-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from ninoseki/v0.1.0
v0.1.0
- Loading branch information
Showing
19 changed files
with
439 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--format documentation | ||
--color | ||
--require spec_helper |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
--- | ||
sudo: false | ||
language: ruby | ||
cache: bundler | ||
rvm: | ||
- 2.6 | ||
before_install: gem install bundler -v 2.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
source "https://rubygems.org" | ||
|
||
# Specify your gem's dependencies in rogue_one.gemspec | ||
gemspec |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,41 @@ | ||
# rogue_one | ||
Rogue One: a rogue DNS detector | ||
# Rogue one: a rogue DNS detector | ||
|
||
[![Build Status](https://travis-ci.org/ninoseki/rogue_one.svg?branch=master)](https://travis-ci.org/ninoseki/rogue_one) | ||
[![Coverage Status](https://coveralls.io/repos/github/ninoseki/rogue_one/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/rogue_one?branch=master) | ||
|
||
## Installation | ||
|
||
```bash | ||
gem install rogue_one | ||
``` | ||
|
||
## Usage | ||
|
||
```bash | ||
$ rogue_one | ||
Commands: | ||
rogue_one help [COMMAND] # Describe available commands or one specific command | ||
rogue_one report [DNS_SERVER] # Show a report of a given DNS server | ||
|
||
$ rogue_one report 1.1.1.1 | ||
{ | ||
"verdict": "rogue one", | ||
"landing_pages": [ | ||
|
||
] | ||
} | ||
|
||
$ rogue_one reprot 1.53.252.215 | ||
{ | ||
"verdict": "rogue one", | ||
"landing_pages": [ | ||
"1.171.170.228", | ||
"1.171.168.19", | ||
"61.230.102.66" | ||
] | ||
} | ||
``` | ||
|
||
## License | ||
|
||
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
require "bundler/gem_tasks" | ||
require "rspec/core/rake_task" | ||
|
||
RSpec::Core::RakeTask.new(:spec) | ||
|
||
task :default => :spec |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#!/usr/bin/env ruby | ||
|
||
require "bundler/setup" | ||
require "rogue_one" | ||
|
||
# You can add fixtures and/or initialization code here to make experimenting | ||
# with your gem easier. You can also use a different console, if you like. | ||
|
||
# (If you use this, don't forget to add pry to your Gemfile!) | ||
# require "pry" | ||
# Pry.start | ||
|
||
require "irb" | ||
IRB.start(__FILE__) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#!/usr/bin/env bash | ||
set -euo pipefail | ||
IFS=$'\n\t' | ||
set -vx | ||
|
||
bundle install | ||
|
||
# Do any other automated setup that you need to do here |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#!/usr/bin/env ruby | ||
# frozen_string_literal: true | ||
|
||
$LOAD_PATH.unshift("#{__dir__}/../lib") | ||
|
||
require "rogue_one" | ||
|
||
RogueOne::CLI.start |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# frozen_string_literal: true | ||
|
||
require "rogue_one/version" | ||
|
||
require "rogue_one/resolver" | ||
require "rogue_one/detector" | ||
require "rogue_one/cli" | ||
|
||
module RogueOne | ||
class Error < StandardError; end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# frozen_string_literal: true | ||
|
||
require "thor" | ||
require "json" | ||
|
||
module RogueOne | ||
class CLI < Thor | ||
desc "report [DNS_SERVER]", "Show a report of a given DNS server" | ||
def report(dns_server) | ||
with_error_handling do | ||
detector = Detector.new(target: dns_server) | ||
puts JSON.pretty_generate(detector.report) | ||
end | ||
end | ||
|
||
no_commands do | ||
def with_error_handling | ||
yield | ||
rescue StandardError => e | ||
puts "Warning: #{e}" | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
--- | ||
- google.com | ||
- facebook.com | ||
- youtube.com | ||
- yahoo.com | ||
- baidu.com | ||
- wikipedia.org | ||
- qq.com | ||
- taobao.com | ||
- twitter.com | ||
- amazon.com | ||
- linkedin.com | ||
- live.com | ||
- google.co.in | ||
- sina.com.cn | ||
- hao123.com | ||
- blogspot.com | ||
- weibo.com | ||
- tmall.com | ||
- vk.com | ||
- wordpress.com | ||
- yahoo.co.jp | ||
- sohu.com | ||
- yandex.ru | ||
- ebay.com | ||
- google.de | ||
- bing.com | ||
- pinterest.com | ||
