passivedns-client 1.0.0

data/lib/passivedns/client/version.rb

@@ -0,0 +1,5 @@
+module PassiveDNS
+  class Client
+    VERSION = "1.0.0"
+  end
+end

data/lib/passivedns/client/virustotal.rb

@@ -0,0 +1,63 @@
+# DESCRIPTION: this is a module for pdns.rb, primarily used by pdnstool.rb, to query VirusTotal's passive DNS database
+require 'net/http'
+require 'net/https'
+require 'openssl'
+
+module PassiveDNS
+	class VirusTotal
+		attr_accessor :debug
+		def initialize(config="#{ENV['HOME']}/.virustotal")
+			if File.exist?(config)
+				@apikey = File.open(config).read.split(/\n/)[0]
+				$stderr.puts "DEBUG: VirusTotal#initialize(#{@apikey})" if @debug
+			else
+				raise "Configuration file for VirusTotal is required for intialization\nFormat of configuration file (default: #{ENV['HOME']}/.apikey) is:\n<url>\n<apikey>\n"
+			end
+		end
+
+		def parse_json(page,query,response_time=0)
+			res = []
+			# need to remove the json_class tag or the parser will crap itself trying to find a class to align it to
+			data = JSON.parse(page)
+			if data['resolutions']
+				data['resolutions'].each do |row|
+					if row['ip_address']
+						res << PDNSResult.new('VirusTotal',response_time,query,row['ip_address'],'A',nil,nil,row['last_resolved'])
+					elsif row['hostname']
+						res << PDNSResult.new('VirusTotal',response_time,row['hostname'],query,'A',nil,nil,row['last_resolved'])
+					end
+				end
+			end
+			res
+		rescue Exception => e
+			$stderr.puts "VirusTotal Exception: #{e}"
+			raise e
+		end
+
+		def lookup(label)
+			$stderr.puts "DEBUG: VirusTotal.lookup(#{label})" if @debug
+			Timeout::timeout(240) {
+				url = nil
+				if label =~ /^[\d\.]+$/
+					url = "https://www.virustotal.com/vtapi/v2/ip-address/report?ip=#{label}&apikey=#{@apikey}"
+				else
+					url = "https://www.virustotal.com/vtapi/v2/domain/report?domain=#{label}&apikey=#{@apikey}"
+				end
+				$stderr.puts "DEBUG: VirusTotal url = #{url}" if @debug
+				url = URI.parse url
+				http = Net::HTTP.new(url.host, url.port)
+				http.use_ssl = (url.scheme == 'https')
+				http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+				http.verify_depth = 5
+				request = Net::HTTP::Get.new(url.path+"?"+url.query)
+				request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
+				t1 = Time.now
+				response = http.request(request)
+				t2 = Time.now
+				parse_json(response.body, label, t2-t1)
+			}
+		rescue Timeout::Error => e
+			$stderr.puts "VirusTotal lookup timed out: #{label}"
+		end
+	end
+end

data/passivedns-client.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'passivedns/client/version'
+
+Gem::Specification.new do |spec|
+	spec.name          = "passivedns-client"
+	spec.version       = PassiveDNS::Client::VERSION
+	spec.authors       = ["chrislee35"]
+	spec.email         = ["rubygems@chrislee.dhs.org"]
+	spec.description   = %q{This provides interfaces to various passive DNS databases to do the query and to normalize the responses.  The query tool also allows for recursive queries, using an SQLite3 database to keep state.}
+	spec.summary       = %q{Query passive DNS databases}
+	spec.homepage      = "https://github.com/chrislee35/passivedns-client"
+	spec.license       = "MIT"
+
+	spec.files         = `git ls-files`.split($/)
+	spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+	spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+	spec.require_paths = ["lib"]
+
+	spec.add_runtime_dependency 'json', '>= 1.4.3'
+	spec.add_runtime_dependency 'sqlite3', '>= 1.3.3'
+	spec.add_runtime_dependency 'structformatter', '~> 0.0.1'
+	spec.add_development_dependency "bundler", "~> 1.3"
+	spec.add_development_dependency "rake"
+
+	spec.signing_key   = "#{File.dirname(__FILE__)}/../gem-private_key.pem"
+	spec.cert_chain    = ["#{File.dirname(__FILE__)}/../gem-public_cert.pem"]
+end

data/test/helper.rb

@@ -0,0 +1,2 @@
+require 'test/unit'
+require File.expand_path('../../lib/passivedns/client.rb', __FILE__)

