passivedns-client 1.3.2 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cde5271625d34d5936db557dd2d91d7a4eff23bd
-  data.tar.gz: b119c8deccbc64b2b174cdb58af80e399e420e33
+  metadata.gz: 6b56440dfbab8244d4d4d1561de2b3e9eb9ce74e
+  data.tar.gz: 9de3ca69fbeb821d673e459b9d3937ae44e9c4e2
 SHA512:
-  metadata.gz: 7558c0115c300fbb8f6fead3ae4035dacbd9262d273599c541c1e8ed82aa29f0db1b072fc9f3256c9bc469ef87d3446f8d02d2360b84e4c9a2133aacc5c9c6a4
-  data.tar.gz: db8efada307bb6d5df8a8eacf6138a8e60b08b5cc85bf7db80e564e406b87bb6fc7c34f3aca743546ef11ff066bff5f8eefeb2f1ab984a479493ee7ccc5467aa
+  metadata.gz: 5dcbcd4fbe695618c6321abb1804bc67b6483dec14cc12ca5163c7701577e23c8461de8bd8dd3171b1b29b0478fd79c2c4d926ee4a6567da0f921e97c1d2cd91
+  data.tar.gz: 19221b3e2408b293d4de1876af80fe53110403ba9d2152ea164e7416a1f7bd53428a46e07f92be231d9a9679dbfea9e42365468e8c7286b4e2a48fd9ae8d22e1

data/README.md

@@ -53,6 +53,19 @@ TCPIPUtils's (http://www.tcpiputils.com/premium-access) passive DNS database req
 
   01234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef
 
+
+### PassiveDNS.cn from 360.cn
+
+PassiveDNS.cn (http://www.passivedns.cn) requires an API ID and and API KEY, which is obtainable by creating an account and sending an email to request an API key.  
+
+The configuration file can be in /etc/flint.conf (flint is the name of their tool, which is available at <a href='https://github.com/360netlab/flint'>https://github.com/360netlab/flint</a>) or in $HOME/.flint.conf (which is my preference).
+
+The file must have three lines and looks like:
+
+  API = http://some.web.address.for.their.api
+  API_ID = a username that is given when you register
+  API_KEY = a long and random password of sorts that is used along with the page request to generate a per page API key
+
 ## Usage
 
 	require 'passivedns-client'

data/bin/pdnstool

@@ -50,12 +50,13 @@ end
 
 def usage
 	puts "Usage: #{$0} [-d [bedvt]] [-g|-v|-m|-c|-x|-y|-j|-t] [-os <sep>] [-f <file>] [-r#|-w#|-v] [-l <count>] <ip|domain|cidr>"
-	puts "  -dbedvt uses all of the available passive dns databases"
-	puts "  -db only use BFK"
-	puts "  -de only use CERT-EE (default)"
-	puts "  -dd only use DNSDB (formerly ISC)"
-	puts "  -dv only use VirusTotal"
-  puts "  -dt only use TCPIPUtils"
+	puts "  -dbedvt3 uses all of the available passive dns databases"
+	puts "  -db use BFK"
+	puts "  -de use CERT-EE (default)"
+	puts "  -dd use DNSDB (formerly ISC)"
+	puts "  -dv use VirusTotal"
+  puts "  -dt use TCPIPUtils"
+  puts "  -d3 use 360.cn (www.passivedns.cn)"
   puts "  -dvt uses VirusTotal and TCPIPUtils (for example)"
 	puts ""
 	puts "  -g outputs a link-nodal GDF visualization definition"
@@ -128,6 +129,8 @@ opts.each do |opt, arg|
     		pdnsdbs << "virustotal"
       when 't'
         pdnsdbs << "tcpiputils"
+      when '3'
+        pdnsdbs << "cn360"
       else
         raise "Unknown passive DNS database identifier: #{c}"
       end

data/lib/passivedns/client.rb

@@ -8,6 +8,7 @@ require 'passivedns/client/certee.rb'
 require 'passivedns/client/dnsdb.rb'
 require 'passivedns/client/virustotal.rb'
 require 'passivedns/client/tcpiputils.rb'
+require 'passivedns/client/cn360.rb'
 require 'passivedns/client/state.rb'
 
 module PassiveDNS
@@ -15,7 +16,7 @@ module PassiveDNS
 	class PDNSResult < Struct.new(:source, :response_time, :query, :answer, :rrtype, :ttl, :firstseen, :lastseen, :count); end
 
 	class Client
-		def initialize(pdns=['bfk','certee','dnsdb','virustotal','tcpiputils'])
+		def initialize(pdns=['bfk','certee','dnsdb','virustotal','tcpiputils','cn360'])
 			@pdnsdbs = []
 			pdns.uniq.each do |pd|
 				case pd
@@ -23,8 +24,6 @@ module PassiveDNS
 					@pdnsdbs << PassiveDNS::BFK.new
 				when 'certee'
 					@pdnsdbs << PassiveDNS::CERTEE.new
-        #when 'dnsparse'
-				#	@pdnsdbs << PassiveDNS::DNSParse.new
 				when 'dnsdb'
 					@pdnsdbs << PassiveDNS::DNSDB.new
 				when 'isc'
@@ -33,6 +32,8 @@ module PassiveDNS
 					@pdnsdbs << PassiveDNS::VirusTotal.new
         when 'tcpiputils'
 					@pdnsdbs << PassiveDNS::TCPIPUtils.new
+        when 'cn360'
+					@pdnsdbs << PassiveDNS::CN360.new
 				else
 					raise "Unknown Passive DNS provider: #{pd}"
 				end

