passivedns-client 2.1.6 → 2.1.12

data/lib/passivedns/client/provider/mnemonic.rb

@@ -8,7 +8,7 @@ module PassiveDNS #:nodoc: don't document this
   # The Provider module contains all the Passive DNS provider client code
   module Provider
     # Queries Mnemonic's passive DNS database
-  	class Mnemonic < PassiveDB
+    class Mnemonic < PassiveDB
       # Sets the modules self-reported name to "Mnemonic"
       def self.name
         "Mnemonic"
@@ -26,79 +26,87 @@ module PassiveDNS #:nodoc: don't document this
       attr_accessor :debug
       # === Options
       # * :debug       Sets the debug flag for the module
-      # * "APIKEY"     REQUIRED: The API key associated with Mnemonic
-      # * "URL"      Alternate url for testing.  Defaults to "https://passivedns.mnemonic.no/api1/?apikey="
+      # * "APIKEY"     The API key associated with Mnemonic for doing automated queries
+      # * "URL"        Alternate url for testing.  Defaults to "https://api.mnemonic.no/pdns/v3/"
       #
       # === Example Instantiation
       #
       #   options = {
       #     :debug => true,
       #     "APIKEY" => "01234567890abcdef01234567890abcdef012345",
-      #     "URL" => "https://passivedns.mnemonic.no/api1/?apikey="
+      #     "URL" => "https://api.mnemonic.no/pdns/v3/"
       #   }
       #
       #   PassiveDNS::Provider::Mnemonic.new(options)
       #
-  		def initialize(options={})
+      def initialize(options={})
         @debug = options[:debug] || false
-        @apikey = options["APIKEY"] || raise("#{self.class.name} requires an APIKEY")
-        @url = options["URL"] || "https://passivedns.mnemonic.no/api1/?apikey="
-  		end
+        @timeout = options[:timeout] || 20
+        @apikey = options["APIKEY"]
+        @url = options["URL"] || "https://api.mnemonic.no/pdns/v3/"
+        if @url == "https://passivedns.mnemonic.no/api1/?apikey="
+          @url = "https://api.mnemonic.no/pdns/v3/"
+        end
+      end
 
       # Takes a label (either a domain or an IP address) and returns
       # an array of PassiveDNS::PDNSResult instances with the answers to the query
-  		def lookup(label, limit=nil)
-  			$stderr.puts "DEBUG: #{self.class.name}.lookup(#{label})" if @debug
-  			Timeout::timeout(240) {
-  				url = "#{@url}#{@apikey}&query=#{label}&method=exact"
-  				$stderr.puts "DEBUG: #{self.class.name} url = #{url}" if @debug
-  				url = URI.parse url
-  				http = Net::HTTP.new(url.host, url.port)
-  				http.use_ssl = (url.scheme == 'https')
-  				http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-  				http.verify_depth = 5
-  				request = Net::HTTP::Get.new(url.path+"?"+url.query)
-  				request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
-  				t1 = Time.now
-  				response = http.request(request)
-  				t2 = Time.now
-  				recs = parse_json(response.body, label, t2-t1)
-  				if limit
-  					recs[0,limit]
-  				else
-  					recs
-  				end
-  			}
-  		rescue Timeout::Error => e
-  			$stderr.puts "#{self.class.name} lookup timed out: #{label}"
-  		end
+      def lookup(label, limit=nil)
+        $stderr.puts "DEBUG: #{self.class.name}.lookup(#{label})" if @debug
+        Timeout::timeout(@timeout) {
+          url = "#{@url}#{label}"
+          $stderr.puts "DEBUG: #{self.class.name} url = #{url}" if @debug
+          url = URI.parse url
+          http = Net::HTTP.new(url.host, url.port)
+          http.use_ssl = (url.scheme == 'https')
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          http.verify_depth = 5
+          request = Net::HTTP::Get.new(url.path)
+          request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
+          if @apikey
+            request.add_field("Argus-API-Key", @apikey)
+          end
+          t1 = Time.now
+          response = http.request(request)
+          t2 = Time.now
+          recs = parse_json(response.body, label, t2-t1)
+          if limit
+            recs[0,limit]
+          else
+            recs
+          end
+        }
+      rescue Timeout::Error
+        $stderr.puts "#{self.class.name} lookup timed out: #{label}"
+      end
     
