# Data analysis

### Importing needed libraries

In [None]:
!pip install descartes
!pip install geopandas
!pip install country_converter
import numpy as np
import matplotlib.pyplot as plt
from matplotlib.gridspec import GridSpec
import pandas
import geopandas as gpd
from matplotlib import style
import country_converter as coco

### Loading a CSV file in Python 

In [None]:
data = pandas.read_csv('data.csv', sep=',')
data

In [None]:
#check the column names
data.columns.values

In [None]:
#get the number of collected domains
index = data.index
total = len(index)
print(total)

### Distribution of domain names across name servers

In [None]:
#settings of plotting
plt.style.use('seaborn-deep')
plt.rcParams.update({'font.size': 10})

In [None]:
#grouping the data by NS IPs
ns = data.groupby('IP of NS')
ns_counter = ns.size().to_frame('size')
ns_counter


In [None]:
#sorting the results and counting the percentage distribution
result_ns = ns_counter.sort_values('size', ascending=False)
result_ns['percent'] = result_ns['size']/total*100
result_ns=result_ns.reset_index()
result_ns.index += 1 
result_ns_table = result_ns.head(25)
print(result_ns_table)
result_ns_table['percent'].sum()

In [None]:
#printing the graph

ns_pl = result_ns.cumsum()
ns_pl.plot(y='percent', kind='line', 
        figsize=(5, 4), legend=False, style='b.-')
#plt.title(" Distribution of domains across name servers", y=1.01, fontsize=15)
plt.ylabel("Percentage of vulnerable domains", labelpad=15, fontsize=12)
plt.xlabel("Number of authoritative name servers", labelpad=15, fontsize=12);

### Distribution of domain names across autonomous systems

In [None]:
#grouping the data by NS ASNs
ASN_dns = data.groupby('ASN(NS)')
ASN_dns_counter = ASN_dns.size().to_frame('size')
ASN_dns_counter

In [None]:
#sorting the results and counting the percentage distribution
result_asn = ASN_dns_counter.sort_values('size', ascending=False)
result_asn['percent'] = result_asn['size']/total*100
result_asn = result_asn.reset_index()
result_asn.index += 1 
print(result_asn)
result_table = result_asn.head()
result_table['percent'].sum()
asn_pl = result_asn.cumsum().head(94)
print(asn_pl)

In [None]:
#printing the graph
asn_pl = result_asn.cumsum()
asn_pl.plot(y='percent', use_index=True, kind='line', 
        figsize=(5, 4), legend=False, style='b.-')
#plt.title("Distribution of domains across autonomous systems", y=1.01, fontsize=15)
plt.ylabel("Percentage of vulnerable domains", labelpad=15, fontsize=12)
plt.xlabel("Number of autonomous systems", labelpad=15, fontsize=12);

### Distribution of domains across autonomous systems based on web servers

In [None]:
data['ASN_web'] = data['ASN(WEB)'].str.split(':').str[1]
ASN_web = data.groupby('ASN_web')
ASN_web_counter = ASN_web.size().to_frame('size')

In [None]:
result_web = ASN_web_counter.sort_values('size', ascending=False)
result_web = result_web.tail(1016)
result_web['percent'] = result_web['size']/total*100
result_table_web = result_web.head(46)
result_web = result_web.reset_index()
print(result_table_web)
result_table_web['size'].sum()

In [None]:
asn_pl = result_web.cumsum()
asn_pl.plot(y='percent', use_index=True, kind='line', 
        figsize=(10, 8), legend=False, style='b.-')
plt.title("Distribution of domains across autonomous systems based on web servers", y=1.01, fontsize=12)
plt.ylabel("Percentage of vulnerable domains", labelpad=15, fontsize=10)
plt.xlabel("Number of autonomous systems", labelpad=15, fontsize=10);

### Distribution of domains across autonomous systems based on WHOIS records

In [None]:
whois_org = data.groupby('Whois org')
whois_org_counter = whois_org.size().to_frame('size')
result_whois_org = whois_org_counter.sort_values('size', ascending=False)
result_whois_org['percent'] = result_whois_org['size']/total*100
result_whois_org_table = result_whois_org.head(40)
print(result_whois_org_table)
result_whois_org['size'].sum()