data/lib/passivedns/client/cn360.rb

@@ -0,0 +1,83 @@
+require 'net/http'
+require 'net/https'
+require 'openssl'
+require 'json'
+require 'digest/md5'
+require 'configparser'
+require 'pp'
+
+# Please read http://www.tcpiputils.com/terms-of-service under automated requests
+
+module PassiveDNS
+  class CN360
+    attr_accessor :debug
+        
+    def initialize(configfile="#{ENV["HOME"]}/.flint.conf")
+      @debug = false
+      if not File.exist?(configfile)
+        if not File.exist?("/etc/flint.conf")
+          raise "Cannot find a configuration file at #{configfile} or /etc/flint.conf"
+        end
+        configfile = "/etc/flint.conf"
+      end
+      
+      @cp = ConfigParser.new(configfile)
+      if not @cp["API"]
+        raise "Field, API, is required in the configuration file.  It should specify the URL of the JSON Web API."
+      end
+      if not @cp["API_ID"]
+        raise "Field, API_ID, is required in the configuration file.  It should specify the user ID for the API key."
+      end
+      if not @cp["API_KEY"]
+        raise "Field, API_KEY, is required in the configuration file.  It should specify the API key."
+      end
+    end
+    
+    def parse_json(page,query,response_time=0)
+			res = []
+			# need to remove the json_class tag or the parser will crap itself trying to find a class to align it to
+			data = JSON.parse(page)
+      data.each do |row|
+        time_first = (row["time_first"]) ? Time.at(row["time_first"].to_i) : nil
+        time_last = (row["time_last"]) ? Time.at(row["time_last"].to_i) : nil
+        count = row["count"] || 0
+        res << PDNSResult.new('cn360', response_time, row["rrname"], row["rdata"], row["rrtype"], time_first, time_last, count)
+			end
+			res
+		rescue Exception => e
+			$stderr.puts "360.cn Exception: #{e}"
+			raise e
+    end
+    
+    def lookup(label, limit=10000)
+      table = "rrset"
+      if label =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ or label =~ /^[0-9a-fA-F]+:[0-9a-fA-F:]+[0-9a-fA-F]$/
+        table = "rdata"
+      end
+      limit ||= 10000
+      path = "/api/#{table}/keyword/#{label}/count/#{limit}/"
+      url = @cp["API"]+path
+			url = URI.parse url
+			http = Net::HTTP.new(url.host, url.port)
+			http.use_ssl = (url.scheme == 'https')
+			http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+			http.verify_depth = 5
+			request = Net::HTTP::Get.new(url.path)
+			request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
+      request.add_field('Accept', 'application/json')
+      request.add_field("X-BashTokid", @cp["API_ID"])
+      token = Digest::MD5.hexdigest(path+@cp["API_KEY"])
+			$stderr.puts "DEBUG: cn360 url = #{url} token = #{token}" if @debug
+      request.add_field("X-BashToken", token)
+			t1 = Time.now
+			response = http.request(request)
+			t2 = Time.now
+			recs = parse_json(response.body, label, t2-t1)
+      if limit
+        recs[0,limit]
+      else
+        recs
+      end
+    end
+  end
+end

data/lib/passivedns/client/version.rb

@@ -1,5 +1,5 @@
 module PassiveDNS
   class Client
-    VERSION = "1.3.2"
+    VERSION = "1.4.0"
   end
 end

data/test/test_passivedns-client.rb

@@ -141,4 +141,30 @@ class TestPassiveDnsQuery < Test::Unit::TestCase
     assert_not_nil(rows.to_json)
     assert_not_nil(rows.to_yaml)
   end
+
+  def test_cn360
+    assert_not_nil(PassiveDNS::CN360.new)
+    assert_nothing_raised do
+      PassiveDNS::Client.new(['cn360'])
+    end
+    rows = PassiveDNS::CN360.new.lookup("example.org")
+    assert_not_nil(rows)
+    assert_not_nil(rows.to_s)
+    assert_not_nil(rows.to_xml)
+    assert_not_nil(rows.to_json)
+    assert_not_nil(rows.to_yaml)
+    rows = PassiveDNS::CN360.new.lookup("example.org",3)
+    assert_not_nil(rows)
+    assert_not_nil(rows.to_s)
+    assert_not_nil(rows.to_xml)
+    assert_not_nil(rows.to_json)
+    assert_not_nil(rows.to_yaml)
+    assert_equal(3, rows.length)
+    rows = PassiveDNS::CN360.new.lookup("8.8.8.8")
+    assert_not_nil(rows)
+    assert_not_nil(rows.to_s)
+    assert_not_nil(rows.to_xml)
+    assert_not_nil(rows.to_json)
+    assert_not_nil(rows.to_yaml)
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passivedns-client
 version: !ruby/object:Gem::Version
-  version: 1.3.2
+  version: 1.4.0
 platform: ruby
 authors:
 - chrislee35
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-23 00:00:00.000000000 Z
+date: 2014-09-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -99,6 +99,7 @@ files:
 - lib/passivedns/client.rb
 - lib/passivedns/client/bfk.rb
 - lib/passivedns/client/certee.rb
+- lib/passivedns/client/cn360.rb
 - lib/passivedns/client/dnsdb.rb
 - lib/passivedns/client/state.rb
 - lib/passivedns/client/tcpiputils.rb