dronebl.rb 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 90452b68385bacb07b71362b95b43f9529c52a00
+  data.tar.gz: c6c7ac736b865e46054effce79866393a7174280
+SHA512:
+  metadata.gz: cac7d9db9af50b35875a0a596d33e53c4b6c66d82ed3dd09a3cc0b08c02eb3486b7551cc27422e5d081734f92575b79725fa7d793a73a66ed800ff3951d1ad88
+  data.tar.gz: afc184cfb563ca52072ae0f87285abd8d1b4344206940966acb47acf13025ec08843594dcba74c813e027608f7930df8b30371cb105fb1a0632dc700558f3f35

data/bin/dronebl-add

@@ -0,0 +1,106 @@
+#!/usr/bin/env ruby
+# copyright Rylee Fowler 2014
+# see LICENSE for more details
+require 'dronebl-client'
+require 'resolv'
+require 'optparse'
+class Options
+  attr_reader :read_from_stdin, :key_str, :key_file, :type, :comment, :dry_run,
+    :use_key_file, :no_check
+  attr_accessor :ips
+  def initialize
+    @key_file = File.expand_path "~/.droneblkey"
+    @ips = []
+    @opt_parser = OptionParser.new do |opts|
+      opts.banner = "Usage: #{$0} [options]"
+      opts.separator ""
+      opts.separator "Options available:"
+      opts.on('-I', '--ips [ip1,ip2,ip3,...]', Array, 'Read in IPs.') do |list|
+        @ips += list
+      end
+      opts.on('-s', '--stdin', 'Read a newline-delimited list of IPs from STDIN') do
+        @read_from_stdin = true
+      end
+      opts.on('-k', '--key KEY', String, 'Use KEY as your DroneBL RPC2 key') do |key|
+        @key_str = key
+      end
+      opts.on('-f', '--keyfile [FILE_PATH]', 'Read the file at FILE_PATH and use it as the RPC key') do |path|
+        @use_key_file = true
+        @key_file = path
+      end
+      opts.on('-t', '--type TYPE', String, 'Mark submissions as TYPE. Valid types can be seen with the "-T" option.') do |type|
+        @type = type
+      end
+      opts.on('-T', '--show-types', 'Show all valid types for IP submission') do
+        puts DroneBL::TYPES.map { |k, v| "#{k} : #{v}"}.join("\n")
+        exit
+      end
+      opts.on('-c', '--comment [COMMENT]', String, 'Attach the given comment to the listings.') do |comment|
+        @comment = comment
+        opts.on('-u', '--use-key-file', 'Use the default key file located at ~/.droneblkey') do
+          @use_key_file = true
+        end
+        opts.on('-d', '--dry-run', 'Prints the query to be run to STDOUT instead of sending it as a query to the DroneBL RPC service.') do
+          @dry_run = true
+        end
+        #opts.on('-n', '--no-pre-check', 'Do not check DroneBL for the IPs you are about to submit with a lookup before doing it.') do
+        #  @no_check = true
+      end
+      opts.on_tail("-h", "--help", "Show this message") do
+        puts opts
+        exit
+      end
+
+    end
+  end
+  def parse! args
+    @opt_parser.parse! args
+
+    if (@use_key_file && !(File.exists? @key_file)) && @key_str.nil?
+      abort "No key string provided and #{@key_file} does not exist -- unable to authenticate. See http://dronebl.org/rpckey_signup if you need a key."
+    end
+    if @use_key_file && !@key_str.nil?
+      abort "Trying to use both --use-key-file and --key -- make up your mind!"
+    end
+    if (@use_key_file)
+      DroneBL::key = File.read(File.expand_path(@key_file)).chomp
+    else
+      DroneBL::key = @key_str
+    end
+    if @ips.nil? || (@ips.empty? && !@read_from_stdin)
+      abort 'No IPs given and you\'re not reading from stdin -- this is a noop!'
+    end
+    if @type.nil?
+      abort "No type given! Please read #{$0} --help again."
+    end
+
+  end
+end
+
+# end option parsing logic, begin program logic
+opts = Options.new
+opts.parse! ARGV
+
+if opts.read_from_stdin
+  while line = STDIN.gets
+    opts.ips << line.chomp
+  end
+end
+
+opts.ips.uniq!
+
+prevalid, ipv6 = opts.ips.partition { |ip| (ip.match(Resolv::IPv6::Regex).nil?) }
+valid, invalid = prevalid.partition { |ip| !(ip.match(Resolv::IPv4::Regex).nil?) }
+invalid += ipv6
+if @dry_run
+puts DroneBL::gen_add_query valid
+puts "#{valid.count} IPs will be added as type #{opts.type}#{" with comment 'opts.comment if opts.comment}'"}."
+else
+response = DroneBL::add(valid, type, comment)
+print_table response, opts.long_types
+puts "#{valid.count} IPs looked up. #{response.map { |r| r['ip'] }.uniq.length} unique IPs found in response."
+end
+unless invalid.empty?
+puts "IPs not valid for lookup: "
+invalid.each { |ip| puts ip }
+end

