refactor underway, will consolidate these components

2025-01-07 09:50:09 +01:00 · 2025-01-07 09:50:09 +01:00 · fc5e53eee1
commit fc5e53eee1
parent 79d3323804
7 changed files with 0 additions and 193 deletions
--- a/host_lookup/abuseipdb.py
+++ b/host_lookup/abuseipdb.py
@ -1,41 +0,0 @@
-from base64 import decode
-import json
-import os
-import requests
-import requests_cache
-from dotenv import load_dotenv
-from pprint import pprint
-
-
-class API_error(Exception):
-    pass
-
-
-def environment():
-    requests_cache.install_cache(expire_after=360, allowable_methods=("POST"))
-    load_dotenv()
-    api_key = os.getenv("ABUSEIPDB_API")
-    return api_key
-
-
-def lookup(api_key, host):
-    url = "https://api.abuseipdb.com/api/v2/check"
-    payload = {"ipAddress": "", "maxAgeInDays": "90"}
-    payload.update({"ipAddress": host})
-    headers = {"Accept": "application/json", "Key": api_key}
-    response = requests.request(
-        method="GET", url=url, params=payload, headers=headers, verify=False
-    )  # TODO: remove SSL verify=False and add signed certificate if possible.
-    # Figure out how caching functions here: https://requests-cache.readthedocs.io/en/stable/examples.html
-    print(requests_cache.get_cache())
-    print("Cached:")
-    print("\n".join(requests_cache.get_cache().urls()))
-
-    return response
-
-
-def analyse(host):
-    api_key = environment()
-    result = lookup(api_key, host)
-    decoded_result = json.loads(result.text)
-    return decoded_result
--- a/host_lookup/metadata.py
+++ b/host_lookup/metadata.py
@ -1,30 +0,0 @@
-from ipaddress import ip_address
-from whois import whois
-from ipwhois import IPWhois
-import validators
-from constants import URL, DOMAIN, IPV4, IPV6
-
-
-def check(host):
-    if validators.url(host):
-        host_type = URL
-    elif validators.domain(host):
-        host_type = DOMAIN
-    elif validators.ip_address.ipv4(host):
-        host_type = IPV4
-    elif validators.ip_address.ipv6(host):
-        host_type = IPV6
-    return host_type
-
-
-# def lookup(host_type):
-def lookup(host):
-    result = dict(whois(host))
-    return result
-
-
-# result = whois(host_type[1])
-# return result, host_type[0]
-# obj = IPWhois(host_type[1])
-# res = obj.lookup_rdap()
-# return res, host_type[0]
--- a/host_lookup/otx_api.py
+++ b/host_lookup/otx_api.py
@ -1,3 +0,0 @@
-# Try to get historical telemetry like this page shows: https://otx.alienvault.com/indicator/ip/8.8.8.8
-# Apparently this API does not provide this information :( f.e. the below curl request does not provide information about historical OTX telemetry.
-# curl https://otx.alienvault.com/api/v1/indicators/url/http://www.freputation.com/spreputation_san_ponso/slides/IMG_0068.html/general -H "X-OTX-API-KEY: ec672963e435bb7a09c494534b79a6a7a273a5bde5ea560874cccd72e2bc76fc"
--- a/host_lookup/parse_URI.py
+++ b/host_lookup/parse_URI.py
@ -1,9 +0,0 @@
-# This module should extract any and all URIs (IPs or URLs) from copy and pasted text.
