ukemi 0.3.0 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 772366e3c49f7e5795e5725ca5535662c1626c9fa9522499aae4393b16c4d989
4
- data.tar.gz: 13e976f1cc0e16c1e0e0b4cf96baeaefe848a963c827079616898564ad370732
3
+ metadata.gz: 4d580aab085fc77ec8b77f427510401de772ee7d7c1f43e382d357ad908b8d35
4
+ data.tar.gz: 38edc17fca078bcae250a7f234811febc1d2e2afe4e072c76a6a829db7073cd0
5
5
  SHA512:
6
- metadata.gz: e15595740c568adc0b5c6feed7b881492afc1a3166f43b0f9a5aaff4e4a00dba9161e7d6a1decba2d71b900edd32fb969c341972ff82aa4a9dc21d9c6a771b57
7
- data.tar.gz: a1ebc0af8b442e49f46204c40ee121317da97c4e4598adeb2724a4083c09c9e2b2647f80e152913ae6025ed8ae9fa4ba769e6defbeb2576c7493f712f6e7d3d2
6
+ metadata.gz: f848faef9dea0a78e6f975f5018baaf793544a42848ff4b22bcdbabbed5051b84b5e9403ee61999ebad0e352a51710f0b83dbf8d0763b33d45a8b2543a598a0c
7
+ data.tar.gz: 5218157189624ccc636a4b12566217f94900c5564c0541e2885233e577176822fd049d75f906dcff69cd2e0a6629c4c89ec1677e3c00d8151402de975e0bb2f7
data/README.md CHANGED
@@ -11,6 +11,7 @@ It supports the following services.
11
11
 
12
12
  - [CIRCL passive DNS](https://www.circl.lu/services/passive-dns/)
13
13
  - [DNSDB](https://api.dnsdb.info/)
14
+ - [OTX](https://otx.alienvault.com)
14
15
  - [PassiveTotal](https://community.riskiq.com/)
15
16
  - [SecurityTrails](https://securitytrails.com/)
16
17
  - [VirusTotal](http://virustotal.com)
@@ -32,6 +33,7 @@ Configuration is done via environment variables.
32
33
  | CIRCL_PASSIVE_PASSWORD | CIRCL passive DNS password |
33
34
  | CIRCL_PASSIVE_USERNAME | CIRCL passive DNS username |
34
35
  | DNSDB_API_KEY | DNSDB API key |
36
+ | OTX_API_KEY | OTX API key |
35
37
  | PASSIVETOTAL_API_KEY | PassiveTotal API key |
36
38
  | PASSIVETOTAL_USERNAME | PassiveTotal username |
37
39
  | SECURITYTRAILS_API_KEY | SecurityTrails API key |
@@ -23,6 +23,7 @@ require "ukemi/services/service"
23
23
 
24
24
  require "ukemi/services/circl"
25
25
  require "ukemi/services/dnsdb"
26
+ require "ukemi/services/otx"
26
27
  require "ukemi/services/passivetotal"
27
28
  require "ukemi/services/securitytrails"
28
29
  require "ukemi/services/virustotal"
@@ -13,7 +13,7 @@ module Ukemi
13
13
 