### Analysis of DNS records

#### A records

In [None]:
ipv4 = data.groupby('IPv4(WEB)')
ipv4_counter = ipv4.size().to_frame('size')
result_ipv4 = ipv4_counter.sort_values('size', ascending=False)
result_ipv4['percent'] = result_ipv4['size']/total*100
result_ipv4=result_ipv4.reset_index()
result_ipv4_table = result_ipv4.head(249)
print(result_ipv4_table)
result_ipv4['size'].sum()

#### AAAA records

In [None]:
ipv6 = data.groupby('IPv6')
ipv6_counter = ipv6.size().to_frame('size')
result_ipv6 = ipv6_counter.sort_values('size', ascending=False)
result_ipv6['percent'] = result_ipv6['size']/total*100
result_ipv6_table = result_ipv6.head(249)
print(result_ipv6_table)
result_ipv6['size'].sum()

#### CNAME records

In [None]:
cname = data.groupby('CNAME')
cname_counter = cname.size().to_frame('size')
result_cname = cname_counter.sort_values('size', ascending=False)
result_cname['percent'] = result_cname['size']/total*100
result_cname_table = result_cname.head()
print(result_cname_table)
result_cname['size'].sum()

#### A, AAAA, CNAME records - information on web servers

In [None]:
web = data.groupby(['IPv4(WEB)', 'IPv6', 'CNAME'])
web_counter = web.size().to_frame('size')
result_web = web_counter.sort_values('size', ascending=False)
result_web['percent'] = result_web['size']/total*100
result_web_table = result_web.head(249)
print(result_web_table)
result_web['size'].sum()

#### AXFR records

In [None]:
axfr = data.groupby('AXFR')
axfr_counter = axfr.size().to_frame('size')
result_axfr = axfr_counter.sort_values('size', ascending=False)
result_axfr['percent'] = result_axfr['size']/total*100
result_axfr_table = result_axfr.head()
print(result_axfr_table)
result_axfr['size'].sum()

#### DNSKEY records

In [None]:
DNSKEY = data.groupby('DNSKEY')
DNSKEY_counter = DNSKEY.size().to_frame('size')
result_DNSKEY = DNSKEY_counter.sort_values('size', ascending=False)
result_DNSKEY['percent'] = result_DNSKEY['size']/total*100
result_DNSKEY_table = result_DNSKEY.head()
print(result_DNSKEY_table)
result_DNSKEY['size'].sum()

#### DS records

In [None]:
DS = data.groupby('DS')
DS_counter = DS.size().to_frame('size')
result_DS = DS_counter.sort_values('size', ascending=False)
result_DS['percent'] = result_DS['size']/total*100
result_DS_table = result_DS.head()
print(result_DS_table)
result_DS['size'].sum()

#### KEY records

In [None]:
KEY = data.groupby('KEY')
KEY_counter = KEY.size().to_frame('size')
result_KEY = KEY_counter.sort_values('size', ascending=False)
result_KEY['percent'] = result_KEY['size']/total*100
result_KEY_table = result_KEY.head()
print(result_KEY_table)
result_KEY['size'].sum()

#### RRSIG records

In [None]:
RRSIG = data.groupby('RRSIG')
RRSIG_counter = RRSIG.size().to_frame('size')
result_RRSIG = RRSIG_counter.sort_values('size', ascending=False)
result_RRSIG['percent'] = result_RRSIG['size']/total*100
result_RRSIG_table = result_RRSIG.head()
print(result_RRSIG_table)
result_RRSIG['size'].sum()

#### MX records

In [None]:
MX = data.groupby('MX')
MX_counter = MX.size().to_frame('size')
result_MX = MX_counter.sort_values('size', ascending=False)
result_MX['percent'] = result_MX['size']/total*100
result_MX_table = result_MX
print(result_MX_table)
result_MX['size'].sum()

