MISP dns expansion module

alternate_response
Alexandre Dulaunoy 2016-02-17 16:05:06 +01:00
parent 707233b940
commit 03dbfb1d2b
1 changed files with 30 additions and 0 deletions

30
modules/expansion/dns.py Normal file
View File

@ -0,0 +1,30 @@
import json
import dns.resolver
mispattributes = ['hostname', 'domain']
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if request.get('hostname'):
toquery = request['hostname']
elif request.get('domain'):
toquery = request['domain']
else:
return False
r = dns.resolver.Resolver()
r.nameservers = ['8.8.8.8']
try:
answer = r.query(toquery, 'A')
except dns.resolver.NXDOMAIN:
return False
except dns.exception.Timeout:
return False
r = {}
r["ip-dst"] = str(answer[0])
return r
def introspection():
return mispattributes