Permalink
Cannot retrieve contributors at this time
| import json | |
| import dns.resolver | |
| misperrors = {'error': 'Error'} | |
| mispattributes = {'input': ['hostname', 'domain', 'domain|ip'], 'output': ['ip-src', | |
| 'ip-dst']} | |
| moduleinfo = {'version': '0.2', 'author': 'Alexandre Dulaunoy', | |
| 'description': 'Simple DNS expansion service to resolve IP address from MISP attributes', | |
| 'module-type': ['expansion', 'hover']} | |
| moduleconfig = ['nameserver'] | |
| def handler(q=False): | |
| if q is False: | |
| return False | |
| request = json.loads(q) | |
| if request.get('hostname'): | |
| toquery = request['hostname'] | |
| elif request.get('domain'): | |
| toquery = request['domain'] | |
| elif request.get('domain|ip'): | |
| toquery = request['domain|ip'].split('|')[0] | |
| else: | |
| return False | |
| r = dns.resolver.Resolver() | |
| r.timeout = 2 | |
| r.lifetime = 2 | |
| if request.get('config'): | |
| if request['config'].get('nameserver'): | |
| nameservers = [] | |
| nameservers.append(request['config'].get('nameserver')) | |
| r.nameservers = nameservers | |
| else: | |
| r.nameservers = ['8.8.8.8'] | |
| try: | |
| answer = r.query(toquery, 'A') | |
| except dns.resolver.NXDOMAIN: | |
| misperrors['error'] = "NXDOMAIN" | |
| return misperrors | |
| except dns.exception.Timeout: | |
| misperrors['error'] = "Timeout" | |
| return misperrors | |
| except Exception: | |
| misperrors['error'] = "DNS resolving error" | |
| return misperrors | |
| r = {'results': [{'types': mispattributes['output'], | |
| 'values':[str(answer[0])]}]} | |
| return r | |
| def introspection(): | |
| return mispattributes | |
| def version(): | |
| moduleinfo['config'] = moduleconfig | |
| return moduleinfo |