PTEnrich

Enriches the given IP address or domain with metadata, malware, or osint.

Script Data


NameDescription
Script Typejavascript
Tagspassive-total, server, threat-intel

Dependencies


This script uses the following commands and scripts.

  • pt-osint
  • pt-malware
  • pt-enrichment
  • pt-get-subdomains
  • pt-ssl-cert
  • pt-whois
  • pt-passive-dns

Inputs


Argument NameDescription
queryThe IP address or domain to enrich.

Outputs


PathDescriptionType
subdomainsThe list of subdomains as strings.Unknown
Domain.NameThe name of the queries domain.Unknown
Domain.DNS.AddressThe resolved address of the domain.Unknown
passivetotal.whois.emailThe contact email for the queried domain.Unknown
passivetotal.resolvesThe various resolves from the passive DNS collection.Unknown
IP.AddressThe bad IP addresses found during enrichment.Unknown
IP.Malicious.VendorThe vendor that made the decision that the IP addresses are malicious.Unknown
IP.Malicious.DescriptionThe reason that the vendor decided that the IP addresses were malicious.Unknown
Domain.NameThe bad domains found during the enrichment.Unknown
Domain.Malicious.VendorThe vendor that made the decision that the domains are malicious.Unknown
Domain.Malicious.DescriptionThe reason that the vendor decided that the domains were malicious.Unknown
File.MD5The bad MD5 hash of teh file.Unknown
File.SHA1The bad SHA1 hash of the file.Unknown
File.SHA256The bad SHA256 hash of the file.Unknown
File.Malicious.VendorThe vendor that made the decision that the files are malicious.Unknown
File.Malicious.DescriptionThe bad SHA256 hash of the file.Unknown
DBotScore.IndicatorThe indicator that was tested.Unknown
DBotScore.TypeThe type of the indicator.Unknown
DBotScore.VendorThe vendor used to calculate the score.Unknown
DBotScore.ScoreThe actual score.Unknown