       private
     
       # parses the response of mnemonic's JSON reply to generate an array of PDNSResult
-  		def parse_json(page,query,response_time=0)
-  			res = []
-  			data = JSON.parse(page)
-  			if data['result']
-  				data['result'].each do |row|
-  					if row['query']
+      def parse_json(page,query,response_time=0)
+        res = []
+        data = JSON.parse(page)
+        if data['data']
+          data['data'].each do |row|
+            if row['query']
               query = row['query']
               answer = row['answer']
-              rrtype = row['type'].upcase
-              tty = row['ttl'].to_i
-              firstseen = Time.at(row['first'].to_i)
-              lastseen = Time.at(row['last'].to_i)
-  						res << PDNSResult.new(self.class.name,response_time,
-                query, answer, rrtype, ttl, firstseen, lastseen)
-  					end
-  				end
-  			end
-  			res
-  		rescue Exception => e
-  			$stderr.puts "#{self.class.name} Exception: #{e}"
-  			raise e
-  		end
+              rrtype = row['rrtype'].upcase
+              ttl = row['maxTtl'].to_i
+              firstseen = Time.at(row['firstSeenTimestamp'].to_i / 1000)
+              lastseen = Time.at(row['lastSeenTimestamp'].to_i / 1000)
+              tlp = row['tlp']
+              r = PDNSResult.new(self.class.name,response_time, query, answer, rrtype, ttl, firstseen, lastseen, tlp)
+              res << r
+            end
+          end
+        end
+        res
+      rescue Exception => e
+        $stderr.puts "#{self.class.name} Exception: #{e}"
+        raise e
+      end
 
-  	end
+    end
   end
-end
+end

data/lib/passivedns/client/provider/passivetotal.rb

@@ -9,7 +9,7 @@ module PassiveDNS #:nodoc: don't document this
   # The Provider module contains all the Passive DNS provider client code
   module Provider
     # Queries PassiveTotal's passive DNS database
-  	class PassiveTotal < PassiveDB
+    class PassiveTotal < PassiveDB
       # Sets the modules self-reported name to "PassiveTotal"
       def self.name
         "PassiveTotal"
@@ -52,65 +52,70 @@ module PassiveDNS #:nodoc: don't document this
       #
       #   PassiveDNS::Provider::PassiveTotal.new(options)
       #
-  		def initialize(options={})
+      def initialize(options={})
         @debug = options[:debug] || false
+        @timeout = options[:timeout] || 20
         @username = options["USERNAME"] || raise("#{self.class.name} requires a USERNAME")
         @apikey = options["APIKEY"] || raise("#{self.class.name} requires an APIKEY")
         @url = options["URL"] || "https://api.passivetotal.org/v2/dns/passive"
-  		end
+      end
 
