wtfis v0.8 releases: Passive host and domain name lookup tool for non-robots

wtfis

Passive host and domain name lookup tool for non-robots

WTF is it?

wtfis is a commandline tool that gathers information about a domain or FQDN using various OSINT services. Unlike other tools of its kind, it’s built specifically for human consumption, providing results that are pretty (YMMV) and easy to read and understand.

This tool assumes that you are using free tier/community level accounts, and so make as few API calls as possible to minimize hitting quotas and rate limits.

The project name is a play on “whois”.

Data Sources

Virustotal

The primary source of information. Retrieves:

• Hostname (FQDN) or domain
  • Latest analysis stats with vendor detail
  • Reputation score (based on VT community votes)
  • Popularity ranks (Alexa, Cisco Umbrella, etc.)
  • Last DNS record update date
  • Date DNS record was last retrieved by VT
• Resolutions
  • Last n IP addresses (default: 3, max: 10)
  • Latest analysis stats of each IP above
• Whois
  • Fallback only: if Passivetotal creds are not available
  • Various whois data about the domain itself

Passivetotal (RiskIQ)

Optionally used if creds are provided. Retrieves:

• Whois
  • Various whois data about the domain itself

Passivetotal is recommended over Virustotal for whois data for a couple of reasons:

• VT whois data format is less consistent
• PT whois data tends to be of better quality than VT. Also, VT’s registrant data is apparently anonymized.
• You can save one VT API call by offloading to PT

IPWhois

IP address enrichments for VT resolutions. For each IP, retrieves the ASN, Org, ISP, and Geolocation.

Shodan.1

Alternative IP address enrichment source. GETs data from the /shodan/host/{ip} endpoint (see doc). For each IP, retrieves:

• ASN, Org, ISP, and Geolocation
• Operating system (if available)
• List of open ports and detected services
• Tags (assigned by Shodan)

Changelog v0.8

New features

• URLhaus support by @pirxthepilot in #67

Tweaks

• Refactor client inheritance by @pirxthepilot in #63
• Reusable failopen exception handler decorator by @pirxthepilot in #64

Install & Use

Copyright (c) 2022 pirxthepilot