ukemi 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -0
- data/lib/ukemi.rb +1 -0
- data/lib/ukemi/moderator.rb +1 -1
- data/lib/ukemi/services/otx.rb +72 -0
- data/lib/ukemi/version.rb +1 -1
- data/ukemi.gemspec +2 -1
- metadata +22 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4d580aab085fc77ec8b77f427510401de772ee7d7c1f43e382d357ad908b8d35
|
|
4
|
+
data.tar.gz: 38edc17fca078bcae250a7f234811febc1d2e2afe4e072c76a6a829db7073cd0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f848faef9dea0a78e6f975f5018baaf793544a42848ff4b22bcdbabbed5051b84b5e9403ee61999ebad0e352a51710f0b83dbf8d0763b33d45a8b2543a598a0c
|
|
7
|
+
data.tar.gz: 5218157189624ccc636a4b12566217f94900c5564c0541e2885233e577176822fd049d75f906dcff69cd2e0a6629c4c89ec1677e3c00d8151402de975e0bb2f7
|
data/README.md
CHANGED
|
@@ -11,6 +11,7 @@ It supports the following services.
|
|
|
11
11
|
|
|
12
12
|
- [CIRCL passive DNS](https://www.circl.lu/services/passive-dns/)
|
|
13
13
|
- [DNSDB](https://api.dnsdb.info/)
|
|
14
|
+
- [OTX](https://otx.alienvault.com)
|
|
14
15
|
- [PassiveTotal](https://community.riskiq.com/)
|
|
15
16
|
- [SecurityTrails](https://securitytrails.com/)
|
|
16
17
|
- [VirusTotal](http://virustotal.com)
|
|
@@ -32,6 +33,7 @@ Configuration is done via environment variables.
|
|
|
32
33
|
| CIRCL_PASSIVE_PASSWORD | CIRCL passive DNS password |
|
|
33
34
|
| CIRCL_PASSIVE_USERNAME | CIRCL passive DNS username |
|
|
34
35
|
| DNSDB_API_KEY | DNSDB API key |
|
|
36
|
+
| OTX_API_KEY | OTX API key |
|
|
35
37
|
| PASSIVETOTAL_API_KEY | PassiveTotal API key |
|
|
36
38
|
| PASSIVETOTAL_USERNAME | PassiveTotal username |
|
|
37
39
|
| SECURITYTRAILS_API_KEY | SecurityTrails API key |
|
data/lib/ukemi.rb
CHANGED
data/lib/ukemi/moderator.rb
CHANGED
|
@@ -13,7 +13,7 @@ module Ukemi
|
|
|
13
13
|
|
|
14
14
|
begin
|
|
15
15
|
service.lookup data
|
|
16
|
-
rescue ::PassiveTotal::Error, ::VirusTotal::Error, ::SecurityTrails::Error, PassiveCIRCL::Error, DNSDB::Error
|
|
16
|
+
rescue ::PassiveTotal::Error, ::VirusTotal::Error, ::SecurityTrails::Error, PassiveCIRCL::Error, DNSDB::Error, Faraday::Error
|
|
17
17
|
nil
|
|
18
18
|
end
|
|
19
19
|
end.flatten.compact
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "date"
|
|
4
|
+
require "otx_ruby"
|
|
5
|
+
|
|
6
|
+
module Ukemi
|
|
7
|
+
module Services
|
|
8
|
+
class OTX < Service
|
|
9
|
+
private
|
|
10
|
+
|
|
11
|
+
def config_keys
|
|
12
|
+
%w(OTX_API_KEY)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def api_key
|
|
16
|
+
@api_key ||= ENV["OTX_API_KEY"]
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def domain_client
|
|
20
|
+
@domain_client ||= ::OTX::Domain.new(api_key)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def ip_client
|
|
24
|
+
@ip_client ||= ::OTX::IP.new(api_key)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def lookup_by_ip(data)
|
|
28
|
+
records = ip_client.get_passive_dns(data)
|
|
29
|
+
memo = Hash.new { |h, k| h[k] = [] }
|
|
30
|
+
records.each do |record|
|
|
31
|
+
next if record.record_type != "A"
|
|
32
|
+
|
|
33
|
+
domain = record.hostname
|
|
34
|
+
memo[domain] << Date.parse(record.last).to_s
|
|
35
|
+
memo[domain] << Date.parse(record.first).to_s
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
memo.keys.map do |domain|
|
|
39
|
+
Record.new(
|
|
40
|
+
data: domain,
|
|
41
|
+
first_seen: memo[domain].min,
|
|
42
|
+
last_seen: memo[domain].max,
|
|
43
|
+
source: name
|
|
44
|
+
)
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def lookup_by_domain(data)
|
|
49
|
+
records = domain_client.get_passive_dns(data)