-
-def parse(text):
-    split_text = text.split()
-    for URI in split_text:
-        print(URI)
-
-
-
--- a/host_lookup/spf_dmarc.py
+++ b/host_lookup/spf_dmarc.py
@ -1,9 +0,0 @@
-from checkdmarc.dmarc import check_dmarc
-from checkdmarc.spf import check_spf
-import validators
-
-
-def lookup(host: str) -> tuple:
-    result_dmarc = check_dmarc(host)
-    result_spf = check_spf(host)
-    return (result_dmarc, result_spf)
--- a/host_lookup/virustotal.py
+++ b/host_lookup/virustotal.py
@ -1,24 +0,0 @@
-import vt
-import os
-import requests
-import virustotal_python
-from dotenv import load_dotenv
-from pprint import pprint
-from base64 import urlsafe_b64encode
-
-# todo: implement my own API request module to then try and cache the response (see -> https://realpython.com/caching-external-api-requests/#requests-cache)
-
-def vt_lookup(URL):
-    load_dotenv()
-    api_key = os.getenv("VT_API")
-    with virustotal_python.Virustotal(api_key) as vtotal:
-        try:
-            resp = vtotal.request("urls", data={"url": URL}, method="POST")
-            print(resp)
-            # Safe encode URL in base64 format
-            # https://developers.virustotal.com/reference/url
-            url_id = urlsafe_b64encode(URL.encode()).decode().strip("=")
-            report = vtotal.request(f"urls/{url_id}")
-            return report.data
-        except virustotal_python.VirustotalError as err:
-            print(f"Failed to send URL: {URL} for analysis and get the report: {err}")
--- a/host_lookup/virustotal_api_test.py
+++ b/host_lookup/virustotal_api_test.py
@ -1,77 +0,0 @@
-import json
-import os
-import requests
-from dotenv import load_dotenv
-from pprint import pprint
-from constants import URL, DOMAIN, IPV4, IPV6
-
-# Would be nice to define some constants, f.e. for the various API urls, the headers, etc.
-
-
-def environment():
-    load_dotenv()
-    api_key = os.getenv("VT_API")
-    return api_key
-
-
-# Unfortunately this works for actual URLs, not domains. See: https://docs.virustotal.com/reference/domain-info
-# This also doesn't work for IPv6 addresses, where the response_dict does not have a 'data' key. So I would have to revamp this module and make separate functions called based on host type (URL, IPv4 and -6, domain).
-
-
-def analysis_object(api_key, host):
-    url = "https://www.virustotal.com/api/v3/urls"
-    payload = {"url": ""}
-    payload.update({"url": host})
-    headers = {
-        "accept": "application/json",
-        "content-type": "application/x-www-form-urlencoded",
-        "x-apikey": api_key,
-    }
-    response = requests.post(url, data=payload, headers=headers)
-    response_dict = json.loads(response.text)
-    response_id = response_dict["data"]["id"]
-    return response_id
-
-
-def analyse_domain(api_key, host):
-    url = "https://www.virustotal.com/api/v3/domains/" + host
-    headers = {
-        "accept": "application/json",
-        "content-type": "application/x-www-form-urlencoded",
-        "x-apikey": api_key,
-    }
-    analysis_response = requests.get(url, headers=headers)
-    response_dict = json.loads(analysis_response.text)
-    # Probably still need to turn the requests.get into a json like below
-    return response_dict
-
-
-def analyse_URL(api_key, response_id):
-    analysis_url = "https://www.virustotal.com/api/v3/analyses/{}".format(response_id)
-    headers = {"accept": "application/json", "x-apikey": api_key}
-    analysis_response = requests.get(analysis_url, headers=headers)
-    analysis_dict = json.loads(analysis_response.text)
-    # return analysis_response.text
-    return analysis_dict
-
-
-def analyse_IP(api_key, host):
-    analysis_url = "https://www.virustotal.com/api/v3/ip_addresses/{}".format(host)
-    headers = {"accept": "application/json", "x-apikey": api_key}
-    analysis_response = requests.get(analysis_url, headers=headers)
-    analysis_dict = json.loads(analysis_response.text)
-    # Implement this: https://docs.virustotal.com/reference/ip-info
-    return analysis_dict
-
-
-def analyse(host, host_type):
-    api_key = environment()
-    if host_type == URL:
-        response_id = analysis_object(api_key, host)
-        result = analyse_URL(api_key, response_id)
-    elif host_type == DOMAIN:
-        result = analyse_domain(api_key, host)
-    # elif for IPv4 and IPv6.
-    elif host_type == IPV4 or IPV6:
-        result = analyse_IP(api_key, host)
-    return result