[Python] My SOC Tool v2.0 - Powered by Selenium

Welcome to SuperPB SOC Tool
Author: pippo9 Sep 2018

Usage: python3 superpb9.py [-i IPv4] [-d Domain] [-s ET Signature]
-i Call IP Reputation Checker.
-d Call Domain Reputation Checker.
-s Search ET Signature online.

Program Entrance Option 1: ‘superpb9.py’

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#!/usr/bin/env python3.7

import multiprocessing
import os, platform, re
import sys, getopt, subprocess
from multiprocessing import Process, freeze_support
from selenium import webdriver

# Windows 10 Environment
# pythonEXE="/mnt/c/Users/superpb9/AppData/Local/Programs/Python/Python37/python.exe"

PLATFORM = platform.system()
PYTHON_EXEC_FORMAT = ""

WIN_PROJECT_PATH = "C:\\Users\\XXXXX\\iCloudDrive\\Documents\\myProject\\mysoc\\"
LINUX_PROJECT_PATH = "/user/XXXXX/mysoc/"
MAC_PROJECT_PATH = "/Users/XXXXX/mysoc_clone"

ip_regex = "^(?:(?:1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])\.)(?:(?:1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.){2}(?:1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)$"
domain_regex = "^(?!:\/\/)([a-zA-Z0-9-_]+\.)*[a-zA-Z0-9][a-zA-Z0-9-_]+\.[a-zA-Z]{2,11}?$"
sid_regex="^[0-9]+$"

def banner():
print("#######################################\n"
"----- Welcome to SuperPB SOC Tool -----\n"
"------ Author: pippo9 Sep 2018 ------\n"
"#######################################")
print("[+] INFO: Current Platform is " + PLATFORM)

def usage():
# cwd = os.getcwd()
# filePath = os.path.dirname(__file__)
# filePathName = os.path.abspath(__file__)
fileName = os.path.basename(__file__)
print("Usage: " + fileName + " [-i IPv4] [-d Domain] [-s ET Signature]")
print("The script acts as a single entrance for all soc tools, developed by superpb9.")
print(" -i Call IP Reputation Checker.")
print(" -d Call Domain Reputation Checker.")
print(" -s Search ET Signature online.") # http://docs.emergingthreats.net/bin/view/Main/2001978
exit()


def myGetOpt(myFilePath):
try:
# Call banner() function
banner()
if "Windows" in PLATFORM:
PYTHON_EXEC_FORMAT = "python.exe"
# For "Linux" or "Darwin"
else:
PYTHON_EXEC_FORMAT = "python3"

# Check argument
opts, args = getopt.getopt(sys.argv[1:], '-i:-d:-s:', ['IPv4=', 'Domain=', 'Signature='])
# If user input an invalid argument, program will exit after calling usage()
if len(opts) == 0:
print("[-] ERROR: An invalid argument detected")
usage()
exit()

for opt_name, opt_value in opts:
#######################
# IP Reputation Check #
#######################
if opt_name in ('-i', '--IPv4'):
def run_proc1():
# print("[*] Current Child process ---- %s (%s)..." % (name, os.getpid()))
ip = opt_value
re_ip = re.compile(ip_regex)
if re_ip.match(ip):
print('[+] IP Regex successfully matches! Now checking ' + ip)
# Call ipReputation.py from ipReputation
myFilePath1 = myFilePath + "ipReputation"
owd = os.getcwd()
os.chdir(myFilePath1)
subprocess.call([PYTHON_EXEC_FORMAT, 'ipReputation.py', ip])
'''
p = subprocess.Popen(['python.exe', 'ipReputation.py', ip], stdout=subprocess.PIPE)
for line in iter(p.stdout.readline, b''):
print (line.strip())
p.stdout.close()
p.kill()
'''
print("[+] IP Whois Result")
subprocess.call([PYTHON_EXEC_FORMAT, 'ipWhois.py', ip])
# Change the Path back to SYSTEM Default
os.chdir(owd)
else:
print('[-] WARNING: Please type a valid IPv4 address.')
exit()
# ************************* #
# Parent Process Running Block
# print('[*] Current Parent process ---- %s.' % os.getpid())
# Call the Child Process Running Block above
p = Process(target=run_proc1)
#p = Process(target=run_proc(), args=('test1',))
p.start()
# Note: We don't want to wait for Parent Process; Otherwise, please use p.join()
# p.join()

