rogue_one 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 6f56c7358aca2eaaacd1e5d93d88793cd60dbc7cfa2b4b1d21e3a4a2ba68b44b
4
+ data.tar.gz: a0b87b0b0084a95a4285b2781c657beb5a88f191ff392dcc35fc1f25a6e62955
5
+ SHA512:
6
+ metadata.gz: c22cf1c4878be88a3fa3098f7132334a1c998b4dbcc91aff77595b78932708d1b15c2c1735cea742689c19099ce49fe2e0ceddedf0e2e8baeb9f850bcd43b5e2
7
+ data.tar.gz: f71648b22084e42702e681930ffa5b7f0da42c00b444634eca93a4b347dfb201dea9f008becc85b6105ec2c47a9c6cfa8ccbed43792587e64ba07a9bcdbe7898
data/.gitignore ADDED
@@ -0,0 +1,52 @@
1
+ *.gem
2
+ *.rbc
3
+ /.config
4
+ /coverage/
5
+ /InstalledFiles
6
+ /pkg/
7
+ /spec/reports/
8
+ /spec/examples.txt
9
+ /test/tmp/
10
+ /test/version_tmp/
11
+ /tmp/
12
+
13
+ # Used by dotenv library to load environment variables.
14
+ .env
15
+
16
+ ## Specific to RubyMotion:
17
+ .dat*
18
+ .repl_history
19
+ build/
20
+ *.bridgesupport
21
+ build-iPhoneOS/
22
+ build-iPhoneSimulator/
23
+
24
+ ## Specific to RubyMotion (use of CocoaPods):
25
+ #
26
+ # We recommend against adding the Pods directory to your .gitignore. However
27
+ # you should judge for yourself, the pros and cons are mentioned at:
28
+ # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
29
+ #
30
+ # vendor/Pods/
31
+
32
+ ## Documentation cache and generated files:
33
+ /.yardoc/
34
+ /_yardoc/
35
+ /doc/
36
+ /rdoc/
37
+
38
+ ## Environment normalization:
39
+ /.bundle/
40
+ /vendor/bundle
41
+ /lib/bundler/man/
42
+
43
+ # for a library or gem, you might want to ignore these files since the code is
44
+ # intended to run in multiple environments; otherwise, check them in:
45
+ Gemfile.lock
46
+ .ruby-version
47
+ .ruby-gemset
48
+
49
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
50
+ .rvmrc
51
+
52
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.travis.yml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ sudo: false
3
+ language: ruby
4
+ cache: bundler
5
+ rvm:
6
+ - 2.6
7
+ before_install: gem install bundler -v 2.0.1
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in rogue_one.gemspec
4
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2019 Manabu Niseki
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,41 @@
1
+ # Rogue one: a rogue DNS detector
2
+
3
+ [![Build Status](https://travis-ci.org/ninoseki/rogue_one.svg?branch=master)](https://travis-ci.org/ninoseki/rogue_one)
4
+ [![Coverage Status](https://coveralls.io/repos/github/ninoseki/rogue_one/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/rogue_one?branch=master)
5
+
6
+ ## Installation
7
+
8
+ ```bash
9
+ gem install rogue_one
10
+ ```
11
+
12
+ ## Usage
13
+
14
+ ```bash
15
+ $ rogue_one
16
+ Commands:
17
+ rogue_one help [COMMAND] # Describe available commands or one specific command
18
+ rogue_one report [DNS_SERVER] # Show a report of a given DNS server
19
+
20
+ $ rogue_one report 1.1.1.1
21
+ {
22
+ "verdict": "rogue one",
23
+ "landing_pages": [
24
+
25
+ ]
26
+ }
27
+
28
+ $ rogue_one reprot 1.53.252.215
29
+ {
30
+ "verdict": "rogue one",
31
+ "landing_pages": [
32
+ "1.171.170.228",
33
+ "1.171.168.19",
34
+ "61.230.102.66"
35
+ ]
36
+ }
37
+ ```
38
+
39
+ ## License
40
+
41
