passivedns-client 1.3.2 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: cde5271625d34d5936db557dd2d91d7a4eff23bd
4
- data.tar.gz: b119c8deccbc64b2b174cdb58af80e399e420e33
3
+ metadata.gz: 6b56440dfbab8244d4d4d1561de2b3e9eb9ce74e
4
+ data.tar.gz: 9de3ca69fbeb821d673e459b9d3937ae44e9c4e2
5
5
  SHA512:
6
- metadata.gz: 7558c0115c300fbb8f6fead3ae4035dacbd9262d273599c541c1e8ed82aa29f0db1b072fc9f3256c9bc469ef87d3446f8d02d2360b84e4c9a2133aacc5c9c6a4
7
- data.tar.gz: db8efada307bb6d5df8a8eacf6138a8e60b08b5cc85bf7db80e564e406b87bb6fc7c34f3aca743546ef11ff066bff5f8eefeb2f1ab984a479493ee7ccc5467aa
6
+ metadata.gz: 5dcbcd4fbe695618c6321abb1804bc67b6483dec14cc12ca5163c7701577e23c8461de8bd8dd3171b1b29b0478fd79c2c4d926ee4a6567da0f921e97c1d2cd91
7
+ data.tar.gz: 19221b3e2408b293d4de1876af80fe53110403ba9d2152ea164e7416a1f7bd53428a46e07f92be231d9a9679dbfea9e42365468e8c7286b4e2a48fd9ae8d22e1
data/README.md CHANGED
@@ -53,6 +53,19 @@ TCPIPUtils's (http://www.tcpiputils.com/premium-access) passive DNS database req
53
53
 
54
54
  01234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef
55
55
 
56
+
57
+ ### PassiveDNS.cn from 360.cn
58
+
59
+ PassiveDNS.cn (http://www.passivedns.cn) requires an API ID and and API KEY, which is obtainable by creating an account and sending an email to request an API key.
60
+
61
+ The configuration file can be in /etc/flint.conf (flint is the name of their tool, which is available at <a href='https://github.com/360netlab/flint'>https://github.com/360netlab/flint</a>) or in $HOME/.flint.conf (which is my preference).
62
+
63
+ The file must have three lines and looks like:
64
+
65
+ API = http://some.web.address.for.their.api
66
+ API_ID = a username that is given when you register
67
+ API_KEY = a long and random password of sorts that is used along with the page request to generate a per page API key
68
+
56
69
  ## Usage
57
70
 
58
71
  require 'passivedns-client'
data/bin/pdnstool CHANGED
@@ -50,12 +50,13 @@ end
50
50
 
51
51
  def usage
52
52
  puts "Usage: #{$0} [-d [bedvt]] [-g|-v|-m|-c|-x|-y|-j|-t] [-os <sep>] [-f <file>] [-r#|-w#|-v] [-l <count>] <ip|domain|cidr>"
53
- puts " -dbedvt uses all of the available passive dns databases"
54
- puts " -db only use BFK"
55
- puts " -de only use CERT-EE (default)"
56
- puts " -dd only use DNSDB (formerly ISC)"
57
- puts " -dv only use VirusTotal"
58
- puts " -dt only use TCPIPUtils"
53
+ puts " -dbedvt3 uses all of the available passive dns databases"
54
+ puts " -db use BFK"
55
+ puts " -de use CERT-EE (default)"
56
+ puts " -dd use DNSDB (formerly ISC)"
57
+ puts " -dv use VirusTotal"
58
+ puts " -dt use TCPIPUtils"
59
+ puts " -d3 use 360.cn (www.passivedns.cn)"
59
60
  puts " -dvt uses VirusTotal and TCPIPUtils (for example)"
60
61
  puts ""
61
62
  puts " -g outputs a link-nodal GDF visualization definition"
@@ -128,6 +129,8 @@ opts.each do |opt, arg|
128
129
  pdnsdbs << "virustotal"
129
130
  when 't'
130
131
  pdnsdbs << "tcpiputils"
132
+ when '3'
133
+ pdnsdbs << "cn360"
131
134
  else
132
135
  raise "Unknown passive DNS database identifier: #{c}"
133
136
  end
@@ -8,6 +8,7 @@ require 'passivedns/client/certee.rb'
8
8
  require 'passivedns/client/dnsdb.rb'
9
9
  require 'passivedns/client/virustotal.rb'
10
10
  require 'passivedns/client/tcpiputils.rb'
11
+ require 'passivedns/client/cn360.rb'
11
12
  require 'passivedns/client/state.rb'
12
13
 
