Skip to content

Commit

Permalink
Merge pull request #1 from ninoseki/v0.1.0
Browse files Browse the repository at this point in the history
v0.1.0
  • Loading branch information
ninoseki committed Apr 25, 2019
2 parents d574ea4 + a49dab2 commit 9fe26c3
Show file tree
Hide file tree
Showing 19 changed files with 439 additions and 6 deletions.
10 changes: 6 additions & 4 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
/tmp/

# Used by dotenv library to load environment variables.
# .env
.env

## Specific to RubyMotion:
.dat*
Expand Down Expand Up @@ -42,9 +42,11 @@ build-iPhoneSimulator/

# for a library or gem, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# Gemfile.lock
# .ruby-version
# .ruby-gemset
Gemfile.lock
.ruby-version
.ruby-gemset

# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
.rvmrc

.rspec_status
3 changes: 3 additions & 0 deletions .rspec
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
--format documentation
--color
--require spec_helper
7 changes: 7 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
sudo: false
language: ruby
cache: bundler
rvm:
- 2.6
before_install: gem install bundler -v 2.0.1
4 changes: 4 additions & 0 deletions Gemfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
source "https://rubygems.org"

# Specify your gem's dependencies in rogue_one.gemspec
gemspec
43 changes: 41 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,41 @@
# rogue_one
Rogue One: a rogue DNS detector
# Rogue one: a rogue DNS detector

[![Build Status](https://travis-ci.org/ninoseki/rogue_one.svg?branch=master)](https://travis-ci.org/ninoseki/rogue_one)
[![Coverage Status](https://coveralls.io/repos/github/ninoseki/rogue_one/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/rogue_one?branch=master)

## Installation

```bash
gem install rogue_one
```

## Usage

```bash
$ rogue_one
Commands:
rogue_one help [COMMAND] # Describe available commands or one specific command
rogue_one report [DNS_SERVER] # Show a report of a given DNS server

$ rogue_one report 1.1.1.1
{
"verdict": "rogue one",
"landing_pages": [

]
}

$ rogue_one reprot 1.53.252.215
{
"verdict": "rogue one",
"landing_pages": [
"1.171.170.228",
"1.171.168.19",
"61.230.102.66"
]
}
```

## License

The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
6 changes: 6 additions & 0 deletions Rakefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
require "bundler/gem_tasks"
require "rspec/core/rake_task"

RSpec::Core::RakeTask.new(:spec)

task :default => :spec
14 changes: 14 additions & 0 deletions bin/console
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/usr/bin/env ruby

require "bundler/setup"
require "rogue_one"

# You can add fixtures and/or initialization code here to make experimenting
# with your gem easier. You can also use a different console, if you like.

# (If you use this, don't forget to add pry to your Gemfile!)
# require "pry"
# Pry.start

require "irb"
IRB.start(__FILE__)
8 changes: 8 additions & 0 deletions bin/setup
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/usr/bin/env bash
set -euo pipefail
IFS=$'\n\t'
set -vx

bundle install

# Do any other automated setup that you need to do here
8 changes: 8 additions & 0 deletions exe/rogue_one
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/usr/bin/env ruby
# frozen_string_literal: true

$LOAD_PATH.unshift("#{__dir__}/../lib")

require "rogue_one"

RogueOne::CLI.start
11 changes: 11 additions & 0 deletions lib/rogue_one.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# frozen_string_literal: true

require "rogue_one/version"

require "rogue_one/resolver"
require "rogue_one/detector"
require "rogue_one/cli"

module RogueOne
class Error < StandardError; end
end
24 changes: 24 additions & 0 deletions lib/rogue_one/cli.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# frozen_string_literal: true

require "thor"
require "json"

module RogueOne
class CLI < Thor
desc "report [DNS_SERVER]", "Show a report of a given DNS server"
def report(dns_server)
with_error_handling do
detector = Detector.new(target: dns_server)
puts JSON.pretty_generate(detector.report)
end
end

