From 7f7766ad4845a66c9115c0dd0d2601f0f1f5a685 Mon Sep 17 00:00:00 2001
From: Terrtia <or1994@hotmail.fr>
Date: Mon, 22 Mar 2021 14:51:52 +0100
Subject: [PATCH 1/2] chg: add passivedns output

---
 DomainClassifier/domainclassifier.py | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/DomainClassifier/domainclassifier.py b/DomainClassifier/domainclassifier.py
index ec5c8d5..a386499 100644
--- a/DomainClassifier/domainclassifier.py
+++ b/DomainClassifier/domainclassifier.py
@@ -8,6 +8,7 @@ import re
 import dns.resolver
 import IPy
 import socket
+import time
 from datetime import date, timedelta
 
 try:
@@ -22,9 +23,9 @@ try:
 except:
     print ("pybgpranking is not installed - ranking of ASN values won't be possible")
 __author__ = "Alexandre Dulaunoy"
-__copyright__ = "Copyright 2012-2019, Alexandre Dulaunoy"
+__copyright__ = "Copyright 2012-2021, Alexandre Dulaunoy"
 __license__ = "AGPL version 3"
-__version__ = "0.8"
+__version__ = "0.9"
 
 
 class Extract:
@@ -122,7 +123,7 @@ class Extract:
     returns a list of existing domain. If the extended flag is true, a set is
     return with the associated DNS resources found."""
 
-    def validdomain(self, rtype=['A', 'AAAA', 'SOA', 'MX', 'CNAME'], extended=True):
+    def validdomain(self, rtype=['A', 'AAAA', 'SOA', 'MX', 'CNAME'], extended=True, passive_dns=False):
         if extended is False:
             self.vdomain = set()
         else:
@@ -135,11 +136,18 @@ class Extract:
                 except:
                     pass
                 else:
-                    self.vdomain.append(domain)
-                    if extended is False:
-                        self.vdomain.add((domain))
-                    else:
+                    # Pasive DNS output
+                    # timestamp||dns-client ||dns-server||RR class||Query||Query Type||Answer||TTL||Count
+                    if passive_dns:
+                        rrset = answers.rrset.to_text().splitlines()
+                        for dns_resp in rrset:
+                            dns_resp = dns_resp.split()
+                            passive_dns_out = '{}||127.0.0.1||{}||{}||{}||{}||{}||{}||1\n'.format(time.time(), self.presolver.nameservers[0], dns_resp[2], domain, dnstype, dns_resp[4], answers.ttl)
+                            self.vdomain.add((passive_dns_out))
+                    elif extended:
                         self.vdomain.append((domain, dnstype, answers[0]))
+                    else:
+                        self.vdomain.add((domain))
         return self.vdomain
 
     """ipaddress method extracts from the domain list the valid IPv4 addresses"""
@@ -272,7 +280,7 @@ class Extract:
         return set(self.cleandomain)
 
 if __name__ == "__main__":
-    c = Extract(rawtext="www.foo.lu www.xxx.com this is a text with a domain called test@foo.lu another test abc.lu something a.b.c.d.e end of 1.2.3.4 foo.be www.belnet.be http://www.cert.be/ www.public.lu www.allo.lu quuxtest www.eurodns.com something-broken-www.google.com www.google.lu trailing test www.facebook.com www.nic.ru www.youporn.com 8.8.8.8 201.1.1.1 abc.dontexist", nameservers=['127.0.0.1'])
+    c = Extract(rawtext="www.foo.lu www.xxx.com this is a text with a domain called test@foo.lu another test abc.lu something a.b.c.d.e end of 1.2.3.4 foo.be www.belnet.be http://www.cert.be/ www.public.lu www.allo.lu quuxtest www.eurodns.com something-broken-www.google.com www.google.lu trailing test www.facebook.com www.nic.ru www.youporn.com 8.8.8.8 201.1.1.1 abc.dontexist")
     c.text(rawtext="www.abc.lu www.xxx.com random text a test bric broc www.lemonde.fr www.belnet.be www.foo.be")
     print (c.potentialdomain())
     print (c.potentialdomain(validTLD=True))
@@ -295,3 +303,4 @@ if __name__ == "__main__":
     print (c.potentialdomain(validTLD=True))
     c.validdomain()
     print (c.localizedomain(cc='US'))
+    print(c.validdomain(extended=False, passive_dns=True))

From 848042048cbf8c2790ee35279c84550977708062 Mon Sep 17 00:00:00 2001
From: Terrtia <or1994@hotmail.fr>
Date: Mon, 22 Mar 2021 14:54:36 +0100
Subject: [PATCH 2/2] chg: update AIL repository

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c0e5e8c..ab94e90 100644
--- a/README.md
+++ b/README.md
@@ -97,12 +97,12 @@ Exclude dot.lu:
 
 ### Software using DomainClassifier
 
-* [AIL framework - Analysis Information Leak framework](https://github.com/CIRCL/AIL-framework)
+* [AIL framework - Analysis Information Leak framework](https://github.com/ail-project/ail-framework)
 
 ### License
 
 ~~~~
-Copyright (C) 2012-2019 Alexandre Dulaunoy - a(at)foo.be
+Copyright (C) 2012-2021 Alexandre Dulaunoy - a(at)foo.be
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License as