ukemi 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a77579f014e97cc048e95dc5488e228ee19baba62d5074dbc9bfcb5c75f9d568
-  data.tar.gz: e156b9c6de521ea49d7a69725c724176a5d1739deee7bba32aef4e662c64ddae
+  metadata.gz: ad938a7cb405569da9b6ba12dfe4c1bfa7eb382a4e08d2b204a8a6705572c1b9
+  data.tar.gz: d9b4a43bc7837c92b8fa692f7ecd12ba0f6de5aeda82f5066ea868b8b01b73e3
 SHA512:
-  metadata.gz: f4e3eb6f8f4dd2223ba2eed1846ff8d95ee8d14913f5f6e682269489ee9348fea3af858c9bf849bac4d612a42a0a3c1c7bae3b27dde3461b1104c3e0e3752964
-  data.tar.gz: 34467c49986dc11f2ac4fae646c1d96419ebe199838fe20a8f859c1619137ce2f3d0bcfc11e1f356545e14f63a6b5ff81b7ad9f39b206b70469959a8ca9a5986
+  metadata.gz: 31c864b566fe92d6ca5b71691c3517d95e29922ba704a7cd483c4df96a6731a7b42523d8102ea76b946ec1bc5068684475b4f60648064a2f466a41e70f014952
+  data.tar.gz: 561d1bd6ed05ec3392c2137a1b73df0a95ad1e20e0ccc66f354ce1a7725603fa7a50572bcbecb96edf4f932f9717b8520a35cd0879ff7e801d60e4dcc16e5486

data/README.md

@@ -1,5 +1,6 @@
 # ukemi
 
+[![Gem Version](https://badge.fury.io/rb/ukemi.svg)](https://badge.fury.io/rb/ukemi)
 [![Build Status](https://travis-ci.com/ninoseki/ukemi.svg?branch=master)](https://travis-ci.com/ninoseki/ukemi)
 [![Coverage Status](https://coveralls.io/repos/github/ninoseki/ukemi/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/ukemi?branch=master)
 [![CodeFactor](https://www.codefactor.io/repository/github/ninoseki/ukemi/badge)](https://www.codefactor.io/repository/github/ninoseki/ukemi)
@@ -15,7 +16,7 @@ It supports the following services.
 
 It outputs passive DNS resolutions as JSON.
 