###########################
# Domain Reputation Check #
###########################
elif opt_name in ('-d', '--Domain'):
# ************************* #
# Child Process Running Block
# Use Child Process to do Domain Reputation Check
def run_proc2():
# print("[*] Current Child process ---- %s (%s)..." % (name, os.getpid()))
domain = opt_value
re_domain = re.compile(domain_regex)
if re_domain.match(domain):
print('[+] Domain Regex successfully matches! Now checking ' + domain)
# Call domainReputation.py from domainReputation
myFilePath2 = myFilePath + "domainReputation"
owd = os.getcwd()
os.chdir(myFilePath2)
subprocess.call([PYTHON_EXEC_FORMAT, 'domainReputation.py', domain])
# Change the Path back to SYSTEM Default
os.chdir(owd)
else:
print('[-] WARNING: Please type a valid Domain.')
exit()
# ************************* #
# Parent Process Running Block
# print('[*] Current Parent process ---- %s.' % os.getpid())
# Call the Child Process Running Block above
freeze_support()
p = Process(target=run_proc2)
#p = Process(target=run_proc, args=('test2',))
p.start()
# Note: We don't want to wait for Parent Process; Otherwise, please use p.join()
# p.join()


#############################
# ET(Snort) Signature Check #
#############################
elif opt_name in ('-s', '--Signature'):
# ************************* #
# Use Child Process to do ET(Snort) Check
def run_proc3():
# print("[*] Current Child process ---- %s (%s)..." % (name, os.getpid()))
signature = opt_value
re_signature = re.compile(sid_regex)
if re_signature.match(signature):
print("[+] Signature Regex successfully matches! Now checking " + signature)
# Call sidSearchET.py from signatureSearch
myFilePath3 = myFilePath + "signatureSearch"
owd = os.getcwd()
os.chdir(myFilePath3)
subprocess.call([PYTHON_EXEC_FORMAT, 'sidSearchET.py', signature])
# Change the Path back to SYSTEM Default
os.chdir(owd)
else:
print('[-] WARNING: Please type a valid signature.')
exit()
# ************************* #
# Parent Process Running Block
# print('[*] Current Parent process ---- %s.' % os.getpid())
# Call the Child Process Running Block above
p = Process(target=run_proc3)
#p = Process(target=run_proc, args=('test3',))
p.start()
# Note: We don't want to wait for Parent Process; Otherwise, please use p.join()
# p.join()

except getopt.GetoptError as g:
print('[-] ERROR: ' + str(g) + '\n')


if __name__ == "__main__":
try:
# Get the myFilePath in different OS ...
myFilePath = ''
if "Windows" in PLATFORM:
myFilePath = WIN_PROJECT_PATH
elif "Linux" in PLATFORM:
myFilePath = LINUX_PROJECT_PATH
elif "Mac" in PLATFORM:
myFilePath = MAC_PROJECT_PATH

# Call getopt
myGetOpt(myFilePath)

except IndexError:
print("[-] ERROR: List index out of range")

Program Entrance Option 2: ‘superpb9.sh’

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/bin/bash

# Windows 10 Environment
# pythonEXE="/mnt/c/Users/XXXXX/AppData/Local/Programs/Python/Python37/python.exe"
PROJECT_PATH="/mnt/c/Users/XXXXX/iCloudDrive/Documents/myProject/mysoc/"

# Mac OSX Environment
# PROJECT_PATH="/Users/XXXXX/mysoc_clone"

# Define a usage() function
usage (){
echo "Usage: ${0} [-i IPv4][-d Domain][-s ET Signature]" >&2
echo "The script acts as a single entrance for all soc tools, developed by superpb9." >&2
echo " -i Call IP Reputation Checker." >&2
echo " -d Call Domain Reputation Checker." >&2
echo " -s Search ET Signature online." >&2 # http://docs.emergingthreats.net/bin/view/Main/2001978
exit 1
}