data/test/test_passivedns-client.rb

@@ -0,0 +1,118 @@
+unless Kernel.respond_to?(:require_relative)
+	module Kernel
+		def require_relative(path)
+			require File.join(File.dirname(caller[0]), path.to_str)
+		end
+	end
+end
+
+require_relative 'helper'
+
+class TestPassiveDnsQuery < Test::Unit::TestCase
+	def test_instantiate_Nonexisting_Client
+		assert_raise RuntimeError do
+			PassiveDNS::Client.new(['doesnotexist'])
+		end
+	end
+
+	def test_instantiate_BFK_Client
+		assert_not_nil(PassiveDNS::BFK.new)
+		assert_nothing_raised do
+			PassiveDNS::Client.new(['bfk'])
+		end
+	end
+
+	def test_instantiate_CERTEE_Client
+		assert_not_nil(PassiveDNS::CERTEE.new)
+		assert_nothing_raised do
+			PassiveDNS::Client.new(['certee'])
+		end
+	end
+	
+	def test_instantiate_DNSParse_Client
+		assert_not_nil(PassiveDNS::DNSParse.new)
+		assert_nothing_raised do
+			PassiveDNS::Client.new(['dnsparse'])
+		end
+	end
+	
+	def test_instantiate_ISC_Client
+		assert_not_nil(PassiveDNS::ISC.new)
+		assert_nothing_raised do
+			PassiveDNS::Client.new(['isc'])
+		end
+	end
+	
+	def test_instantiate_VirusTotal_Client
+		assert_not_nil(PassiveDNS::VirusTotal.new)
+		assert_nothing_raised do
+			PassiveDNS::Client.new(['virustotal'])
+		end
+	end
+
+	def test_instantiate_All_Clients
+		assert_nothing_raised do
+			PassiveDNS::Client.new()
+		end
+	end
+	
+	def test_instantiate_Passive_DNS_State
+		assert_not_nil(PassiveDNS::PDNSToolState.new)
+	end
+	
+	def test_instantiate_Passive_DNS_State_database
+		if File.exists?("test/test.sqlite3")
+			File.unlink("test/test.sqlite3")
+		end
+		assert_not_nil(PassiveDNS::PDNSToolStateDB.new("test/test.sqlite3"))
+		if File.exists?("test/test.sqlite3")
+			File.unlink("test/test.sqlite3")
+		end
+	end
+	
+	def test_query_BFK
+		rows = PassiveDNS::BFK.new.lookup("example.org")
+		assert_not_nil(rows)
+		assert_not_nil(rows.to_s)
+		assert_not_nil(rows.to_xml)
+		assert_not_nil(rows.to_json)
+		assert_not_nil(rows.to_yaml)
+	end
+	
+	def test_query_CERTEE
+		rows = PassiveDNS::CERTEE.new.lookup("sim.cert.ee")
+		assert_not_nil(rows)
+		assert_not_nil(rows.to_s)
+		assert_not_nil(rows.to_xml)
+		assert_not_nil(rows.to_json)
+		assert_not_nil(rows.to_yaml)
+	end
+
+	def test_query_DNSParse
+		rows = PassiveDNS::DNSParse.new.lookup("example.org")
+		assert_not_nil(rows)
+		assert_not_nil(rows.to_s)
+		assert_not_nil(rows.to_xml)
+		assert_not_nil(rows.to_json)
+		assert_not_nil(rows.to_yaml)
+	end
+
+	def test_query_ISC
+		rows = PassiveDNS::ISC.new.lookup("example.org")
+		assert_not_nil(rows)
+		assert_not_nil(rows.to_s)
+		assert_not_nil(rows.to_xml)
+		assert_not_nil(rows.to_json)
+		assert_not_nil(rows.to_yaml)
+	end
+
+	def test_query_VirusTotal
+		rows = PassiveDNS::VirusTotal.new.lookup("sim.cert.ee")
+		assert_not_nil(rows)
+		assert_not_nil(rows.to_s)
+		assert_not_nil(rows.to_xml)
+		assert_not_nil(rows.to_json)
+		assert_not_nil(rows.to_yaml)
+	end
+
+end

