rogue_one 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6967b5c72247d5e6709f0ba71a7402bd181ec8dec2bdc6caa8bd588a01c9d409
-  data.tar.gz: 2a79181907673bb4c64b97fe706ce3a3d200260d71f361117f6b42d0fd3c4ba6
+  metadata.gz: 5655a9f8e6b835c1ae68a9f10dd449ac4558a9efc582a2e8a8292f60f33a5c78
+  data.tar.gz: f7c38f1d2eacdebf14f2aa9dfb89c99460a3c9ceaf4c707f63b38f0423933123
 SHA512:
-  metadata.gz: 910aa8d5b1715407536204b63ac365006ff5ae0b7b09e51d42fcae4391a0be7cb1139f25c7131d3f14b386bb1e283f4be14a5b1d7a1b35a8fc01e18fbce21359
-  data.tar.gz: c408c4cba8b1b170771adf46132357221db2c00100cfb0991f5547c386d299bbb129dd375609636bd426feae46a06c3dd91cdfdc73ba9528f453c665e471870e
+  metadata.gz: 04fe47430be7c6a7bf2211620516a4dff785d8bcb61ca378b9c382e2d1eb1c3f3babed665345e23ab0a023b8201d073e567a554393f7af61272179dab6e0be63
+  data.tar.gz: 698b1433133c836c10df144c65fd5e98663e48f8be07f6082960f8bc29eec74315a2e8b807dde47be5fdb8e42480d47e8ea30d21e2f01afbad7653ee6ac18895

data/.travis.yml

@@ -4,4 +4,4 @@ language: ruby
 cache: bundler
 rvm:
   - 2.6
-before_install: gem install bundler -v 2.0.1
+before_install: gem install bundler -v 2.1

data/README.md

@@ -39,12 +39,16 @@ Usage:
   rogue_one report [DNS_SERVER]
 
 Options:
-  [--custom-list=CUSTOM_LIST]  # A path to a custom list of domains
-  [--threshold=N]              # Threshold value for determining malicious or not
+  [--default-list=DEFAULT_LIST]  # A default list of top 100 domains (Alexa or Fortune)
+                                 # Default: alexa
+  [--custom-list=CUSTOM_LIST]    # A path to a custom list of domains
+  [--threshold=N]                # Threshold value for determining malicious or not
   [--verbose], [--no-verbose]
 
 Show a report of a given DNS server
 
+Show a report of a given DNS server
+
 $ rogue_one report 1.1.1.1
 {
   "verdict": "benign one",

data/lib/rogue_one/cli.rb

@@ -6,6 +6,7 @@ require "json"
 module RogueOne
   class CLI < Thor
     desc "report [DNS_SERVER]", "Show a report of a given DNS server"
+    method_option :default_list, type: :string, default: "alexa", desc: "A default list of top 100 domains (Alexa or Fortune)"
     method_option :custom_list, type: :string, desc: "A path to a custom list of domains"
     method_option :threshold, type: :numeric, desc: "Threshold value for determining malicious or not"
     method_option :verbose, type: :boolean
@@ -13,10 +14,11 @@ module RogueOne
       with_error_handling do
         Ping.pong? dns_server
 
+        default_list = options["default_list"].downcase
         custom_list = options["custom_list"]
         threshold = options["threshold"]
         verbose = options["verbose"]
-        detector = Detector.new(target: dns_server, custom_list: custom_list, threshold: threshold, verbose: verbose)
+        detector = Detector.new(target: dns_server, default_list: default_list, custom_list: custom_list, threshold: threshold, verbose: verbose)
         puts JSON.pretty_generate(detector.report)
       end
     end