no_commands do
def with_error_handling
yield
rescue StandardError => e
puts "Warning: #{e}"
end
end
end
end
101 changes: 101 additions & 0 deletions lib/rogue_one/data/top_100.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
---
- google.com
- facebook.com
- youtube.com
- yahoo.com
- baidu.com
- wikipedia.org
- qq.com
- taobao.com
- twitter.com
- amazon.com
- linkedin.com
- live.com
- google.co.in
- sina.com.cn
- hao123.com
- blogspot.com
- weibo.com
- tmall.com
- vk.com
- wordpress.com
- yahoo.co.jp
- sohu.com
- yandex.ru
- ebay.com
- google.de
- bing.com
- pinterest.com
- google.co.uk
- 163.com
- 360.cn
- google.fr
- ask.com
- instagram.com
- google.co.jp
- tumblr.com
- msn.com
- google.com.br
- mail.ru
- microsoft.com
- xvideos.com
- paypal.com
- google.ru
- soso.com
- adcash.com
- google.es
- google.it
- imdb.com
- apple.com
- imgur.com
- neobux.com
- craigslist.org
- amazon.co.jp
- t.co
- xhamster.com
- stackoverflow.com
- reddit.com
- google.com.mx
- google.com.hk
- cnn.com
- google.ca
- fc2.com
- go.com
- ifeng.com
- bbc.co.uk
- vube.com
- people.com.cn
- blogger.com
- aliexpress.com
- odnoklassniki.ru
- wordpress.org
- alibaba.com
- gmw.cn
- adobe.com
- huffingtonpost.com
- google.com.tr
- xinhuanet.com
- googleusercontent.com
- youku.com
- godaddy.com
- pornhub.com
- akamaihd.net
- thepiratebay.se
- kickass.to
- google.com.au
- amazon.de
- clkmon.com
- ebay.de
- alipay.com
- google.pl
- espn.go.com
- dailymotion.com
- about.com
- bp.blogspot.com
- blogspot.in
- netflix.com
- vimeo.com
- dailymail.co.uk
- redtube.com
- rakuten.co.jp
- conduit.com
68 changes: 68 additions & 0 deletions lib/rogue_one/detector.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
# frozen_string_literal: true

require "yaml"

module RogueOne
class Detector
attr_reader :target

GOOGLE_PUBLIC_DNS = "8.8.8.8"

def initialize(target:)
@target = target
@memo = Hash.new(0)
@mismatched_domains = []
end

def report
inspect

{
verdict: verdict,
landing_pages: landing_pages
}
end

private

def verdict
rogue_one? ? "rogue one" : "benign one"
end

def rogue_one?
@mismatched_domains.length > 50
end

def landing_pages
return [] unless rogue_one?

@memo.map do |ip, count|
count > 10 ? ip : nil
end.compact
end

def inspect
top_100_domains.each do |domain|
normal_result = normal_resolver.dig(domain, "A")
target_result = target_resolver.dig(domain, "A")

if normal_result != target_result
@mismatched_domains << domain
@memo[target_result] += 1 if target_result
end
end
end

def top_100_domains
@top_100_domains ||= YAML.safe_load(File.read(File.expand_path("./data/top_100.yml", __dir__)))
end

def normal_resolver
@normal_resolver ||= Resolver.new(nameserver: GOOGLE_PUBLIC_DNS)
end

def target_resolver
@target_resolver ||= Resolver.new(nameserver: target)
end
end
end
47 changes: 47 additions & 0 deletions lib/rogue_one/resolver.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# frozen_string_literal: true

require "resolv"

module RogueOne
class Resolver
attr_reader :nameserver

def initialize(nameserver:)
@nameserver = nameserver
end

def dig(domain, type)
_resolver.getresource(domain, resource_by_type(type)).address.to_s
rescue Resolv::ResolvError => e
nil
end

private

def _resolver
@_resolver ||= Resolv::DNS.new(nameserver: [nameserver])
end

def resource_by_type(type)
resources.dig(type.upcase.to_sym)
end

def resources
{
ANY: Resolv::DNS::Resource::IN::ANY,
NS: Resolv::DNS::Resource::IN::NS,
CNAME: Resolv::DNS::Resource::IN::CNAME,
SOA: Resolv::DNS::Resource::IN::SOA,
HINFO: Resolv::DNS::Resource::IN::HINFO,
MINFO: Resolv::DNS::Resource::IN::MINFO,
MX: Resolv::DNS::Resource::IN::MX,
TXT: Resolv::DNS::Resource::IN::TXT,
A: Resolv::DNS::Resource::IN::A,
WKS: Resolv::DNS::Resource::IN::WKS,
PTR: Resolv::DNS::Resource::IN::PTR,
AAAA: Resolv::DNS::Resource::IN::AAAA,
SRV: Resolv::DNS::Resource::IN::SRV,
}
end
end
end
5 changes: 5 additions & 0 deletions lib/rogue_one/version.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# frozen_string_literal: true

module RogueOne
VERSION = "0.1.0"
end

0 comments on commit 9fe26c3

Please sign in to comment.