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "rogue_one"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/exe/rogue_one ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ $LOAD_PATH.unshift("#{__dir__}/../lib")
5
+
6
+ require "rogue_one"
7
+
8
+ RogueOne::CLI.start
@@ -0,0 +1,24 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "thor"
4
+ require "json"
5
+
6
+ module RogueOne
7
+ class CLI < Thor
8
+ desc "report [DNS_SERVER]", "Show a report of a given DNS server"
9
+ def report(dns_server)
10
+ with_error_handling do
11
+ detector = Detector.new(target: dns_server)
12
+ puts JSON.pretty_generate(detector.report)
13
+ end
14
+ end
15
+
16
+ no_commands do
17
+ def with_error_handling
18
+ yield
19
+ rescue StandardError => e
20
+ puts "Warning: #{e}"
21
+ end
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,101 @@
1
+ ---
2
+ - google.com
3
+ - facebook.com
4
+ - youtube.com
5
+ - yahoo.com
6
+ - baidu.com
7
+ - wikipedia.org
8
+ - qq.com
9
+ - taobao.com
10
+ - twitter.com
11
+ - amazon.com
12
+ - linkedin.com
13
+ - live.com
14
+ - google.co.in
15
+ - sina.com.cn
16
+ - hao123.com
17
+ - blogspot.com
18
+ - weibo.com
19
+ - tmall.com
20
+ - vk.com
21
+ - wordpress.com
22
+ - yahoo.co.jp
23
+ - sohu.com
24
+ - yandex.ru
25
+ - ebay.com
26
+ - google.de
27
+ - bing.com
28
+ - pinterest.com
29
+ - google.co.uk
30
+ - 163.com
31
+ - 360.cn
32
+ - google.fr
33
+ - ask.com
34
+ - instagram.com
35
+ - google.co.jp
36
+ - tumblr.com
37
+ - msn.com
38
+ - google.com.br
39
+ - mail.ru
40
+ - microsoft.com
41
+ - xvideos.com
42
+ - paypal.com
43
+ - google.ru
44
+ - soso.com
45
+ - adcash.com
46
+ - google.es
47
+ - google.it
48
+ - imdb.com
49
+ - apple.com
50
+ - imgur.com
51
+ - neobux.com
52
+ - craigslist.org
53
+ - amazon.co.jp
54
+ - t.co
55
+ - xhamster.com
56
+ - stackoverflow.com
57
+ - reddit.com
58
+ - google.com.mx
59
+ - google.com.hk
60
+ - cnn.com
61
+ - google.ca
62
+ - fc2.com
63
+ - go.com
64
+ - ifeng.com
65
+ - bbc.co.uk
66
+ - vube.com
67
+ - people.com.cn
68
+ - blogger.com
69
+ - aliexpress.com
70
+ - odnoklassniki.ru
71
+ - wordpress.org
72
+ - alibaba.com
73
+ - gmw.cn
74
+ - adobe.com
75
+ - huffingtonpost.com
76
+ - google.com.tr
77
+ - xinhuanet.com
78
+ - googleusercontent.com
79
+ - youku.com
80
+ - godaddy.com
81
+ - pornhub.com
82
+ - akamaihd.net
83
+ - thepiratebay.se
84
+ - kickass.to
85
+ - google.com.au
86
+ - amazon.de
87
+ - clkmon.com
88
+ - ebay.de
89
+ - alipay.com
90
+ - google.pl
91
+ - espn.go.com
92
+ - dailymotion.com
93
+ - about.com
94
+ - bp.blogspot.com
95
+ - blogspot.in
96
+ - netflix.com
97
+ - vimeo.com
98
+ - dailymail.co.uk
99
+ - redtube.com
100
+ - rakuten.co.jp
101
+ - conduit.com
@@ -0,0 +1,68 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "yaml"
4
+
5
+ module RogueOne
6
+ class Detector
7
+ attr_reader :target
8
+
9
+ GOOGLE_PUBLIC_DNS = "8.8.8.8"
10
+
11
+ def initialize(target:)
12
+ @target = target
13
+ @memo = Hash.new(0)
14
+ @mismatched_domains = []
15
+ end
16
+
17
+ def report
18
+ inspect
19
+
20
+ {
21
+ verdict: verdict,
22
+ landing_pages: landing_pages
23
+ }
24
+ end
25
+
26
+ private
27
+
28
+ def verdict
29
+ rogue_one? ? "rogue one" : "benign one"
30
+ end
31
+
32
+ def rogue_one?
33
+ @mismatched_domains.length > 50
34
+ end
35
+
36
+ def landing_pages
37
+ return [] unless rogue_one?