-## Instalattion
+## Installation
 
 ```bash
 gem install ukemi
@@ -46,375 +47,138 @@ $ ukemi help looup
 Usage:
   ukemi lookup [IP|DOMAIN]
 
-Lookup passive DNS services
+Options:
+  [--order-by=ORDER_BY]  # Ordering of the passve DNS resolutions (last_seen or first_seen)
+                         # Default: -last_seen
+
+Lookup passive DNS servicess
 ```
 
 ```bash
-$ ukemi lookup circl.lu
+$ ukemi lookup example.com
 {
-  "149.13.33.14": [
-    {
-      "firtst_seen": "2016-10-07",
-      "last_seen": "2018-10-26",
-      "source": "CIRCL"
-    },
-    {
-      "firtst_seen": "2017-05-26",
-      "last_seen": "2020-03-15",
-      "source": "SecurityTrails"
-    },
-    {
-      "firtst_seen": "2019-12-04",
-      "last_seen": "2019-12-04",
-      "source": "VirusTotal"
-    }
-  ],
-  "149.13.33.4": [
-    {
-      "firtst_seen": "2011-03-08",
-      "last_seen": "2012-02-13",
-      "source": "CIRCL"
-    },
-    {
-      "firtst_seen": "2013-07-30",
-      "last_seen": "2013-07-30",
-      "source": "VirusTotal"
-    }
-  ],
-  "194.154.205.24": [
-    {
-      "firtst_seen": "2011-03-03",
-      "last_seen": "2011-03-03",
-      "source": "CIRCL"
-    }
-  ]
+  "93.184.216.34": {
+    "first_seen": "2016-03-01",
+    "last_seen": "2020-03-16",
+    "sources": [
+      {
+        "first_seen": "2016-10-07",
+        "last_seen": "2018-10-30",
+        "source": "CIRCL"
+      },
+      {
+        "first_seen": "2016-03-01",
+        "last_seen": "2020-03-16",
+        "source": "SecurityTrails"
+      },
+      {
+        "first_seen": "2020-03-03",
+        "last_seen": "2020-03-03",
+        "source": "VirusTotal"
+      }
+    ]
+  },
+  ...
 }
 
 $ ukemi lookup 195.123.226.243
 {
-  "liankt.club": [
-    {
-      "firtst_seen": "2020-02-15",
-      "last_seen": "2020-03-13",
-      "source": "PassiveTotal"
-    },
-    {
-      "firtst_seen": "2020-02-16",
-      "last_seen": "2020-02-16",
-      "source": "VirusTotal"
-    }
-  ],
-  "weidt.club": [
-    {
-      "firtst_seen": "2020-03-12",
-      "last_seen": "2020-03-12",
-      "source": "PassiveTotal"
-    }
-  ],
-  "jikt.club": [
-    {
-      "firtst_seen": "2020-03-04",
-      "last_seen": "2020-03-12",
-      "source": "PassiveTotal"
-    },
-    {
-      "firtst_seen": "2020-03-05",
-      "last_seen": "2020-03-05",
-      "source": "VirusTotal"
-    }
-  ],
-  "biesi.club": [
-    {
-      "firtst_seen": "2020-02-15",
-      "last_seen": "2020-03-12",
-      "source": "PassiveTotal"
-    },
-    {
-      "firtst_seen": "2020-02-20",
-      "last_seen": "2020-02-20",
-      "source": "VirusTotal"
-    }
-  ],
-  "kaikt.club": [
-    {
-      "firtst_seen": "2020-02-15",
-      "last_seen": "2020-03-12",
-      "source": "PassiveTotal"
-    },
-    {
-      "firtst_seen": "2020-02-21",
-      "last_seen": "2020-02-21",
-      "source": "VirusTotal"
-    }
-  ],
-  "zhaokt.club": [
-    {
-      "firtst_seen": "2020-02-15",
-      "last_seen": "2020-03-11",
-      "source": "PassiveTotal"
-    },
-    {
-      "firtst_seen": "2020-02-18",
-      "last_seen": "2020-02-18",
-      "source": "VirusTotal"
-    }
-  ],
-  "yangdt.club": [
-    {
-      "firtst_seen": "2020-02-26",
-      "last_seen": "2020-03-10",
-      "source": "PassiveTotal"
-    },
-    {
-      "firtst_seen": "2020-02-27",
-      "last_seen": "2020-02-27",
-      "source": "VirusTotal"
-    }
-  ],
-  "jinkt.club": [
-    {
-      "firtst_seen": "2020-02-21",
-      "last_seen": "2020-03-10",
-      "source": "PassiveTotal"
-    },
-    {
-      "firtst_seen": "2020-02-22",
-      "last_seen": "2020-02-22",