metadata

@@ -0,0 +1,177 @@
+--- !ruby/object:Gem::Specification
+name: passivedns-client
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+  prerelease: 
+platform: ruby
+authors:
+- chrislee35
+autorequire: 
+bindir: bin
+cert_chain:
+- !binary |-
+  LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZakNDQWtxZ0F3SUJB
+  Z0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREJYTVJFd0R3WURWUVFEREFoeWRX
+  SjUKWjJWdGN6RVlNQllHQ2dtU0pvbVQ4aXhrQVJrV0NHTm9jbWx6YkdWbE1S
+  TXdFUVlLQ1pJbWlaUHlMR1FCR1JZRApaR2h6TVJNd0VRWUtDWkltaVpQeUxH
+  UUJHUllEYjNKbk1CNFhEVEV6TURVeU1qRXlOVGswTjFvWERURTBNRFV5Ck1q
+  RXlOVGswTjFvd1Z6RVJNQThHQTFVRUF3d0ljblZpZVdkbGJYTXhHREFXQmdv
+  SmtpYUprL0lzWkFFWkZnaGoKYUhKcGMyeGxaVEVUTUJFR0NnbVNKb21UOGl4
+  a0FSa1dBMlJvY3pFVE1CRUdDZ21TSm9tVDhpeGtBUmtXQTI5eQpaekNDQVNJ
+  d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOY1ByeDhC
+  WmlXSVI5eFdXRzhJCnRxUjUzOHRTMXQrVUo0RlpGbCsxdnJ0VTlUaXVXWDNW
+  ajM3VHdVcGEyZkZremlLMG41S3VwVlRoeUVoY2VtNW0KT0dSanZnclJGYldR
+  SlNTc2NJS09wd3FVUkhWS1JwVjlnVnovSG56azhTK3hvdFVSMUJ1bzNVZ3Ir
+  STFqSGV3RApDZ3IreSt6Z1pidGp0SHNKdHN1dWprT2NQaEVqalVpbmo2OEw5
+  Rno5QmRlSlF0K0lhY2p3QXpVTGl4NmpXQ2h0ClVjK2crMHo4RXNyeWNhMkc2
+  STFHc3JnWDZXSHc4ZHlreVFEVDlkQ3RTMmZsQ093U0MxUjBLNVQveEhXNTRm
+  KzUKd2N3OG1tNTNLTE5lK3RtZ1ZDNlpIeU1FK3FKc0JuUDZ1eEYwYVRFbkdB
+  L2pEQlFEaFFOVEYwWlAvYWJ6eVRzTAp6alVDQXdFQUFhTTVNRGN3Q1FZRFZS
+  MFRCQUl3QURBTEJnTlZIUThFQkFNQ0JMQXdIUVlEVlIwT0JCWUVGTzh3Cith
+  ZVA3VDZrVkpibENnNmV1c09JSTlEZk1BMEdDU3FHU0liM0RRRUJCUVVBQTRJ
+  QkFRQkNReVJKTFhzQm8yRnkKOFc2ZS9XNFJlbVFScmxBdzlESzVPNlU3MUp0
+  ZWRWb2Iyb3ErT2Irem1TK1BpZkUyK0wrM1JpSjJINlZUbE96aQp4K0EwNjFN
+  VVhoR3JhcVZxNEoyRkM4a3Q0RVF5d0FEMFAwVGE1R1UyNENHU0YwOFkzR2tK
+  eTFTYTRYcVRDMllDCm81MXM3SlArdGtDQ3RwVllTZHpKaFRsbGllUkFXQnBH
+  VjFkdGFvZVVLRTZ0WVBNQmtvc3hTUmNWR2N6ay9TYzMKN2VRQ3BleFl5OUps
+  VUJJOXUzQnFJWTlFK2wrTVNuOGloWFNQbXlLMERncmhhQ3Urdm9hU0ZWT1g2
+  WStCNXFibwpqTFhNUXUyWmdJU1l3WE5qTmJHVkhlaHV0ODJVN1U5b2lIb1dj
+  ck9HYXphUlVtR085VFhQK2FKTEgwZ3cyZGNLCkFmTWdsWFBpCi0tLS0tRU5E
+  IENFUlRJRklDQVRFLS0tLS0K
+date: 2013-06-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.4.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.4.3
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.3
+- !ruby/object:Gem::Dependency
+  name: structformatter
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This provides interfaces to various passive DNS databases to do the query
+  and to normalize the responses.  The query tool also allows for recursive queries,
+  using an SQLite3 database to keep state.
+email:
+- rubygems@chrislee.dhs.org
+executables:
+- pdnstool
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/pdnstool
+- lib/passivedns/client.rb
+- lib/passivedns/client/bfk.rb
+- lib/passivedns/client/certee.rb
+- lib/passivedns/client/dnsparse.rb
+- lib/passivedns/client/isc.rb
+- lib/passivedns/client/state.rb
+- lib/passivedns/client/version.rb
+- lib/passivedns/client/virustotal.rb
+- passivedns-client.gemspec
+- test/helper.rb
+- test/test_passivedns-client.rb
+homepage: https://github.com/chrislee35/passivedns-client
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Query passive DNS databases
+test_files:
+- test/helper.rb
+- test/test_passivedns-client.rb