msticpy.context.domain_utils module
Functions to support investigation of a domain or url.
Includes functions to conduct common investigation steps when dealing with a domain or url, such as getting a screenshot or validating the TLD.
- class msticpy.context.domain_utils.DomainValidator
Bases:
object
Assess a domain’s validity.
- in_abuse_list(url_domain: str) tuple[bool, Certificate | None]
Validate if a domain or URL’s SSL cert the abuse.ch SSL Abuse List.
- Parameters:
url_domain (str) – The url or domain to validate.
- Returns:
True if valid in the list, False if not. Certificate - the certificate loaded from the domain.
- Return type:
Tuple[bool, Optional[Certificate]]
- static is_resolvable(url_domain: str) bool
Validate if a domain or URL be be resolved to an IP address.
- Parameters:
url_domain (str) – The url or domain to validate.
- Returns:
True if valid resolvable, False if not.
- Return type:
result
- property ssl_abuse_list: DataFrame
Return the class SSL Blacklist.
- Returns:
SSL Blacklist
- Return type:
pd.DataFrame
- static validate_tld(url_domain: str) bool
Validate if a domain’s TLD is valid.
- Parameters:
url_domain (str) – The url or domain to validate.
- Returns:
True if valid public TLD, False if not.
- Return type:
result
- msticpy.context.domain_utils.dns_components(domain: str) dict
Return components of domain as dict.
- Parameters:
domain (str) – The domain to extract.
- Returns:
Returns subdomain and TLD components from a domain.
- Return type:
dict
- msticpy.context.domain_utils.dns_resolve(url_domain: str, rec_type: str = 'A') dict[str, Any]
Validate if a domain or URL be be resolved to an IP address.
- Parameters:
url_domain (str) – The url or domain to validate.
rec_type (str) – The DNS record type to query, by default “A”
- Returns:
Resolver result as dictionary.
- Return type:
Dict[str, Any]
- msticpy.context.domain_utils.dns_resolve_df(url_domain: str, rec_type: str = 'A') DataFrame
Validate if a domain or URL be be resolved to an IP address.
- Parameters:
url_domain (str) – The url or domain to validate.
rec_type (str) – The DNS record type to query, by default “A”
- Returns:
Resolver result as dataframe with individual resolution results as separate rows.
- Return type:
pd.DataFrame
- msticpy.context.domain_utils.ip_rev_resolve(ip_address: str) dict[str, Any]
Reverse lookup for IP Address.
- Parameters:
ip_address (str) – The IP address to query.
- Returns:
Resolver result as dictionary.
- Return type:
Dict[str, Any]
- msticpy.context.domain_utils.ip_rev_resolve_df(ip_address: str) DataFrame
Reverse lookup for IP Address.
- Parameters:
ip_address (str) – The IP address to query.
- Returns:
Resolver result as dataframe with individual resolution results as separate rows.
- Return type:
pd.DataFrame
- msticpy.context.domain_utils.screenshot(url: str, api_key: str | None = None, *, sleep: float = 0.05, max_progress: int = 100) httpx.Response
Get a screenshot of a url with Browshot.
- Parameters:
url (str) – The url a screenshot is wanted for.
api_key (str (optional)) – Browshot API key. If not set msticpyconfig checked for this.
sleep (int (optional)) – Time to sleep between calls. Defaults to 0.05 seconds
max_progress (int (optional)) – Set the maximum value for the progress bar. Defaults to 100.
- Returns:
image_data – The final screenshot request response data.
- Return type:
httpx.Response
- msticpy.context.domain_utils.url_components(url: str) dict[str, str]
Return parsed Url components as dict.