data/bin/dronebl-query

@@ -0,0 +1,126 @@
+#!/usr/bin/env ruby
+# copyright Rylee Fowler 2014
+# see LICENSE for more details
+require 'dronebl-client'
+require 'resolv'
+require 'optparse'
+class Options
+  attr_reader :read_from_stdin, :key_str, :key_file, :get_archived, :long_types,
+    :dry_run, :time_format, :use_key_file
+  attr_accessor :ips
+  def initialize
+    @key_file = File.expand_path "~/.droneblkey"
+    @ips = []
+    @opt_parser = OptionParser.new do |opts|
+      opts.banner = "Usage: #{$0} [options]"
+      opts.separator ""
+      opts.separator "Options available:"
+      opts.on('-I', '--ips [ip1,ip2,ip3,...]', Array, 'Read in IPs.') do |list|
+        @ips += list
+      end
+      opts.on('-s', '--stdin', 'Read a newline-delimited list of IPs from STDIN') do
+        @read_from_stdin = true
+      end
+      opts.on('-k', '--key KEY', String, 'Use KEY as your DroneBL RPC2 key') do |key|
+        @key_str = key
+      end
+      opts.on('-f', '--keyfile [FILE_PATH]', 'Read the file at FILE_PATH and use it as the RPC key') do |path|
+        @use_key_file = true
+        @key_file = path
+      end
+      opts.on('-a', '--get-archived', 'Get *all* DroneBL listings of the given IP, not just active ones.') do
+        @get_archived = true
+      end
+      opts.on('-T', '--time-format [FORMAT]', String, 'Interpolate the time format string with FORMAT instead of the default. See `man 3 strftime` for format specifiers.') do |fmt|
+        @time_format = fmt
+      end
+      opts.on('-u', '--use-key-file', 'Use the default key file located at ~/.droneblkey') do
+        @use_key_file = true
+      end
+      opts.on('-L', '--long-types', 'Print type definitions instead of numeric types for record matches.') do
+        @long_types = true
+      end
+      opts.on('-d', '--dry-run', 'Prints the query to be run to STDOUT instead of sending it as a query to the DroneBL RPC service.') do
+        @dry_run = true
+      end
+      opts.on_tail("-h", "--help", "Show this message") do
+        puts opts
+        exit
+      end
+
+    end
+  end
+  def parse! args
+    @opt_parser.parse! args
+
+    if (@use_key_file && !(File.exists? @key_file)) && @key_str.nil?
+      abort "No key string provided and #{@key_file} does not exist -- unable to authenticate. See http://dronebl.org/rpckey_signup if you need a key."
+    end
+    if @use_key_file && !@key_str.nil?
+      abort "Trying to use both --use-key-file and --key -- make up your mind!"
+    end
+    if (@use_key_file)
+      DroneBL::key = File.read(File.expand_path(@key_file)).chomp
+    else
+      DroneBL::key = @key_str
+    end
+    if @ips.nil? || (@ips.empty? && !@read_from_stdin)
+      puts @ips
+      abort 'No IPs given and you\'re not reading from stdin -- this is a noop!'
+    end
+  end
+end
+
+# end option parsing logic, begin program logic
+def print_table data, long_types=false
+  typelen = 5
+  if long_types
+    typelen = 35
+  end
+  puts [
+    'IP'.ljust(15),
+    'Currently listed?'.rjust(17),
+    'Type'.rjust(typelen),
+    'Comment'.ljust(25),
+    'ID'.ljust(9),
+    'Time'.ljust(25)
+  ].join '|'
+  puts '-' * 135
+  data.each do |data|
+    puts [
+      data['ip'].ljust(15),
+      (data['listed'] == '1' ? 'YES' : 'NO').rjust(17),
+      (long_types ? DroneBL::TYPES[data['type']] : data['type']).rjust(typelen),
+      data['comment'].ljust(25),
+      data['id'].ljust(9),
+      Time.at(data['timestamp'].to_i).to_s.ljust(25)
+    ].join '|'
+  end
+  puts '=' * 135
+end
+opts = Options.new
+opts.parse! ARGV
+
+if opts.read_from_stdin
+  while line = STDIN.gets
+    opts.ips << line.chomp
+  end
+end
+
+opts.ips.uniq!
+
+prevalid, ipv6 = opts.ips.partition { |ip| (ip.match(Resolv::IPv6::Regex).nil?) }
+valid, invalid = prevalid.partition { |ip| !(ip.match(Resolv::IPv4::Regex).nil?) }
+invalid += ipv6
+if @dry_run
+  puts DroneBL::gen_lookup_query valid
+  puts "#{valid.count} IPs will be looked up."
+else
+  response = DroneBL::lookup(valid)
+  print_table response, opts.long_types
+  puts "#{valid.count} IPs looked up. #{response.map { |r| r['ip'] }.uniq.length} unique IPs found in response."
+end
+unless invalid.empty?
+  puts "IPs not valid for lookup: "
+  invalid.each { |ip| puts ip }
+end

