From 9d851ff66ae2e4fad12f703e20a17a5324ca3ee3 Mon Sep 17 00:00:00 2001 From: tanx16 Date: Mon, 12 Oct 2020 03:18:09 -0700 Subject: [PATCH] Add dnsimple v2 support, update README --- README.md | 24 ++++++++++++++---------- requirements.txt | 1 + trusttrees/global_state.py | 1 + trusttrees/registar_checking.py | 20 +++++++++++++++++++- trusttrees/usage.py | 6 ++++++ trusttrees/utils.py | 2 ++ 6 files changed, 43 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 3bf3414..c346740 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,7 @@ usage: trusttrees (-t TARGET_HOSTNAME | -l TARGET_HOSTNAMES_LIST) [-o] [--aws-credentials AWS_CREDS_FILE] [--gandi-api-v4-key GANDI_API_V4_KEY] [--gandi-api-v5-key GANDI_API_V5_KEY] + [--dnsimple-api-v2-token DNSIMPLE_ACCESS_TOKEN] Graph out a domain's DNS delegation chain and trust trees! @@ -112,18 +113,21 @@ optional arguments: Text file containing DNS resolvers to use. optional arguments for domain-checking: - --aws-credentials AWS_CREDS_FILE - AWS credentials JSON file for checking if nameserver - base domains are registerable. - --gandi-api-v4-key GANDI_API_V4_KEY - Gandi API V4 key for checking if nameserver base - domains are registerable. - --gandi-api-v5-key GANDI_API_V5_KEY - Gandi API V5 key for checking if nameserver base - domains are registerable. + --aws-credentials AWS_CREDS_FILE + AWS credentials JSON file for checking if nameserver + base domains are registerable. + --gandi-api-v4-key GANDI_API_V4_KEY + Gandi API V4 key for checking if nameserver base + domains are registerable. + --gandi-api-v5-key GANDI_API_V5_KEY + Gandi API V5 key for checking if nameserver base + domains are registerable. + --dnsimple-api-v2-token DNSIMPLE_ACCESS_TOKEN + DNSimple API V2 access token for checking if nameserver + base domains are registerable. ``` -In order to use the domain-check functionality to look for domain takeovers via expired-domain registration you must have a Gandi production API key or AWS keys with the `route53domains:CheckDomainAvailability` IAM permission. Only Gandi is supported because they are the only registrar we are aware of with a wide range of supported TLDs, a solid API, and good support. (AWS uses Gandi behind the scenes.) [Click here to sign up for a Gandi account.](https://www.gandi.net/) +In order to use the domain-check functionality to look for domain takeovers via expired-domain registration you must have a Gandi production API key, AWS keys with the `route53domains:CheckDomainAvailability` IAM permission, or a DNSimple access token. AWS uses Gandi behind the scenes. [Click here to sign up for a Gandi account.](https://www.gandi.net/) ## Graph Nodes/Edges Documentation ### Nodes diff --git a/requirements.txt b/requirements.txt index c043905..8f7670f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,5 @@ boto3==1.9.227 +dnsimple==2.0.0 dnspython==1.16.0 pygraphviz==1.5 requests==2.22.0 diff --git a/trusttrees/global_state.py b/trusttrees/global_state.py index 5426ebc..3cd7d97 100644 --- a/trusttrees/global_state.py +++ b/trusttrees/global_state.py @@ -2,6 +2,7 @@ AWS_CREDS_FILE = '' +DNSIMPLE_ACCESS_TOKEN = '' GANDI_API_V4_KEY = '' GANDI_API_V5_KEY = '' diff --git a/trusttrees/registar_checking.py b/trusttrees/registar_checking.py index c4b3a0f..3ac8f6f 100644 --- a/trusttrees/registar_checking.py +++ b/trusttrees/registar_checking.py @@ -3,6 +3,7 @@ import xmlrpc.client import boto3 +import dnsimple import requests from . import global_state @@ -98,9 +99,24 @@ def _can_register_with_aws_boto3(input_domain): return status.lower() +def _can_register_with_dnsimple_api_v2(input_domain): + """ + For more information, please see + https://developer.dnsimple.com/v2/registrar/#checkDomain + + :returns bool + availability status returned from the API + """ + client = dnsimple.Client(access_token=global_state.DNSIMPLE_ACCESS_TOKEN) + account_id = client.identity.whoami().data.account.id + response = client.registrar.check_domain(account_id, input_domain) + return response.data.available + + def is_domain_available(input_domain): """ - Called if Gandi API key or AWS credentials file is provided. + Called if Gandi API key, DNSimple token, or AWS credentials file + is provided. Note that we do not do `lru_cache(maxsize=0)` but instead use our own cache. This is because we normalize input when @@ -120,6 +136,8 @@ def is_domain_available(input_domain): _can_register_function = _can_register_with_gandi_api_v4 elif global_state.GANDI_API_V5_KEY: _can_register_function = _can_register_with_gandi_api_v5 + elif global_state.DNSIMPLE_ACCESS_TOKEN: + _can_register_function = _can_register_with_dnsimple_api_v2 else: _can_register_function = _can_register_with_aws_boto3 diff --git a/trusttrees/usage.py b/trusttrees/usage.py index 013f322..4d090ee 100644 --- a/trusttrees/usage.py +++ b/trusttrees/usage.py @@ -90,6 +90,12 @@ def _add_optional_args(parser): help='Gandi API V5 key for checking if nameserver base domains are registerable.', metavar='GANDI_API_V5_KEY', ) + optional_domain_checking_group.add_argument( + '--dnsimple-api-v2-token', + dest='dnsimple_api_v2_token', + help='dnsimple API V2 access token for checking if nameserver base domains are registerable.', + metavar='DNSIMPLE_ACCESS_TOKEN', + ) def parse_args(args): diff --git a/trusttrees/utils.py b/trusttrees/utils.py index c4fc346..a904ee4 100644 --- a/trusttrees/utils.py +++ b/trusttrees/utils.py @@ -95,6 +95,8 @@ def set_global_state_with_args(args): global_state.GANDI_API_V4_KEY = args.gandi_api_v4_key elif args.gandi_api_v5_key: global_state.GANDI_API_V5_KEY = args.gandi_api_v5_key + elif args.dnsimple_api_v2_token: + global_state.DNSIMPLE_ACCESS_TOKEN = args.dnsimple_api_v2_token else: global_state.CHECK_DOMAIN_AVAILABILITY = False