DNS Results

Passive DNS results come in two primary flavors, full results and unique results. Each class makes use of a respective wrapper class for each record to make working with content easy. Additionally, once loaded into the result wrapper, you can easily get data out in a number of formats.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
from passivetotal.libs.dns import DnsRequest
from passivetotal.libs.dns import DnsResponse

client = DnsRequest.from_config()
raw_results = client.get_passive_dns(
    query="www.passivetotal.org",
    sources="riskiq"
)

loaded = DnsResponse(raw_results)
print loaded.table

DnsResponse

class passivetotal.libs.dns.DnsResponse(*args, **kwargs)

Bases: passivetotal.response.Response

Result object to ease interaction with data.

csv

Output data as CSV.

Returns:String of formatted data
get_days_until_now()

Get the amount of days from last seen until today.

Returns:Nunber of days until now
get_observed_days()

Get the amount of days observed for the query period.

Returns:Nunber of observed days
get_records()

Get the DNS records.

get_source_variety()

Get the contribution count for each source for the results.

Returns:Dict of sources and their counts based on data
stix

Output data as STIX.

STIX is highly subjective and difficult to format without getting more data from the user. Passive DNS results are formtted into a STIX watchlist with descriptions and other details about the record.

Returns:STIX formatted watchlist
table

Output data as table.

Returns:Table of formatted data
text

Output data as text.

Returns:String of formatted data

DnsRecord

class passivetotal.libs.dns.DnsRecord(record)

Bases: object

Provide some basic helpers for the DNS records.

get_days_until_now()

Get the amount of days from last seen until today.

Returns:Nunber of days until now
get_observed_days()

Get the amount of days observed for the record period.

Returns:Number of days observed
get_source_count()

Get the number of sources used to create the record.

Returns:Number of sources used for the record
classmethod process(inferred, record)

Process results and return a loaded instance.

Parameters:
  • inferred (object) – Instance of the class itself
  • record (dict) – Record to use for loading
Returns:

Instance of the loaded class

DnsUniqueResponse

class passivetotal.libs.dns.DnsUniqueResponse(*args, **kwargs)

Bases: passivetotal.response.Response

Result object to ease interaction with data.

csv

Output data as CSV.

Returns:String of formatted data
get_records()

Get a list of unique resolution records.

stix

Output data as STIX.

STIX is highly subjective and difficult to format without getting more data from the user. Passive DNS results are formtted into a STIX watchlist with descriptions and other details about the record.

Returns:STIX formatted watchlist
table

Output data as table.

Returns:Table of formatted data
text

Output data as text.

Data shown in the text output is not full-featured and contains only content deemed to be most useful to the end-user. For full data output, use JSON or XML outputs.

Returns:String of formatted data

UniqueDnsRecord

class passivetotal.libs.dns.UniqueDnsRecord(record)

Bases: object

Provide some basic helpers for the DNS unique records.

classmethod process(inferred, record)

Process results and return a loaded instance.

Parameters:
  • inferred (object) – Instance of the class itself
  • record (dict) – Record to use for loading
Returns:

Instance of the loaded class