import requests import json from datetime import datetime def query_domain_analysis(api_key, domain, output_file): """ 查询域名分析数据并保存为TXT文件 :param apikey: API密钥 :param domain: 需要查询的域名 :param output_file: 输出的TXT文件路径 """ url = "https://api.threatbook.cn/v3/domain/query" params = { "apikey": api_key, "resource": domain } try: print(f"正在查询域名: {domain}") response = requests.get(url, params=params) result = response.json() if result.get("response_code") == 0: data= result.get("data", {}).get(f"{domain}", {}) print(data) else: print(f"查询失败,域名: {domain}, 错误消息: {result.get('verbose_msg')}") return except Exception as e: print(f"查询失败,域名: {domain}, 错误: {e}") return with open(output_file, "w", encoding="utf-8") as f: f.write(f"域名分析结果 - {domain}\n") f.write(f"查询时间: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}\n") f.write("-" * 50 + "\n\n") # 基本信息 f.write("基本信息:\n") f.write(f"域名: {domain}\n") f.write(f"威胁类型: {",".join(data.get("judgments", []))}\n") # 威胁类型 # 标签信息 tags_classes = data.get("tags_classes", []) if tags_classes: f.write("威胁标签:") tags_info = "; ".join( [", ".join(tag.get("tags", [])) if isinstance(tag.get("tags", []), list) else str(tag.get("tags", "")) for tag in tags_classes] # 标签信息 ) f.write(f"{tags_info}\n") # 相关IP cur_ips = data.get('cur_ips', []) if cur_ips: f.write("关联IP:\n") for item in cur_ips: f.write(f"- {item.get("ip","")},{item.get("carrier","")},{item.get("location","").get("country","")}\n") # 相关样本 samples = data.get('samples', []) if samples: f.write("相关文件样本:\n") for item in samples: f.write(f"- {item.get("sha256","")},{item.get("ratio","")},{item.get("malware_type","")},{item.get("malware_family","")}\n") if __name__ == "__main__": api_key = "******" # 替换为实际的API Key domain = "fget-career.com" #请输入要查询的域名 output_file = f"./domain_analysis_{domain}_{datetime.now().strftime("%Y%m%d_%H%M%S")}.txt" query_domain_analysis(api_key, domain,output_file) print(f"查询完成,结果已保存到文件: {output_file}")