passivedns-client 2.1.7 → 2.1.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +34 -49
- data/Rakefile +0 -0
- data/lib/passivedns/client.rb +6 -0
- data/lib/passivedns/client/cli.rb +14 -11
- data/lib/passivedns/client/provider/circl.rb +22 -6
- data/lib/passivedns/client/provider/dnsdb.rb +3 -2
- data/lib/passivedns/client/provider/passivetotal.rb +8 -3
- data/lib/passivedns/client/provider/riskiq.rb +22 -6
- data/lib/passivedns/client/provider/virustotal.rb +17 -3
- data/lib/passivedns/client/state.rb +2 -1
- data/lib/passivedns/client/version.rb +1 -1
- data/passivedns-client.gemspec +6 -6
- data/test/test_cli.rb +57 -43
- data/test/test_passivedns-client.rb +73 -166
- metadata +23 -28
- data/lib/passivedns/client/provider/bfk.rb +0 -107
- data/lib/passivedns/client/provider/cn360.rb +0 -111
- data/lib/passivedns/client/provider/mnemonic.rb +0 -111
- data/lib/passivedns/client/provider/tcpiputils.rb +0 -128
@@ -1,128 +0,0 @@
|
|
1
|
-
require 'net/http'
|
2
|
-
require 'net/https'
|
3
|
-
require 'openssl'
|
4
|
-
require 'json'
|
5
|
-
|
6
|
-
# Please read http://www.tcpiputils.com/terms-of-service under automated requests
|
7
|
-
|
8
|
-
module PassiveDNS #:nodoc: don't document this
|
9
|
-
# The Provider module contains all the Passive DNS provider client code
|
10
|
-
module Provider
|
11
|
-
# Queries TCPIPUtils's passive DNS database
|
12
|
-
class TCPIPUtils < PassiveDB
|
13
|
-
# Sets the modules self-reported name to "TCPIPUtils"
|
14
|
-
def self.name
|
15
|
-
"TCPIPUtils"
|
16
|
-
end
|
17
|
-
# Sets the configuration section name to "tcpiputils"
|
18
|
-
def self.config_section_name
|
19
|
-
"tcpiputils"
|
20
|
-
end
|
21
|
-
# Sets the command line database argument to "t"
|
22
|
-
def self.option_letter
|
23
|
-
"t"
|
24
|
-
end
|
25
|
-
|
26
|
-
# :debug enables verbose logging to standard output
|
27
|
-
attr_accessor :debug
|
28
|
-
# === Options
|
29
|
-
# * :debug Sets the debug flag for the module
|
30
|
-
# * "APIKEY" REQUIRED: The API key associated with TCPIPUtils
|
31
|
-
# * "URL" Alternate url for testing. Defaults to "https://www.utlsapi.com/api.php?version=1.0&apikey="
|
32
|
-
#
|
33
|
-
# === Example Instantiation
|
34
|
-
#
|
35
|
-
# options = {
|
36
|
-
# :debug => true,
|
37
|
-
# "APIKEY" => "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
|
38
|
-
# "URL" => "https://www.utlsapi.com/api.php?version=1.0&apikey="
|
39
|
-
# }
|
40
|
-
#
|
41
|
-
# PassiveDNS::Provider::TCPIPUtils.new(options)
|
42
|
-
#
|
43
|
-
def initialize(options={})
|
44
|
-
@debug = options[:debug] || false
|
45
|
-
@apikey = options["APIKEY"] || raise("#{self.class.name} requires an APIKEY. See README.md")
|
46
|
-
@url = options["URL"] || "https://www.utlsapi.com/api.php?version=1.0&apikey="
|
47
|
-
end
|
48
|
-
|
49
|
-
# Takes a label (either a domain or an IP address) and returns
|
50
|
-
# an array of PassiveDNS::PDNSResult instances with the answers to the query
|
51
|
-
def lookup(label, limit=nil)
|
52
|
-
$stderr.puts "DEBUG: #{self.class.name}.lookup(#{label})" if @debug
|
53
|
-
type = (label.match(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)) ? "domainneighbors" : "domainipdnshistory"
|
54
|
-
url = "#{@url}#{@apikey}&type=#{type}&q=#{label}"
|
55
|
-
recs = []
|
56
|
-
Timeout::timeout(240) {
|
57
|
-
url = URI.parse url
|
58
|
-
http = Net::HTTP.new(url.host, url.port)
|
59
|
-
http.use_ssl = (url.scheme == 'https')
|
60
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
61
|
-
http.verify_depth = 5
|
62
|
-
request = Net::HTTP::Get.new(url.path+"?"+url.query)
|
63
|
-
request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
|
64
|
-
t1 = Time.now
|
65
|
-
response = http.request(request)
|
66
|
-
delta = (Time.now - t1).to_f
|
67
|
-
reply = JSON.parse(response.body)
|
68
|
-
if reply["status"] and reply["status"] == "succeed"
|
69
|
-
question = reply["data"]["question"]
|
70
|
-
recs = format_recs(reply["data"], question, delta)
|
71
|
-
elsif reply["status"] and reply["status"] == "error"
|
72
|
-
raise "#{self.class.name}: error from web API: #{reply["data"]}"
|
73
|
-
end
|
74
|
-
if limit
|
75
|
-
recs[0,limit]
|
76
|
-
else
|
77
|
-
recs
|
78
|
-
end
|
79
|
-
}
|
80
|
-
rescue Timeout::Error => e
|
81
|
-
$stderr.puts "#{self.class.name} lookup timed out: #{label}"
|
82
|
-
end
|
83
|
-
|
84
|
-
private
|
85
|
-
|
86
|
-
# translates the data structure derived from of tcpiputils's JSON reply
|
87
|
-
def format_recs(reply_data, question, delta)
|
88
|
-
recs = []
|
89
|
-
fieldname = nil
|
90
|
-
rrtype = nil
|
91
|
-
add_records = false
|
92
|
-
reply_data.each do |key, data|
|
93
|
-
case key
|
94
|
-
when "ipv4"
|
95
|
-
fieldname = "ip"
|
96
|
-
rrtype = "A"
|
97
|
-
add_records = true
|
98
|
-
when "ipv6"
|
99
|
-
fieldname = "ip"
|
100
|
-
rrtype = "AAAA"
|
101
|
-
add_records = true
|
102
|
-
when "dns"
|
103
|
-
fieldname = "dns"
|
104
|
-
rrtype = "NS"
|
105
|
-
add_records = true
|
106
|
-
when "mx"
|
107
|
-
fieldname = "dns"
|
108
|
-
rrtype = "MX"
|
109
|
-
add_records = true
|
110
|
-
when "domains"
|
111
|
-
data.each do |rec|
|
112
|
-
lastseen = (rec["updatedate"]) ? Date.parse(rec["updatedate"]) : nil
|
113
|
-
recs << PDNSResult.new(self.class.name, delta, rec, question, "A", nil, nil, nil, nil, 'yellow')
|
114
|
-
end
|
115
|
-
end
|
116
|
-
if add_records
|
117
|
-
data.each do |rec|
|
118
|
-
lastseen = (rec["updatedate"]) ? Date.parse(rec["updatedate"]) : nil
|
119
|
-
recs << PDNSResult.new(self.class.name, delta, question, rec[fieldname], rrtype, nil, nil, lastseen, nil, 'yellow')
|
120
|
-
end
|
121
|
-
end
|
122
|
-
end
|
123
|
-
recs
|
124
|
-
end
|
125
|
-
|
126
|
-
end
|
127
|
-
end
|
128
|
-
end
|