#### NS records

In [None]:
NS_1 = data.groupby('NS.1')
NS_1_counter = NS_1.size().to_frame('size')
result_NS_1 = NS_1_counter.sort_values('size', ascending=False)
result_NS_1['percent'] = result_NS_1['size']/total*100
result_NS_1_table = result_NS_1.head()
print(result_NS_1_table)
result_NS_1['size'].sum()

#### TXT records

In [None]:
TXT = data.groupby(['TXT'])
TXT_counter = TXT.size().to_frame('size')
result_TXT = TXT_counter.sort_values('size', ascending=False)
result_TXT['percent'] = result_TXT['size']/total*100
result_TXT_table = result_TXT
print(result_TXT_table)
result_TXT['size'].sum()

#### TXT and MX records - information on mail servers

In [None]:
TXT = data.groupby(['TXT','MX'])
TXT_counter = TXT.size().to_frame('size')
result_TXT = TXT_counter.sort_values('size', ascending=False)
result_TXT['percent'] = result_TXT['size']/total*100
result_TXT_table = result_TXT
print(result_TXT_table)
result_TXT['size'].sum()

### Lexical data

#### TLD

In [None]:
TLD = data.groupby('TLD')
TLD_counter = TLD.size().to_frame('size')
result_TLD = TLD_counter.sort_values('size', ascending=False)
result_TLD['percent'] = result_TLD['size']/total*100
result_TLD = result_TLD.reset_index()
result_TLD_table = result_TLD.tail(50)
print(result_TLD_table)
result_TLD['size'].sum()

In [None]:
def group_lower_ranking_values(column):
    rating_counts = data.groupby(column).agg('count')
    pct_value = rating_counts[lambda x: x.columns[0]].quantile(0.99)
    values_below_pct_value = rating_counts[lambda x: x.columns[0]].loc[lambda s: s < pct_value].index.values
    def fix_values(row):
        if row[column] in values_below_pct_value:
            row[column] = 'Other'
        return row 
    rating_grouped = data.apply(fix_values, axis=1).groupby(column).agg('count')
    return rating_grouped

In [None]:
rating_grouped = group_lower_ranking_values('TLD')
print(rating_grouped)

In [None]:
plt.figure(1, figsize=(20,10)) 
the_grid = GridSpec(2, 2)

plt.subplot(the_grid[0, 1], aspect=1)
type_show_ids = plt.pie(rating_grouped['Domain'], labels=rating_grouped.index, autopct='%1.1f%%', shadow=True)
plt.show()

#### Level of domains

In [None]:
domain = data.groupby('Level of domain')
domain_counter = domain.size().to_frame('size')
result_domain = domain_counter.sort_values('size', ascending=False)
result_domain['percent'] = result_domain['size']/total*100
result_domain_table = result_domain.head()
print(result_domain_table)
result_domain['size'].sum()

#### Subdomain check

In [None]:
subd = data.groupby('research.')
subd_counter = subd.size().to_frame('size')
result_subd = subd_counter.sort_values('size', ascending=False)
result_subd['percent'] = result_subd['size']/total*100
result_subd_table = result_subd.head()
print(result_subd_table)
result_subd['size'].sum()

### Rankings

#### General list

In [None]:
d = data.groupby(['ALexa daily','Alexa global','Majestic','Umbrella','TRANCO'])
d_counter = d.size().to_frame('size')
result_d = d_counter.sort_values('size', ascending=False)
result_d['percent'] = result_d['size']/total*100
result_d_table = result_d.head()
print(result_d_table)
result_d['size'].sum()

#### Alexa daily

In [None]:
al_d = data.groupby('ALexa daily')
al_d_counter = al_d.size().to_frame('size')
result_al_d = al_d_counter.sort_values('ALexa daily', ascending=True)
result_al_d['percent'] = result_al_d['size']/total*100
result_al_d_table = result_al_d.head()
print(result_al_d_table)
result_al_d['size'].sum()