# Allow user to specify the following options. Any other option will cause the script to display a usage statement
while getopts i:d:s: OPTION
do
case ${OPTION} in
i) IP_REP_CHECK='true' IP_RECEIVED="${OPTARG}" ;;
d) DOMAIN_REP_CHECK='true' DOMAIN_RECEIVED="${OPTARG}" ;;
s) ET_SIGNATURE_CHECK='true' ET_RECEIVED="${OPTARG}" ;;
?) usage ;;
esac
done

# Ingore all the optional arguments and remove the options while leaving the remaining arguments.
# OPTIND is set to the index of the first non-option argument, and name is set to ?
# e.g. OPTIND will become '7' after [./superpb9.sh -i 8.8.8.8 -d www.google.com -s 200012]
shift "$(( OPTIND - 1 ))"

if [[ "${IP_REP_CHECK}" = true ]]
then
echo "[+] Now calling 'ipReputation.py' to check ${IP_RECEIVED} ..."
# Note: Python will do the IPv4 Validation
CMDLINE_STR="python3 -u ${PROJECT_PATH}/ipReputation/ipReputation.py ${IP_RECEIVED}"
OUTPUT=$(eval "$CMDLINE_STR")
echo "${OUTPUT}"
echo ""
fi

if [[ "${DOMAIN_REP_CHECK}" = true ]]
then
echo "[+] Now calling 'domainReputation.py' to check ${DOMAIN_RECEIVED}"
# Note: Python will do the Domain Validation
CMDLINE_STR="python3 ${PROJECT_PATH}/domainReputation/domainReputation.py ${DOMAIN_RECEIVED}"
OUTPUT=$(eval "$CMDLINE_STR")
echo "${OUTPUT}"
echo ""
fi

# ET Signature Format check using regex
# echo "[+] You've asked to check ET Signature: ${ET_RECEIVED}"
# echo ''

Module - domainReputation.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
import platform
import sys,re,os,time
import subprocess
import shlex

import selenium
from selenium import webdriver
from pyvirtualdisplay import Display
from selenium.common.exceptions import WebDriverException
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
from selenium.webdriver.remote.command import Command

# Domain Validation with Regex
# ^(?!:\/\/)
# ([a-zA-Z0-9-_]+\.)*
# [a-zA-Z0-9][a-zA-Z0-9-_]+\.
# [a-zA-Z]{2,11}?$
from selenium.webdriver.common.keys import Keys

domain_regex="^(?!:\/\/)([a-zA-Z0-9-_]+\.)*[a-zA-Z0-9][a-zA-Z0-9-_]+\.[a-zA-Z]{2,11}?$"
SYSTEM_PLATFORM = platform.system()

def browserStatusCheck(myBrowser):
for i in range(180):
try:
# It will return 'True' is Web Browser remains opened ..
myBrowser.title
time.sleep(0.5)
except WebDriverException as w:
print(w)
break


def seleniumDomainReputation(domain):

try:
URL1='https://www.virustotal.com/#/home/search'
URL2='https://www.talosintelligence.com/reputation_center/lookup?search=' + domain

if "Windows" in SYSTEM_PLATFORM:
myBrowser = webdriver.Chrome('C:\Windows\System32\chromedriver.exe')
elif "Darwin" in SYSTEM_PLATFORM:
myBrowser = webdriver.Chrome('/usr/local/bin/chromedriver')
elif "Linux" in SYSTEM_PLATFORM:
myBrowser = webdriver.Chrome('/usr//bin/chromedriver')

# # ******* Tab 1: VirusTotal *******
myBrowser.get(URL1);
time.sleep(4)
searchElem = myBrowser.find_element_by_css_selector('div.iron-selected > vt-omnibar:nth-child(2) > div:nth-child(1) > span:nth-child(1) > input:nth-child(1)')
searchElem.send_keys(domain)
# searchElem.submit()
time.sleep(3)
clickElem = myBrowser.find_element_by_css_selector('div.iron-selected > vt-omnibar:nth-child(2) > div:nth-child(1) > span:nth-child(1) > paper-icon-button:nth-child(3) > iron-icon:nth-child(1)')
clickElem.click()

