DOMAIN VT LOOKUP IS: ", result)
     elif host_type == "ip":
         result, analysis_json = analyse_IP(api_key, host)
     if host_type == "url":

From 23b0e869fcb928cf83a1c83124d037a482a12322 Mon Sep 17 00:00:00 2001
From: Joost Agterhoek <joostagterhoek@protonmail.com>
Date: Tue, 8 Jul 2025 22:09:12 +0200
Subject: [PATCH 5/5] fixed IP address lookup error

---
 flask_soc_site/src/host_lookup.py    |  3 ++-
 flask_soc_site/src/virustotal_api.py | 11 +++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/flask_soc_site/src/host_lookup.py b/flask_soc_site/src/host_lookup.py
index 37e9e6b..29bf81e 100644
--- a/flask_soc_site/src/host_lookup.py
+++ b/flask_soc_site/src/host_lookup.py
@@ -49,7 +49,8 @@ class Lookedup(object):
         self.metadata = domain_info(self.host)
         self.domain = self.metadata["domain_name"]
         self.email_security = spf_dmarc(self.domain)
-        self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
+        # self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
+        self.vt = virustotal_api.analyse2(self.host, self.host_type)
         self.abuseipdb = abuseipdb_api.analyse(self.host)
         return self
 
diff --git a/flask_soc_site/src/virustotal_api.py b/flask_soc_site/src/virustotal_api.py
index 476a8e9..d1cd6cb 100644
--- a/flask_soc_site/src/virustotal_api.py
+++ b/flask_soc_site/src/virustotal_api.py
@@ -59,7 +59,8 @@ def analyse_IP(api_key, host):
     analysis_json = requests.get(analysis_url, headers=headers)
     response_dict = json.loads(analysis_json.text)
     # Implement this: https://docs.virustotal.com/reference/ip-info
-    return response_dict, analysis_json
+    # return response_dict, analysis_json
+    return response_dict
 
 
 def analyse(host, host_type):
@@ -70,7 +71,8 @@ def analyse(host, host_type):
     elif host_type == DOMAIN:
         result, analysis_json = analyse_domain(api_key, host)
     elif host_type == IPV4 or IPV6:
-        result, analysis_json = analyse_IP(api_key, host)
+        result = analyse_IP(api_key, host)
+        # result, analysis_json = analyse_IP(api_key, host)
     return result, analysis_json
 
 
@@ -81,9 +83,10 @@ def analyse2(host, host_type):
         result, analysis_json = analyse_URL(api_key, response_id)
     elif host_type == "domain" or host_type == "email address":
         result, analysis_json = analyse_domain(api_key, host)
-        print("DOMAIN VT LOOKUP IS: ", result)
+        # print("DOMAIN VT LOOKUP IS: ", result)
     elif host_type == "ip":
-        result, analysis_json = analyse_IP(api_key, host)
+        # result, analysis_json = analyse_IP(api_key, host)
+        result = analyse_IP(api_key, host)
     if host_type == "url":
         vt_stats = result["data"]["attributes"]["stats"]
         vt_results = result["data"]["attributes"]["results"]