joost/flask-soc-site
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' of code.joostagterhoek.nl:joost/flask-soc-site

Browse Source
This commit is contained in:
Joost Agterhoek 2025-07-09 22:16:13 +02:00
commit 872e165131
3 changed files with 36 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -4,6 +4,12 @@ This is a Python project to learn working with Flask. To make it useful for my d
![](./screenshots/30-01-2025.png) ![](./screenshots/30-01-2025.png)
Testing a Mermaid graph to work out the flow of the website:
```mermaid
graph TD
Start --> End
```
## Todos ## Todos
- [ ] reorganize the SPF, DMARC and DKIM results (organize the SPF to match ['record'] with ['parsed']) 📧 - [ ] reorganize the SPF, DMARC and DKIM results (organize the SPF to match ['record'] with ['parsed']) 📧
- [ ] try to incorporate OTX Alienvault results (unfortunately the historical telemetry is not possible via the API...) 👽 - [ ] try to incorporate OTX Alienvault results (unfortunately the historical telemetry is not possible via the API...) 👽

37
flask_soc_site/src/host_lookup.py
View File

@ -8,6 +8,7 @@ import validators
from ipwhois import IPWhois from ipwhois import IPWhois
from whois import whois from whois import whois
import requests import requests
import socket
# from constants import DOMAIN, EMAIL, IPV4, IPV6, URL # from constants import DOMAIN, EMAIL, IPV4, IPV6, URL
from . import abuseipdb_api, virustotal_api from . import abuseipdb_api, virustotal_api
@ -36,23 +37,26 @@ class Lookedup(object):
def url_lookup(self): def url_lookup(self):
self.domain = urlparse(self.host).netloc self.domain = urlparse(self.host).netloc
self.ip_address = socket.gethostbyname(self.domain) self.ip_address = socket.gethostbyname(self.domain)
self.metadata = domain(self.domain) self.metadata = domain_info(self.domain)
self.email_security = spf_dmarc(self.domain) self.email_security = spf_dmarc(self.domain)
self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type) self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
self.abuseipdb = abuseipdb_api.analyse(self.ip_address) self.abuseipdb = abuseipdb_api.analyse(self.ip_address)
return self return self
def ip_lookup(self): def ip_lookup(self):
self.metadata = domain(self.host) self.ip_address = self.host
self.domain = socket.gethostbyaddr(self.host)[0]
self.metadata = domain_info(self.host)
self.domain = self.metadata["domain_name"] self.domain = self.metadata["domain_name"]
self.email_security = spf_dmarc(self.domain) self.email_security = spf_dmarc(self.domain)
self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type) # self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
self.vt = virustotal_api.analyse2(self.host, self.host_type)
self.abuseipdb = abuseipdb_api.analyse(self.host) self.abuseipdb = abuseipdb_api.analyse(self.host)
return self return self
def domain_lookup(self): def domain_lookup(self):
self.ip_address = socket.gethostbyname(self.host) self.ip_address = socket.gethostbyname(self.host)
self.metadata = domain(self.host) self.metadata = domain_info(self.host)
self.domain = self.metadata["domain_name"] self.domain = self.metadata["domain_name"]
self.email_security = spf_dmarc(self.domain) self.email_security = spf_dmarc(self.domain)
# self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type) # self.vt, self.vt_dict = virustotal_api.analyse2(self.host, self.host_type)
@ -62,7 +66,7 @@ class Lookedup(object):
def email_lookup(self): def email_lookup(self):
self.domain = self.host.split("@")[1] self.domain = self.host.split("@")[1]
self.metadata = domain(self.domain) self.metadata = domain_info(self.domain)
self.ip_address = socket.gethostbyname(self.domain) self.ip_address = socket.gethostbyname(self.domain)
self.email_security = spf_dmarc(self.domain) self.email_security = spf_dmarc(self.domain)
self.vt, self.vt_dict = virustotal_api.analyse2(self.domain, self.host_type) self.vt, self.vt_dict = virustotal_api.analyse2(self.domain, self.host_type)
@ -142,19 +146,24 @@ def extract(user_input):
return hosts, errors return hosts, errors
def domain(host): # FIX: This function doesn't work for IP addresses, no usable whois() results
def domain_info(host):
result = dict(whois(host)) result = dict(whois(host))
print("RESULT IS: ", result) print("RESULT IS: ", result)
if type(result["creation_date"]) is list: if result["domain_name"] is not None:
result["creation_date"] = result["creation_date"][0].strftime("%d-%m-%Y") if type(result["creation_date"]) is list:
else: result["creation_date"] = result["creation_date"][0].strftime("%d-%m-%Y")
result["creation_date"] = result["creation_date"].strftime("%d-%m-%Y") elif type(result["creation_date"]) is not list:
if type(result["domain_name"]) is list: result["creation_date"] = result["creation_date"].strftime("%d-%m-%Y")
result["domain_name"] = result["domain_name"][0] if type(result["domain_name"]) is list:
# result["creation_date"] = result["creation_date"].isoformat() result["domain_name"] = result["domain_name"][0]
elif result["domain_name"] == None:
result["creation_date"] = "Not available"
result["domain_name"] = "Not available"
result["registrar"] = "Not available"
result["regitrar_country"] = "Not available"
included = {"domain_name", "creation_date", "registrar", "registrar_country"} included = {"domain_name", "creation_date", "registrar", "registrar_country"}
filtered = {key: value for key, value in result.items() if key in included} filtered = {key: value for key, value in result.items() if key in included}
print("FILTERED IS: ", filtered)
return filtered return filtered

10
flask_soc_site/src/virustotal_api.py
View File

@ -59,7 +59,8 @@ def analyse_IP(api_key, host):
analysis_json = requests.get(analysis_url, headers=headers) analysis_json = requests.get(analysis_url, headers=headers)
response_dict = json.loads(analysis_json.text) response_dict = json.loads(analysis_json.text)
# Implement this: https://docs.virustotal.com/reference/ip-info # Implement this: https://docs.virustotal.com/reference/ip-info
return response_dict, analysis_json # return response_dict, analysis_json
return response_dict
def analyse(host, host_type): def analyse(host, host_type):
@ -70,7 +71,8 @@ def analyse(host, host_type):
elif host_type == DOMAIN: elif host_type == DOMAIN:
result, analysis_json = analyse_domain(api_key, host) result, analysis_json = analyse_domain(api_key, host)
elif host_type == IPV4 or IPV6: elif host_type == IPV4 or IPV6:
result, analysis_json = analyse_IP(api_key, host) result = analyse_IP(api_key, host)
# result, analysis_json = analyse_IP(api_key, host)
return result, analysis_json return result, analysis_json
@ -81,8 +83,10 @@ def analyse2(host, host_type):
result, analysis_json = analyse_URL(api_key, response_id) result, analysis_json = analyse_URL(api_key, response_id)
elif host_type == "domain" or host_type == "email address": elif host_type == "domain" or host_type == "email address":
result, analysis_json = analyse_domain(api_key, host) result, analysis_json = analyse_domain(api_key, host)
# print("DOMAIN VT LOOKUP IS: ", result)
elif host_type == "ip": elif host_type == "ip":
result, analysis_json = analyse_IP(api_key, host) # result, analysis_json = analyse_IP(api_key, host)
result = analyse_IP(api_key, host)
if host_type == "url": if host_type == "url":
vt_stats = result["data"]["attributes"]["stats"] vt_stats = result["data"]["attributes"]["stats"]
vt_results = result["data"]["attributes"]["results"] vt_results = result["data"]["attributes"]["results"]