# ******* Tab 2: Cisco Talos *******
myScript = 'window.open("' + URL2 + '");'
myBrowser.execute_script(myScript)

browserStatusCheck(myBrowser)
myBrowser.quit()

except selenium.common.exceptions.NoSuchElementException:
print("[-] ERROR: Unable to locate element. Please re-try...")
except selenium.common.exceptions.NoSuchWindowException:
print("[-] WARNING: Target window already closed...")


if __name__ == '__main__':
try:
re_domain = re.compile(domain_regex)
if re_domain.match(sys.argv[1]):
# ****** Step 1: Call Linux DIG ******
# For Linux & Mac Platform
print("***************************************\n"
"*** Domain Reputation Checking ***\n"
"**** Powered by DIG|Selenium ****\n"
"***************************************")

if "Windows" not in SYSTEM_PLATFORM:
print("[+] Linux DIG Answer Section")
# os.system('dig %s @8.8.8.8 +noall +answer | grep -Ev \'\^\$\' | grep -Ev "^; <<>>" | grep -Ev ";; global"' %(sys.argv[1]))
process = os.popen('dig %s @8.8.8.8 ANY +noall +answer'
'| grep -Ev "^;"'
'| grep -Ev ";;"'
'| grep -Ev \'^$\''
'| sort -k4'
% (sys.argv[1]))
lines = process.readlines()
for line in lines:
# Exclusive an empty line using strip()
line = line.strip()
if line:
print(line)
process.close()
else:
# For Windows Platform
print("[+] Windows DIG Answer Section")
process = os.popen('"C:\\Program Files\\dig\\bin\\dig" %s @8.8.8.8 ANY +noall +answer'
'| findstr /v "^;"'
'| findstr /v ";;"'
'| findstr /v \'^$\''
'| sort /+4'
% (sys.argv[1]))
lines = process.readlines()
for line in lines:
# Exclusive an empty line using strip()
line = line.strip()
if line:
print(line)
process.close()

# ****** Step 2: Call Selenium ******
print("[+] Please check your web browser\n")
seleniumDomainReputation(sys.argv[1])
else:
print('[-] WARNING: Please type a valid Domain.')
except IndexError:
print("[-] ERROR: List index out of range")

Module - ipReputation.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
import sys,re,json

import dns.resolver
from bs4 import BeautifulSoup

import requests
from requests.auth import HTTPBasicAuth

import pandas as pd
from pandas import Series, DataFrame

# IPv4 Validation with Regex
# ^((1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])\.)
# ((1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.){2}
# (1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)$
# ip_regex="^((1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])\.)((1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.){2}(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)$"
ip_regex="^(?:(?:1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])\.)(?:(?:1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.){2}(?:1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)$"


def ipvoidChecker(ip):

url = "http://www.ipvoid.com/ip-blacklist-check/"
headers = {"Content-Type": "application/x-www-form-urlencoded",
"Referer":"http://www.ipvoid.com/ip-blacklist-check/",}
payload = {'ip':ip}
# Note: Using 'data' instead of 'params'
r = requests.post(url, headers=headers, data=payload)
returnData = r.content
soup = BeautifulSoup(returnData, "lxml")

#mySoup = soup.find('div', {'class': 'responsive'})
tables = soup.find_all(class_="table table-striped table-bordered")

column1 = []
column2 = []
printResult = ''

if tables !=[]:
rows = tables[0].findAll('tr')
i = 0
for tr in rows:
i+=1
cols = tr.findAll('td')
column1.append(cols[0].text)
column2.append(cols[1].text.
replace(" Find Sites | IP Whois","").
replace(" Google Map",""))
#Get the Blacklist Status
if i == 3:
printResult = cols[1].text
# Panda Series
column1 = Series(column1)
column2 = Series(column2)

# Concatenate into a DataFrame
legislative_df = pd.concat([column1, column2], axis=1)

# Set up the columns
legislative_df.columns = ['ITEM', 'DATA']

# Show the finished DataFrame
#print ('[.] IPVoid Result: ')
#print (legislative_df,'\n\n')
return printResult

def sansChecker(IPOrDomain):
# HTTP Query
url = "https://isc.sans.edu/api/ip/" + IPOrDomain

