# Plugins for DNSMule
It is recommended to look through each module to see what arguments they take.
#### Certcheck
Arguments:
```yaml
rules:
- name: certcheck
record: A
type: 'ip.certs'
config:
ports: # Ports to scan
- 443
- 8443
timeout: 1 # timeout for cert fetching
stdlib: false # Prefer STDLIB implementation
callback: false # Whether a callback should be called for resolved domains
```
Scans any resolved `A` or `AAAA` record for certificates from a given list of ports.
There are two ways to scan for certificates, a Python stdlib solution and one with `cryptography` library parsing certs.
Tags are produced for cert issuer:
```text
IP::CERTS::{rule_name}::ISSUER::{issuer_rfc_string}
```
More data is available in `result.data`:
```python
result.data['resolvedCertificates'] = certificates_as_list_of_dicts
```
See the `Certificate` dataclass `to_json` method in [certificates.py](src/dnsmule_plugins/certcheck/certificates.py).
The plugin takes a callback argument for any domains resolved from certificate common and alternative names.
This plugin requires the following dependencies:
- `cryptography` (optional)
#### IPRanges
Arguments:
```yaml
rules:
- name: ipranges
record: A
type: 'ip.ranges'
config:
providers: # Lowercase only
- amazon
- google
- microsoft
```
Scans any resolved `A` or `AAAA` record for addresses in the major cloud provider ranges.
Currently, supports the following providers:
- Microsoft
- Google Cloud
- Amazon AWS
Provider IP ranges are refreshed on one hour intervals.
This provides tags like:
```text
IP::RANGES::{rule_name}::{provider}::{service}::{region}
IP::RANGES::SAMPLE_RULE::AMAZON::LAMBDA::US-WEST-1
```
This plugin requires the following dependencies:
- `httpx`
#### PTRScan
Arguments:
```yaml
rules:
- name: ptrscan
record: A
type: 'ip.ptr'
```
Scans any resolved `A` or `AAAA` record for a matching `PTR` record.
The pointer is used to discover automatically generated cloud provider pointer records for services.
The plugin tries to detect pointer records where the ip of the `A` or `AAAA` record is present in any of the following
forms:
- dot separated
- dot separated reversed
- dash separated
- dash separated reversed
- Any of the above anywhere in the string
This resolves to a provider with the prefix removed from the record.
For example a `PTR` of the form with a rule name `sample_rule`
```text
123.456.789.000 IN PTR CDN-123-456-789-000.area.hoster.example.com
```
would produce a tag of the form
```text
IP::PTR::SAMPLE_RULE::AREA.HOSTER.EXAMPLE.COM
```
Any resolved `PTR` records are also added to `result.data['resolvedPointers']`.
## Example
In YAML the plugins are placed in their own `plugins` block:
```yaml
plugins:
- name: dnsmule_plugins.PTRScanPlugin
- name: dnsmule_plugins.IPRangesPlugin
- name: dnsmule_plugins.CertCheckPlugin
config:
callback: false
```
Here is an example of how to add a ruleset containing all plugins to a `DNSMule` instance.
```python
from dnsmule import DNSMule, RRType, Rules
from dnsmule.backends.dnspython import DNSPythonBackend
from dnsmule.loader import load_and_append_rule
from dnsmule_plugins import certcheck, ipranges, ptrscan
mule = DNSMule.make(Rules(), DNSPythonBackend())
certcheck.CertCheckPlugin(callback=False).register(mule)
ipranges.IPRangesPlugin().register(mule)
load_and_append_rule(
mule.rules,
RRType.A,
'ip.certs',
{
'name': 'certcheck',
},
)
load_and_append_rule(
mule.rules,
RRType.A,
'ip.ranges',
{
'name': 'ipranges',
'providers': [
'amazon',
'microsoft',
'google',
]
},
)
ptrscan.PTRScanPlugin().register(mule)
load_and_append_rule(
mule.rules,
RRType.A,
'ip.ptr',
{
'name': 'ptrscan'
},
)
```
Raw data
{
"_id": null,
"home_page": "https://github.com/joniumGit/dnsmule",
"name": "dnsmule-plugins",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "",
"keywords": "DNS,Dependency,IP,Cloud",
"author": "joniumGit",
"author_email": "52005121+joniumGit@users.noreply.github.com",
"download_url": "https://files.pythonhosted.org/packages/5b/10/d9c63fa1ee54aa6ea926cad89b7c3427811af67521cb665b7a55c257054f/dnsmule-plugins-0.5.0.tar.gz",
"platform": null,
"description": "# Plugins for DNSMule\n\nIt is recommended to look through each module to see what arguments they take.\n\n#### Certcheck\n\nArguments:\n\n```yaml\nrules:\n - name: certcheck\n record: A\n type: 'ip.certs'\n config:\n ports: # Ports to scan\n - 443\n - 8443\n timeout: 1 # timeout for cert fetching\n stdlib: false # Prefer STDLIB implementation\n callback: false # Whether a callback should be called for resolved domains\n```\n\nScans any resolved `A` or `AAAA` record for certificates from a given list of ports.\nThere are two ways to scan for certificates, a Python stdlib solution and one with `cryptography` library parsing certs.\n\nTags are produced for cert issuer:\n\n```text\nIP::CERTS::{rule_name}::ISSUER::{issuer_rfc_string}\n```\n\nMore data is available in `result.data`:\n\n```python\nresult.data['resolvedCertificates'] = certificates_as_list_of_dicts\n```\n\nSee the `Certificate` dataclass `to_json` method in [certificates.py](src/dnsmule_plugins/certcheck/certificates.py).