From 03dbfb1d2b245a84a0244a15b3b5cc2df27aa5d2 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 17 Feb 2016 16:05:06 +0100
Subject: [PATCH] MISP dns expansion module

---
 modules/expansion/dns.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 modules/expansion/dns.py

diff --git a/modules/expansion/dns.py b/modules/expansion/dns.py
new file mode 100644
index 0000000..06b947f
--- /dev/null
+++ b/modules/expansion/dns.py
@@ -0,0 +1,30 @@
+import json
+import dns.resolver
+
+mispattributes = ['hostname', 'domain']
+
+def handler(q=False):
+    if q is False:
+        return False
+    request = json.loads(q)
+    if request.get('hostname'):
+        toquery = request['hostname']
+    elif request.get('domain'):
+        toquery = request['domain']
+    else:
+        return False
+    r = dns.resolver.Resolver()
+    r.nameservers = ['8.8.8.8']
+    try:
+        answer = r.query(toquery, 'A')
+    except dns.resolver.NXDOMAIN:
+        return False
+    except dns.exception.Timeout:
+        return False
+    r = {}
+    r["ip-dst"] = str(answer[0])
+    return r
+
+def introspection():
+
+    return mispattributes