#### Alexa global

In [None]:
al = data.groupby('Alexa global')
al_counter = al.size().to_frame('size')
result_al = al_counter.sort_values('Alexa global', ascending=True)
result_al['percent'] = result_al['size']/total*100
result_al_table = result_al.head()
print(result_al_table)
result_al['size'].sum()

#### Majestic

In [None]:
maj = data.groupby('Majestic')
maj_counter = maj.size().to_frame('size')
result_maj = maj_counter.sort_values('Majestic', ascending=True)
result_maj['percent'] = result_maj['size']/total*100
result_maj_table = result_maj.head()
print(result_maj_table)
result_maj['size'].sum()

#### Cisco Umbrella

In [None]:
umb = data.groupby('Umbrella')
umb_counter = umb.size().to_frame('size')
result_umb = umb_counter.sort_values('Umbrella', ascending=True)
result_umb['percent'] = result_umb['size']/total*100
result_umb_table = result_umb.head()
print(result_umb_table)
result_umb['size'].sum()

#### TRANCO

In [None]:
tr = data.groupby('TRANCO')
tr_counter = tr.size().to_frame('size')
result_tr = tr_counter.sort_values('TRANCO', ascending=True)
result_tr['percent'] = result_tr['size']/total*100
result_tr_table = result_tr.head()
print(result_tr_table)
result_tr['size'].sum()

In [None]:
some_rows = data[(data['TRANCO'] == 9912)]
some_rows.to_csv('tranco3')

### Blacklists

#### SafeBrowsing

In [None]:
sbd = data.groupby('SafeBrowsing(domain)')
sbd_counter = sbd.size().to_frame('size')
result_sbd = sbd_counter.sort_values('size', ascending=False)
result_sbd['percent'] = result_sbd['size']/total*100
result_sbd_table = result_sbd.head()
print(result_sbd_table)
result_sbd['size'].sum()

In [None]:
some_rows = data[(data['SafeBrowsing(domain)'] == "['MALWARE']")]
some_rows

In [None]:
some_rows = data[(data['SafeBrowsing(domain)'] == "['SOCIAL_ENGINEERING']")]
some_rows

In [None]:
sbs = data.groupby('SafeBrowsing(subdomain)')
sbs_counter = sbs.size().to_frame('size')
print(sbs_counter)
result_sbs = sbs_counter.sort_values('size', ascending=False)
result_sbs['percent'] = result_sbs['size']/total*100
result_sbs_table = result_sbs.head()
print(result_sbs_table)
result_sbs['size'].sum()

In [None]:
some_rows = data[(data['SafeBrowsing(subdomain)'] == "['MALWARE']")]
some_rows


In [None]:
some_rows = data[(data['SafeBrowsing(subdomain)'] == "['SOCIAL_ENGINEERING']")]
some_rows

#### VirusTotal

In [None]:
VirustotalAPI = data.groupby('VirustotalAPI')
VirustotalAPI_counter = VirustotalAPI.size().to_frame('size')
result_VirustotalAPI = VirustotalAPI_counter.sort_values('size', ascending=False)
result_VirustotalAPI['percent'] = result_VirustotalAPI['size']/total*100
result_VirustotalAPI_table = result_VirustotalAPI.head(40)
print(result_VirustotalAPI_table)
result_VirustotalAPI['size'].sum()

In [None]:
some_rows = data[(data['VirustotalAPI'] > 0)]
some_rows

### Fingerprinting

#### OS

In [None]:
OS = data.groupby('OS')
OS_counter = OS.size().to_frame('size')
result_OS = OS_counter.sort_values('size', ascending=False)
result_OS['percent'] = result_OS['size']/total*100
result_OS_table = result_OS.head()
print(result_OS_table)
result_OS['size'].sum()

#### Enrichment of data from banners

In [None]:
data['ban'] = data['Banners'].str.split('FreeBSD').str[1]
Banners = data.groupby(['ban','IP of NS','Server'])
Banners_counter = Banners.size().to_frame('size')
result_Banners = Banners_counter.sort_values('size', ascending=False)
result_Banners['percent'] = result_Banners['size']/total*100
result_Banners_table = result_Banners.head(50)
result_Banners['percent'].sum()