# If the input value is a domain
re_ip = re.compile('^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$')
if not re_ip.match(IPOrDomain):
#Try to resolve the domain first
aRecord = []
my_resolver = dns.resolver.Resolver()
my_resolver.nameservers = ['8.8.8.8']
for rdata in my_resolver.query(IPOrDomain, "A"):
aRecord.append(rdata.address)
# Only use the 1st A record
url = "https://isc.sans.edu/api/ip/" + aRecord[0]

# Our actual checking begins from here
printResult = []
myResult = requests.get(url)
c = myResult.content
soup = BeautifulSoup(c, "lxml")
mySoup = soup.find('error')
# #print ('[.] SANS Result:')

# If the input IP has a correct format
if mySoup is None:
c = myResult.content
soup = BeautifulSoup(c, "lxml")
try:
reportedTimes = soup.find('count')
if reportedTimes.text != '':
#print ('Report Times ' + reportedTimes.text)
printResult.append('Report Times ' + reportedTimes.text)
else:
#print ('Report Times 0')
printResult.append("Report Times 0")
except Exception:
#print ('Report Times 0')
printResult.append("Report Times 0")

try:
targets = soup.find('attacks')
if targets.text != '':
#print ('Total Targets ' + targets.text)
printResult.append('Total Targets ' + targets.text)
else:
#print ('Total Targets 0')
printResult.append('Total Targets 0')
except Exception:
#print ('Total Targets 0')
printResult.append('Total Targets 0')

try:
firstReported = soup.find('mindate')
if firstReported.text != '':
#print ('First Reported ' + firstReported.text)
printResult.append('First Reported ' + firstReported.text)
else:
#print ('First Reported 0')
printResult.append('First Reported 0')
except Exception:
#print ('First Reported 0')
printResult.append('First Reported 0')

try:
latestReported = soup.find('updated')
if latestReported.text != '':
#print ('Recent Report ' + latestReported.text)
printResult.append('Recent Report ' + latestReported.text)
else:
#print ('Recent Report 0')
printResult.append('Recent Report 0')
except Exception:
#print ('Recent Report 0')
printResult.append('Recent Report 0')

#print ("\n")

# Elif the input IP is wrong
elif mySoup.text == 'bad IP address':
#print ('We expected a valid IP address.')
exit()

return printResult

def abuseipdbChecker(url):

# e.g. url = "https://www.abuseipdb.com/check/220.191.211.7"
# url = "https://www.abuseipdb.com/check/baidu.com"
# HTTP Query
myResult = requests.get(url)
printResult = ''
#print ("[.] AbuseIPDB Result:")

# if the input value is invalid, such as 'baidu.comx', 'x.x.x.x.x', etc.
# Invalid Input: '422 Unprocessable Entity'
if myResult.status_code == 422:
#print ('Error: 422 Unprocessable Entity (e.g. http://www.com)')
#print ("We expected a valid IP address or Domain name.")
exit()
else:
# If domain resolved to an IP
if url != myResult.url:
print ("Your request has been resolved to ") + myResult.url
c = myResult.content
soup = BeautifulSoup(c, "lxml")

# Part 1: Locate the reporting times that we want
# reportTimes = soup.find_all(class_="well")
mySoup = soup.find('div', {'class': 'col-md-6'})

# Http Response code is still 200 but we got a message:
# 'We can't resolve the domain www.comz! Please try your query again.'
if mySoup is None:
print ('We expected a valid IP address or Domain name.')
else:
# Get the first 'p' tag in <div class="well">
# You can only put 'find_all' after 'find'
pTag = mySoup.find('p')
reportTimes = pTag.find('b')

# Print reporting times
try:
if reportTimes.string == "Important Note:":
#print ("Note: You probably input a private IP. Please check again ...")
exit()
else:
#print ("Reported" + reportTimes.string + " times")
printResult = 'Reported ' + reportTimes.string + ' times'
# if result equals 'None'
except Exception:
reportTimes = 0
#print ('Reported ' + str(reportTimes) + ' times')
printResult = 'Reported ' + str(reportTimes) + ' times'
#print ('')