- google.co.uk | ||
- 163.com | ||
- 360.cn | ||
- google.fr | ||
- ask.com | ||
- instagram.com | ||
- google.co.jp | ||
- tumblr.com | ||
- msn.com | ||
- google.com.br | ||
- mail.ru | ||
- microsoft.com | ||
- xvideos.com | ||
- paypal.com | ||
- google.ru | ||
- soso.com | ||
- adcash.com | ||
- google.es | ||
- google.it | ||
- imdb.com | ||
- apple.com | ||
- imgur.com | ||
- neobux.com | ||
- craigslist.org | ||
- amazon.co.jp | ||
- t.co | ||
- xhamster.com | ||
- stackoverflow.com | ||
- reddit.com | ||
- google.com.mx | ||
- google.com.hk | ||
- cnn.com | ||
- google.ca | ||
- fc2.com | ||
- go.com | ||
- ifeng.com | ||
- bbc.co.uk | ||
- vube.com | ||
- people.com.cn | ||
- blogger.com | ||
- aliexpress.com | ||
- odnoklassniki.ru | ||
- wordpress.org | ||
- alibaba.com | ||
- gmw.cn | ||
- adobe.com | ||
- huffingtonpost.com | ||
- google.com.tr | ||
- xinhuanet.com | ||
- googleusercontent.com | ||
- youku.com | ||
- godaddy.com | ||
- pornhub.com | ||
- akamaihd.net | ||
- thepiratebay.se | ||
- kickass.to | ||
- google.com.au | ||
- amazon.de | ||
- clkmon.com | ||
- ebay.de | ||
- alipay.com | ||
- google.pl | ||
- espn.go.com | ||
- dailymotion.com | ||
- about.com | ||
- bp.blogspot.com | ||
- blogspot.in | ||
- netflix.com | ||
- vimeo.com | ||
- dailymail.co.uk | ||
- redtube.com | ||
- rakuten.co.jp | ||
- conduit.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
# frozen_string_literal: true | ||
|
||
require "yaml" | ||
|
||
module RogueOne | ||
class Detector | ||
attr_reader :target | ||
|
||
GOOGLE_PUBLIC_DNS = "8.8.8.8" | ||
|
||
def initialize(target:) | ||
@target = target | ||
@memo = Hash.new(0) | ||
@mismatched_domains = [] | ||
end | ||
|
||
def report | ||
inspect | ||
|
||
{ | ||
verdict: verdict, | ||
landing_pages: landing_pages | ||
} | ||
end | ||
|
||
private | ||
|
||
def verdict | ||
rogue_one? ? "rogue one" : "benign one" | ||
end | ||
|
||
def rogue_one? | ||
@mismatched_domains.length > 50 | ||
end | ||
|
||
def landing_pages | ||
return [] unless rogue_one? | ||
|
||
@memo.map do |ip, count| | ||
count > 10 ? ip : nil | ||
end.compact | ||
end | ||
|
||
def inspect | ||
top_100_domains.each do |domain| | ||
normal_result = normal_resolver.dig(domain, "A") | ||
target_result = target_resolver.dig(domain, "A") | ||
|
||
if normal_result != target_result | ||
@mismatched_domains << domain | ||
@memo[target_result] += 1 if target_result | ||
end | ||
end | ||
end | ||
|
||
def top_100_domains | ||
@top_100_domains ||= YAML.safe_load(File.read(File.expand_path("./data/top_100.yml", __dir__))) | ||
end | ||
|
||
def normal_resolver | ||
@normal_resolver ||= Resolver.new(nameserver: GOOGLE_PUBLIC_DNS) | ||
end | ||
|
||
def target_resolver | ||
@target_resolver ||= Resolver.new(nameserver: target) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# frozen_string_literal: true | ||
|
||
require "resolv" | ||
|
||
module RogueOne | ||
class Resolver | ||
attr_reader :nameserver | ||
|
||
def initialize(nameserver:) | ||
@nameserver = nameserver | ||
end | ||
|
||
def dig(domain, type) | ||
_resolver.getresource(domain, resource_by_type(type)).address.to_s | ||
rescue Resolv::ResolvError => e | ||
nil | ||
end | ||
|
||
private | ||
|
||
def _resolver | ||
@_resolver ||= Resolv::DNS.new(nameserver: [nameserver]) | ||
end | ||
|
||
def resource_by_type(type) | ||
resources.dig(type.upcase.to_sym) | ||
end | ||
|
||
def resources | ||
{ | ||
ANY: Resolv::DNS::Resource::IN::ANY, | ||
NS: Resolv::DNS::Resource::IN::NS, | ||
CNAME: Resolv::DNS::Resource::IN::CNAME, | ||
SOA: Resolv::DNS::Resource::IN::SOA, | ||
HINFO: Resolv::DNS::Resource::IN::HINFO, | ||
MINFO: Resolv::DNS::Resource::IN::MINFO, | ||
MX: Resolv::DNS::Resource::IN::MX, | ||
TXT: Resolv::DNS::Resource::IN::TXT, | ||
A: Resolv::DNS::Resource::IN::A, | ||
WKS: Resolv::DNS::Resource::IN::WKS, | ||
PTR: Resolv::DNS::Resource::IN::PTR, | ||
AAAA: Resolv::DNS::Resource::IN::AAAA, | ||
SRV: Resolv::DNS::Resource::IN::SRV, | ||
} | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# frozen_string_literal: true | ||
|
||
module RogueOne | ||
VERSION = "0.1.0" | ||
end |
Oops, something went wrong.