14
14
  begin
15
15
  service.lookup data
16
- rescue ::PassiveTotal::Error, ::VirusTotal::Error, ::SecurityTrails::Error, PassiveCIRCL::Error, DNSDB::Error
16
+ rescue ::PassiveTotal::Error, ::VirusTotal::Error, ::SecurityTrails::Error, PassiveCIRCL::Error, DNSDB::Error, Faraday::Error
17
17
  nil
18
18
  end
19
19
  end.flatten.compact
@@ -0,0 +1,72 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "date"
4
+ require "otx_ruby"
5
+
6
+ module Ukemi
7
+ module Services
8
+ class OTX < Service
9
+ private
10
+
11
+ def config_keys
12
+ %w(OTX_API_KEY)
13
+ end
14
+
15
+ def api_key
16
+ @api_key ||= ENV["OTX_API_KEY"]
17
+ end
18
+
19
+ def domain_client
20
+ @domain_client ||= ::OTX::Domain.new(api_key)
21
+ end
22
+
23
+ def ip_client
24
+ @ip_client ||= ::OTX::IP.new(api_key)
25
+ end
26
+
27
+ def lookup_by_ip(data)
28
+ records = ip_client.get_passive_dns(data)
29
+ memo = Hash.new { |h, k| h[k] = [] }
30
+ records.each do |record|
31
+ next if record.record_type != "A"
32
+
33
+ domain = record.hostname
34
+ memo[domain] << Date.parse(record.last).to_s
35
+ memo[domain] << Date.parse(record.first).to_s
36
+ end
37
+
38
+ memo.keys.map do |domain|
39
+ Record.new(
40
+ data: domain,
41
+ first_seen: memo[domain].min,
42
+ last_seen: memo[domain].max,
43
+ source: name
44
+ )
45
+ end
46
+ end
47
+
48
+ def lookup_by_domain(data)
49
+ records = domain_client.get_passive_dns(data)
50
+
51
+ memo = Hash.new { |h, k| h[k] = [] }
52
+ records.each do |record|
53
+ next if record.record_type != "A"
54
+ next if record.hostname != data
55
+
56
+ ip = record.address
57
+ memo[ip] << Date.parse(record.last).to_s
58
+ memo[ip] << Date.parse(record.first).to_s
59
+ end
60
+
61
+ memo.keys.map do |ip|
62
+ Record.new(
63
+ data: ip,
64
+ first_seen: memo[ip].min,
65
+ last_seen: memo[ip].max,
66
+ source: name
67
+ )
68
+ end
69
+ end
70
+ end
71
+ end
72
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Ukemi
4
- VERSION = "0.3.0"
4
+ VERSION = "0.4.0"
5
5
  end
@@ -29,12 +29,13 @@ Gem::Specification.new do |spec|
29
29
  spec.add_development_dependency "coveralls", "~> 0.8"
30
30
  spec.add_development_dependency "rake", "~> 13.0"
31
31
  spec.add_development_dependency "rspec", "~> 3.9"
32
- spec.add_development_dependency "vcr", "~> 5.0"
32
+ spec.add_development_dependency "vcr", "~> 6.0"
33
33
  spec.add_development_dependency "webmock", "~> 3.8"
34
34
 
35
35
  spec.add_dependency "addressable", "~> 2.7"
36
36
  spec.add_dependency "dnsdb", "~> 0.1"
37
37
  spec.add_dependency "mem", "~> 0.1"
38
+ spec.add_dependency "otx_ruby", "~> 0.9"
38
39
  spec.add_dependency "parallel", "~> 1.19"
39
40
  spec.add_dependency "passive_circl", "~> 0.1"
40
41
  spec.add_dependency "passivetotalx", "~> 0.1"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ukemi
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-03-20 00:00:00.000000000 Z
11
+ date: 2020-08-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: '5.0'
75
+ version: '6.0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: '5.0'
82
+ version: '6.0'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: webmock
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: '0.1'
139
+ - !ruby/object:Gem::Dependency
140
+ name: otx_ruby
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: '0.9'
146
+ type: :runtime
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: '0.9'
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: parallel
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -260,6 +274,7 @@ files:
260
274
  - lib/ukemi/record.rb
261
275
  - lib/ukemi/services/circl.rb
262
276
  - lib/ukemi/services/dnsdb.rb
277
+ - lib/ukemi/services/otx.rb
263
278
  - lib/ukemi/services/passivetotal.rb
264
279
  - lib/ukemi/services/securitytrails.rb
265
280
  - lib/ukemi/services/service.rb
@@ -271,7 +286,7 @@ licenses:
271
286
  - MIT
272
287
  metadata:
273
288
  homepage_uri: https://github.com/ninoseki/ukemi
274
- post_install_message:
289
+ post_install_message:
275
290
  rdoc_options: []
276
291
  require_paths:
277
292
  - lib
@@ -287,7 +302,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
287
302
  version: '0'
288
303
  requirements: []
289
304
  rubygems_version: 3.1.2
290
- signing_key:
305
+ signing_key:
291
306
  specification_version: 4
292
307
  summary: A CLI tool for querying passive DNS services
293
308
  test_files: []