Class: PassiveDNS::Provider::RiskIQ

Inherits:
PassiveDNS::PassiveDB show all
Defined in:
lib/passivedns/client/provider/riskiq.rb

Overview

Queries RiskIQ’s passive DNS database

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ RiskIQ

Options

  • :debug Sets the debug flag for the module

  • “API_TOKEN” REQUIRED: User name associated with your RiskIQ account

  • “API_PRIVATE_KEY” REQUIRED: Password associated with your RiskIQ account

  • “API_SERVER” Alternate server for testing. Defaults to “ws.riskiq.net”

  • “API_VERSION” Alternate version of the API to test. Defaults to “V1”

Example Instantiation

options = {
  :debug => true,
  "API_TOKEN" => "riskiq_token",
  "API_PRIVATE_KEY" => "riskiq_private_key",
  "API_SERVER" => "ws.riskiq.net",
  "API_VERSION" => "v1"
}

PassiveDNS::Provider::RiskIQ.new(options)



47
48
49
50
51
52
53
54
 
# File 'lib/passivedns/client/provider/riskiq.rb', line 47

def initialize(options={})
    @debug = options[:debug] || false
    @token = options["API_TOKEN"] || raise("#{self.class.name} requires an API_TOKEN")
    @privkey = options["API_PRIVATE_KEY"] || raise("#{self.class.name} requires an API_PRIVATE_KEY")
    @server = options["API_SERVER"] || "ws.riskiq.net"
    @version = options["API_VERSION"] || "v1"
    @url = "https://#{@server}/#{@version}"
end

Instance Attribute Details

#debugObject

:debug enables verbose logging to standard output



27
28
29
 
# File 'lib/passivedns/client/provider/riskiq.rb', line 27

def debug
  @debug
end

Class Method Details

.config_section_nameObject

Sets the configuration section name to “riskiq”



18
19
20
 
# File 'lib/passivedns/client/provider/riskiq.rb', line 18

def self.config_section_name
  "riskiq"
end

.nameObject

Sets the modules self-reported name to “RiskIQ”



14
15
16
 
# File 'lib/passivedns/client/provider/riskiq.rb', line 14

def self.name
  "RiskIQ"
end

.option_letterObject

Sets the command line database argument to “r”



22
23
24
 
# File 'lib/passivedns/client/provider/riskiq.rb', line 22

def self.option_letter
  "r"
end

Instance Method Details

#lookup(label, limit = nil) ⇒ Object

Takes a label (either a domain or an IP address) and returns an array of PassiveDNS::PDNSResult instances with the answers to the query



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/passivedns/client/provider/riskiq.rb', line 58

def lookup(label, limit=nil)
	$stderr.puts "DEBUG: #{self.class.name}.lookup(#{label})" if @debug
	Timeout::timeout(240) {
      url = nil
      params = {"rrType" => "", "maxResults" => limit || 1000}
    
      if label =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
        url = @url+"/dns/data"
        params["ip"] = label 
      else
        url = @url+"/dns/name"
        params["name"] = label
      end
      url << "?"
      params.each do |k,v|
        url << "#{k}=#{v}&"
      end
      url.gsub!(/\&$/,"")
    
		$stderr.puts "DEBUG: #{self.class.name} url = #{url}" if @debug
		url = URI.parse url
		http = Net::HTTP.new(url.host, url.port)
		http.use_ssl = (url.scheme == 'https')
		http.verify_mode = OpenSSL::SSL::VERIFY_NONE
		http.verify_depth = 5
		request = Net::HTTP::Get.new(url.request_uri)
		request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
      request.add_field('Accept', 'Application/JSON')
      request.add_field('Content-Type', 'Application/JSON')
      request.basic_auth(@token, @privkey)
		t1 = Time.now
		response = http.request(request)
		t2 = Time.now
		recs = parse_json(response.body, label, t2-t1)
		if limit
			recs[0,limit]
		else
			recs
		end
	}
rescue Timeout::Error => e
	$stderr.puts "#{self.class.name} lookup timed out: #{label}"
end