Add dnsimple v2 support, update README

README.md

@@ -91,6 +91,7 @@ usage: trusttrees (-t TARGET_HOSTNAME | -l TARGET_HOSTNAMES_LIST) [-o]
                   [--aws-credentials AWS_CREDS_FILE]
                   [--gandi-api-v4-key GANDI_API_V4_KEY]
                   [--gandi-api-v5-key GANDI_API_V5_KEY]
+                  [--dnsimple-api-v2-token DNSIMPLE_ACCESS_TOKEN]
 
 Graph out a domain's DNS delegation chain and trust trees!
 
@@ -112,18 +113,21 @@ optional arguments:
                         Text file containing DNS resolvers to use.
 
 optional arguments for domain-checking:
-  --aws-credentials AWS_CREDS_FILE
-                        AWS credentials JSON file for checking if nameserver
-                        base domains are registerable.
-  --gandi-api-v4-key GANDI_API_V4_KEY
-                        Gandi API V4 key for checking if nameserver base
-                        domains are registerable.
-  --gandi-api-v5-key GANDI_API_V5_KEY
-                        Gandi API V5 key for checking if nameserver base
-                        domains are registerable.
+  --aws-credentials       AWS_CREDS_FILE
+                             AWS credentials JSON file for checking if nameserver
+                             base domains are registerable.
+  --gandi-api-v4-key      GANDI_API_V4_KEY
+                             Gandi API V4 key for checking if nameserver base
+                             domains are registerable.
+  --gandi-api-v5-key      GANDI_API_V5_KEY
+                             Gandi API V5 key for checking if nameserver base
+                             domains are registerable.
+  --dnsimple-api-v2-token DNSIMPLE_ACCESS_TOKEN
+                             DNSimple API V2 access token for checking if nameserver
+                             base domains are registerable.
 ```
 
-In order to use the domain-check functionality to look for domain takeovers via expired-domain registration you must have a Gandi production API key or AWS keys with the `route53domains:CheckDomainAvailability` IAM permission. Only Gandi is supported because they are the only registrar we are aware of with a wide range of supported TLDs, a solid API, and good support. (AWS uses Gandi behind the scenes.) [Click here to sign up for a Gandi account.](https://www.gandi.net/)
+In order to use the domain-check functionality to look for domain takeovers via expired-domain registration you must have a Gandi production API key, AWS keys with the `route53domains:CheckDomainAvailability` IAM permission, or a DNSimple access token. AWS uses Gandi behind the scenes. [Click here to sign up for a Gandi account.](https://www.gandi.net/)
 
 ## Graph Nodes/Edges Documentation
 ### Nodes

requirements.txt

@@ -1,4 +1,5 @@
 boto3==1.9.227
+dnsimple==2.0.0
 dnspython==1.16.0
 pygraphviz==1.5
 requests==2.22.0

trusttrees/global_state.py

@@ -2,6 +2,7 @@
 
 
 AWS_CREDS_FILE = ''
+DNSIMPLE_ACCESS_TOKEN = ''
 GANDI_API_V4_KEY = ''
 GANDI_API_V5_KEY = ''
 

trusttrees/registar_checking.py

@@ -3,6 +3,7 @@
 import xmlrpc.client
 
 import boto3
+import dnsimple
 import requests
 
 from . import global_state
@@ -98,9 +99,24 @@ def _can_register_with_aws_boto3(input_domain):
     return status.lower()
 
 
+def _can_register_with_dnsimple_api_v2(input_domain):
+    """
+    For more information, please see
+    https://developer.dnsimple.com/v2/registrar/#checkDomain
+
+    :returns bool
+    availability status returned from the API
+    """
+    client = dnsimple.Client(access_token=global_state.DNSIMPLE_ACCESS_TOKEN)
+    account_id = client.identity.whoami().data.account.id
+    response = client.registrar.check_domain(account_id, input_domain)
+    return response.data.available
+
+
 def is_domain_available(input_domain):
     """
-    Called if Gandi API key or AWS credentials file is provided.
+    Called if Gandi API key, DNSimple token, or AWS credentials file
+    is provided.
 
     Note that we do not do `lru_cache(maxsize=0)` but instead
     use our own cache. This is because we normalize input when
@@ -120,6 +136,8 @@ def is_domain_available(input_domain):
         _can_register_function = _can_register_with_gandi_api_v4
     elif global_state.GANDI_API_V5_KEY:
         _can_register_function = _can_register_with_gandi_api_v5
+    elif global_state.DNSIMPLE_ACCESS_TOKEN:
+        _can_register_function = _can_register_with_dnsimple_api_v2
     else:
         _can_register_function = _can_register_with_aws_boto3
 

trusttrees/usage.py

@@ -90,6 +90,12 @@ def _add_optional_args(parser):
         help='Gandi API V5 key for checking if nameserver base domains are registerable.',
         metavar='GANDI_API_V5_KEY',
     )
+    optional_domain_checking_group.add_argument(
+        '--dnsimple-api-v2-token',
+        dest='dnsimple_api_v2_token',
+        help='dnsimple API V2 access token for checking if nameserver base domains are registerable.',
+        metavar='DNSIMPLE_ACCESS_TOKEN',
+    )
 
 
 def parse_args(args):

trusttrees/utils.py

@@ -95,6 +95,8 @@ def set_global_state_with_args(args):
         global_state.GANDI_API_V4_KEY = args.gandi_api_v4_key
     elif args.gandi_api_v5_key:
         global_state.GANDI_API_V5_KEY = args.gandi_api_v5_key
+    elif args.dnsimple_api_v2_token:
+        global_state.DNSIMPLE_ACCESS_TOKEN = args.dnsimple_api_v2_token
     else:
         global_state.CHECK_DOMAIN_AVAILABILITY = False