data/lib/rogue_one/data/alexa_100.yml

@@ -0,0 +1,101 @@
+---
+- google.com
+- youtube.com
+- tmall.com
+- baidu.com
+- qq.com
+- sohu.com
+- facebook.com
+- login.tmall.com
+- wikipedia.org
+- taobao.com
+- yahoo.com
+- jd.com
+- 360.cn
+- amazon.com
+- sina.com.cn
+- weibo.com
+- pages.tmall.com
+- reddit.com
+- live.com
+- vk.com
+- okezone.com
+- netflix.com
+- blogspot.com
+- office.com
+- csdn.net
+- alipay.com
+- xinhuanet.com
+- stackoverflow.com
+- yahoo.co.jp
+- instagram.com
+- google.com.hk
+- aliexpress.com
+- microsoft.com
+- babytree.com
+- naver.com
+- twitter.com
+- bing.com
+- livejasmin.com
+- amazon.co.jp
+- tribunnews.com
+- ebay.com
+- salesforce.com
+- twitch.tv
+- google.co.in
+- force.com
+- microsoftonline.com
+- apple.com
+- tianya.cn
+- adobe.com
+- pornhub.com
+- msn.com
+- zhanqi.tv
+- dropbox.com
+- linkedin.com
+- yandex.ru
+- wordpress.com
+- myshopify.com
+- amazon.in
+- mail.ru
+- panda.tv
+- imdb.com
+- caijing.com.cn
+- china.com.cn
+- mama.cn
+- amazonaws.com
+- google.com.br
+- trello.com
+- bongacams.com
+- google.de
+- medium.com
+- google.co.jp
+- soso.com
+- booking.com
+- w3schools.com
+- amazon.co.uk
+- spotify.com
+- amazon.de
+- rednet.cn
+- bbc.com
+- detail.tmall.com
+- xvideos.com
+- espn.com
+- detik.com
+- github.com
+- cnn.com
+- instructure.com
+- ok.ru
+- indeed.com
+- yy.com
+- tumblr.com
+- huanqiu.com
+- stackexchange.com
+- nytimes.com
+- imgur.com
+- soundcloud.com
+- whatsapp.com
+- rakuten.co.jp
+- nih.gov
+- sogou.com
+- google.cn

data/lib/rogue_one/data/fortune_100.yml

@@ -0,0 +1,101 @@
+---
+- walmart.com
+- exxonmobil.com
+- berkshirehathaway.com
+- apple.com
+- unitedhealthgroup.com
+- mckesson.com
+- cvshealth.com
+- amazon.com
+- att.com
+- gm.com
+- ford.com
+- amerisourcebergen.com
+- chevron.com
+- cardinalhealth.com
+- costco.com
+- verizon.com
+- kroger.com
+- ge.com
+- walgreensbootsalliance.com
+- jpmorganchase.com
+- fanniemae.com
+- abc.xyz
+- homedepot.com
+- bankofamerica.com
+- express-scripts.com
+- wellsfargo.com
+- boeing.com
+- phillips66.com
+- antheminc.com
+- microsoft.com
+- valero.com
+- citigroup.com
+- comcastcorporation.com
+- ibm.com
+- delltechnologies.com
+- statefarm.com
+- jnj.com
+- freddiemac.com
+- target.com
+- lowes.com
+- marathonpetroleum.com
+- pg.com
+- metlife.com
+- ups.com
+- pepsico.com
+- intel.com
+- dow-dupont.com
+- adm.com
+- aetna.com
+- fedex.com
+- utc.com
+- prudential.com
+- albertsons.com
+- sysco.com
+- disney.com
+- humana.com
+- pfizer.com
+- hp.com
+- lockheedmartin.com
+- aig.com
+- centene.com
+- cisco.com
+- hcahealthcare.com
+- energytransfer.com
+- caterpillar.com
+- nationwide.com
+- morganstanley.com
+- libertymutual.com
+- newyorklife.com
+- gs.com
+- aa.com
+- bestbuy.com
+- cigna.com
+- charter.com
+- delta.com
+- facebook.com
+- honeywell.com
+- merck.com
+- allstate.com
+- tysonfoods.com
+- united.com
+- oracle.com
+- techdata.com
+- tiaa.org
+- tjx.com
+- americanexpress.com
+- coca-colacompany.com
+- publix.com
+- nike.com
+- andeavor.com
+- wfscorp.com
+- exeloncorp.com
+- massmutual.com
+- riteaid.com
+- conocophillips.com
+- chsinc.com
+- 3m.com
+- timewarner.com
+- generaldynamics.com
+- usaa.com

data/lib/rogue_one/detector.rb

@@ -6,13 +6,15 @@ require "parallel"
 module RogueOne
   class Detector
     attr_reader :target
+    attr_reader :default_list
     attr_reader :custom_list
     attr_reader :verbose
 
     GOOGLE_PUBLIC_DNS = "8.8.8.8"
 
