![from email import header import requests
from requests.auth import HTTPBasicAuth
import json
import base64
def search(search, API_KEY, userName, log):
open_instances = []
usrPass = userName + ‘:’ + API_KEY
encoded_u
base64.b64encode(usrPass.encode()).decode()
url “https://api.riskiq.net/pt/v2/ssl-certificate/history?”
try:
page_number = 0
headers =
‘Content-Type’: ‘application/json’,
‘API-Key’: API_KEY,
‘Authorization’: “Basic %s” % encoded_u,
‘field’: ‘sha1’,
‘order’: ‘desc’,
‘page’: str(page_number),
‘sort’: ‘firstSeen’
response = requests.request(“GET”, url+"&query="+search, headers-headers) response_json
response.json()
for result in response_json[‘results’][0][‘ipAddresses’]:
open_instance
dict()
log.debug(“Found matching 0".format(result)))
open_instance [‘ip’] = result
if ‘port’ in result:
else:
open_instance[‘port’] = result[‘port’]
open_instance[‘port’] = ’’
except Exception as e:
log.info(“RiskIQ Serial History error: ’.format(e))
return open_instances](https://mls1xkcuhd9v.i.optimole.com/w:360/h:240/q:mauto/rt:fill/g:ce/f:best/https://i0.wp.com/owasp.or.id/wp-content/uploads/2023/11/Hunting-for-Cobalt-Strike-Mining-and-plotting-for-fun-and.png?resize=360%2C240&ssl=1)
News
Hunting for Cobalt Strike: Mining and plotting for fun and profit | MSRC Blog
Hunting for Cobalt Strike: Mining and plotting for fun and profit | MSRC Blog Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this Read more…