In [None]:
data['ban'] = data['Banners'].str.split('Windows').str[1]
Banners = data.groupby(['ban','IP of NS','Server'])
Banners_counter = Banners.size().to_frame('size')
result_Banners = Banners_counter.sort_values('size', ascending=False)
result_Banners['percent'] = result_Banners['size']/total*100
result_Banners_table = result_Banners.head(50)
result_Banners['percent'].sum()

#### DNS server

In [None]:
SERVER = data.groupby('Server')
SERVER_counter = SERVER.size().to_frame('size')
result_SERVER = SERVER_counter.sort_values('size', ascending=False)
result_SERVER['percent'] = result_SERVER['size']/total*100
result_SERVER_table = result_SERVER.head()
print(result_SERVER_table)
result_SERVER['size'].sum()

### SSL/TLS information

#### SSL/TLS

In [None]:
ssl = data.groupby(['SSL/TLS'])
ssl_counter = ssl.size().to_frame('size')
result_ssl = ssl_counter.sort_values('size', ascending=False)
result_ssl['percent'] = result_ssl['size']/total*100
result_ssl_table = result_ssl.head(100)
print(result_ssl_table)
result_ssl['size'].sum()

#### CA

In [None]:
CA = data.groupby('CA')
CA_counter = CA.size().to_frame('size')
result_CA = CA_counter.sort_values('size', ascending=False)
result_CA['percent'] = result_CA['size']/4202*100
result_CA_table = result_CA.head(20)
print(result_CA_table)
result_CA['size'].sum()

In [None]:
def group_lower_ranking_v(column):
    rating_counts = data.groupby(column).agg('count')
    pct_value = rating_counts[lambda x: x.columns[0]].quantile(0.98)
    values_below_pct_value = rating_counts[lambda x: x.columns[0]].loc[lambda s: s < pct_value].index.values
    def fix_values(row):
        if row[column] in values_below_pct_value:
            row[column] = 'Other'
        return row 
    rating_grouped = data.apply(fix_values, axis=1).groupby(column).agg('count')
    return rating_grouped

In [None]:
rating_grouped = group_lower_ranking_v('CA')
print(rating_grouped)
import matplotlib.pyplot as plt
from matplotlib.gridspec import GridSpec

plt.figure(1, figsize=(20,10)) 
the_grid = GridSpec(2, 2)

plt.subplot(the_grid[0, 1], aspect=1, title='CA')
type_show_ids = plt.pie(rating_grouped['Domain'], labels=rating_grouped.index, autopct='%1.1f%%', shadow=True)
plt.show()

### Registrar

In [None]:
REG = data.groupby('REG')
REG_counter = REG.size().to_frame('size')
result_REG = REG_counter.sort_values('size', ascending=False)
result_REG['percent'] = result_REG['size']/total*100
result_REG_table = result_REG.head()
print(result_REG_table)
result_REG['size'].sum()

### Country(WEB)/Country(NS)

In [None]:
world = gpd.read_file(gpd.datasets.get_path('naturalearth_lowres'))

#### Distribution of domains based on location of DNS servers

In [None]:
country_dns = data.groupby('Country(NS)')
country_dns_counter = country_dns.size().to_frame('size')
country = country_dns_counter.sort_values('size', ascending=False)
country = country.reset_index()
country.loc[1,'Country(NS)'] = "United States of America"
country['percent'] = country['size']/total*100
result_country_dns_table = country.head()
print(result_country_dns_table)
country['size'].sum()

In [None]:
co=country[['Country(NS)','size']]


In [None]:
world=world.merge(co,left_on='name',right_on='Country(NS)',how='outer')

In [None]:
world.plot(column='size', cmap='tab20b',figsize=(20,10),legend=True,missing_kwds={'color': 'lightgrey'})


