new node types

2025-09-17 22:09:39 +02:00
parent ecfb27e02a
commit 284660ab8c
6 changed files with 66 additions and 39 deletions
--- a/core/graph_manager.py
+++ b/core/graph_manager.py
@@ -18,7 +18,8 @@ class NodeType(Enum):
    """Enumeration of supported node types."""
    DOMAIN = "domain"
    IP = "ip"
-    ASN = "asn"
+    ISP = "isp"
+    CA = "ca"
    LARGE_ENTITY = "large_entity"
    CORRELATION_OBJECT = "correlation_object"

--- a/core/scanner.py
+++ b/core/scanner.py
@@ -546,7 +546,7 @@ class Scanner:
            self._update_provider_state(target, provider_name, 'failed', 0, str(e), start_time)
            return None

-    def _process_provider_result_unified(self, target: str, provider: BaseProvider, 
+    def _process_provider_result_unified(self, target: str, provider: BaseProvider,
                                       provider_result: ProviderResult, current_depth: int) -> Tuple[Set[str], bool]:
        """
        Process a unified ProviderResult object to update the graph.
@@ -573,11 +573,9 @@ class Scanner:
            if self.graph.graph.has_node(node_id):
                if _is_valid_ip(node_id):
                    node_type = NodeType.IP
-                elif node_id.startswith('AS') and node_id[2:].isdigit():
-                    node_type = NodeType.ASN
                else:
                    node_type = NodeType.DOMAIN
-                
+
                self.graph.add_node(node_id, node_type, attributes=node_attributes_list)

        if provider_result.get_relationship_count() > self.config.large_entity_threshold:
@@ -590,27 +588,30 @@ class Scanner:

            source_node = relationship.source_node
            target_node = relationship.target_node
-            
+
            source_type = NodeType.IP if _is_valid_ip(source_node) else NodeType.DOMAIN
-            if target_node.startswith('AS') and target_node[2:].isdigit():
-                target_type = NodeType.ASN
+            
+            if provider_name == 'shodan' and relationship.relationship_type == 'ip_to_isp':
+                target_type = NodeType.ISP
+            elif provider_name == 'crtsh' and relationship.relationship_type == 'issued_by':
+                target_type = NodeType.CA
            elif _is_valid_ip(target_node):
                target_type = NodeType.IP
            else:
                target_type = NodeType.DOMAIN
-            
+
            self.graph.add_node(source_node, source_type)
            self.graph.add_node(target_node, target_type)
-            
+
            if self.graph.add_edge(
-                source_node, target_node, 
-                relationship.relationship_type, 
-                relationship.confidence, 
-                provider_name, 
+                source_node, target_node,
+                relationship.relationship_type,
+                relationship.confidence,
+                provider_name,
                relationship.raw_data
            ):
                pass
-            
+
            if _is_valid_domain(target_node) or _is_valid_ip(target_node):
                discovered_targets.add(target_node)