forked from woj-ciech/Danger-zone
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathip.py
142 lines (106 loc) · 5.6 KB
/
ip.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
import json
import requests
import time
from colors import bcolors
import tools
import sys
# es = Elasticsearch([{'host': 'localhost', 'port': 9200}])
class Ip:
def __init__(self, ip_address):
self.ip_address = ip_address
def geolocation(self, elastic_output):
print "-------------Geolocation module---------------------"
req_geolocation = requests.get("https://extreme-ip-lookup.com/json/" + self.ip_address)
json_geolocation = json.loads(req_geolocation.content)
try:
business_name = json_geolocation['businessName']
print bcolors.HEADER + self.ip_address + bcolors.ENDC + " belongs to " + bcolors.OKGREEN + business_name if len(
business_name) > 0 else "No business name for that IP"
print "It is from " + bcolors.OKGREEN + json_geolocation['country'] + ", " + json_geolocation[
'city'] + ", " + json_geolocation[
'region'] + bcolors.ENDC
except KeyError:
print bcolors.FAIL + "Error" + bcolors.ENDC
coordinates = dict(json_geolocation.items()[8:11])
if elastic_output:
tools.elast('coordinates', 'ip', coordinates)
tools.json_output(self.ip_address, "/geolocation", json_geolocation)
return coordinates
def threatcrowd_ip(self, elastic_output):
print "----------------ThreatCrowd module---------------------------"
req_threatcrowd = requests.get("https://www.threatcrowd.org/searchApi/v2/ip/report/?ip=" + self.ip_address)
json_threatcrowd = json.loads(req_threatcrowd.content)
try:
votes = json_threatcrowd['votes']
except KeyError:
votes = 0
output = {self.ip_address: {}}
if json_threatcrowd['response_code'] == 0:
print "[*] " + bcolors.FAIL + "No information about " + bcolors.HEADER + self.ip_address + bcolors.ENDC
return False
try:
newlist = sorted(json_threatcrowd['resolutions'], key=lambda k: k['last_resolved'])
except KeyError:
newlist = []
print "Error"
print "[*] Newest resolution from ThreatCrowd"
for i, j in enumerate(reversed(newlist)):
print bcolors.HEADER + self.ip_address + bcolors.ENDC + " was resolved to " + bcolors.OKGREEN + j[
'domain'] + bcolors.ENDC + " on " + bcolors.OKGREEN + j['last_resolved'] + bcolors.ENDC
output[self.ip_address]['domain'] = j['domain']
output[self.ip_address]['last_resolved'] = j['last_resolved']
if i == 2:
break
trust = bcolors.WARNING + "non-trusted" + bcolors.ENDC if votes < 0 else bcolors.OKGREEN + "trusted" + bcolors.ENDC if votes > 0 else "no opinion"
print "Reputation of " + bcolors.HEADER + self.ip_address + bcolors.ENDC + ": " + trust
output[self.ip_address]['trust'] = trust
# output = {self.ip : {domain:[xxx,xxx], trust: trust}
if elastic_output:
tools.elast('threatcrowd_ip', 'domain', json_threatcrowd)
tools.json_output(self.ip_address, "/threatcrowd", json_threatcrowd)
return json_threatcrowd
def virustotal(self, key, elastic_output):
help = 0
output = {self.ip_address: {'detected': {}, 'hostname': {}}}
print "----------------VirusTotal module---------------------------"
req_virustotal = requests.get(
"https://www.virustotal.com/vtapi/v2/ip-address/report?apikey=" + key + "&ip=" + self.ip_address)
if req_virustotal.status_code == 403:
print "Wrong API key, no more info can be gathered"
sys.exit()
if req_virustotal.status_code == 204:
print "API limit, putting into sleep for 70 sec"
time.sleep(70)
req_virustotal = requests.get(
"https://www.virustotal.com/vtapi/v2/ip-address/report?apikey=" + key + "&ip=" + self.ip_address)
json_virustotal = json.loads(req_virustotal.content)
print "[*] Following url(s) was/were hosted on ip " + bcolors.HEADER + self.ip_address + bcolors.ENDC + ' and consider as dangerous: '
try:
for i in json_virustotal['detected_urls']:
# output[self.ip_address]['detected']['url'] = i['url']
output[self.ip_address]['detected'][i['url']] = i['scan_date']
print i['url'] + " on " + bcolors.OKGREEN + i['scan_date'] + bcolors.ENDC
help = help + 1
if help == 3:
break
except KeyError:
print "Nothing found"
return False
sorted_json_virustotal = sorted(json_virustotal['resolutions'], key=lambda k: k['last_resolved'], reverse=True)
help = 0
print "[*] Newest resolution from VirusTotal"
for i in sorted_json_virustotal:
if help < 3:
print bcolors.HEADER + self.ip_address + bcolors.ENDC + " was resolved to " + bcolors.OKGREEN + i[
'hostname'] + bcolors.ENDC + " on " + bcolors.OKGREEN + i['last_resolved'] + bcolors.ENDC
output[self.ip_address]['hostname'][i['hostname']] = i['last_resolved']
help = help + 1
else:
break
# output = {self.ip : { detected {url:scan_date}, hostname : {xxx.xxx.xxx.xxx: xxxx-xx-xx}}
# output.append([json_virustotal['detected_urls']])
if elastic_output:
tools.elast('virustotal_ip', 'ip', json_virustotal)
tools.json_output(self.ip_address, "/virustotal", sorted_json_virustotal)
return output
# return json_virustotal