       # Takes a label (either a domain or an IP address) and returns
       # an array of PassiveDNS::PDNSResult instances with the answers to the query
-  		def lookup(label, limit=nil)
-  			$stderr.puts "DEBUG: #{self.class.name}.lookup(#{label})" if @debug
-  			Timeout::timeout(240) {
-  				url = @url+"?query=#{label}"
-  				$stderr.puts "DEBUG: #{self.class.name} url = #{url}" if @debug
-  				url = URI.parse url
-  				http = Net::HTTP.new(url.host, url.port)
-  				http.use_ssl = (url.scheme == 'https')
-  				http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-  				http.verify_depth = 5
-  				request = Net::HTTP::Get.new(url.request_uri)
+      def lookup(label, limit=nil)
+        $stderr.puts "DEBUG: #{self.class.name}.lookup(#{label})" if @debug
+        Timeout::timeout(@timeout) {
+          url = @url+"?query=#{label}"
+          $stderr.puts "DEBUG: #{self.class.name} url = #{url}" if @debug
+          url = URI.parse url
+          http = Net::HTTP.new(url.host, url.port)
+          http.use_ssl = (url.scheme == 'https')
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          http.verify_depth = 5
+          request = Net::HTTP::Get.new(url.request_uri)
           request.basic_auth(@username, @apikey)
-  				request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
+          request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
           #request.set_form_data({"api_key" => @apikey, "query" => label})
-  				t1 = Time.now
-  				response = http.request(request)
-  				t2 = Time.now
-  				recs = parse_json(response.body, label, t2-t1)
-  				if limit
-  					recs[0,limit]
-  				else
-  					recs
-  				end
-  			}
-  		rescue Timeout::Error => e
-  			$stderr.puts "#{self.class.name} lookup timed out: #{label}"
-  		end
+          t1 = Time.now
+          response = http.request(request)
+          t2 = Time.now
+          recs = parse_json(response.body, label, t2-t1)
+          if limit
+            recs[0,limit]
+          else
+            recs
+          end
+        }
+      rescue Timeout::Error
+        $stderr.puts "#{self.class.name} lookup timed out: #{label}"
+      end
     
       private
     
       # parses the response of passivetotals's JSON reply to generate an array of PDNSResult
-  		def parse_json(page,query,response_time=0)
-   			res = []
-  			data = JSON.parse(page)
+      def parse_json(page,query,response_time=0)
+        res = []
+        data = JSON.parse(page)
+        pp data
+        if data['message']
+          raise "#{self.class.name} Error: #{data['message']}"
+        end
         query = data['queryValue']
-  			if data['results']
-  				data['results'].each do |row|
+        if data['results']
+          data['results'].each do |row|
             first_seen = (row['firstSeen'] == "None") ? nil : Time.parse(row['firstSeen']+" +0000")
             last_seen = (row['lastSeen'] == "None") ? nil : Time.parse(row['lastSeen']+" +0000")
             value = row['resolve']
             source = row['source'].join(",")
-  					res << PDNSResult.new(self.class.name+"/"+source,response_time,
-              query, value, "A", 0, first_seen, last_seen)
-  				end
-  			end
-  			res
-  		rescue Exception => e
-  			$stderr.puts "#{self.class.name} Exception: #{e}"
-  			raise e
-  		end
-  	end
+            res << PDNSResult.new(self.class.name+"/"+source,response_time,
+              query, value, "A", 0, first_seen, last_seen, 'yellow')
+          end
+        end
+        res
+      rescue Exception => e
+        $stderr.puts "#{self.class.name} Exception: #{e}"
+        raise e
+      end
+    end
   end
 end

data/lib/passivedns/client/provider/riskiq.rb

@@ -9,7 +9,7 @@ module PassiveDNS #:nodoc: don't document this
   # The Provider module contains all the Passive DNS provider client code
   module Provider
     # Queries RiskIQ's passive DNS database
-  	class RiskIQ < PassiveDB
+    class RiskIQ < PassiveDB
       # Sets the modules self-reported name to "RiskIQ"
       def self.name
         "RiskIQ"
@@ -44,20 +44,21 @@ module PassiveDNS #:nodoc: don't document this
       #
       #   PassiveDNS::Provider::RiskIQ.new(options)
       #
-  		def initialize(options={})
+      def initialize(options={})
         @debug = options[:debug] || false
+        @timeout = options[:timeout] || 20
         @token = options["API_TOKEN"] || raise("#{self.class.name} requires an API_TOKEN")
         @privkey = options["API_PRIVATE_KEY"] || raise("#{self.class.name} requires an API_PRIVATE_KEY")
-        @server = options["API_SERVER"] || "ws.riskiq.net"
         @version = options["API_VERSION"] || "v1"
+        @server = options["API_SERVER"] || api_settings[@version][:server]
         @url = "https://#{@server}/#{@version}"
-  		end
+      end
 
