forked from e-shrdlu/rowdyhax-2024
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.py
97 lines (77 loc) · 2.95 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
import functions_framework
import socket
import requests
import ssl
from datetime import date, datetime
from bs4 import BeautifulSoup
from ipwhois import IPWhois
from urllib.parse import urlparse
from markupsafe import escape
from flask import jsonify
@functions_framework.http
def hello_http(request):
"""
RaptorWatch Sandbox Cloud Function
Detects newly created domain names, lack of integrity on SSL certificates, and typical HTML smuggling attempts
"""
request_json = request.get_json(silent=True)
request_args = request.args
# Stats
susScore = 0
if request_json and "url" in request_json:
url = request_json["url"]
elif request_args and "url" in request_args:
url = request_args["url"]
else:
return "Error: URL parameter is missing."
try:
domain_name = urlparse(url).path
ip_address = socket.gethostbyname(domain_name)
ip_info = IPWhois(ip_address).lookup_whois()
registration_date = get_registration_date(domain_name)
# Detection: Was the domain registered less than a year ago?
newdomDetect = isNewDomain(registration_date)
if (newdomDetect):
print("Domain was registered less than a year ago")
# Detection: Self-signed certificate
sslDetect = isSSL(domain_name)
if (sslDetect):
selfsignedDetect = isSelfSigned(domain_name)
print(selfsignedDetect)
dns_info = {
'ip_address': ip_address,
'newdomDetect': newdomDetect,
'registration_date': registration_date
}
result = jsonify(dns_info), 200
return result
except Exception as e:
return f"Error performing DNS lookup for {escape(url)}: {str(e)}"
def get_registration_date(domain):
"""Retrieve the registration date of the domain."""
url = f"https://who.is/whois/{domain}"
response = requests.get(url)
soup = BeautifulSoup(response.content, 'html.parser')
registration_date_tag = soup.find('div', class_='col-md-4 queryResponseBodyKey', text='Registered On')
if registration_date_tag:
registration_date = registration_date_tag.find_next_sibling('div', class_='col-md-8 queryResponseBodyValue').text.strip()
return registration_date
else:
raise Exception('Registration date not found')
def isNewDomain(regDate):
domDate = datetime.strptime(regDate, '%Y-%m-%d').date()
today = date.today()
difference = today - domDate
return difference.days <= 365
def isSSL(domain):
context = ssl.create_default_context()
try:
with socket.create_connection((domain, 443)) as sock:
with context.wrap_socket(sock, server_hostname=domain) as ssock:
return True
except (ssl.SSLCertVerificationError, ConnectionRefusedError):
return False
def isSelfSigned(domain):
fullUrl = "https://" + domain
response = requests.get(fullUrl, verify=True)
return response.ok