diff --git a/dnsinformations.py b/dnschecker.py similarity index 76% rename from dnsinformations.py rename to dnschecker.py index 3f352e3..5902975 100644 --- a/dnsinformations.py +++ b/dnschecker.py @@ -7,11 +7,15 @@ import dns.name from config import DNS_QUERIES_TYPE -class DNSInformations: - def __init__(self, api_key, fqdn): +class DNSChecker: + def __init__(self, api_key, fqdn, rrtype=DNS_QUERIES_TYPE): self._fqdn = fqdn + self._rrtype = rrtype def checkDomainExist(self): + """ + This function check if the domain exist + """ try: res_query = dns.resolver.resolve(self._fqdn, 'NS') except dns.resolver.NoAnswer: @@ -21,6 +25,10 @@ class DNSInformations: return True def whois(self): + """ + This function will get an whois request for having some information + regarding the domain + """ report = dict() w = whois.whois(self._fqdn) report['domain_name'] = w.domain_name @@ -33,10 +41,13 @@ class DNSInformations: return report def resolver(self): + """ + This function will resolv the FQDN with different type of RR + """ report = dict() - for t in DNS_QUERIES_TYPE.keys(): - report[t] = self._resolving(self._fqdn, t, DNS_QUERIES_TYPE[t]) + for t in self._rrtype.keys(): + report[t] = self._resolving(self._fqdn, t, self._rrtype[t]) return report def _resolving(self, fqdn, t, attr): diff --git a/main.py b/main.py index dd2ad74..93ce930 100644 --- a/main.py +++ b/main.py @@ -4,7 +4,7 @@ from argparse import ArgumentParser from config import VT_ATTRIBUTES_MAPPING from vt import VT -from dnsinformations import DNSInformations as DNS +from dnschecker import DNSChecker as DNS import ipaddress from datetime import datetime from hashing import Hash @@ -108,7 +108,7 @@ def main(): if args.domain: _parsingDomain(config, args.domain, report) if args.host: - pass + _parsingHost(config, args.host, report) if args.ip: _parsingIP(config, args.ip, report) # Analyse hash file @@ -210,6 +210,19 @@ def _parsingIP(config, ip, report): except KeyError: print(f"Cannot find the key {vt}") +def _parsingHost(config, fqdn, report): + vt = VT(config['api_key_vt']) + dns = DNS(config['api_key_vt'], fqdn, {'A': 'address'}) + + # Resolv and print results + report['resolving'] = dns.resolver() + _printDNSResolving(report['resolving']) + + # Print VirusTotal + report['vt'] = dict() + vt.getDomainReport(fqdn, report['vt']) + _printDNSVirusTotal(report['vt']) + def _parsingDomain(config, fqdn, report): vt = VT(config['api_key_vt']) dns = DNS(config['api_key_vt'], fqdn) @@ -219,41 +232,50 @@ def _parsingDomain(config, fqdn, report): print(f"The domain {fqdn} do not exist") return + # Resolving domain + report['resolving'] = dns.resolver() + _printDNSResolving(report['resolving']) + + # Whois request and print the result + report['whois'] = dns.whois() + _printDNSWhois(report['whois']) + + # Print VirusTotal + report['vt'] = dict() + vt.getDomainReport(fqdn, report['vt']) + _printDNSVirusTotal(report['vt']) + +def _printDNSResolving(report): print("----------------------") print("| resolving |") print("----------------------") - report['resolving'] = dns.resolver() - for key in report['resolving'].keys(): + for key in report.keys(): print(f"{key}: ") - for entry in report['resolving'][key]: + for entry in report[key]: for subkey in entry.keys(): value = entry[subkey] if isinstance(value, bytes): value = value.decode() print(f"\t{subkey}: {value}") - print("\n----------------------") - print("| whois |") - print("----------------------") - report['whois'] = dns.whois() - report_whois = report['whois'] - for key in report_whois.keys(): - if isinstance(report_whois[key], list): - print(f"{key}:") - for value in report_whois[key]: - print(f"\t{value}") - else: - print(f"{key}: {report_whois[key]}") - +def _printDNSVirusTotal(report): print("\n----------------------") print("| VirusTotal |") print("----------------------") - report['vt'] = dict() - vt.getDomainReport(fqdn, report['vt']) - report_vt = report['vt'] - for key in report_vt: - print(f"{key}: {report_vt[key]}") + for key in report: + print(f"{key}: {report[key]}") +def _printDNSWhois(report): + print("\n----------------------") + print("| whois |") + print("----------------------") + for key in report.keys(): + if isinstance(report[key], list): + print(f"{key}:") + for value in report[key]: + print(f"\t{value}") + else: + print(f"{key}: {report[key]}") if __name__ == "__main__": main() diff --git a/vt.py b/vt.py index 702a72f..8ebdd36 100644 --- a/vt.py +++ b/vt.py @@ -13,6 +13,9 @@ class VT: } def getIPVirusTotal(self, ip): + """ + This function get IP information from VirusTotal + """ res = requests.get( f"{self._url}/ip_addresses/{ip}", headers=self._headers @@ -38,6 +41,9 @@ class VT: return data def getDomainReport(self, fqdn, report): + """ + This function get the report for the specific domain + """ res = requests.get( f"{self._url}/domains/{fqdn}", headers=self._headers @@ -65,6 +71,9 @@ class VT: report['malicious'] += 1 def getRateFromHash(self, h, report): + """ + This function get the report of the hash specified by the parameter h + """ headers = self._headers res = requests.get(