iterating on fixes
This commit is contained in:
overcuriousity
@@ -50,6 +50,7 @@ class DNSProvider(BaseProvider):
|
||||
def query_domain(self, domain: str) -> ProviderResult:
|
||||
"""
|
||||
Query DNS records for the domain to discover relationships and attributes.
|
||||
FIXED: Now creates separate attributes for each DNS record type.
|
||||
|
||||
Args:
|
||||
domain: Domain to investigate
|
||||
@@ -62,7 +63,7 @@ class DNSProvider(BaseProvider):
|
||||
|
||||
result = ProviderResult()
|
||||
|
||||
# Query all record types
|
||||
# Query all record types - each gets its own attribute
|
||||
for record_type in ['A', 'AAAA', 'CNAME', 'MX', 'NS', 'SOA', 'TXT', 'SRV', 'CAA']:
|
||||
try:
|
||||
self._query_record(domain, record_type, result)
|
||||
@@ -97,6 +98,7 @@ class DNSProvider(BaseProvider):
|
||||
response = self.resolver.resolve(reverse_name, 'PTR')
|
||||
self.successful_requests += 1
|
||||
|
||||
ptr_records = []
|
||||
for ptr_record in response:
|
||||
hostname = str(ptr_record).rstrip('.')
|
||||
|
||||
@@ -116,16 +118,8 @@ class DNSProvider(BaseProvider):
|
||||
}
|
||||
)
|
||||
|
||||
# Add PTR record as attribute to the IP
|
||||
result.add_attribute(
|
||||
target_node=ip,
|
||||
name='ptr_record',
|
||||
value=hostname,
|
||||
attr_type='dns_record',
|
||||
provider=self.name,
|
||||
confidence=0.8,
|
||||
metadata={'ttl': response.ttl}
|
||||
)
|
||||
# Add to PTR records list
|
||||
ptr_records.append(f"PTR: {hostname}")
|
||||
|
||||
# Log the relationship discovery
|
||||
self.log_relationship_discovery(
|
||||
@@ -142,6 +136,18 @@ class DNSProvider(BaseProvider):
|
||||
discovery_method="reverse_dns_lookup"
|
||||
)
|
||||
|
||||
# Add PTR records as separate attribute
|
||||
if ptr_records:
|
||||
result.add_attribute(
|
||||
target_node=ip,
|
||||
name='ptr_records', # Specific name for PTR records
|
||||
value=ptr_records,
|
||||
attr_type='dns_record',
|
||||
provider=self.name,
|
||||
confidence=0.8,
|
||||
metadata={'ttl': response.ttl}
|
||||
)
|
||||
|
||||
except resolver.NXDOMAIN:
|
||||
self.failed_requests += 1
|
||||
self.logger.logger.debug(f"Reverse DNS lookup failed for {ip}: NXDOMAIN")
|
||||
@@ -155,7 +161,7 @@ class DNSProvider(BaseProvider):
|
||||
|
||||
def _query_record(self, domain: str, record_type: str, result: ProviderResult) -> None:
|
||||
"""
|
||||
UPDATED: Query DNS records with minimal formatting - keep raw values.
|
||||
FIXED: Query DNS records with unique attribute names for each record type.
|
||||
"""
|
||||
try:
|
||||
self.total_requests += 1
|
||||
@@ -175,16 +181,16 @@ class DNSProvider(BaseProvider):
|
||||
elif record_type == 'SOA':
|
||||
target = str(record.mname).rstrip('.')
|
||||
elif record_type in ['TXT']:
|
||||
# UPDATED: Keep raw TXT record value
|
||||
# Keep raw TXT record value
|
||||
txt_value = str(record).strip('"')
|
||||
dns_records.append(f"TXT: {txt_value}")
|
||||
dns_records.append(txt_value) # Just the value for TXT
|
||||
continue
|
||||
elif record_type == 'SRV':
|
||||
target = str(record.target).rstrip('.')
|
||||
elif record_type == 'CAA':
|
||||
# UPDATED: Keep raw CAA record format
|
||||
# Keep raw CAA record format
|
||||
caa_value = f"{record.flags} {record.tag.decode('utf-8')} \"{record.value.decode('utf-8')}\""
|
||||
dns_records.append(f"CAA: {caa_value}")
|
||||
dns_records.append(caa_value) # Just the value for CAA
|
||||
continue
|
||||
else:
|
||||
target = str(record)
|
||||
@@ -196,7 +202,7 @@ class DNSProvider(BaseProvider):
|
||||
'value': target,
|
||||
'ttl': response.ttl
|
||||
}
|
||||
relationship_type = f"{record_type.lower()}_record" # Raw relationship type
|
||||
relationship_type = f"{record_type.lower()}_record"
|
||||
confidence = 0.8
|
||||
|
||||
# Add relationship
|
||||
@@ -209,8 +215,8 @@ class DNSProvider(BaseProvider):
|
||||
raw_data=raw_data
|
||||
)
|
||||
|
||||
# UPDATED: Keep raw DNS record format
|
||||
dns_records.append(f"{record_type}: {target}")
|
||||
# Add target to records list
|
||||
dns_records.append(target)
|
||||
|
||||
# Log relationship discovery
|
||||
self.log_relationship_discovery(
|
||||
@@ -222,20 +228,22 @@ class DNSProvider(BaseProvider):
|
||||
discovery_method=f"dns_{record_type.lower()}_record"
|
||||
)
|
||||
|
||||
# Add DNS records as a consolidated attribute (raw format)
|
||||
# FIXED: Create attribute with specific name for each record type
|
||||
if dns_records:
|
||||
# Use record type specific attribute name (e.g., 'a_records', 'mx_records', etc.)
|
||||
attribute_name = f"{record_type.lower()}_records"
|
||||
|
||||
result.add_attribute(
|
||||
target_node=domain,
|
||||
name='dns_records',
|
||||
name=attribute_name, # UNIQUE name for each record type!
|
||||
value=dns_records,
|
||||
attr_type='dns_record_list',
|
||||
provider=self.name,
|
||||
confidence=0.8,
|
||||
metadata={'record_types': [record_type]}
|
||||
metadata={'record_type': record_type, 'ttl': response.ttl}
|
||||
)
|
||||
|
||||
except Exception as e:
|
||||
self.failed_requests += 1
|
||||
self.logger.logger.debug(f"{record_type} record query failed for {domain}: {e}")
|
||||
raise e
|
||||
|
||||
raise e
|
||||
Reference in New Issue
Block a user