# Part 2: Locate the table that we want
tables = soup.find_all(class_="table table-striped responsive-table")

if tables != []:
# Use BeautifulSoup to find the table entries with a For Loop
rawData = []

# Looking for every row in a table
# table[0] is just the format for BeautifulSoup
rows = tables[0].findAll('tr')

for tr in rows:
cols = tr.findAll('td')
for td in cols:
# data-title = "Reporter"
text = cols[0].text
rawData.append(text)
# data-title = "Date"
text = cols[1].text
rawData.append(text)
'''
# data-title = "Comment" (Ingnored)
text = cols[2].text
rawData.append(text)
'''
# data-title = "Categories"
text = cols[3].text + '\n'
rawData.append(text)

# Modify rawData
reporter = []
date = []
category = []

itemNum = len(rawData)
index = 0

# For 'reporter'
index1 = 0
# For 'date'
index2 = 1
# For 'category'
index3 = 2

for index in range(0, itemNum - 1):
# Make sure this loop will not exceed the limit
if index1 <= itemNum - 3:
# Reporter
reporter.append(rawData[index1].replace('\n', ''))
index1 += 3

# Date
date.append(rawData[index2].replace('\n', ''))
index2 += 3

# Category
category.append(rawData[index3].replace('\n\n', ' | ').replace('\n', ' | '))
index3 += 3

# Global Index
index += 1

# Panda Series
reporter = Series(reporter)
date = Series(date)
category = Series(category)

# Concatenate into a DataFrame
pd.set_option('display.width', 5000)
legislative_df = pd.concat([date, reporter, category], axis=1)

# Set up the columns
legislative_df.columns = ['Date', 'Reporter', 'Category']

# Delete the dups and reset index (and drop the old index)
legislative_df = legislative_df.drop_duplicates().reset_index(drop=True)

# Show the finished DataFrame
#Using IPython instead ($ sudo pip install ipython)
#print legislative_df,
#display(legislative_df)

#print ('')

return printResult

def myXForceChecker(url):

# User: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
# Password: XXXXX-7238-4ad7-bc09-XXXXXXXXXX

# Auth first
#print ('')
#print ('[.] IBM X-Force Result:')

printResult = []
# e.g. url = "https://exchange.xforce.ibmcloud.com/ip//114.200.4.207"
# IP Report
myResult1 = requests.get(url, auth=HTTPBasicAuth('XXXXX-XXXXX-XXXXX-XXXXX-XXXXX',
'XXXXX-7238-4ad7-bc09-XXXXXXXXXX'))
c1 = myResult1.content
myJson1 = json.loads(c1)

# >>>>>>>>>>> IP/Domain Report Check <<<<<<<<<<<<<
# ...........
'''
# indent = 2
# json.dumps() change data to python dictionary
# sortedData = json.dumps(myJson1, sort_keys=True, indent=2)
# print sortedData
'''

#----------These three keys are for IP checker----------
# [Print] Geo information
if "geo" in myJson1:
for key, value in myJson1["geo"].items():
geo = "Country" + ": " + str(value)
#print (geo)
printResult.append(geo)
# Only print country
# (Ingore country code)
break
# [Print] Overrall Risk Score
if "score" in myJson1:
if myJson1["score"] == 1:
#print ("Risk Score: " + str(myJson1["score"]) + " (low)")
printResult.append("Risk Score: " + str(myJson1["score"]) + " (low)")
else:
#print ("Risk Score: " + str(myJson1["score"]))
printResult.append("Risk Score: " + str(myJson1["score"]))
# [Print] Categorization:
if "cats" in myJson1:
if myJson1["cats"]:
for key, value in myJson1["cats"].items():
cat = str(key) + " (" + str(value) + "%)"
#print ("Categorization: " + cat)
printResult.append("Categorization: " + cat)
else:
#print ("Categorization: Unsuspicious")
printResult.append("Categorization: Unsuspicious")