38
+
39
+ @memo.map do |ip, count|
40
+ count > 10 ? ip : nil
41
+ end.compact
42
+ end
43
+
44
+ def inspect
45
+ top_100_domains.each do |domain|
46
+ normal_result = normal_resolver.dig(domain, "A")
47
+ target_result = target_resolver.dig(domain, "A")
48
+
49
+ if normal_result != target_result
50
+ @mismatched_domains << domain
51
+ @memo[target_result] += 1 if target_result
52
+ end
53
+ end
54
+ end
55
+
56
+ def top_100_domains
57
+ @top_100_domains ||= YAML.safe_load(File.read(File.expand_path("./data/top_100.yml", __dir__)))
58
+ end
59
+
60
+ def normal_resolver
61
+ @normal_resolver ||= Resolver.new(nameserver: GOOGLE_PUBLIC_DNS)
62
+ end
63
+
64
+ def target_resolver
65
+ @target_resolver ||= Resolver.new(nameserver: target)
66
+ end
67
+ end
68
+ end
@@ -0,0 +1,47 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "resolv"
4
+
5
+ module RogueOne
6
+ class Resolver
7
+ attr_reader :nameserver
8
+
9
+ def initialize(nameserver:)
10
+ @nameserver = nameserver
11
+ end
12
+
13
+ def dig(domain, type)
14
+ _resolver.getresource(domain, resource_by_type(type)).address.to_s
15
+ rescue Resolv::ResolvError => e
16
+ nil
17
+ end
18
+
19
+ private
20
+
21
+ def _resolver
22
+ @_resolver ||= Resolv::DNS.new(nameserver: [nameserver])
23
+ end
24
+
25
+ def resource_by_type(type)
26
+ resources.dig(type.upcase.to_sym)
27
+ end
28
+
29
+ def resources
30
+ {
31
+ ANY: Resolv::DNS::Resource::IN::ANY,
32
+ NS: Resolv::DNS::Resource::IN::NS,
33
+ CNAME: Resolv::DNS::Resource::IN::CNAME,
34
+ SOA: Resolv::DNS::Resource::IN::SOA,
35
+ HINFO: Resolv::DNS::Resource::IN::HINFO,
36
+ MINFO: Resolv::DNS::Resource::IN::MINFO,
37
+ MX: Resolv::DNS::Resource::IN::MX,
38
+ TXT: Resolv::DNS::Resource::IN::TXT,
39
+ A: Resolv::DNS::Resource::IN::A,
40
+ WKS: Resolv::DNS::Resource::IN::WKS,
41
+ PTR: Resolv::DNS::Resource::IN::PTR,
42
+ AAAA: Resolv::DNS::Resource::IN::AAAA,
43
+ SRV: Resolv::DNS::Resource::IN::SRV,
44
+ }
45
+ end
46
+ end
47
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module RogueOne
4
+ VERSION = "0.1.0"
5
+ end
data/lib/rogue_one.rb ADDED
@@ -0,0 +1,11 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "rogue_one/version"
4
+
5
+ require "rogue_one/resolver"
6
+ require "rogue_one/detector"
7
+ require "rogue_one/cli"
8
+
9
+ module RogueOne
10
+ class Error < StandardError; end
11
+ end
data/rogue_one.gemspec ADDED
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require "rogue_one/version"
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = "rogue_one"
9
+ spec.version = RogueOne::VERSION
10
+ spec.authors = ["Manabu Niseki"]
11
+ spec.email = ["manabu.niseki@gmail.com"]
12
+
13
+ spec.summary = "Rogue one: a rogue DNS detector"
14
+ spec.description = 'Rogue one: a rogue DNS detector'
15
+ spec.homepage = "https://github.com/ninoseki/rogue_one"
16
+ spec.license = "MIT"
17
+
18
+ # Specify which files should be added to the gem when it is released.
19
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
20
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
21
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
22
+ end
23
+ spec.bindir = "exe"
24
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
25
+ spec.require_paths = ["lib"]
26
+
27
+ spec.add_development_dependency "bundler", "~> 2.0"
28
+ spec.add_development_dependency "coveralls", "~> 0.8"
29
+ spec.add_development_dependency "rake", "~> 12.3"
30
+ spec.add_development_dependency "rspec", "~> 3.8"
31
+
32
+ spec.add_dependency "thor", "~> 0.19"
33
+ end
metadata ADDED
@@ -0,0 +1,131 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rogue_one
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Manabu Niseki
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2019-04-25 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: coveralls
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.8'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.8'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '12.3'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '12.3'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.8'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.8'
69
+ - !ruby/object:Gem::Dependency
70
+ name: thor
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '0.19'
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '0.19'
83
+ description: 'Rogue one: a rogue DNS detector'
84
+ email:
85
+ - manabu.niseki@gmail.com
86
+ executables:
87
+ - rogue_one
88
+ extensions: []
89
+ extra_rdoc_files: []
90
+ files:
91
+ - ".gitignore"
92
+ - ".rspec"
93
+ - ".travis.yml"
94
+ - Gemfile
95
+ - LICENSE
96
+ - README.md
97
+ - Rakefile
98
+ - bin/console
99
+ - bin/setup
100
+ - exe/rogue_one
101
+ - lib/rogue_one.rb
102
+ - lib/rogue_one/cli.rb
103
+ - lib/rogue_one/data/top_100.yml
104
+ - lib/rogue_one/detector.rb
105
+ - lib/rogue_one/resolver.rb
106
+ - lib/rogue_one/version.rb
107
+ - rogue_one.gemspec
108
+ homepage: https://github.com/ninoseki/rogue_one
109
+ licenses:
110
+ - MIT
111
+ metadata: {}
112
+ post_install_message:
113
+ rdoc_options: []
114
+ require_paths:
115
+ - lib
116
+ required_ruby_version: !ruby/object:Gem::Requirement
117
+ requirements:
118
+ - - ">="
119
+ - !ruby/object:Gem::Version
120
+ version: '0'
121
+ required_rubygems_version: !ruby/object:Gem::Requirement
122
+ requirements:
123
+ - - ">="
124
+ - !ruby/object:Gem::Version
125
+ version: '0'
126
+ requirements: []
127
+ rubygems_version: 3.0.2
128
+ signing_key:
129
+ specification_version: 4
130
+ summary: 'Rogue one: a rogue DNS detector'
131
+ test_files: []