msticpy.context.domain_utils module

Functions to support investigation of a domain or url.

Includes functions to conduct common investigation steps when dealing with a domain or url, such as getting a screenshot or validating the TLD.

class msticpy.context.domain_utils.DomainValidator

Bases: object

Assess a domain’s validity.

in_abuse_list(url_domain: str) → Tuple[bool, Optional[Certificate]]

Validate if a domain or URL’s SSL cert the abuse.ch SSL Abuse List.

Parameters: url_domain (str) – The url or domain to validate.
Returns: True if valid in the list, False if not. Certificate - the certificate loaded from the domain.
Return type: Tuple[bool, Optional[Certificate]]

static is_resolvable(url_domain: str) → bool

Validate if a domain or URL be be resolved to an IP address.

property ssl_abuse_list: DataFrame

Return the class SSL Blacklist.

static validate_tld(url_domain: str) → bool

Validate if a domain’s TLD is valid.

msticpy.context.domain_utils.dns_components(domain: str) → dict

Return components of domain as dict.

msticpy.context.domain_utils.dns_resolve(url_domain: str, rec_type: str = 'A') → Dict[str, Any]

Validate if a domain or URL be be resolved to an IP address.

Parameters

Returns

Resolver result as dictionary.

Return type

Dict[str, Any]

msticpy.context.domain_utils.ip_rev_resolve(ip_address: str) → Dict[str, Any]

Reverse lookup for IP Address.

msticpy.context.domain_utils.screenshot(url: str, api_key: Optional[str] = None) → Response

Get a screenshot of a url with Browshot.

Parameters

url (str) – The url a screenshot is wanted for.
api_key (str (optional)) – Browshot API key. If not set msticpyconfig checked for this.

Returns

image_data – The final screenshot request response data.

Return type

httpx.Response

msticpy.context.domain_utils.url_components(url: str) → Dict[str, str]: Return parsed Url components as dict.