msticpy.context.domain_utils module

Functions to support investigation of a domain or url.

Includes functions to conduct common investigation steps when dealing with a domain or url, such as getting a screenshot or validating the TLD.

class msticpy.context.domain_utils.DomainValidator

Bases: object

Assess a domain’s validity.

in_abuse_list(url_domain: str) tuple[bool, Certificate | None]

Validate if a domain or URL’s SSL cert the abuse.ch SSL Abuse List.

Parameters:

url_domain (str) – The url or domain to validate.

Returns:

True if valid in the list, False if not. Certificate - the certificate loaded from the domain.

Return type:

Tuple[bool, Optional[Certificate]]

static is_resolvable(url_domain: str) bool

Validate if a domain or URL be be resolved to an IP address.

Parameters:

url_domain (str) – The url or domain to validate.

Returns:

True if valid resolvable, False if not.

Return type:

result

property ssl_abuse_list: DataFrame

Return the class SSL Blacklist.

Returns:

SSL Blacklist

Return type:

pd.DataFrame

static validate_tld(url_domain: str) bool

Validate if a domain’s TLD is valid.

Parameters:

url_domain (str) – The url or domain to validate.

Returns:

True if valid public TLD, False if not.

Return type:

result

msticpy.context.domain_utils.dns_components(domain: str) dict

Return components of domain as dict.

Parameters:

domain (str) – The domain to extract.

Returns:

Returns subdomain and TLD components from a domain.

Return type:

dict

msticpy.context.domain_utils.dns_resolve(url_domain: str, rec_type: str = 'A') dict[str, Any]

Validate if a domain or URL be be resolved to an IP address.

Parameters:
  • url_domain (str) – The url or domain to validate.

  • rec_type (str) – The DNS record type to query, by default “A”

Returns:

Resolver result as dictionary.

Return type:

Dict[str, Any]

msticpy.context.domain_utils.dns_resolve_df(url_domain: str, rec_type: str = 'A') DataFrame

Validate if a domain or URL be be resolved to an IP address.

Parameters:
  • url_domain (str) – The url or domain to validate.

  • rec_type (str) – The DNS record type to query, by default “A”

Returns:

Resolver result as dataframe with individual resolution results as separate rows.

Return type:

pd.DataFrame

msticpy.context.domain_utils.ip_rev_resolve(ip_address: str) dict[str, Any]

Reverse lookup for IP Address.

Parameters:

ip_address (str) – The IP address to query.

Returns:

Resolver result as dictionary.

Return type:

Dict[str, Any]

msticpy.context.domain_utils.ip_rev_resolve_df(ip_address: str) DataFrame

Reverse lookup for IP Address.

Parameters:

ip_address (str) – The IP address to query.

Returns:

Resolver result as dataframe with individual resolution results as separate rows.

Return type:

pd.DataFrame

msticpy.context.domain_utils.screenshot(url: str, api_key: str | None = None, *, sleep: float = 0.05, max_progress: int = 100) httpx.Response

Get a screenshot of a url with Browshot.

Parameters:
  • url (str) – The url a screenshot is wanted for.

  • api_key (str (optional)) – Browshot API key. If not set msticpyconfig checked for this.

  • sleep (int (optional)) – Time to sleep between calls. Defaults to 0.05 seconds

  • max_progress (int (optional)) – Set the maximum value for the progress bar. Defaults to 100.

Returns:

image_data – The final screenshot request response data.

Return type:

httpx.Response

msticpy.context.domain_utils.url_components(url: str) dict[str, str]

Return parsed Url components as dict.