arbor-atlas 0.1.0 → 0.1.1

data/README.rdoc

@@ -1,6 +1,86 @@
 = arbor-atlas
 
-Description goes here.
+The arbor-atlas gem provides a very thin wrapper around Arbor Atlas' web interface, https://atlas.arbor.net/.
+
+== Installation
+
+sudo gem install arbor-atlas
+
+== Usage
+
+	require 'rubygems'
+	require 'arbor-atlas'
+	username = "your atlas username"
+	password = "your atlas password"
+	arbor = Arbor::Atlas.new(username, password)
+	ip_rec = arbor.lookup("1.2.3.4")
+	net_rec = arbor.lookup("1.2.3.0/24")
+	asn_rec = arbor.lookup("AS701")
+	cc_rec = arbor.lookup("US")
+	cve_rec = arbor.lookup("CVE-2006-4139")
+
+# all the records are simply hashes like the following
+
+	pp ip_rec # =>
+	{"report"=>
+	  {"title"=>"ATLAS Host Report: Global 1.2.3.4",
+	   "scans"=>
+	    {"sources"=>
+	      {"country"=>
+	        {"entity"=>{"name"=>"Other", "percent"=>"0.0%", "bytes_avg"=>"0"}},
+	       "asn"=>
+	        {"entity"=>{"name"=>"Other", "percent"=>"0.0%", "bytes_avg"=>"0"}},
+	       "host"=>
+	        {"entity"=>{"name"=>"Other", "percent"=>"0.0%", "bytes_avg"=>"0"}}},
+	     "services"=>
+	      {"service"=>
+	        {"entity"=>{"name"=>"Other", "percent"=>"0.0%", "bytes_avg"=>"0"}}}},
+	   "background"=>
+	    {"country"=>"AU",
+	     "asn"=>nil,
+	     "blacklist"=>
+	      {"dnsbl"=>
+	        [{"server"=>"dnsbl.ahbl.org", "status"=>"OK"},
+	         {"server"=>"bl.spamcop.net", "status"=>"OK"},
+	         {"server"=>"dnsbl.njabl.org", "status"=>"OK"},
+	         {"server"=>"sbl-xbl.spamhaus.org", "status"=>"OK"},
+	         {"server"=>"multi.surbl.org", "status"=>"OK"},
+	         {"server"=>"dnsbl.sorbs.net", "status"=>"OK"},
+	         {"server"=>"virbl.dnsbl.bit.nl", "status"=>"OK"},
+	         {"server"=>"dnsbl.dronebl.org", "status"=>"OK"}]}},
+	   "attacks"=>
+	    {"attack_changes"=>
+	      {"attacks"=>"0.00",
+	       "change"=>{"absolute"=>"0.0", "percent"=>"0.0"},
+	       "cve"=>nil,
+	       "description"=>"Other"},
+	     "sources"=>
+	      {"country"=>
+	        {"entity"=>
+	          {"name"=>"Other", "percent"=>"0.0%", "attacks_avg"=>"0.00"}},
+	       "asn"=>
+	        {"entity"=>
+	          {"name"=>"Other", "percent"=>"0.0%", "attacks_avg"=>"0.00"}},
+	       "host"=>
+	        {"entity"=>
+	          {"name"=>"Other", "percent"=>"0.0%", "attacks_avg"=>"0.00"}}}},
+	   "servers"=>
+	    {"phishing"=>
+	      {"brands"=>nil,
+	       "servers"=>
+	        {"country"=>
+	          {"entity"=>{"name"=>"Other", "urls"=>"0", "percent"=>"0.0%"}},
+	         "asn"=>{"entity"=>{"name"=>"Other", "urls"=>"0", "percent"=>"0.0%"}},
+	         "host"=>
+	          {"entity"=>{"name"=>"Other", "urls"=>"0", "percent"=>"0.0%"}}}},
+	     "botnets"=>
+	      {"country"=>
+	        {"entity"=>{"name"=>"Other", "controllers"=>"0", "percent"=>"0.0%"}},
+	       "asn"=>
+	        {"entity"=>{"name"=>"Other", "controllers"=>"0", "percent"=>"0.0%"}},
+	       "host"=>
+	        {"entity"=>
+	          {"name"=>"Other", "controllers"=>"0", "percent"=>"0.0%"}}}}}}
 
 == Contributing to arbor-atlas
  

data/VERSION

@@ -1 +1 @@
-0.1.0
+0.1.1

data/arbor-atlas.gemspec

@@ -0,0 +1,72 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{arbor-atlas}
+  s.version = "0.1.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Chris Lee"]
+  s.cert_chain = ["/Users/chris/Documents/projects/rubygems/arbor-atlas/../gem-public_cert.pem"]
+  s.date = %q{2011-05-07}
+  s.description = %q{https://atlas.arbor.net}
+  s.email = %q{rubygems@chrislee.dhs.org}
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "arbor-atlas.gemspec",
+    "lib/arbor-atlas.rb",
+    "lib/arbor-atlas/arbor-atlas.rb",
+    "test/helper.rb",
+    "test/test_arbor-atlas.rb"
+  ]
+  s.homepage = %q{http://github.com/chrislee35/arbor-atlas}
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.7.2}
+  s.signing_key = %q{/Users/chris/Documents/projects/rubygems/arbor-atlas/../gem-private_key.pem}
+  s.summary = %q{A very thin wrapper around Arbor Atlas' web interface}
+  s.test_files = [
+    "test/helper.rb",
+    "test/test_arbor-atlas.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<crack>, [">= 0.1.8"])
+      s.add_development_dependency(%q<shoulda>, [">= 0"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
+      s.add_runtime_dependency(%q<crack>, [">= 0.1.8"])
+    else
+      s.add_dependency(%q<crack>, [">= 0.1.8"])
+      s.add_dependency(%q<shoulda>, [">= 0"])
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_dependency(%q<rcov>, [">= 0"])
+      s.add_dependency(%q<crack>, [">= 0.1.8"])
+    end
+  else
+    s.add_dependency(%q<crack>, [">= 0.1.8"])
+    s.add_dependency(%q<shoulda>, [">= 0"])
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+    s.add_dependency(%q<rcov>, [">= 0"])
+    s.add_dependency(%q<crack>, [">= 0.1.8"])
+  end
+end
+

