Monday, May 05, 2014

FDNS 2.1

Remember the Geolocator last year? I improve the FDNS by adding in the whois info. Below is the new code:

#!/usr/bin/python
import os, sys, re
import argparse
from socket import getaddrinfo
import urllib2
import BeautifulSoup
name = who = ""
 
def whois_orgname(ipaddr):
  website = "http://www.findip-address.com/" + ipaddr + "/whois"
  try:
      html_page = urllib2.urlopen(website).read()
      soup = BeautifulSoup.BeautifulSoup(html_page)
      for script in soup(["script", "style"]):
          script.extract()
      text = soup.getText()
      lines = (line.strip() for line in text.splitlines())
      chunks = (phrase.strip() for line in lines for phrase in line.split("  "))
      text = '\n'.join(chunk for chunk in chunks if chunk)
      #if re.search('OrgName(.+?)OrgId', text):
      #    print 'found', re.search('OrgName:(.+?)OrgId', text).group(1)
      orgname = re.search('OrgName:(.+?)OrgId', text).group(1)
  except Exception, e:
      orgname = ""
  finally:
      return orgname
 
def whois_orgname2(query):
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.connect(("whois.arin.net", 43))
  s.send(sys.argv[1] + "\r\n")
  response = ''
  while True:
      d = s.recv(4096)
      response += d
      if d == '':
          break
  s.close()
  print response
  #return response
  return ""
 
if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='Fast DNS Resolver for domain list', version='%(prog)s 2.1')
    #parser.add_argument('-w', '--whois', dest='whois', action='store_true', default=False, help='whois')
    parser.add_argument('-o', '--orgname', dest='orgname', action='store_true', default=False, help='whois')
    parser.add_argument('-R', dest='rdns', action='store_true', default=False, help='reverse dns')
    parser.add_argument('infile', nargs='+', type=str, help='list of input files')
    args = parser.parse_args()
    domains = []
    for f in args.infile:
        with open(f, 'rt') as data:
            for line in data.readlines():
                domains.append(line.strip())
    for domain in domains:
        try:
            host =  socket.gethostbyname(domain)
        except Exception, e:
            host = "-"
        finally:
            if args.rdns or args.orgname:
                if args.rdns:
                    try:
                        name, alias, addresslist = socket.gethostbyaddr(host)
                    except Exception, e:
                        name = "-" # reverse dns name
                '''
                if args.whois:
                    try:
                        #who = "whois function"
                        #who = "http://www.findip-address.com/" + host + "/whois"
                        #who = geoip.country(host)
                        who = whois_orgname(host)
                    except Exception, e:
                        who = "-" # whois owner
'''
                if args.orgname:
                    try:
                        orgname = whois_orgname2(host)
                    except Exception, e:
                        orgname = ""
                    finally:
                        who = orgname
                print "%s:%s:%s:%s" %(domain, host, name, who)
            else:
                print "%s:%s" % (domain, host)