# ----------These keys are for Domain checker----------
if "result" in myJson1:
myJsonResult = myJson1["result"]
if myJsonResult["score"] == 1:
#print ("Risk Score: " + str(myJsonResult["score"]) + " (low)")
printResult.append("Risk Score: " + str(myJsonResult["score"]) + " (low)")
else:
#print ("Risk Score: " + str(myJsonResult["score"]))
printResult.append("Risk Score: " + str(myJsonResult["score"]))

if myJsonResult["categoryDescriptions"]:
for key, value in myJsonResult["categoryDescriptions"].items():
cat = "<" + str(key).replace(" / ", "|") + ">: " + str(value)
#print (cat)
printResult.append(cat)

return printResult

def ipReputationChecker():

# Call ipvoid.py
myIPvoidPrint1 = ipvoidChecker(sys.argv[1])
# Call sans.py
mySansPrint2 = sansChecker(sys.argv[1])
# Call abuseipdb.py
myAbuseIPDBPrint3 = abuseipdbChecker("https://www.abuseipdb.com/check/" + sys.argv[1])
# Call xforceIBM.py
myXForcePrint4 = myXForceChecker("https://api.xforce.ibmcloud.com/ipr/" + sys.argv[1])

message = "****************************************\n" +\
"**** IP Reputation Checking ****\n" +\
"**** [IPVoid|SANS|AbuseIPDB|xForce] ****\n" +\
"****************************************\n"
message = message + \
"[+] IP Reputation Result" + '\n' +\
"IPVoid Result: " + myIPvoidPrint1 + '\n' +\
"SANS Result: " + ' | '.join(mySansPrint2) + '\n' +\
"AbuseIPDB Result: " + myAbuseIPDBPrint3 + '\n' +\
"XForce Result: " + ' | '.join(myXForcePrint4)
print(message)

def main():
try:
re_ip = re.compile(ip_regex)
if re_ip.match(sys.argv[1]):
# print('[+] IP Regex successful matches ...')
ipReputationChecker()
else:
print('[-] WARNING: Please type a valid IPv4 address.')
except IndexError:
print("[-] ERROR: List index out of range")


if __name__ == '__main__':
main()

Module - ipwhois.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
import sys
from ipwhois import IPWhois
from pprint import pprint


def ipWhois():
# Call backup_myIPwhois.py
# myIPwhois.IPWhoisChecker("https://www.abuseipdb.com/whois/" + sys.argv[1])

# IPWhois (pip3 install ipwhois == 0.10.3)
ipwhoisInfo = IPWhois(sys.argv[1])
ipwhoisResults = ipwhoisInfo.lookup_rws()
pprint(ipwhoisResults)

def main():
ipWhois()

if __name__ == '__main__':
main()

Module - sidSearchET.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
import sys,re,platform

import selenium,time
from selenium import webdriver
from selenium.webdriver.remote.command import Command
from selenium.common.exceptions import WebDriverException

sid_regex="^[0-9]+$"

def browserStatusCheck(myBrowser):
for i in range(180):
try:
# It will return 'True' is Web Browser remains opened ..
myBrowser.title
time.sleep(0.5)
except WebDriverException as w:
print(w)
break


def seleniumSignatureSearch():

sid = sys.argv[1]
URL = "http://docs.emergingthreats.net/bin/view/Main/WebSearch?search=" + sid + "&scope=all"

systemPlatform = platform.system()
if "Windows" in systemPlatform:
myBrowser = webdriver.Chrome('C:\Windows\System32\chromedriver.exe')
elif "Darwin" in systemPlatform:
myBrowser = webdriver.Chrome('/usr/local/bin/chromedriver')
elif "Linux" in systemPlatform:
myBrowser = webdriver.Chrome('/usr//bin/chromedriver')

myBrowser.get(URL);
browserStatusCheck(myBrowser)
myBrowser.quit()

if __name__ == '__main__':
try:
re_signature = re.compile(sid_regex)
if re_signature.match(sys.argv[1]):
# Call ET(Snort) Web Searcher
print("\n"
"***************************************\n"
"**** ET (Snort) Signature Checking ****\n"
"**** Powered by Selenium ****\n"
"***************************************\n"
"[+] Please check your web browser ...\n")
seleniumSignatureSearch()
else:
print('[-] WARNING: Please type a valid Signature.')
except IndexError:
print("[-] ERROR: List index out of range")