zetalytics 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5eb435aa697cffee0167ace95aef3e9953d9b151f321d33b3b949ab73c1c9e55
+  data.tar.gz: d83c85a2e1074384913c5ab34d600dbb107490e0f669c9a5380798bbfb21d98c
+SHA512:
+  metadata.gz: d4a3932746591b602452824a33048acbe95e95065d62e4fe44f5c2ab9d0cb296b23432febd1672d98e326161b4c07801058230715b9e6f33d48997a839170e8b
+  data.tar.gz: 02b89aae7706788152218b71545a1e65b7eb498a90a368fb2ed2a1f5b1566e7215dda6e346d098c4b22f6f3cda3bfe74d833765af6a3c142da69590d5a5188cc

data/lib/zetalytics.rb

@@ -0,0 +1,329 @@
+require_relative 'zetalytics/version'
+require 'rest-client'
+require 'json'
+
+
+module Zetalytics
+  class Api
+
+    def initialize(api_key=nil, options={})
+      @base_uri = "https://zonecruncher.com/api/v2"
+      @api_key = api_key
+
+      # if we weren't passed a config
+      unless @api_key
+        # check to see if a config file exists
+        config_file_path = "#{File.dirname(__FILE__)}/../config/config.json"
+        if File.exist? config_file_path
+          config = JSON.parse(File.open(config_file_path,"r").read)
+          @api_key = config["api_key"]
+        else
+          raise "Unable to continue... no api key!"
+        end
+      end
+    end
+    
+
+    def search_cname2qname (cname)
+      result = JSON.parse RestClient.get "#{@base_uri}/cname2qname?q=#{cname}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search zonefile changes by domain for DNAME record.
+    ## A DNAME record creates an alias for an entire subtree of the domain name tree
+    def search_domain_dname_records (domain)
+      domain_name =  domain.split('.')[0]
+      result = JSON.parse RestClient.get "#{@base_uri}/domain-zone-activity?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search passive dns by domain for AAAA (IPv6) records
+    def search_domain_for_ipv6_records (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2aaaa?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search passive dns by domain for CNAME records
+    def search_domain2cname (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2cname?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search historical d8s records and/or live d8s
+    def search_historical_live_dnsrecords (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2d8s?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+  
+    ## Search passive dns by domain for A (IPv4) records
+    def search_domain2ip (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2ip?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search malware dns by domain (some of the results are obsolete)
+    def search_domain2malwaredns (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2malwaredns?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search malware http by domain (some of the results are obsolete)
+    def search_domain2malwarehttp (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2malwarehttp?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search passive dns by domain for MX records
+    def search_domain2mx (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2mx?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search passive dns by domain for NS records
+    def search_domain2ns (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2ns?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search name server glue (IP) records by domain name.
+    ## NOTE: these are only the glue records found in gTLD zone files and NOT all IP records
+    ## for every name server domain.
+    ## what is dns glue record? => https://ns1.com/blog/glue-records-and-dedicated-dns#:~:text=What%20is%20a%20Glue%20Record,ns2.example.net%E2%80%9D.
+    def search_domain2nsglue (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2nsglue?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search passive dns by domain for PTR records
+    def search_domain2ptr (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2ptr?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search passive dns by domain for PTR records
+    def search_domain2ptr (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2ptr?q=#{domain}&token=#{@api_key}" 
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search passive dns by domain for TXT records
+    def search_domain2txt (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2txt?q=#{domain}&token=#{@api_key}"
+      
+      
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search historical whois records
+    def search_domain2whois (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/domain2whois?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search for domains sharing a registration email address or SOA email from passive
+    def search_email_address (domain)
+      # using "a*@" is for identifying a large number of domains since the majority of DNS recorded contains else the administrator contact or abuse contact
+      email = "a*@"+ domain
+      result = JSON.parse RestClient.get "#{@base_uri}/email_address?q=#{email}&token=#{@api_key}" 
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search for domains sharing a registration email address domain
+    def search_email_domain (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/email_domain?q=#{domain}&token=#{@api_key}" 
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search malware dns by md5 hash
+    def search_hash2malwaredns (hash)
+      result = JSON.parse RestClient.get "#{@base_uri}/hash2malwaredns?q=#{hash}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search malware http by md5 hash
+    def search_hash2malwaredns (hash)
+      result = JSON.parse RestClient.get "#{@base_uri}/hash2malwarehttp?q=#{hash}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search passive dns by hostname for mixed resource record types
+    def search_by_hostname (domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/hostname?q=#{domain}&token=#{@api_key}" 
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search passive dns by IP, CIDR, or Range (v6 compatible)
+    def search_by_ip (ip)
+      result = JSON.parse RestClient.get "#{@base_uri}/ip?q=#{ip}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search malware dns by IP
+    def search_ip2malwaredns(ip)
+      result = JSON.parse RestClient.get "#{@base_uri}/ip2malwaredns?q=#{ip}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search malware http by IP/CIDR for http://x.x.x.x/ (not the IP a hostname resolved to).
+    ## These results would not appear in the malware dns result since they do not require a DNS lookup.
+    def search_ip2malwarehttp(ip)
+      result = JSON.parse RestClient.get "#{@base_uri}/ip2malwarehttp?q=#{ip}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search name server glue (IP) records by IP, CIDR, or Range (v6 compatible)
+    ## what is dns glue record? => https://ns1.com/blog/glue-records-and-dedicated-dns#:~:text=What%20is%20a%20Glue%20Record,ns2.example.net%E2%80%9D.
+    def search_ip2nsglue(ip)
+      result = JSON.parse RestClient.get "#{@base_uri}/ip2nsglue?q=#{ip}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Perform a live DNS lookup for a domain
+    def search_livedns(domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/liveDNS?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search zonefile changes by nameserver
+    def search_nszoneactivity(nameserver)
+      result = JSON.parse RestClient.get "#{@base_uri}/ns-zone-activity?q=#{nameserver}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search current zone files and passive DNS for domains served by nameserver.
+    def search_ns2domain(nameserver)
+      result = JSON.parse RestClient.get "#{@base_uri}/mx2domain?q=#{nameserver}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search current zone files and passive DNS for domains served by nameserver.
+    def search_ns2domain(nameserver)
+      result = JSON.parse RestClient.get"#{@base_uri}/mx2domain?q=#{nameserver}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+    ## Search passive dns by domain for a list of subdomains from any record type.
+    def search_subdomains(domain)
+      result = JSON.parse RestClient.get "#{@base_uri}/subdomains?q=#{domain}&token=#{@api_key}"
+      if result["total"] > 0
+        return result
+      else
+        return
+      end
+    end
+  
+  end
+end

data/lib/zetalytics/version.rb

@@ -0,0 +1,3 @@
+module Zetalytics
+    VERSION="0.1.0"
+end

metadata

@@ -0,0 +1,59 @@
+--- !ruby/object:Gem::Specification
+name: zetalytics
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Anas Ben Salah
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-12-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: API client for the Zetalytics API
+email:
+- anas@intrigue.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/zetalytics.rb
+- lib/zetalytics/version.rb
+homepage: 
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key: 
+specification_version: 4
+summary: API client for the Zetalytics API
+test_files: []