import json import dns.resolver misperrors = {'error': 'Error'} mispattributes = {'input': ['hostname', 'domain', 'domain|ip'], 'output': ['ip-src', 'ip-dst']} moduleinfo = {'version': '0.3', 'author': 'Alexandre Dulaunoy', 'description': 'Simple DNS expansion service to resolve IP address from MISP attributes', 'module-type': ['expansion', 'hover']} moduleconfig = ['nameserver'] def handler(q=False): if q is False: return False request = json.loads(q) if request.get('hostname'): toquery = request['hostname'] elif request.get('domain'): toquery = request['domain'] elif request.get('domain|ip'): toquery = request['domain|ip'].split('|')[0] else: return False r = dns.resolver.Resolver() r.timeout = 2 r.lifetime = 2 if request.get('config'): if request['config'].get('nameserver'): nameservers = [] nameservers.append(request['config'].get('nameserver')) r.nameservers = nameservers else: r.nameservers = ['8.8.8.8'] try: answer = r.resolve(toquery, 'A') except dns.resolver.NXDOMAIN: misperrors['error'] = "NXDOMAIN" return misperrors except dns.exception.Timeout: misperrors['error'] = "Timeout" return misperrors except Exception as e: misperrors['error'] = f'DNS resolving error {e}' return misperrors r = {'results': [{'types': mispattributes['output'], 'values':[str(answer[0])]}]} return r def introspection(): return mispattributes def version(): moduleinfo['config'] = moduleconfig return moduleinfo