-    def initialize(target:, custom_list: nil, threshold: nil, verbose: false)
+    def initialize(target:, default_list: "alexa", custom_list: nil, threshold: nil, verbose: false)
       @target = target
+      @default_list = default_list
       @custom_list = custom_list
       @threshold = threshold
       @verbose = verbose
@@ -98,7 +100,14 @@ module RogueOne
     end
 
     def top_100_domains
-      read_domains File.expand_path("./data/top_100.yml", __dir__)
+      case default_list
+      when "alexa"
+        read_domains File.expand_path("./data/alexa_100.yml", __dir__)
+      when "fortune"
+        read_domains File.expand_path("./data/fortune_100.yml", __dir__)
+      else
+        raise ArgumentError, "A list for #{default_list} is not existing"
+      end
     end
 
     def read_domains(path)

data/lib/rogue_one/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RogueOne
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

data/rogue_one.gemspec

@@ -24,11 +24,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "bundler", "~> 2.1"
   spec.add_development_dependency "coveralls", "~> 0.8"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.9"
 
-  spec.add_dependency "parallel", "~> 1.18"
-  spec.add_dependency "thor", "~> 0.20"
+  spec.add_dependency "parallel", "~> 1.19"
+  spec.add_dependency "thor", "~> 1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rogue_one
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-11-12 00:00:00.000000000 Z
+date: 2019-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
@@ -72,28 +72,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.18'
+        version: '1.19'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.18'
+        version: '1.19'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.20'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.20'
+        version: '1.0'
 description: A rogue DNS detector
 email:
 - manabu.niseki@gmail.com
@@ -115,7 +115,8 @@ files:
 - images/eyecatch.png
 - lib/rogue_one.rb
 - lib/rogue_one/cli.rb
-- lib/rogue_one/data/top_100.yml
+- lib/rogue_one/data/alexa_100.yml
+- lib/rogue_one/data/fortune_100.yml
 - lib/rogue_one/detector.rb
 - lib/rogue_one/domain_list.rb
 - lib/rogue_one/ping.rb

data/lib/rogue_one/data/top_100.yml

@@ -1,101 +0,0 @@
----
-- google.com
-- facebook.com
-- youtube.com
-- yahoo.com
-- baidu.com
-- wikipedia.org
-- qq.com
-- taobao.com
-- twitter.com
-- amazon.com
-- linkedin.com
-- live.com
-- google.co.in
-- sina.com.cn
-- hao123.com
-- blogspot.com
-- weibo.com
-- tmall.com
-- vk.com
-- wordpress.com
-- yahoo.co.jp
-- sohu.com
-- yandex.ru
-- ebay.com
-- google.de
-- bing.com
-- pinterest.com
-- google.co.uk
-- 163.com
-- 360.cn
-- google.fr
-- ask.com
-- instagram.com
-- google.co.jp
-- tumblr.com
-- msn.com
-- google.com.br
-- mail.ru
-- microsoft.com
-- xvideos.com
-- paypal.com
-- google.ru
-- soso.com
-- adcash.com
-- google.es
-- google.it
-- imdb.com
-- apple.com
-- imgur.com
-- neobux.com
-- craigslist.org
-- amazon.co.jp
-- t.co
-- xhamster.com
-- stackoverflow.com
-- reddit.com
-- google.com.mx
-- google.com.hk
-- cnn.com
-- google.ca
-- fc2.com
-- go.com
-- ifeng.com
-- bbc.co.uk
-- vube.com
-- people.com.cn
-- blogger.com
-- aliexpress.com
-- odnoklassniki.ru
-- wordpress.org
-- alibaba.com
-- gmw.cn
-- adobe.com
-- huffingtonpost.com
-- google.com.tr
-- xinhuanet.com
-- googleusercontent.com
-- youku.com
-- godaddy.com
-- pornhub.com
-- akamaihd.net
-- thepiratebay.se
-- kickass.to
-- google.com.au
-- amazon.de
-- clkmon.com
-- ebay.de
-- alipay.com
-- google.pl
-- espn.go.com
-- dailymotion.com
-- about.com
-- bp.blogspot.com
-- blogspot.in
-- netflix.com
-- vimeo.com
-- dailymail.co.uk
-- redtube.com
-- rakuten.co.jp
-- conduit.com