Permalink
Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up
6116c01
Aug 10, 2016
Rafiot
| import json | |
| import dns.resolver | |
| misperrors = {'error': 'Error'} | |
| mispattributes = {'input': ['hostname', 'domain', 'domain|ip'], 'output': ['ip-src', | |
| 'ip-dst']} | |
| moduleinfo = {'version': '0.2', 'author': 'Alexandre Dulaunoy', | |
| 'description': 'Simple DNS expansion service to resolve IP address from MISP attributes', | |
| 'module-type': ['expansion', 'hover']} | |
| moduleconfig = ['nameserver'] | |
| def handler(q=False): | |
| if q is False: | |
| return False | |
| request = json.loads(q) | |
| if request.get('hostname'): | |
| toquery = request['hostname'] | |
| elif request.get('domain'): | |
| toquery = request['domain'] | |
| elif request.get('domain|ip'): | |
| toquery = request['domain|ip'].split('|')[0] | |
| else: | |
| return False | |
| r = dns.resolver.Resolver() | |
| r.timeout = 2 | |
| r.lifetime = 2 | |
| if request.get('config'): | |
| if request['config'].get('nameserver'): | |
| nameservers = [] | |
| nameservers.append(request['config'].get('nameserver')) | |
| r.nameservers = nameservers | |
| else: | |
| r.nameservers = ['8.8.8.8'] | |
| try: | |
| answer = r.query(toquery, 'A') | |
| except dns.resolver.NXDOMAIN: | |
| misperrors['error'] = "NXDOMAIN" | |
| return misperrors | |
| except dns.exception.Timeout: | |
| misperrors['error'] = "Timeout" | |
| return misperrors | |
| except: | |
| misperrors['error'] = "DNS resolving error" | |
| return misperrors | |
| r = {'results': [{'types': mispattributes['output'], | |
| 'values':[str(answer[0])]}]} | |
| return r | |
| def introspection(): | |
| return mispattributes | |
| def version(): | |
| moduleinfo['config'] = moduleconfig | |
| return moduleinfo |