13
14
  module PassiveDNS
@@ -15,7 +16,7 @@ module PassiveDNS
15
16
  class PDNSResult < Struct.new(:source, :response_time, :query, :answer, :rrtype, :ttl, :firstseen, :lastseen, :count); end
16
17
 
17
18
  class Client
18
- def initialize(pdns=['bfk','certee','dnsdb','virustotal','tcpiputils'])
19
+ def initialize(pdns=['bfk','certee','dnsdb','virustotal','tcpiputils','cn360'])
19
20
  @pdnsdbs = []
20
21
  pdns.uniq.each do |pd|
21
22
  case pd
@@ -23,8 +24,6 @@ module PassiveDNS
23
24
  @pdnsdbs << PassiveDNS::BFK.new
24
25
  when 'certee'
25
26
  @pdnsdbs << PassiveDNS::CERTEE.new
26
- #when 'dnsparse'
27
- # @pdnsdbs << PassiveDNS::DNSParse.new
28
27
  when 'dnsdb'
29
28
  @pdnsdbs << PassiveDNS::DNSDB.new
30
29
  when 'isc'
@@ -33,6 +32,8 @@ module PassiveDNS
33
32
  @pdnsdbs << PassiveDNS::VirusTotal.new
34
33
  when 'tcpiputils'
35
34
  @pdnsdbs << PassiveDNS::TCPIPUtils.new
35
+ when 'cn360'
36
+ @pdnsdbs << PassiveDNS::CN360.new
36
37
  else
37
38
  raise "Unknown Passive DNS provider: #{pd}"
38
39
  end
@@ -0,0 +1,83 @@
1
+ require 'net/http'
2
+ require 'net/https'
3
+ require 'openssl'
4
+ require 'json'
5
+ require 'digest/md5'
6
+ require 'configparser'
7
+ require 'pp'
8
+
9
+ # Please read http://www.tcpiputils.com/terms-of-service under automated requests
10
+
11
+ module PassiveDNS
12
+ class CN360
13
+ attr_accessor :debug
14
+
15
+ def initialize(configfile="#{ENV["HOME"]}/.flint.conf")
16
+ @debug = false
17
+ if not File.exist?(configfile)
18
+ if not File.exist?("/etc/flint.conf")
19
+ raise "Cannot find a configuration file at #{configfile} or /etc/flint.conf"
20
+ end
21
+ configfile = "/etc/flint.conf"
22
+ end
23
+
24
+ @cp = ConfigParser.new(configfile)
25
+ if not @cp["API"]
26
+ raise "Field, API, is required in the configuration file. It should specify the URL of the JSON Web API."
27
+ end
28
+ if not @cp["API_ID"]
29
+ raise "Field, API_ID, is required in the configuration file. It should specify the user ID for the API key."
30
+ end
31
+ if not @cp["API_KEY"]
32
+ raise "Field, API_KEY, is required in the configuration file. It should specify the API key."
33
+ end
34
+ end
35
+
36
+ def parse_json(page,query,response_time=0)
37
+ res = []
38
+ # need to remove the json_class tag or the parser will crap itself trying to find a class to align it to
39
+ data = JSON.parse(page)
40
+ data.each do |row|
41
+ time_first = (row["time_first"]) ? Time.at(row["time_first"].to_i) : nil
42
+ time_last = (row["time_last"]) ? Time.at(row["time_last"].to_i) : nil
43
+ count = row["count"] || 0
44
+ res << PDNSResult.new('cn360', response_time, row["rrname"], row["rdata"], row["rrtype"], time_first, time_last, count)
45
+ end
46
+ res
47
+ rescue Exception => e
48
+ $stderr.puts "360.cn Exception: #{e}"
49
+ raise e
50
+ end
51
+
52
+ def lookup(label, limit=10000)
53
+ table = "rrset"
54
