ukemi 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ad938a7cb405569da9b6ba12dfe4c1bfa7eb382a4e08d2b204a8a6705572c1b9
-  data.tar.gz: d9b4a43bc7837c92b8fa692f7ecd12ba0f6de5aeda82f5066ea868b8b01b73e3
+  metadata.gz: 772366e3c49f7e5795e5725ca5535662c1626c9fa9522499aae4393b16c4d989
+  data.tar.gz: 13e976f1cc0e16c1e0e0b4cf96baeaefe848a963c827079616898564ad370732
 SHA512:
-  metadata.gz: 31c864b566fe92d6ca5b71691c3517d95e29922ba704a7cd483c4df96a6731a7b42523d8102ea76b946ec1bc5068684475b4f60648064a2f466a41e70f014952
-  data.tar.gz: 561d1bd6ed05ec3392c2137a1b73df0a95ad1e20e0ccc66f354ce1a7725603fa7a50572bcbecb96edf4f932f9717b8520a35cd0879ff7e801d60e4dcc16e5486
+  metadata.gz: e15595740c568adc0b5c6feed7b881492afc1a3166f43b0f9a5aaff4e4a00dba9161e7d6a1decba2d71b900edd32fb969c341972ff82aa4a9dc21d9c6a771b57
+  data.tar.gz: a1ebc0af8b442e49f46204c40ee121317da97c4e4598adeb2724a4083c09c9e2b2647f80e152913ae6025ed8ae9fa4ba769e6defbeb2576c7493f712f6e7d3d2

data/README.md

@@ -10,6 +10,7 @@ Ukemi is a CIL tool for querying passive DNS services.
 It supports the following services.
 
 - [CIRCL passive DNS](https://www.circl.lu/services/passive-dns/)
+- [DNSDB](https://api.dnsdb.info/)
 - [PassiveTotal](https://community.riskiq.com/)
 - [SecurityTrails](https://securitytrails.com/)
 - [VirusTotal](http://virustotal.com)
@@ -30,6 +31,7 @@ Configuration is done via environment variables.
 |------------------------|----------------------------|
 | CIRCL_PASSIVE_PASSWORD | CIRCL passive DNS password |
 | CIRCL_PASSIVE_USERNAME | CIRCL passive DNS username |
+| DNSDB_API_KEY          | DNSDB API key              |
 | PASSIVETOTAL_API_KEY   | PassiveTotal API key       |
 | PASSIVETOTAL_USERNAME  | PassiveTotal username      |
 | SECURITYTRAILS_API_KEY | SecurityTrails API key     |
@@ -43,7 +45,7 @@ Commands:
   ukemi help [COMMAND]      # Describe available commands or one specific command
   ukemi lookup [IP|DOMAIN]  # Lookup passive DNS services
 
-$ ukemi help looup
+$ ukemi help lookup
 Usage:
   ukemi lookup [IP|DOMAIN]
 

data/lib/ukemi.rb

@@ -22,6 +22,7 @@ require "ukemi/record"
 require "ukemi/services/service"
 
 require "ukemi/services/circl"
+require "ukemi/services/dnsdb"
 require "ukemi/services/passivetotal"
 require "ukemi/services/securitytrails"
 require "ukemi/services/virustotal"

data/lib/ukemi/moderator.rb

@@ -13,7 +13,7 @@ module Ukemi
 
         begin
           service.lookup data
-        rescue ::PassiveTotal::Error, ::VirusTotal::Error, ::SecurityTrails::Error, PassiveCIRCL::Error
+        rescue ::PassiveTotal::Error, ::VirusTotal::Error, ::SecurityTrails::Error, PassiveCIRCL::Error, DNSDB::Error
           nil
         end
       end.flatten.compact

data/lib/ukemi/services/dnsdb.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require "date"
+require "dnsdb"
+
+module Ukemi
+  module Services
+    class DNSDB < Service
+      private
+
+      def config_keys
+        %w(DNSDB_API_KEY)
+      end
+
+      def api
+        @api ||= ::DNSDB::API.new
+      end
+
+      def lookup_by_ip(data)
+        results = api.lookup.rdata(type: "ip", value: data, rrtype: "A")
+        results.map do |result|
+          rrname = result.dig("rrname")
+          # Remove the last dot (e.g. "example.com.")
+          data = rrname[0..-2]
+          Record.new(
+            data: data,
+            first_seen: Time.at(result.dig("time_first")).to_date.to_s,
+            last_seen: Time.at(result.dig("time_last")).to_date.to_s,
+            source: name
+          )
+        end
+      end
+
+      def lookup_by_domain(data)
+        results = api.lookup.rrset(owner_name: data, rrtype: "A")
+        results.map do |result|
+          first_seen = Time.at(result.dig("time_first")).to_date.to_s
+          last_seen = Time.at(result.dig("time_last")).to_date.to_s
+
+          values = result.dig("rdata") || []
+          values.map do |value|
+            Record.new(
+              data: value,
+              first_seen: first_seen,
+              last_seen: last_seen,
+              source: name
+            )
+          end
+        end.flatten
+      end
+    end
+  end
+end

data/lib/ukemi/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Ukemi
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/ukemi.gemspec

@@ -33,6 +33,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "webmock", "~> 3.8"
 
   spec.add_dependency "addressable", "~> 2.7"
+  spec.add_dependency "dnsdb", "~> 0.1"
   spec.add_dependency "mem", "~> 0.1"
   spec.add_dependency "parallel", "~> 1.19"
   spec.add_dependency "passive_circl", "~> 0.1"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ukemi
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-16 00:00:00.000000000 Z
+date: 2020-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -108,6 +108,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: dnsdb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: mem
   requirement: !ruby/object:Gem::Requirement
@@ -245,6 +259,7 @@ files:
 - lib/ukemi/moderator.rb
 - lib/ukemi/record.rb
 - lib/ukemi/services/circl.rb
+- lib/ukemi/services/dnsdb.rb
 - lib/ukemi/services/passivetotal.rb
 - lib/ukemi/services/securitytrails.rb
 - lib/ukemi/services/service.rb