       # Takes a label (either a domain or an IP address) and returns
       # an array of PassiveDNS::PDNSResult instances with the answers to the query
-  		def lookup(label, limit=nil)
-  			$stderr.puts "DEBUG: #{self.class.name}.lookup(#{label})" if @debug
-  			Timeout::timeout(240) {
+      def lookup(label, limit=nil)
+        $stderr.puts "DEBUG: #{self.class.name}.lookup(#{label})" if @debug
+        Timeout::timeout(@timeout) {
           url = nil
           params = {"rrType" => "", "maxResults" => limit || 1000}
         
@@ -65,8 +66,10 @@ module PassiveDNS #:nodoc: don't document this
             url = @url+"/dns/data"
             params["ip"] = label 
           else
-            url = @url+"/dns/name"
-            params["name"] = label
+            resource = api_settings[@version][:resource]
+            param = api_settings[@version][:param]
+            url = @url+"/dns/#{resource}"
+            params[param] = label
           end
           url << "?"
           params.each do |k,v|
@@ -74,38 +77,51 @@ module PassiveDNS #:nodoc: don't document this
           end
           url.gsub!(/\&$/,"")
         
-  				$stderr.puts "DEBUG: #{self.class.name} url = #{url}" if @debug
-  				url = URI.parse url
-  				http = Net::HTTP.new(url.host, url.port)
-  				http.use_ssl = (url.scheme == 'https')
-  				http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-  				http.verify_depth = 5
-  				request = Net::HTTP::Get.new(url.request_uri)
-  				request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
+          $stderr.puts "DEBUG: #{self.class.name} url = #{url}" if @debug
+          url = URI.parse url
+          http = Net::HTTP.new(url.host, url.port)
+          http.use_ssl = (url.scheme == 'https')
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          http.verify_depth = 5
+          request = Net::HTTP::Get.new(url.request_uri)
+          request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
           request.add_field('Accept', 'Application/JSON')
           request.add_field('Content-Type', 'Application/JSON')
           request.basic_auth(@token, @privkey)
-  				t1 = Time.now
-  				response = http.request(request)
-  				t2 = Time.now
-  				recs = parse_json(response.body, label, t2-t1)
-  				if limit
-  					recs[0,limit]
-  				else
-  					recs
-  				end
-  			}
-  		rescue Timeout::Error => e
-  			$stderr.puts "#{self.class.name} lookup timed out: #{label}"
-  		end
+          t1 = Time.now
+          response = http.request(request)
+          t2 = Time.now
+          recs = parse_json(response.body, label, t2-t1)
+          if limit
+            recs[0,limit]
+          else
+            recs
+          end
+        }
+      rescue Timeout::Error
+        $stderr.puts "#{self.class.name} lookup timed out: #{label}"
+      end
     
       private
     
+      def api_settings
+        @api_settings ||= {
+          'v1' => { server: "ws.riskiq.net", resource: 'name', param: 'name' },
+          'v2' => { server: "api.passivetotal.org", resource: 'passive', param: 'query' }
+        }
+      end
+
       # parses the response of riskiq's JSON reply to generate an array of PDNSResult
-  		def parse_json(page,query,response_time=0)
-   			res = []
-  			data = JSON.parse(page)
-  			if data['records']
+      def parse_json(page,query,response_time=0)
+        res = []
+        data = JSON.parse(page)
+        if data['message']
+          if data['message'] =~ /quota_exceeded/
+            $stderr.puts "ERROR: quota exceeded."
+            return res
+          end
+        end
+        if data['records']
           data['records'].each do |record|
             name = record['name'].gsub!(/\.$/,'')
             type = record['rrtype']
@@ -114,17 +130,17 @@ module PassiveDNS #:nodoc: don't document this
             count = record['count']
             record['data'].each do |datum|
               datum.gsub!(/\.$/,'')
-    					res << PDNSResult.new(self.class.name,response_time,
-                name, datum, type, 0, first_seen, last_seen, count)
+              res << PDNSResult.new(self.class.name,response_time,
+                name, datum, type, 0, first_seen, last_seen, count, 'yellow')
             end
           end
         end
-  			res
-  		rescue Exception => e
-  			$stderr.puts "#{self.class.name} Exception: #{e}"
-  			raise e
-  		end
+        res
+      rescue Exception => e
+        $stderr.puts "#{self.class.name} Exception: #{e}"
+        raise e
+      end
 