data/lib/arbor-atlas/arbor-atlas.rb

@@ -80,6 +80,11 @@ module Arbor
 			lookup_ip(cidr)
 		end
 		
+		def lookup_service(port)
+			doc = _get("service/#{port.downcase}",{'out'=>'xml'})
+			Crack::XML.parse(doc)
+		end
+		
 		def lookup(item)
 			if item =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2})?$/
 				lookup_ip(item)
@@ -89,6 +94,8 @@ module Arbor
 				lookup_cve(item)
 			elsif item =~ /^\w{2}$/i
 				lookup_cc(item)
+			elsif item =~ /^(UDP|TCP)\/\d{1,5}$/i
+				lookup_service(item)
 			else
 				raise ArgumentError, "unknown query type for item: #{item}"
 			end

data/test/test_arbor-atlas.rb

@@ -20,7 +20,7 @@ class TestArborAtlas < Test::Unit::TestCase
 		assert_not_nil(ipinfo['report']['attacks'])
 		assert_not_nil(ipinfo['report']['servers'])
 	end
-	
+
 	should "return network report on 1.2.3.0/24" do
 		raise "You must set ARBORUSER and ARBORPASS in your environment before running tests" unless ENV['ARBORUSER'] and ENV['ARBORPASS']
 		a = Arbor::Atlas.new(ENV['ARBORUSER'], ENV['ARBORPASS'])
@@ -40,7 +40,7 @@ class TestArborAtlas < Test::Unit::TestCase
 		assert_not_nil(ipinfo['report']['attacks'])
 		assert_not_nil(ipinfo['report']['servers'])
 	end
-	
+
 	should "return network as report for AS701" do
 		raise "You must set ARBORUSER and ARBORPASS in your environment before running tests" unless ENV['ARBORUSER'] and ENV['ARBORPASS']
 		a = Arbor::Atlas.new(ENV['ARBORUSER'], ENV['ARBORPASS'])
@@ -59,7 +59,7 @@ class TestArborAtlas < Test::Unit::TestCase
 		assert_not_nil(ipinfo['report']['servers'])
 		assert_not_nil(ipinfo['report']['dos_attacks'])
 	end
-	
+
 	should "return vulnerability report for CVE-2006-4139" do
 		raise "You must set ARBORUSER and ARBORPASS in your environment before running tests" unless ENV['ARBORUSER'] and ENV['ARBORPASS']
 		a = Arbor::Atlas.new(ENV['ARBORUSER'], ENV['ARBORPASS'])
@@ -75,8 +75,8 @@ class TestArborAtlas < Test::Unit::TestCase
 		assert_equal("Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.", ipinfo['report']['background']['description'])
 		assert_not_nil(ipinfo['report']['attacks'])
 	end
-	
-	should "return country report report for US" do
+
+	should "return country report for US" do
 		raise "You must set ARBORUSER and ARBORPASS in your environment before running tests" unless ENV['ARBORUSER'] and ENV['ARBORPASS']
 		a = Arbor::Atlas.new(ENV['ARBORUSER'], ENV['ARBORPASS'])
 		assert_not_nil(a.cookie)
@@ -89,7 +89,21 @@ class TestArborAtlas < Test::Unit::TestCase
 		assert_not_nil(ipinfo['report']['dos_attacks'])
 		assert_not_nil(ipinfo['report']['servers'])
 	end
-	
+
+	should "return service report for tcp/445" do
+		raise "You must set ARBORUSER and ARBORPASS in your environment before running tests" unless ENV['ARBORUSER'] and ENV['ARBORPASS']
+		a = Arbor::Atlas.new(ENV['ARBORUSER'], ENV['ARBORPASS'])
+		assert_not_nil(a.cookie)
+		ipinfo = a.lookup("tcp/445")
+		assert_not_nil(ipinfo['report'])
+		assert_not_nil(ipinfo['report']['title'])
+		assert_equal("ATLAS Service Report: Global TCP/445 (microsoft-ds)", ipinfo['report']['title'])
+		assert_not_nil(ipinfo['report']['scans'])
+		assert_not_nil(ipinfo['report']['background'])
+		assert_not_nil(ipinfo['report']['attacks'])
+		assert_not_nil(ipinfo['report']['vulnerabilities'])
+	end
+
 	should "raise exception on unknown query type" do
 		raise "You must set ARBORUSER and ARBORPASS in your environment before running tests" unless ENV['ARBORUSER'] and ENV['ARBORPASS']
 		a = Arbor::Atlas.new(ENV['ARBORUSER'], ENV['ARBORPASS'])

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: arbor-atlas
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 25
   prerelease: 
   segments: 
   - 0
   - 1
-  - 0
-  version: 0.1.0
+  - 1
+  version: 0.1.1
 platform: ruby
 authors: 
 - Chris Lee
@@ -148,6 +148,7 @@ files:
 - README.rdoc
 - Rakefile
 - VERSION
+- arbor-atlas.gemspec
 - lib/arbor-atlas.rb
 - lib/arbor-atlas/arbor-atlas.rb
 - test/helper.rb