Tuesday, May 06, 2014

FDNS 3.0

I think this will be final improvement. 

I did notice that the fdns2.2.py can only connect to whois.arin.net on port 43 (whois). It doesn't perform the follow up on the whois referring by arin.net.

With the new code, it should:

  • Resolve DNS name to IP address
  • Perform the reverse DNS based on the IP addess (above).
  • Perform whois DB checking based on the IP address (above), and shows the OrgName(netname).

#!/usr/bin/python
import os, sys, re, socket, argparse
import json
name = who = ""
 
def whois_orgname(ipaddr):
    try:
        #data = []
        orgname = netname = desrc = ''
        whoisinfo = os.popen('whois %s' % ipaddr, 'r').readlines()
        ee = json.dumps(whoisinfo)
        dd = json.loads(ee)
        for line in dd:
            p1 = re.match('(orgname):\s*(.*)', line, re.I)
            p2 = re.match('(netname):\s*(.*)', line, re.I)
            #p3 = re.match('(descr):\s*(.*)', line, re.I)
            if p1 != None:
                orgname = p1.group(2)
            if p2 != None:
                netname = p2.group(2)
            #if p3 != None:
            #    descr = p3.group(2)
    except Exception, e:
        pass
    finally:
        orgnetname = orgname + "(" + netname + ")"
        return orgnetname
 
if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='Fast DNS Resolver for domain list', version='%(prog)s 3.0')
    parser.add_argument('-w', '--whois', dest='whois', action='store_true', default=True, help='whois')
    parser.add_argument('-R', dest='rdns', action='store_true', default=False, help='reverse dns')
    parser.add_argument('infile', nargs='+', type=str, help='list of input files')
    args = parser.parse_args()
    domains = []
    for f in args.infile:
        with open(f, 'rt') as data:
            for line in data.readlines():
                domains.append(line.strip())
    for domain in domains:
        try:
            host =  socket.gethostbyname(domain)
        except Exception, e:
            host = "-"
        finally:
            if args.rdns or args.whois:
                if args.rdns:
                    try:
                        name, alias, addresslist = socket.gethostbyaddr(host)
                    except Exception, e:
                        name = "-" # reverse dns name
                if args.whois:
                    try:
                        who = whois_orgname(host)
                    except Exception, e:
                        who = "-" # whois owner
                print "%s:%s:%s:%s" %(domain, host, name, who)
            else:
                print "%s:%s" % (domain, host)