/
security_trails_historical_whois.rb
61 lines (50 loc) · 1.55 KB
/
security_trails_historical_whois.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
module Intrigue
module Task
class SecurityTrailsHistoricalWhois < BaseTask
def self.metadata
{
:name => "security_trails_historical_whois",
:pretty_name => "Security Trails Historical WHOIS",
:authors => ["jcran"],
:description => "This task hits the Security Trails API and grabs historical WHOIS data.",
:references => [],
:type => "discovery",
:passive => true,
:allowed_types => ["EmailAddress"],
:example_entities => [{"type" => "EmailAddress", "details" => {"name" => "spam@intrigue.io"}}],
:allowed_options => [],
:created_types => ["DnsRecord"]
}
end
def run
super
# Make sure the key is set
api_key = _get_task_config "security_trails_api_key"
entity_name = _get_entity_name
uri = "https://api.securitytrails.com/v1/search/list"
payload = {
"filter": {
"whois_email": "#{entity_name}"
}
}
# get the data
begin
resp = http_request :post, uri, nil, {
"APIKEY" => api_key,
"Content-Type" => "application/json" }, payload.to_json
if resp.code == "200"
json = JSON.parse(resp.body)
_log "Got #{json["records"].count} records!"
json["records"].each do |x|
_create_entity "DnsRecord", "name" => "#{x["hostname"]}", "security_trails_data" => x
end
else
_log_error "Got invalid response: #{resp.code}\n#{resp.body}"
end
rescue JSON::ParserError => e
_log_error "Unable to get a properly formatted response"
end
end # end run()
end
end
end