add CIRCL passive DNS db

bootstrapcryptomining · Dec 8, 2018 · 01d947e · 01d947e
1 parent 020d967
commit 01d947e
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -39,6 +39,7 @@ bitly               Request bit.ly information through the API
 cache               Requests webpage cache from different sources
 censys              Request information from Censys database (https://censys.io/)
 certspotter         Get certificates from https://sslmate.com/certspotter
+circl               Request the CIRCL passive DNS database
 config              Configure Harpoon
 crtsh               Search in https://crt.sh/ (Certificate Transparency database)
 cybercure           Check if intelligence on an IP exists in cybercure.ai
@@ -80,6 +81,7 @@ You can get information on each command with `harpoon help COMMAND`
 * [bit.ly](https://bitly.com/a/sign_up)
 * [Censys](https://censys.io/register)
 * [CertSpotter](https://sslmate.com/certspotter/pricing) : paid plans provide search in expired certificates (little interests imho, just use crtsh or censys). You don't need an account for actual certificates
+* [CIRCL Passive DNS](https://www.circl.lu/services/passive-dns/)
 * [FullContact](https://dashboard.fullcontact.com/register)
 * [Hunter](https://hunter.io/users/sign_up)
 * [Hybrid Analysis](https://www.hybrid-analysis.com/apikeys/info)

diff --git a/harpoon/commands/circl.py b/harpoon/commands/circl.py
@@ -0,0 +1,32 @@
+#! /usr/bin/env python
+import pypdns
+from harpoon.commands.base import Command
+from harpoon.lib.utils import json_serial, unbracket
+import json
+
+
+class CommandCircl(Command):
+    """
+    # Circl plugin
+
+    **Query CIRCL passive DNS database (https://www.circl.lu/services/passive-dns/)**
+
+    * Search for a domain : `harpoon circl DOMAIN`
+    """
+    name = "circl"
+    description = "Request the CIRCL passive DNS database"
+    config = {'Circl': ['user', 'pass']}
+
+    def add_arguments(self, parser):
+        parser.add_argument('DOMAIN', help='Domain')
+        self.parser = parser
+
+    def run(self, conf, args, plugins):
+        x = pypdns.PyPDNS(
+                basic_auth=(
+                    conf['Circl']['user'],
+                    conf['Circl']['pass']
+                )
+        )
+        res = x.query(unbracket(args.DOMAIN))
+        print(json.dumps(res, sort_keys=True, indent=4, separators=(',', ': '), default=json_serial))
diff --git a/harpoon/commands/domain.py b/harpoon/commands/domain.py
@@ -12,6 +12,7 @@
 import glob
 import shutil
 import pyasn
+import pypdns
 from IPy import IP
 from dateutil.parser import parse
 from harpoon.commands.base import Command
@@ -117,6 +118,24 @@ def run(self, conf, args, plugins):
                                     "ip": "",
                                     "source": "OTX"
                                 })
+                # CIRCL
+                circl_e = plugins['circl'].test_config(conf)
+                if circl_e:
+                    print('[+] Downloading CIRCL passive DNS information....')
+                    x = pypdns.PyPDNS(
+                        basic_auth=(
+                            conf['Circl']['user'],
+                            conf['Circl']['pass']
+                        )
+                    )
+                    res = x.query(unbracket(args.DOMAIN))
+                    for answer in res:
+                        passive_dns.append({
+                            "ip": answer['rdata'],
+                            "first": answer['time_first'],
+                            "last": answer['time_last'],
+                            "source" : "CIRCL"
+                        })
                 # RobTex
                 print('[+] Downloading Robtex information....')
                 rob = Robtex()

diff --git a/harpoon/commands/misp.py b/harpoon/commands/misp.py
@@ -4,6 +4,7 @@
 from harpoon.commands.base import Command
 from mispy import MispServer, MispEvent
 
+
 class CommandMisp(Command):
     """
     # MISP

diff --git a/harpoon/data/example.conf b/harpoon/data/example.conf
@@ -4,6 +4,10 @@ token:
 [Googl]
 token:
 
+[Circl]
+user:
+pass:
+
 [Twitter]
 consumer_key:
 consumer_secret:

diff --git a/requirements.txt b/requirements.txt
@@ -28,3 +28,4 @@ dnspython
 archiveis
 click==6.7
 consolemd==0.4.4
+pypdns==1.3
diff --git a/setup.py b/setup.py
@@ -45,7 +45,8 @@
         'pythreatgrid',
         'consolemd',
         'pypermacc',
-        'archiveis'
+        'archiveis',
+        'pypdns'
         ],
 
     python_requires='>=3.5',
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,7 @@ @@
     from harpoon.commands.base import Command
     from mispy import MispServer, MispEvent
     class CommandMisp(Command):
         """
         # MISP
@@ Expand Down @@