OSINT-with-LLM/recon/domain_recon.py

import requests
import whois
import shodan
import ssl
import socket
import datetime

##########################
#whois
##########################
def get_whois(domain):
    try:
        w = whois.whois(domain)
        return w.text
    except Exception as e:
        return f"Error: {e}"
    
##########################
#shodan
##########################
def search_shodan(domain):
    api = shodan.Shodan("your-api-key")
    try:
        results = api.search(domain)
        summary = ""
        for result in results['matches'][:5]:
            summary += f"IP: {result['ip_str']} | Port: {result['port']} | Org: {result.get('org')}\n"
        return summary
    except:
        return "nothing found in shodan"

##########################
#virustotal
##########################  
def check_domain_virustotal(domain):
    url = f"https://www.virustotal.com/api/v3/domains/{domain}"
    headers = {"x-apikey": "your-api-key"}
    r = requests.get(url, headers=headers)

    if r.status_code != 200:
        return {"error": r.text}

    data = r.json()

    stats = data.get("data", {}).get("attributes", {}).get("last_analysis_stats", {})

    malicious = stats.get("malicious", 0)
    suspicious = stats.get("suspicious", 0)

    if malicious > 0 or suspicious > 0:
        status ="domain is malicious"
    else:
        status = "domain is clean" 
    return status

##########################
#ssl_check
##########################      
def check_ssl(domain):
    try:
        ctx = ssl.create_default_context()
        with socket.create_connection((domain, 443), timeout=5) as sock:
            with ctx.wrap_socket(sock, server_hostname=domain) as ssock:
                cert = ssock.getpeercert()

        # Convertir la date d'expiration en datetime timezone-aware UTC
        exp_date = datetime.datetime.strptime(cert['notAfter'], "%b %d %H:%M:%S %Y %Z")
        # Assurer que exp_date est en UTC
        exp_date = exp_date.replace(tzinfo=datetime.timezone.utc)

        # Comparer avec l'heure actuelle UTC
        now = datetime.datetime.now(datetime.timezone.utc)
        days_left = (exp_date - now).days

        return {
            "status": "ok",
            "issuer": dict(x[0] for x in cert["issuer"]),
            "subject": dict(x[0] for x in cert["subject"]),
            "expire_date": cert["notAfter"],
            "days_left": days_left
        }

    except:
        return