#### Distribution of domains based on location of WEB servers

In [None]:
country_web = data.groupby('Country(WEB)')
country_web_counter = country_web.size().to_frame('size')
country_w = country_web_counter.sort_values('size', ascending=False)
country_w['percent'] = country_w['size']/total*100
country_w = country_w.reset_index()
result_country_web_table = country_w.head(100)
print(result_country_web_table)
country_w['size'].sum()
country_w.loc[9,'Country(WEB)'] = "GB"
country_w.loc[14,'Country(WEB)'] = "CH"
country_w.loc[21,'Country(WEB)'] = "AT"
country_w.loc[23,'Country(WEB)'] = "MY"

In [None]:
# add country name by applying the convert method
country_w['country'] = country_w['Country(WEB)'].apply(lambda x: coco.convert(names=x, to='name_short', not_found=None))

In [None]:
country_w.loc[1,'country'] = "United States of America"
co_w=country_w[['country','size']]


In [None]:
world = gpd.read_file(gpd.datasets.get_path('naturalearth_lowres'))


In [None]:
world=world.merge(co_w,left_on='name',right_on='country',how='outer')

In [None]:
world.plot(column='size', cmap='tab20b',figsize=(20,10),legend=True,missing_kwds={'color': 'lightgrey'})


### Metadata

In [None]:
md = data.groupby('Metadata')
md_counter = md.size().to_frame('size')
result_md = md_counter.sort_values('size', ascending=False)
result_md['percent'] = result_md['size']/total*100
result_md_table = result_md.head()
print(result_md_table)
result_md['size'].sum()

### Sublist3r

In [None]:
Sublist3r = data.groupby('Sublist3r')
Sublist3r_counter = Sublist3r.size().to_frame('size')
result_Sublist3r = Sublist3r_counter.sort_values('size', ascending=False)
result_Sublist3r['percent'] = result_Sublist3r['size']/total*100
result_Sublist3r_table = result_Sublist3r.head()
print(result_Sublist3r_table)
result_Sublist3r['size'].sum()

### TheHarvester

#### emails

In [None]:
em_h = data.groupby('theharvester-emails')
em_h_counter = em_h.size().to_frame('size')
result_em_h = em_h_counter.sort_values('size', ascending=False)
result_em_h['percent'] = result_em_h['size']/total*100
result_em_h_table = result_em_h.head()
print(result_em_h_table)
result_em_h['size'].sum()

#### hosts

In [None]:
em_h = data.groupby('theharvester-hosts')
em_h_counter = em_h.size().to_frame('size')
result_em_h = em_h_counter.sort_values('size', ascending=False)
result_em_h['percent'] = result_em_h['size']/total*100
result_em_h_table = result_em_h.head()
print(result_em_h_table)
result_em_h['size'].sum()

#### IP addresses

In [None]:
em_h = data.groupby('theharvester-ips')
em_h_counter = em_h.size().to_frame('size')
result_em_h = em_h_counter.sort_values('size', ascending=False)
result_em_h['percent'] = result_em_h['size']/total*100
result_em_h_table = result_em_h.head()
print(result_em_h_table)
result_em_h['size'].sum()

#### Employees

In [None]:
em_h = data.groupby('theharvester-people')
em_h_counter = em_h.size().to_frame('size')
result_em_h = em_h_counter.sort_values('size', ascending=False)
result_em_h['percent'] = result_em_h['size']/total*100
result_em_h_table = result_em_h.head()
print(result_em_h_table)
result_em_h['size'].sum()

### WEB technologies

#### WhatWeb

In [None]:
ww = data.groupby('WhatWeb')
ww_counter = ww.size().to_frame('size')
result_ww = ww_counter.sort_values('size', ascending=False)
result_ww['percent'] = result_ww['size']/total*100
result_ww_table = result_ww.head()
print(result_ww_table)
result_ww['size'].sum()

#### Wappalazer

In [None]:
data['ww'] = data['Wappalazer'].str.split('Apache').str[1]
ww = data.groupby('ww')
ww_counter = ww.size().to_frame('size')
result_ww = ww_counter.sort_values('size', ascending=False)
result_ww['percent'] = result_ww['size']/7000*100
result_ww_table = result_ww.head()
print(result_ww_table)
result_ww['percent'].sum()