Merge 9e89bbf into d3a179e

ninoseki · Nov 21, 2019 · 3be797d · 3be797d
2 parents d3a179e + 9e89bbf
commit 3be797d
Show file tree

Hide file tree

Showing 5 changed files with 121 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -39,12 +39,16 @@ Usage:
   rogue_one report [DNS_SERVER]
 
 Options:
-  [--custom-list=CUSTOM_LIST]  # A path to a custom list of domains
-  [--threshold=N]              # Threshold value for determining malicious or not
+  [--default-list=DEFAULT_LIST]  # A default list of top 100 domains (Alexa or Fortune)
+                                 # Default: alexa
+  [--custom-list=CUSTOM_LIST]    # A path to a custom list of domains
+  [--threshold=N]                # Threshold value for determining malicious or not
   [--verbose], [--no-verbose]
 
 Show a report of a given DNS server
 
+Show a report of a given DNS server
+
 $ rogue_one report 1.1.1.1
 {
   "verdict": "benign one",

diff --git a/lib/rogue_one/cli.rb b/lib/rogue_one/cli.rb
@@ -6,17 +6,19 @@
 module RogueOne
   class CLI < Thor
     desc "report [DNS_SERVER]", "Show a report of a given DNS server"
+    method_option :default_list, type: :string, default: "alexa", desc: "A default list of top 100 domains (Alexa or Fortune)"
     method_option :custom_list, type: :string, desc: "A path to a custom list of domains"
     method_option :threshold, type: :numeric, desc: "Threshold value for determining malicious or not"
     method_option :verbose, type: :boolean
     def report(dns_server)
       with_error_handling do
         Ping.pong? dns_server
 
+        default_list = options["default_list"].downcase
         custom_list = options["custom_list"]
         threshold = options["threshold"]
         verbose = options["verbose"]
-        detector = Detector.new(target: dns_server, custom_list: custom_list, threshold: threshold, verbose: verbose)
+        detector = Detector.new(target: dns_server, default_list: default_list, custom_list: custom_list, threshold: threshold, verbose: verbose)
         puts JSON.pretty_generate(detector.report)
       end
     end

diff --git a/lib/rogue_one/data/alexa_100.yml b/lib/rogue_one/data/alexa_100.yml
@@ -0,0 +1,101 @@
+---
+- google.com
+- youtube.com
+- tmall.com
+- baidu.com
+- qq.com
+- sohu.com
+- facebook.com
+- login.tmall.com
+- wikipedia.org
+- taobao.com
+- yahoo.com
+- jd.com
+- 360.cn
+- amazon.com
+- sina.com.cn
+- weibo.com
+- pages.tmall.com
+- reddit.com
+- live.com
+- vk.com
+- okezone.com
+- netflix.com
+- blogspot.com
+- office.com
+- csdn.net
+- alipay.com
+- xinhuanet.com
+- stackoverflow.com
+- yahoo.co.jp
+- instagram.com
+- google.com.hk
+- aliexpress.com
+- microsoft.com
+- babytree.com
+- naver.com
+- twitter.com
+- bing.com
+- livejasmin.com
+- amazon.co.jp
+- tribunnews.com
+- ebay.com
+- salesforce.com
+- twitch.tv
+- google.co.in
+- force.com
+- microsoftonline.com
+- apple.com
+- tianya.cn
+- adobe.com
+- pornhub.com
+- msn.com
+- zhanqi.tv
+- dropbox.com
+- linkedin.com
+- yandex.ru
+- wordpress.com
+- myshopify.com
+- amazon.in
+- mail.ru
+- panda.tv
+- imdb.com
+- caijing.com.cn
+- china.com.cn
+- mama.cn
+- amazonaws.com
+- google.com.br
+- trello.com
+- bongacams.com
+- google.de
+- medium.com
+- google.co.jp
+- soso.com
+- booking.com
+- w3schools.com
+- amazon.co.uk
+- spotify.com
+- amazon.de
+- rednet.cn
+- bbc.com
+- detail.tmall.com
+- xvideos.com
+- espn.com
+- detik.com
+- github.com
+- cnn.com
+- instructure.com
+- ok.ru
+- indeed.com
+- yy.com
+- tumblr.com
+- huanqiu.com
+- stackexchange.com
+- nytimes.com
+- imgur.com
+- soundcloud.com
+- whatsapp.com
+- rakuten.co.jp
+- nih.gov
+- sogou.com
+- google.cn
diff --git a/lib/rogue_one/data/top_100.yml → lib/rogue_one/data/fortune_100.yml b/lib/rogue_one/data/top_100.yml → lib/rogue_one/data/fortune_100.yml
diff --git a/lib/rogue_one/detector.rb b/lib/rogue_one/detector.rb
@@ -6,13 +6,15 @@
 module RogueOne
   class Detector
     attr_reader :target
+    attr_reader :default_list
     attr_reader :custom_list
     attr_reader :verbose
 
     GOOGLE_PUBLIC_DNS = "8.8.8.8"
 
-    def initialize(target:, custom_list: nil, threshold: nil, verbose: false)
+    def initialize(target:, default_list:, custom_list: nil, threshold: nil, verbose: false)
       @target = target
+      @default_list = default_list
       @custom_list = custom_list
       @threshold = threshold
       @verbose = verbose
@@ -98,7 +100,14 @@ def custom_domains
     end
 
     def top_100_domains
-      read_domains File.expand_path("./data/top_100.yml", __dir__)
+      case default_list
+      when "alexa"
+        read_domains File.expand_path("./data/alexa_100.yml", __dir__)
+      when "fortune"
+        read_domains File.expand_path("./data/fortune_100.yml", __dir__)
+      else
+        raise ArgumentError, "A list for #{default_list} is not existing"
+      end
     end
 
     def read_domains(path)