-  	end
+    end
   end
-end
+end

data/lib/passivedns/client/provider/tcpiputils.rb

@@ -42,6 +42,7 @@ module PassiveDNS #:nodoc: don't document this
       #
       def initialize(options={})
         @debug = options[:debug] || false
+        @timeout = options[:timeout] || 20
         @apikey = options["APIKEY"] || raise("#{self.class.name} requires an APIKEY.  See README.md")
         @url = options["URL"] || "https://www.utlsapi.com/api.php?version=1.0&apikey="
       end
@@ -53,18 +54,18 @@ module PassiveDNS #:nodoc: don't document this
         type = (label.match(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)) ? "domainneighbors" : "domainipdnshistory"
         url = "#{@url}#{@apikey}&type=#{type}&q=#{label}"
         recs = []
-        Timeout::timeout(240) {
-  				url = URI.parse url
-  				http = Net::HTTP.new(url.host, url.port)
-  				http.use_ssl = (url.scheme == 'https')
-  				http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-  				http.verify_depth = 5
-  				request = Net::HTTP::Get.new(url.path+"?"+url.query)
-  				request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
-  				t1 = Time.now
-  				response = http.request(request)
-  				delta = (Time.now - t1).to_f
-  				reply = JSON.parse(response.body)
+        Timeout::timeout(@timeout) {
+          url = URI.parse url
+          http = Net::HTTP.new(url.host, url.port)
+          http.use_ssl = (url.scheme == 'https')
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          http.verify_depth = 5
+          request = Net::HTTP::Get.new(url.path+"?"+url.query)
+          request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
+          t1 = Time.now
+          response = http.request(request)
+          delta = (Time.now - t1).to_f
+          reply = JSON.parse(response.body)
           if reply["status"] and reply["status"] == "succeed"
             question = reply["data"]["question"]
             recs = format_recs(reply["data"], question, delta)
@@ -76,10 +77,10 @@ module PassiveDNS #:nodoc: don't document this
           else
             recs
           end
-  			}
-  		rescue Timeout::Error => e
-  			$stderr.puts "#{self.class.name} lookup timed out: #{label}"
-  		end
+        }
+      rescue Timeout::Error
+        $stderr.puts "#{self.class.name} lookup timed out: #{label}"
+      end
     
       private
     
@@ -110,13 +111,13 @@ module PassiveDNS #:nodoc: don't document this
           when "domains"
             data.each do |rec|
               lastseen = (rec["updatedate"]) ? Date.parse(rec["updatedate"]) : nil
-              recs << PDNSResult.new(self.class.name, delta, rec, question, "A", nil, nil, nil, nil)
+              recs << PDNSResult.new(self.class.name, delta, rec, question, "A", nil, nil, lastseen, nil, 'yellow')
             end
           end
           if add_records
             data.each do |rec|
               lastseen = (rec["updatedate"]) ? Date.parse(rec["updatedate"]) : nil
-              recs << PDNSResult.new(self.class.name, delta, question, rec[fieldname], rrtype, nil, nil, lastseen, nil)
+              recs << PDNSResult.new(self.class.name, delta, question, rec[fieldname], rrtype, nil, nil, lastseen, nil, 'yellow')
             end
           end
         end
@@ -125,4 +126,4 @@ module PassiveDNS #:nodoc: don't document this
 
     end
   end
-end
+end