Enriches IP data with DNS records

Kyle Maxwell · Kyle Maxwell · commit 4238b561ac87 · 2014-08-02T18:28:43.000-05:00
diff --git a/winnower.py b/winnower.py
@@ -1,13 +1,22 @@
 #! /usr/bin/env python
+import ConfigParser
 import csv
+import dnsdb_query
 import json
 import pygeoip
 import sys
 
 from netaddr import IPAddress, IPRange, IPSet
 
-org_data = []
-geo_data = pygeoip.GeoIP('data/GeoIP.dat', pygeoip.MEMORY_CACHE)
+
+def setup_dnsdb():
+    config = ConfigParser.ConfigParser()
+    config.read('combine.cfg')
+    server = config.get('Winnower', 'dnsdb_server')
+    api = config.get('Winnower', 'dnsdb_api')
+    sys.stderr.write('Setting up DNSDB client\n')
+    return dnsdb_query.DnsdbClient(server, api)
+
 
 def load_gi_org(filename):
     gi_org = {}
@@ -18,7 +27,7 @@ def load_gi_org(filename):
     return gi_org
 
 
-def org_by_addr(address):
+def org_by_addr(address, org_data):
     as_num = None
     as_name = None
     for org in org_data:
@@ -29,23 +38,26 @@ def org_by_addr(address):
 
 
 def maxhits(dns_records):
-    pass
+    max = 0
+    hostname = None
+    for record in dns_records:
+        if record['count'] > max:
+            max = record['count']
+            hostname = record['rrname'].rstrip('.')
+    return hostname
 
 
-def dnsdb(address, record_type):
-    pass
+def enrich_IPv4(address, org_data, geo_data, dnsdb):
+    as_num, as_name = org_by_addr(address, org_data)
+    country = geo_data.country_code_by_addr('%s' % address)
+    hostname = maxhits(dnsdb.query_rdata_ip('%s' % address))
 
-
-def enrich_IPv4(address):
-    as_num, as_name = org_by_addr(address)
-    country = geo_data.country_code_by_addr(address)
-    hostname = maxhits(dnsdb(address, "PTR"))
     return (address, as_num, as_name, country, hostname)
 
 
 def reserved(address):
     # from http://en.wikipedia.org/wiki/Reserved_IP_addresses:
-    ranges = IPSet(['0.0.0.0/8', '100.64.0.0/10', '127.0.0.0/8', '192.88.99.0/24', 
+    ranges = IPSet(['0.0.0.0/8', '100.64.0.0/10', '127.0.0.0/8', '192.88.99.0/24',
                     '198.18.0.0/15', '198.51.100.0/24', '203.0.113.0/24', '233.252.0.0/24'])
     a_reserved = address.is_reserved()
     a_private = address.is_private()
@@ -61,7 +73,8 @@ def winnow(in_file, out_file, enr_file):
         crop = json.load(f)
 
     org_data = load_gi_org('data/GeoIPASNum2.csv')
-    #country_data = load_gi_country('data/')
+    geo_data = pygeoip.GeoIP('data/GeoIP.dat')
+    dnsdb = setup_dnsdb()
 
     wheat = []
     enriched = []
@@ -72,16 +85,15 @@ def winnow(in_file, out_file, enr_file):
             ipaddr = IPAddress(addr)
             if not reserved(ipaddr):
                 wheat.append(each)
-                enriched.append(enrich_IPv4(ipaddr))
+                enriched.append(enrich_IPv4(ipaddr, org_data, geo_data, dnsdb))
             else:
-                sys.stderr.write("%s is reserved, sorry" % addr)
-
+                sys.stderr.write("%s is reserved, sorry\n" % addr)
 
     with open(out_file, 'wb') as f:
         json.dump(wheat, f, indent=2)
 
-    #with open(enr_file, 'wb') as f:
-        #json.dump(enriched, f, indent=2)
+    with open(enr_file, 'wb') as f:
+        json.dump(enriched, f, indent=2)
 
 
 if __name__ == "__main__":