-      "source": "VirusTotal"
-    }
-  ],
-  "taokt.club": [
-    {
-      "firtst_seen": "2020-03-10",
-      "last_seen": "2020-03-10",
-      "source": "PassiveTotal"
-    }
-  ],
-  "xinkt.club": [
-    {
-      "firtst_seen": "2020-02-17",
-      "last_seen": "2020-03-09",
-      "source": "PassiveTotal"
-    },
-    {
-      "firtst_seen": "2020-02-19",
-      "last_seen": "2020-02-19",
-      "source": "VirusTotal"
-    }
-  ],
-  "mail.realty-advertising.ru": [
-    {
-      "firtst_seen": "2019-11-08",
-      "last_seen": "2020-03-09",
-      "source": "PassiveTotal"
-    }
-  ],
-  "realty-advertising.ru": [
-    {
-      "firtst_seen": "2019-11-08",
-      "last_seen": "2020-03-06",
-      "source": "PassiveTotal"
-    }
-  ],
-  "ns1.realty-advertising.ru": [
-    {
-      "firtst_seen": "2019-12-02",
-      "last_seen": "2020-03-04",
-      "source": "PassiveTotal"
-    }
-  ],
-  "ns2.realty-advertising.ru": [
-    {
-      "firtst_seen": "2019-12-04",
-      "last_seen": "2020-03-04",
-      "source": "PassiveTotal"
-    }
-  ],
-  "xiankt.club": [
-    {
-      "firtst_seen": "2020-02-15",
-      "last_seen": "2020-03-03",
-      "source": "PassiveTotal"
-    },
-    {
-      "firtst_seen": "2020-02-16",
-      "last_seen": "2020-02-16",
-      "source": "VirusTotal"
-    }
-  ],
-  "nittsu-si.com": [
-    {
-      "firtst_seen": "2020-02-15",
-      "last_seen": "2020-03-03",
-      "source": "PassiveTotal"
-    },
-    {
-      "firtst_seen": "2020-02-21",
-      "last_seen": "2020-02-21",
-      "source": "VirusTotal"
-    }
-  ],
-  "mailer.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-23",
-      "last_seen": "2020-02-23",
-      "source": "PassiveTotal"
-    }
-  ],
-  "mail7.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-23",
-      "last_seen": "2020-02-23",
-      "source": "PassiveTotal"
-    }
-  ],
-  "zimbra.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-23",
-      "last_seen": "2020-02-23",
-      "source": "PassiveTotal"
-    }
-  ],
-  "relay2.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-23",
-      "last_seen": "2020-02-23",
-      "source": "PassiveTotal"
-    }
-  ],
-  "sniper.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-22",
-      "last_seen": "2020-02-22",
-      "source": "PassiveTotal"
-    }
-  ],
-  "mailx.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-22",
-      "last_seen": "2020-02-22",
-      "source": "PassiveTotal"
-    }
-  ],
-  "send.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-22",
-      "last_seen": "2020-02-22",
-      "source": "PassiveTotal"
-    }
-  ],
-  "mta.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-22",
-      "last_seen": "2020-02-22",
-      "source": "PassiveTotal"
-    }
-  ],
-  "home.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-22",
-      "last_seen": "2020-02-22",
-      "source": "PassiveTotal"
-    }
-  ],
-  "pbrand.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-22",
-      "last_seen": "2020-02-22",
-      "source": "PassiveTotal"
-    }
-  ],
-  "smtpauth.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-22",
-      "last_seen": "2020-02-22",
-      "source": "PassiveTotal"
-    }
-  ],
-  "gate.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-21",
-      "last_seen": "2020-02-21",
-      "source": "PassiveTotal"
-    }
-  ],
-  "mx02.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-21",
-      "last_seen": "2020-02-21",
-      "source": "PassiveTotal"
-    }
-  ],
-  "outmail.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-21",
-      "last_seen": "2020-02-21",