+ if label =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ or label =~ /^[0-9a-fA-F]+:[0-9a-fA-F:]+[0-9a-fA-F]$/
55
+ table = "rdata"
56
+ end
57
+ limit ||= 10000
58
+ path = "/api/#{table}/keyword/#{label}/count/#{limit}/"
59
+ url = @cp["API"]+path
60
+ url = URI.parse url
61
+ http = Net::HTTP.new(url.host, url.port)
62
+ http.use_ssl = (url.scheme == 'https')
63
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
64
+ http.verify_depth = 5
65
+ request = Net::HTTP::Get.new(url.path)
66
+ request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
67
+ request.add_field('Accept', 'application/json')
68
+ request.add_field("X-BashTokid", @cp["API_ID"])
69
+ token = Digest::MD5.hexdigest(path+@cp["API_KEY"])
70
+ $stderr.puts "DEBUG: cn360 url = #{url} token = #{token}" if @debug
71
+ request.add_field("X-BashToken", token)
72
+ t1 = Time.now
73
+ response = http.request(request)
74
+ t2 = Time.now
75
+ recs = parse_json(response.body, label, t2-t1)
76
+ if limit
77
+ recs[0,limit]
78
+ else
79
+ recs
80
+ end
81
+ end
82
+ end
83
+ end
@@ -1,5 +1,5 @@
1
1
  module PassiveDNS
2
2
  class Client
3
- VERSION = "1.3.2"
3
+ VERSION = "1.4.0"
4
4
  end
5
5
  end
@@ -141,4 +141,30 @@ class TestPassiveDnsQuery < Test::Unit::TestCase
141
141
  assert_not_nil(rows.to_json)
142
142
  assert_not_nil(rows.to_yaml)
143
143
  end
144
+
145
+ def test_cn360
146
+ assert_not_nil(PassiveDNS::CN360.new)
147
+ assert_nothing_raised do
148
+ PassiveDNS::Client.new(['cn360'])
149
+ end
150
+ rows = PassiveDNS::CN360.new.lookup("example.org")
151
+ assert_not_nil(rows)
152
+ assert_not_nil(rows.to_s)
153
+ assert_not_nil(rows.to_xml)
154
+ assert_not_nil(rows.to_json)
155
+ assert_not_nil(rows.to_yaml)
156
+ rows = PassiveDNS::CN360.new.lookup("example.org",3)
157
+ assert_not_nil(rows)
158
+ assert_not_nil(rows.to_s)
159
+ assert_not_nil(rows.to_xml)
160
+ assert_not_nil(rows.to_json)
161
+ assert_not_nil(rows.to_yaml)
162
+ assert_equal(3, rows.length)
163
+ rows = PassiveDNS::CN360.new.lookup("8.8.8.8")
164
+ assert_not_nil(rows)
165
+ assert_not_nil(rows.to_s)
166
+ assert_not_nil(rows.to_xml)
167
+ assert_not_nil(rows.to_json)
168
+ assert_not_nil(rows.to_yaml)
169
+ end
144
170
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: passivedns-client
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.2
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - chrislee35
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-09-23 00:00:00.000000000 Z
11
+ date: 2014-09-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json
@@ -99,6 +99,7 @@ files:
99
99
  - lib/passivedns/client.rb
100
100
  - lib/passivedns/client/bfk.rb
101
101
  - lib/passivedns/client/certee.rb
102
+ - lib/passivedns/client/cn360.rb
102
103
  - lib/passivedns/client/dnsdb.rb
103
104
  - lib/passivedns/client/state.rb
104
105
  - lib/passivedns/client/tcpiputils.rb