2018-05-04 11:53:29 +00:00
|
|
|
#!/usr/bin/env python3
|
2014-09-05 08:41:00 +00:00
|
|
|
# -*-coding:UTF-8 -*
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
The DomClassifier Module
|
|
|
|
|
============================
|
|
|
|
|
|
2018-04-16 12:50:04 +00:00
|
|
|
The DomClassifier modules extract and classify Internet domains/hostnames/IP addresses from
|
2018-09-03 13:52:42 +00:00
|
|
|
the output of the Global module. Also performs DNS lookup.
|
2014-09-05 08:41:00 +00:00
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
import time
|
|
|
|
|
from packages import Paste
|
|
|
|
|
from pubsublogger import publisher
|
|
|
|
|
|
|
|
|
|
import DomainClassifier.domainclassifier
|
|
|
|
|
from Helper import Process
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
|
publisher.port = 6380
|
|
|
|
|
publisher.channel = "Script"
|
|
|
|
|
|
|
|
|
|
config_section = 'DomClassifier'
|
|
|
|
|
|
|
|
|
|
p = Process(config_section)
|
2018-05-02 15:07:10 +00:00
|
|
|
addr_dns = p.config.get("DomClassifier", "dns")
|
2014-09-05 08:41:00 +00:00
|
|
|
|
|
|
|
|
publisher.info("""ZMQ DomainClassifier is Running""")
|
|
|
|
|
|
2018-05-02 15:07:10 +00:00
|
|
|
c = DomainClassifier.domainclassifier.Extract(rawtext="", nameservers=[addr_dns])
|
2014-09-17 15:19:03 +00:00
|
|
|
|
|
|
|
|
cc = p.config.get("DomClassifier", "cc")
|
|
|
|
|
cc_tld = p.config.get("DomClassifier", "cc_tld")
|
|
|
|
|
|
2014-09-05 08:41:00 +00:00
|
|
|
while True:
|
|
|
|
|
try:
|
|
|
|
|
message = p.get_from_set()
|
|
|
|
|
|
|
|
|
|
if message is not None:
|
|
|
|
|
PST = Paste.Paste(message)
|
|
|
|
|
else:
|
2016-06-30 12:36:47 +00:00
|
|
|
publisher.debug("Script DomClassifier is idling 1s")
|
2014-09-05 08:41:00 +00:00
|
|
|
time.sleep(1)
|
|
|
|
|
continue
|
|
|
|
|
paste = PST.get_p_content()
|
|
|
|
|
mimetype = PST._get_p_encoding()
|
2018-04-20 08:42:19 +00:00
|
|
|
|
2014-09-05 08:41:00 +00:00
|
|
|
if mimetype == "text/plain":
|
2014-09-08 14:51:43 +00:00
|
|
|
c.text(rawtext=paste)
|
2014-09-05 08:41:00 +00:00
|
|
|
c.potentialdomain()
|
|
|
|
|
c.validdomain(rtype=['A'], extended=True)
|
2014-09-17 15:19:03 +00:00
|
|
|
localizeddomains = c.include(expression=cc_tld)
|
2014-09-05 08:41:00 +00:00
|
|
|
if localizeddomains:
|
2014-09-17 15:19:03 +00:00
|
|
|
print(localizeddomains)
|
2016-10-27 09:50:24 +00:00
|
|
|
publisher.warning('DomainC;{};{};{};Checked {} located in {};{}'.format(
|
|
|
|
|
PST.p_source, PST.p_date, PST.p_name, localizeddomains, cc_tld, PST.p_path))
|
2014-09-17 15:19:03 +00:00
|
|
|
localizeddomains = c.localizedomain(cc=cc)
|
2014-09-05 08:41:00 +00:00
|
|
|
if localizeddomains:
|
2014-09-17 15:19:03 +00:00
|
|
|
print(localizeddomains)
|
2016-10-27 09:50:24 +00:00
|
|
|
publisher.warning('DomainC;{};{};{};Checked {} located in {};{}'.format(
|
|
|
|
|
PST.p_source, PST.p_date, PST.p_name, localizeddomains, cc, PST.p_path))
|
2014-09-05 08:41:00 +00:00
|
|
|
except IOError:
|
2018-04-16 12:50:04 +00:00
|
|
|
print("CRC Checksum Failed on :", PST.p_path)
|
2014-09-05 08:41:00 +00:00
|
|
|
publisher.error('Duplicate;{};{};{};CRC Checksum Failed'.format(
|
|
|
|
|
PST.p_source, PST.p_date, PST.p_name))
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
main()
|