-      "source": "PassiveTotal"
-    }
-  ],
-  "exchange.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-21",
-      "last_seen": "2020-02-21",
-      "source": "PassiveTotal"
-    }
-  ],
-  "ms.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-21",
-      "last_seen": "2020-02-21",
-      "source": "PassiveTotal"
-    }
-  ],
-  "owa.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-20",
-      "last_seen": "2020-02-20",
-      "source": "PassiveTotal"
-    }
-  ],
-  "mail8.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-02-20",
-      "last_seen": "2020-02-20",
-      "source": "PassiveTotal"
-    }
-  ],
-  "mta-sts.realty-advertising.ru": [
-    {
-      "firtst_seen": "2019-11-11",
-      "last_seen": "2020-02-08",
-      "source": "PassiveTotal"
-    }
-  ],
-  "mail02.realty-advertising.ru": [
-    {
-      "firtst_seen": "2020-01-18",
-      "last_seen": "2020-01-18",
-      "source": "PassiveTotal"
-    }
-  ],
-  "www.realty-advertising.ru": [
-    {
-      "firtst_seen": "2019-11-08",
-      "last_seen": "2019-11-12",
-      "source": "PassiveTotal"
-    }
-  ],
-  "ln-048.rd-00003024.id-11744955.v0.tun.vpnoverdns.com": [
-    {
-      "firtst_seen": "2017-04-06",
-      "last_seen": "2017-04-06",
-      "source": "PassiveTotal"
-    }
-  ],
-  "mnen6k7g.info": [
-    {
-      "firtst_seen": "2010-10-28",
-      "last_seen": "2010-10-28",
-      "source": "PassiveTotal"
-    }
-  ]
+  "example.org": {
+    "first_seen": "2011-04-11",
+    "last_seen": "2020-03-16",
+    "sources": [
+      {
+        "first_seen": "2011-04-11",
+        "last_seen": "2011-04-11",
+        "source": "CIRCL"
+      },
+      {
+        "first_seen": "2016-10-09",
+        "last_seen": "2018-10-28",
+        "source": "CIRCL"
+      },
+      {
+        "first_seen": "2014-12-09",
+        "last_seen": "2020-03-16",
+        "source": "PassiveTotal"
+      },
+      {
+        "first_seen": null,
+        "last_seen": null,
+        "source": "SecurityTrails"
+      }
+    ]
+  },
+  ...
+}
+
+# You can specify the order of resolutions
+
+# Order by last_seen DESC
+$ ukemi lookup example.com --order-by -last_seen
+
+# Order by last_seen ASC
+$ ukemi lookup example.com --order-by last_seen
+
+# Order by first_seen DESC
+$ ukemi lookup example.com --order-by -first_seen
+
+# Order by first_seen ASC
+$ ukemi lookup example.com --order-by first_seen
+```
+
+### Using with jq
+
+[jq](https://stedolan.github.io/jq/)'s powerful processor helps to interact with the output.
+
+```bash
+# List up resolutions only
+$ ukemi lookup example.com | jq "keys"
+[
+  "192.0.32.10",
+  "192.0.43.10",
+  "208.77.188.166",
+  "209.67.208.202",
+  "221.121.159.162",
+  "93.184.216.119",
+  "93.184.216.34"
+]
+
+# List up the first 2 objects
+$ ukemi lookup example.com  | jq "to_entries | .[:2] | from_entries"
+{
+  "93.184.216.34": {
+    "first_seen": "2016-03-01",
+    "last_seen": "2020-03-16",
+    "sources": [
+      {
+        "first_seen": "2016-10-07",
+        "last_seen": "2018-10-30",
+        "source": "CIRCL"
+      },
+      {
+        "first_seen": "2016-03-01",
+        "last_seen": "2020-03-16",
+        "source": "SecurityTrails"
+      },
+      {
+        "first_seen": "2020-03-03",
+        "last_seen": "2020-03-03",
+        "source": "VirusTotal"
+      }
+    ]
+  },
+  "221.121.159.162": {
+    "first_seen": "2019-11-04",
+    "last_seen": "2019-11-04",
+    "sources": [
+      {
+        "first_seen": "2019-11-04",
+        "last_seen": "2019-11-04",
+        "source": "VirusTotal"
+      }
+    ]
+  }
 }
 ```
 

