def run(self):
resolutions = []
if self.observable_classification == "ip":
try:
ipaddress.ip_address(self.observable_name)
domains = socket.gethostbyaddr(self.observable_name)
resolutions = domains
except (socket.gaierror, socket.herror):
raise AnalyzerRunException(
f"no resolution found for observable {self.observable_name}"
)
elif self.observable_classification in ["domain", "url"]:
observable = self.observable_name
# for URLs we are checking the relative domain
if self.observable_classification == "url":
observable = urlparse(self.observable_name).hostname
try:
dns_resolutions = dns.resolver.query(observable,
self._query_type)
for resolution in dns_resolutions:
element = {
"TTL": dns_resolutions.rrset.ttl,
"data": resolution.to_text(),
"name": dns_resolutions.qname.to_text(),
"type": dns_resolutions.rdtype,
}
resolutions.append(element)
except dns.resolver.NXDOMAIN:
resolutions = []
return dns_resolver_response(self.observable_name, resolutions)
def run(self):
try:
observable = self.observable_name
# for URLs we are checking the relative domain
if self.observable_classification == "url":
observable = urlparse(self.observable_name).hostname
client = requests.session()
params = {
"name": observable,
"type": self._query_type,
"ct": "application/dns-json",
}
response = client.get("https://cloudflare-dns.com/dns-query", params=params)
response.raise_for_status()
response_dict = response.json()
resolutions = response_dict.get("Answer", None)
except requests.exceptions.RequestException:
raise AnalyzerRunException(
"An error occurred during the connection to CloudFlare"
)
return dns_resolver_response(self.observable_name, resolutions)
def run(self):
try:
observable = self.observable_name
# for URLs we are checking the relative domain
if self.observable_classification == "url":
observable = urlparse(self.observable_name).hostname
headers = {"Accept": "application/dns-json"}
url = "https://dns.quad9.net:5053/dns-query"
params = {"name": observable, "type": self._query_type}
quad9_response = requests.get(url, headers=headers, params=params)
quad9_response.raise_for_status()
resolutions = quad9_response.json().get("Answer", [])
except requests.RequestException:
raise AnalyzerRunException(
"an error occurred during the connection to Quad9"
)
return dns_resolver_response(self.observable_name, resolutions)
def run(self):
try:
observable = self.observable_name
# for URLs we are checking the relative domain
if self.observable_classification == "url":
observable = urlparse(self.observable_name).hostname
params = {
"name": observable,
"type": self._query_type,
}
response = requests.get("https://dns.google.com/resolve",
params=params)
response.raise_for_status()
data = response.json()
resolutions = data.get("Answer", None)
except requests.exceptions.RequestException:
raise AnalyzerRunException(
"an error occurred during the connection to Google")
return dns_resolver_response(self.observable_name, resolutions)
def run(self):
resolutions = []
if self.observable_classification == "ip":
try:
ipaddress.ip_address(self.observable_name)
hostname, alias, ip = socket.gethostbyaddr(
self.observable_name)
if alias:
resolutions.extend(alias)
if hostname:
resolutions.append(hostname)
except (socket.gaierror, socket.herror):
logger.warning(f"No resolution for ip {self.observable_name}")
resolutions = []
elif self.observable_classification in ["domain", "url"]:
observable = self.observable_name
# for URLs we are checking the relative domain
if self.observable_classification == "url":
observable = urlparse(self.observable_name).hostname
try:
dns_resolutions = dns.resolver.query(observable,
self._query_type)
for resolution in dns_resolutions:
element = {
"TTL": dns_resolutions.rrset.ttl,
"data": resolution.to_text(),
"name": dns_resolutions.qname.to_text(),
"type": dns_resolutions.rdtype,
}
resolutions.append(element)
except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
logger.warning(
f"No resolution for "
f"{self.observable_classification} {self.observable_name}")
resolutions = []
return dns_resolver_response(self.observable_name, resolutions)