2016-02-17 16:05:06 +01:00
import json
import dns . resolver
2016-03-28 11:57:24 +02:00
misperrors = { ' error ' : ' Error ' }
2016-08-10 17:11:46 +02:00
mispattributes = { ' input ' : [ ' hostname ' , ' domain ' , ' domain|ip ' ] , ' output ' : [ ' ip-src ' ,
' ip-dst ' ] }
2024-08-12 11:23:10 +02:00
moduleinfo = {
' version ' : ' 0.3 ' ,
' author ' : ' Alexandre Dulaunoy ' ,
2024-10-02 11:31:39 +02:00
' description ' : ' Simple DNS expansion service to resolve IP address from MISP attributes ' ,
2024-08-12 11:23:10 +02:00
' module-type ' : [ ' expansion ' , ' hover ' ] ,
' name ' : ' DNS Resolver ' ,
' logo ' : ' ' ,
' requirements ' : [ ' dnspython3: DNS python3 library ' ] ,
' features ' : ' The module takes a domain of hostname attribute as input, and tries to resolve it. If no error is encountered, the IP address that resolves the domain is returned, otherwise the origin of the error is displayed. \n \n The address of the DNS resolver to use is also configurable, but if no configuration is set, we use the Google public DNS address (8.8.8.8). \n \n Please note that composite MISP attributes containing domain or hostname are supported as well. ' ,
' references ' : [ ] ,
' input ' : ' Domain or hostname attribute. ' ,
' output ' : ' IP address resolving the input. ' ,
}
2016-03-28 11:57:24 +02:00
moduleconfig = [ ' nameserver ' ]
2016-02-17 16:05:06 +01:00
2016-02-24 02:50:35 +01:00
2016-02-17 16:05:06 +01:00
def handler ( q = False ) :
if q is False :
return False
request = json . loads ( q )
if request . get ( ' hostname ' ) :
toquery = request [ ' hostname ' ]
elif request . get ( ' domain ' ) :
toquery = request [ ' domain ' ]
2016-08-10 17:11:46 +02:00
elif request . get ( ' domain|ip ' ) :
toquery = request [ ' domain|ip ' ] . split ( ' | ' ) [ 0 ]
2016-02-17 16:05:06 +01:00
else :
return False
r = dns . resolver . Resolver ( )
2016-02-29 21:44:50 +01:00
r . timeout = 2
r . lifetime = 2
2016-03-28 11:57:24 +02:00
if request . get ( ' config ' ) :
if request [ ' config ' ] . get ( ' nameserver ' ) :
nameservers = [ ]
nameservers . append ( request [ ' config ' ] . get ( ' nameserver ' ) )
r . nameservers = nameservers
else :
r . nameservers = [ ' 8.8.8.8 ' ]
2016-02-17 16:05:06 +01:00
try :
2023-07-01 14:47:20 +02:00
answer = r . resolve ( toquery , ' A ' )
2016-02-17 16:05:06 +01:00
except dns . resolver . NXDOMAIN :
2016-02-29 21:44:50 +01:00
misperrors [ ' error ' ] = " NXDOMAIN "
return misperrors
2016-02-17 16:05:06 +01:00
except dns . exception . Timeout :
2016-02-29 21:44:50 +01:00
misperrors [ ' error ' ] = " Timeout "
return misperrors
2024-05-09 17:03:18 +02:00
except Exception as e :
misperrors [ ' error ' ] = f ' DNS resolving error { e } '
2016-02-29 21:44:50 +01:00
return misperrors
2016-03-28 11:57:24 +02:00
r = { ' results ' : [ { ' types ' : mispattributes [ ' output ' ] ,
' values ' : [ str ( answer [ 0 ] ) ] } ] }
2016-02-17 16:05:06 +01:00
return r
2016-02-24 02:50:35 +01:00
def introspection ( ) :
2016-02-24 00:53:15 +01:00
return mispattributes
2016-02-24 02:50:35 +01:00
2016-02-24 00:53:15 +01:00
def version ( ) :
2016-03-28 11:57:24 +02:00
moduleinfo [ ' config ' ] = moduleconfig
2016-02-24 00:53:15 +01:00
return moduleinfo