/
pdns_util.py
57 lines (48 loc) · 1.74 KB
/
pdns_util.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#############################################
# PDNS API miscellaneous functions.
#
# Author: Emmanuel Bouillon
# Email: emmanuel.bouillon.sec@gmail.com
# Date: 11/06/2016
#############################################
# BASE URL (CIRCL)
BASE_URL = 'https://www.circl.lu/pdns/query'
# Login (basic auth)
LOGIN = '<YOUR LOGIN>'
# Password (basic auth)
PASSWORD = '<YOUR PASSWORD>'
# Max nb of results (otherwise Maltego gets sick)
MAX = 50
import pypdns
import json
import re
import datetime
from MaltegoTransform import *
def init():
return pypdns.PyPDNS(url=BASE_URL, basic_auth=(LOGIN, PASSWORD))
def date_handler(obj):
return obj.isoformat() if hasattr(obj, 'isoformat') else obj
def retrieveIP(mt, domain):
pdns = init()
result = pdns.query(domain)
for r in result:
record = json.loads(json.dumps(r, default=date_handler))
if record['rrtype'] == 'A':
first = record['time_first'].split('T')[0]
last = record['time_last'].split('T')[0]
me = MaltegoEntity('maltego.IPv4Address',record["rdata"].rstrip('.'));
me.addAdditionalFields('link#maltego.link.label', 'linklabel', False, first + ' - ' + last)
mt.addEntityToMessage(me);
return
def retrieveDomain(mt, ip):
pdns = init()
result = pdns.query(ip)
for r in result:
record = json.loads(json.dumps(r, default=date_handler))
if record['rrtype'] == 'A':
first = record['time_first'].split('T')[0]
last = record['time_last'].split('T')[0]
me = MaltegoEntity('maltego.Domain',record["rrname"].rstrip('.'));
me.addAdditionalFields('link#maltego.link.label', 'linklabel', False, first + ' - ' + last)
mt.addEntityToMessage(me);
return