From c82108fa5b48fc9b871a14e0d1f7395d0d867f9b Mon Sep 17 00:00:00 2001 From: Brandon Hall Date: Tue, 23 Jul 2024 17:18:08 +0100 Subject: [PATCH 1/4] Build python package on PR --- .github/workflows/build_preview.yml | 18 +- .gitignore | 285 ++++++++++++++-------------- __init__.py | 2 + main.py | 9 +- pyproject.toml | 60 ++++++ 5 files changed, 228 insertions(+), 146 deletions(-) create mode 100644 __init__.py create mode 100644 pyproject.toml diff --git a/.github/workflows/build_preview.yml b/.github/workflows/build_preview.yml index c754da4..cd48eaf 100644 --- a/.github/workflows/build_preview.yml +++ b/.github/workflows/build_preview.yml @@ -2,7 +2,7 @@ name: pytest on: pull_request: - branches: [ main ] + branches: [ main, lambda ] types: - synchronize - opened @@ -21,6 +21,22 @@ jobs: uses: ./.github/actions/pytest with: python-version: ${{ matrix.python-version }} + package: + runs-on: ubuntu-latest + steps: + - name: Install Hatch + uses: pypa/hatch@install + - name: Write version + run: | + echo '__version__ = "0.0+dev0"' > VERSION + - name: Build Python Module + run: hatch build + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: dist + path: dist + buildx: runs-on: ubuntu-latest steps: diff --git a/.gitignore b/.gitignore index af784bc..a893a8d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,142 +1,143 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# Exclude Output -results.csv - -# exclude pdkey -pdkey - -# exclude state -terraform.tfstate -terraform.tfstate.backup - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -pip-wheel-metadata/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ - -# Pycharm -.idea +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# Exclude Output +results.csv + +# exclude pdkey +pdkey + +# exclude state +terraform.tfstate +terraform.tfstate.backup + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# Pycharm +.idea +VERSION diff --git a/__init__.py b/__init__.py new file mode 100644 index 0000000..fc9ec11 --- /dev/null +++ b/__init__.py @@ -0,0 +1,2 @@ +from main import run +__main__ = run diff --git a/main.py b/main.py index 9ce9a38..4b9d3f6 100755 --- a/main.py +++ b/main.py @@ -1,4 +1,5 @@ #!/usr/bin/env python3 + from scan import scan_domain import signatures import output @@ -7,7 +8,6 @@ from os import linesep from domain import Domain from resolver import Resolver - from functools import partial import logging @@ -81,7 +81,6 @@ logging.warning(f"Testing with {len(signatures)} signatures") -###### scanning findings = [] @@ -132,4 +131,8 @@ async def main(): exit(len(findings)) -asyncio.run(main()) +def run(): + return asyncio.run(main()) + +if __name__ == '__main__': + run() diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..3b87bad --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,60 @@ +[build-system] +requires = ["hatchling"] +build-backend = "hatchling.build" + +[project] +name = "dnsReaper" +dynamic = ["version"] +requires-python = ">= 3.9" +readme = "README.md" +license = { text = "License :: OSI Approved :: GNU Affero General Public License v3" } +authors = [ + { name = "Punk Security Limited" } +] + +dependencies = [ + "dnspython==2.2.1", + "requests==2.31.0", + "python-whois==0.8.0", + "boto3==1.24.40", + "cloudflare==2.9.11", + "colorama==0.4.5", + "azure-mgmt-dns==8.0.0", + "azure-identity==1.10.0", + "msrestazure==0.6.4", + "google-cloud-dns==0.34.1", + "aiohttp" +] +description = "" + +[project.optional-dependencies] +lambda = [ + "fastapi==0.87.0", + "mangum==0.172" +] + +[project.scripts] +dnsreaper = "main:run" + +[project.urls] +Homepage = "https://punksecurity.co.uk/dnsreaper" +Repository = "https://github.com/punk-security/dnsReaper" +Issues = "https://github.com/punk-security/dnsReaper/issues" + +[tool] + +[tool.hatch.build.targets.wheel] +include = [ + "**/*.py", +] +exclude = [ + "/.github", + "/docs", + "/dev", + "/tests" +] +[tool.hatch.build.targets.wheel.sources] +"" = "dnsreaper" + +[tool.hatch.version] +path = "VERSION" From 6828fd2c18d319428ced9e8dab56ff810bbacccc Mon Sep 17 00:00:00 2001 From: Brandon Hall Date: Tue, 23 Jul 2024 17:21:20 +0100 Subject: [PATCH 2/4] Install python --- .github/workflows/build_preview.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build_preview.yml b/.github/workflows/build_preview.yml index cd48eaf..18db119 100644 --- a/.github/workflows/build_preview.yml +++ b/.github/workflows/build_preview.yml @@ -24,6 +24,10 @@ jobs: package: runs-on: ubuntu-latest steps: + - name: Set up Python + uses: actions/setup-python@v1 + with: + python-version: "3.12" - name: Install Hatch uses: pypa/hatch@install - name: Write version From e4e87bc95bf5a3be6b8f7c57f4f31059966484a6 Mon Sep 17 00:00:00 2001 From: Brandon Hall Date: Tue, 23 Jul 2024 17:22:28 +0100 Subject: [PATCH 3/4] Pull code --- .github/workflows/build_preview.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build_preview.yml b/.github/workflows/build_preview.yml index 18db119..6b3590d 100644 --- a/.github/workflows/build_preview.yml +++ b/.github/workflows/build_preview.yml @@ -24,6 +24,7 @@ jobs: package: runs-on: ubuntu-latest steps: + - uses: actions/checkout@v2 - name: Set up Python uses: actions/setup-python@v1 with: From 1ca3db5c58220f01abac64fb5b6fd59d73935160 Mon Sep 17 00:00:00 2001 From: Brandon Hall Date: Wed, 23 Oct 2024 12:08:29 +0100 Subject: [PATCH 4/4] Don't build on lambda --- .github/workflows/build_preview.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_preview.yml b/.github/workflows/build_preview.yml index 6b3590d..ae1195d 100644 --- a/.github/workflows/build_preview.yml +++ b/.github/workflows/build_preview.yml @@ -2,7 +2,7 @@ name: pytest on: pull_request: - branches: [ main, lambda ] + branches: [ main ] types: - synchronize - opened