data/lib/ukemi.rb

@@ -28,4 +28,6 @@ require "ukemi/services/virustotal"
 
 require "ukemi/moderator"
 
+require "ukemi/configuration"
+
 require "ukemi/cli"

data/lib/ukemi/cli.rb

@@ -6,8 +6,11 @@ require "thor"
 module Ukemi
   class CLI < Thor
     desc "lookup [IP|DOMAIN]", "Lookup passive DNS services"
+    method_option :order_by, type: :string, desc: "Ordering of the passve DNS resolutions (last_seen or first_seen)", default: "-last_seen"
     def lookup(data)
       data = refang(data)
+      set_ordering options["order_by"]
+
       result = Moderator.lookup(data)
       puts JSON.pretty_generate(result)
     end
@@ -16,6 +19,17 @@ module Ukemi
       def refang(data)
         data.gsub("[.]", ".").gsub("(.)", ".")
       end
+
+      def set_ordering(order_by)
+        parts = order_by.split("-")
+        ordering_key = parts.last
+        sort_order = parts.length == 2 ? "DESC" : "ASC"
+
+        Ukemi.configure do |config|
+          config.ordering_key = ordering_key
+          config.sort_order = sort_order
+        end
+      end
     end
   end
 end

data/lib/ukemi/configuration.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Ukemi
+  class Configuration
+    attr_accessor :ordering_key
+    attr_accessor :sort_order
+
+    def initialize
+      @ordering_key = "last_seen"
+      @sort_order = "DESC"
+    end
+  end
+
+  class << self
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    attr_writer :configuration
+
+    def configure
+      yield configuration
+    end
+  end
+end

data/lib/ukemi/moderator.rb

@@ -2,6 +2,7 @@
 
 require "parallel"
 require "time"
+require "date"
 
 module Ukemi
   class Moderator
@@ -17,29 +18,58 @@ module Ukemi
         end
       end.flatten.compact
 
+      format records
+    end
+
+    def format(records)
       memo = Hash.new { |h, k| h[k] = [] }
+
       records.each do |record|
         memo[record.data] << {
-          firtst_seen: record.first_seen,
+          first_seen: record.first_seen,
           last_seen: record.last_seen,
           source: record.source,
         }
       end
+      # Merge first seen last seen and make the sources a list.
+      formatted = memo.map do |key, sources|
+        first_seens = sources.map { |record| convert_to_unixtime record.dig(:first_seen) }.compact
+        last_seens = sources.map { |record| convert_to_unixtime record.dig(:last_seen) }.compact
+        [
+          key,
+          {
+            first_seen: convert_to_date(first_seens.min),
+            last_seen: convert_to_date(last_seens.max),
+            sources: sources
+          }
+        ]
+      end.to_h
 
-      memo.sort_by do |_key, array|
-        last_seens = array.map do |record|
-          parse_to_unixtime record.dig(:last_seen)
+      # Sorting
+      ordering_key = Ukemi.configuration.ordering_key.to_sym
+      sort_order = Ukemi.configuration.sort_order
+      formatted.sort_by do |_key, hash|
+        value = hash.dig(ordering_key)
+        if sort_order == "DESC"
+          value ? -convert_to_unixtime(value) : -1
+        else
+          value ? convert_to_unixtime(value) : Float::MAX.to_i
         end
-        -last_seens.max
       end.to_h
     end
 
-    def parse_to_unixtime(date)
-      return -1 unless date
+    def convert_to_unixtime(date)
+      return nil unless date
 
       Time.parse(date).to_i
     end
 
+    def convert_to_date(time)
+      return nil unless time
+
+      Time.at(time).to_date.to_s
+    end
+
     class << self
       def lookup(data)
         new.lookup data

data/lib/ukemi/services/securitytrails.rb

@@ -33,23 +33,24 @@ module Ukemi
       def lookup_by_domain(data)
         result = api.history.get_all_dns_history(data, type: "a")
         records = result.dig("records") || []
-        records.map do |record|
+
+        memo = Hash.new { |h, k| h[k] = [] }
+        records.each do |record|
           values = record.dig("values") || []
-          values.map do |value|
-            Record.new(
-              data: value.dig("ip"),
-              first_seen: record.dig("first_seen"),
-              last_seen: record.dig("last_seen"),
-              source: name
-            )
+          values.each do |value|
+            ip = value.dig("ip")
+            memo[ip] << record.dig("first_seen")
+            memo[ip] << record.dig("last_seen")
           end
-        end.flatten
-      end
+        end
 
-      def extract_attributes(response)
-        data = response.dig("data") || []
-        data.map do |item|
-          item.dig("attributes") || []
+        memo.keys.map do |ip|
+          Record.new(
+            data: ip,
+            first_seen: memo[ip].min,
+            last_seen: memo[ip].max,
+            source: name
+          )
         end
       end
     end

data/lib/ukemi/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Ukemi
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ukemi
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-15 00:00:00.000000000 Z
+date: 2020-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -240,6 +240,7 @@ files:
 - exe/ukemi
 - lib/ukemi.rb
 - lib/ukemi/cli.rb
+- lib/ukemi/configuration.rb
 - lib/ukemi/error.rb
 - lib/ukemi/moderator.rb
 - lib/ukemi/record.rb