|
|
50
|
+
|
|
51
|
+
memo = Hash.new { |h, k| h[k] = [] }
|
|
52
|
+
records.each do |record|
|
|
53
|
+
next if record.record_type != "A"
|
|
54
|
+
next if record.hostname != data
|
|
55
|
+
|
|
56
|
+
ip = record.address
|
|
57
|
+
memo[ip] << Date.parse(record.last).to_s
|
|
58
|
+
memo[ip] << Date.parse(record.first).to_s
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
memo.keys.map do |ip|
|
|
62
|
+
Record.new(
|
|
63
|
+
data: ip,
|
|
64
|
+
first_seen: memo[ip].min,
|
|
65
|
+
last_seen: memo[ip].max,
|
|
66
|
+
source: name
|
|
67
|
+
)
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
data/lib/ukemi/version.rb
CHANGED
data/ukemi.gemspec
CHANGED
|
@@ -29,12 +29,13 @@ Gem::Specification.new do |spec|
|
|
|
29
29
|
spec.add_development_dependency "coveralls", "~> 0.8"
|
|
30
30
|
spec.add_development_dependency "rake", "~> 13.0"
|
|
31
31
|
spec.add_development_dependency "rspec", "~> 3.9"
|
|
32
|
-
spec.add_development_dependency "vcr", "~>
|
|
32
|
+
spec.add_development_dependency "vcr", "~> 6.0"
|
|
33
33
|
spec.add_development_dependency "webmock", "~> 3.8"
|
|
34
34
|
|
|
35
35
|
spec.add_dependency "addressable", "~> 2.7"
|
|
36
36
|
spec.add_dependency "dnsdb", "~> 0.1"
|
|
37
37
|
spec.add_dependency "mem", "~> 0.1"
|
|
38
|
+
spec.add_dependency "otx_ruby", "~> 0.9"
|
|
38
39
|
spec.add_dependency "parallel", "~> 1.19"
|
|
39
40
|
spec.add_dependency "passive_circl", "~> 0.1"
|
|
40
41
|
spec.add_dependency "passivetotalx", "~> 0.1"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ukemi
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -72,14 +72,14 @@ dependencies:
|
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: '
|
|
75
|
+
version: '6.0'
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: '
|
|
82
|
+
version: '6.0'
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: webmock
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -136,6 +136,20 @@ dependencies:
|
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: '0.1'
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: otx_ruby
|
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
|
142
|
+
requirements:
|
|
143
|
+
- - "~>"
|
|
144
|
+
- !ruby/object:Gem::Version
|
|
145
|
+
version: '0.9'
|
|
146
|
+
type: :runtime
|
|
147
|
+
prerelease: false
|
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
+
requirements:
|
|
150
|
+
- - "~>"
|
|
151
|
+
- !ruby/object:Gem::Version
|
|
152
|
+
version: '0.9'
|
|
139
153
|
- !ruby/object:Gem::Dependency
|
|
140
154
|
name: parallel
|
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -260,6 +274,7 @@ files:
|
|
|
260
274
|
- lib/ukemi/record.rb
|
|
261
275
|
- lib/ukemi/services/circl.rb
|
|
262
276
|
- lib/ukemi/services/dnsdb.rb
|
|
277
|
+
- lib/ukemi/services/otx.rb
|
|
263
278
|
- lib/ukemi/services/passivetotal.rb
|
|
264
279
|
- lib/ukemi/services/securitytrails.rb
|
|
265
280
|
- lib/ukemi/services/service.rb
|
|
@@ -271,7 +286,7 @@ licenses:
|
|
|
271
286
|
- MIT
|
|
272
287
|
metadata:
|
|
273
288
|
homepage_uri: https://github.com/ninoseki/ukemi
|
|
274
|
-
post_install_message:
|
|
289
|
+
post_install_message:
|
|
275
290
|
rdoc_options: []
|
|
276
291
|
require_paths:
|
|
277
292
|
- lib
|
|
@@ -287,7 +302,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
287
302
|
version: '0'
|
|
288
303
|
requirements: []
|
|
289
304
|
rubygems_version: 3.1.2
|
|
290
|
-
signing_key:
|
|
305
|
+
signing_key:
|
|
291
306
|
specification_version: 4
|
|
292
307
|
summary: A CLI tool for querying passive DNS services
|
|
293
308
|
test_files: []
|