\n\nThe plugin takes a callback argument for any domains resolved from certificate common and alternative names.\n\nThis plugin requires the following dependencies:\n\n- `cryptography` (optional)\n\n#### IPRanges\n\nArguments:\n\n```yaml\nrules:\n - name: ipranges\n record: A\n type: 'ip.ranges'\n config:\n providers: # Lowercase only\n - amazon\n - google\n - microsoft\n```\n\nScans any resolved `A` or `AAAA` record for addresses in the major cloud provider ranges.\nCurrently, supports the following providers:\n\n- Microsoft\n- Google Cloud\n- Amazon AWS\n\nProvider IP ranges are refreshed on one hour intervals.\n\nThis provides tags like:\n\n```text\nIP::RANGES::{rule_name}::{provider}::{service}::{region}\nIP::RANGES::SAMPLE_RULE::AMAZON::LAMBDA::US-WEST-1\n```\n\nThis plugin requires the following dependencies:\n\n- `httpx`\n\n#### PTRScan\n\nArguments:\n\n```yaml\nrules:\n - name: ptrscan\n record: A\n type: 'ip.ptr'\n```\n\nScans any resolved `A` or `AAAA` record for a matching `PTR` record.\nThe pointer is used to discover automatically generated cloud provider pointer records for services.\nThe plugin tries to detect pointer records where the ip of the `A` or `AAAA` record is present in any of the following\nforms:\n\n- dot separated\n- dot separated reversed\n- dash separated\n- dash separated reversed\n- Any of the above anywhere in the string\n\nThis resolves to a provider with the prefix removed from the record.\n\nFor example a `PTR` of the form with a rule name `sample_rule`\n\n```text\n123.456.789.000 IN PTR CDN-123-456-789-000.area.hoster.example.com\n```\n\nwould produce a tag of the form\n\n```text\nIP::PTR::SAMPLE_RULE::AREA.HOSTER.EXAMPLE.COM\n```\n\nAny resolved `PTR` records are also added to `result.data['resolvedPointers']`.\n\n## Example\n\nIn YAML the plugins are placed in their own `plugins` block:\n\n```yaml\nplugins:\n - name: dnsmule_plugins.PTRScanPlugin\n - name: dnsmule_plugins.IPRangesPlugin\n - name: dnsmule_plugins.CertCheckPlugin\n config:\n callback: false\n```\n\nHere is an example of how to add a ruleset containing all plugins to a `DNSMule` instance.\n\n```python\nfrom dnsmule import DNSMule, RRType, Rules\nfrom dnsmule.backends.dnspython import DNSPythonBackend\nfrom dnsmule.loader import load_and_append_rule\nfrom dnsmule_plugins import certcheck, ipranges, ptrscan\n\nmule = DNSMule.make(Rules(), DNSPythonBackend())\n\ncertcheck.CertCheckPlugin(callback=False).register(mule)\nipranges.IPRangesPlugin().register(mule)\n\nload_and_append_rule(\n mule.rules,\n RRType.A,\n 'ip.certs',\n {\n 'name': 'certcheck',\n },\n)\n\nload_and_append_rule(\n mule.rules,\n RRType.A,\n 'ip.ranges',\n {\n 'name': 'ipranges',\n 'providers': [\n 'amazon',\n 'microsoft',\n 'google',\n ]\n },\n\n)\n\nptrscan.PTRScanPlugin().register(mule)\nload_and_append_rule(\n mule.rules,\n RRType.A,\n 'ip.ptr',\n {\n 'name': 'ptrscan'\n },\n)\n```\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Plugins for DNSMule",
"version": "0.5.0",
"project_urls": {
"Bug Reports": "https://github.com/joniumGit/dnsmule/issues",
"Homepage": "https://github.com/joniumGit/dnsmule",
"Source": "https://github.com/joniumGit/dnsmule"
},
"split_keywords": [
"dns",
"dependency",
"ip",
"cloud"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "e81f2fd6b67470a7bc3b8fe75fc7124003301401831d081194f19f1dc46f48af",
"md5": "e381335ee579d07d72a9ad5cb6c04fe3",
"sha256": "4dfdc8c3b82f0a50a621ff35c7179bd740d84372edcf3fe1babf2220569029d3"
},
"downloads": -1,
"filename": "dnsmule_plugins-0.5.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e381335ee579d07d72a9ad5cb6c04fe3",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 14720,
"upload_time": "2023-05-13T17:41:21",
"upload_time_iso_8601": "2023-05-13T17:41:21.937898Z",
"url": "https://files.pythonhosted.org/packages/e8/1f/2fd6b67470a7bc3b8fe75fc7124003301401831d081194f19f1dc46f48af/dnsmule_plugins-0.5.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "5b10d9c63fa1ee54aa6ea926cad89b7c3427811af67521cb665b7a55c257054f",
"md5": "b9b4d151e98135c22a3d37852e56341f",
"sha256": "1763f54f446cbaf7392c8b615125501097941e574848a5d64973fa0444fbe674"
},
"downloads": -1,
"filename": "dnsmule-plugins-0.5.0.tar.gz",
"has_sig": false,
"md5_digest": "b9b4d151e98135c22a3d37852e56341f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 19060,
"upload_time": "2023-05-13T17:41:23",
"upload_time_iso_8601": "2023-05-13T17:41:23.685004Z",
"url": "https://files.pythonhosted.org/packages/5b/10/d9c63fa1ee54aa6ea926cad89b7c3427811af67521cb665b7a55c257054f/dnsmule-plugins-0.5.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-05-13 17:41:23",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "joniumGit",
"github_project": "dnsmule",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "dnsmule-plugins"
}
JSON