data/lib/dronebl-client.rb

@@ -0,0 +1,65 @@
+#!/usr/bin/env ruby
+# copyright Rylee Fowler 2014
+# see LICENSE for more details
+
+require 'nokogiri'
+require 'httparty'
+module DroneBL
+  include HTTParty
+  format :xml
+  base_uri 'http://dronebl.org'
+  TYPES = {"1"=>"Testing class.",
+           "2"=>"Sample data",
+           "3"=>"IRC spam drone",
+           "5"=>"Bottler (experimental)",
+           "6"=>"Unknown worm or spambot",
+           "7"=>"DDoS drone",
+           "8"=>"Open SOCKS proxy",
+           "9"=>"Open HTTP proxy",
+           "10"=>"Proxychain",
+           "11"=>"Web Page Proxy",
+           "13"=>"Automated dictionary attacks",
+           "14"=>"Open WINGATE proxy",
+           "15"=>"Compromised router / gateway",
+           "16"=>"Autorooting worms",
+           "17"=>"Automatically determined botnet IP",
+           "255"=>"Uncategorized threat class"}
+  class << self
+    attr_accessor :key
+    def parse_response xml
+      # This giant mess of hax is needed because the DroneBL response to queries
+      # is encased in CDATA for whatever reason.
+      resp = Nokogiri::XML(xml).at("response")
+      if resp['type'].downcase == 'error'
+        abort "call failed: '#{resp.css('message').text}' data: '#{resp.css('data').text}'"
+      end
+      Nokogiri::XML("<?xml version='1.0'>\n<results>#{resp.text}</results>").css("result").map(&:to_h) # thanks to jhass in #ruby on freenode
+    end
+
+    def gen_lookup_query ips, archived=false
+      <<EOF
+<?xml version='1.0'?>
+<request key='#{key}'>
+      #{ips.map { |ip| "<lookup ip='#{ip}' listed='#{archived ? 2 : 1}'>"}.join("\n")}
+</request>
+EOF
+    end
+    def gen_add_query ips, type, comment=''
+      "<?xml version='1.0'?>
+<request key='#{key}'>
+      #{ips.map { |ip| "<add ip='#{ip}' type='#{type}'#{ " comment='#{comment}'" unless comment.empty?}>"}.join("\n")}
+</request>"
+    end
+
+    def lookup ips, archived=false
+      query = gen_lookup_query ips, archived
+      parse_response post('/RPC2', {:body => query }).body
+    end
+
+    def add ips, type, comment=''
+      query = gen_add_query ips, type, comment
+      parse_response post('/RPC2', {:body => query }).body
+    end
+
+  end
+end

metadata

@@ -0,0 +1,50 @@
+--- !ruby/object:Gem::Specification
+name: dronebl.rb
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Rylee Fowler
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-05-04 00:00:00.000000000 Z
+dependencies: []
+description: 'NOTE: You should create a ~/.droneblkey file with your key inside of
+  it for the best experience with this.'
+email: rylee@rylee.me
+executables:
+- dronebl-query
+- dronebl-add
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/dronebl-add
+- bin/dronebl-query
+- lib/dronebl-client.rb
+homepage: http://github.com/rylai-/dronebl.rb
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Interface to the DroneBL RPC2 service
+test_files: []
+has_rdoc: