Struct twistrs::enrich::DomainMetadata
source · pub struct DomainMetadata {
pub fqdn: String,
pub ips: Option<Vec<IpAddr>>,
pub smtp: Option<SmtpMetadata>,
pub http_banner: Option<String>,
pub geo_ip_lookups: Option<Vec<(IpAddr, String)>>,
pub who_is_lookup: Option<String>,
}
Expand description
Container to store interesting FQDN metadata on domains that we resolve.
Whenever any domain enrichment occurs, the following struct is return to indicate the information that was derived.
N.B—there will be cases where a single
domain can have multiple DomainMetadata
instancees associated with it.
Fields§
§fqdn: String
The domain that is being enriched.
ips: Option<Vec<IpAddr>>
Any IPv4 and IPv6 ips that were discovered during domain resolution.
smtp: Option<SmtpMetadata>
Any SMTP message data (if any) that was returned by an SMTP server.
HTTP server banner data extracted.
geo_ip_lookups: Option<Vec<(IpAddr, String)>>
IP addresses resolved through GeoIP
lookup to City
, Country
, Continent
.
who_is_lookup: Option<String>
Block of text returned by the WhoIs
registrar.
Implementations§
source§impl DomainMetadata
impl DomainMetadata
sourcepub fn new(fqdn: String) -> DomainMetadata
pub fn new(fqdn: String) -> DomainMetadata
Create a new empty state for a particular FQDN.
sourcepub async fn dns_resolvable(&self) -> Result<DomainMetadata, Error>
pub async fn dns_resolvable(&self) -> Result<DomainMetadata, Error>
Asynchronous DNS resolution on a DomainMetadata
instance.
Returns Ok(DomainMetadata)
is the domain was resolved,
otherwise returns Err(EnrichmentError)
.
N.B—also host lookups are done over port 80.
sourcepub async fn mx_check(&self) -> Result<DomainMetadata, Error>
pub async fn mx_check(&self) -> Result<DomainMetadata, Error>
Asynchronous SMTP check. Attempts to establish an SMTP connection to the FQDN on port 25 and send a pre-defi ned email.
Currently returns Ok(DomainMetadata)
always, which
internally contains Option<SmtpMetadata>
. To check
if the SMTP relay worked, check that
DomainMetadata.smtp
is Some(v)
.
Asynchronous HTTP Banner fetch. Searches and parses server
header
from an HTTP request to gather the HTTP banner.
Note that a HEAD
request is issued to minimise bandwidth. Also note
that the internal HttpConnector
sets the response buffer window to 1024 bytes, the CONNECT timeout to
5s and enforces HTTP scheme.
use twistrs::enrich::DomainMetadata;
#[tokio::main]
async fn main() {
let domain_metadata = DomainMetadata::new(String::from("www.phishdeck.com"));
println!("{:?}", domain_metadata.http_banner().await);
}
sourcepub async fn geoip_lookup(
&self,
geoip: &Reader<Vec<u8>>,
) -> Result<DomainMetadata, Error>
pub async fn geoip_lookup( &self, geoip: &Reader<Vec<u8>>, ) -> Result<DomainMetadata, Error>
Asynchronous cached GeoIP
lookup. Interface deviates from the usual enrichment
interfaces and requires the callee to pass a maxminddb::Reader
to perform the lookup through. Internally, the maxminddb call is blocking and
may result in performance drops, however the lookups are in-memory.
The only reason you would want to do this, is to be able to get back a DomainMetadata
to then process as you would with other enrichment methods. Internally the lookup will
try to stitch together the City, Country & Continent that the IpAddr
resolves to.
use maxminddb::Reader;
use twistrs::enrich::DomainMetadata;
#[tokio::main]
async fn main() {
let reader = maxminddb::Reader::open_readfile("./data/MaxMind-DB/test-data/GeoIP2-City-Test.mmdb").unwrap();
let domain_metadata = DomainMetadata::new(String::from("www.phishdeck.com"));
println!("{:?}", domain_metadata.geoip_lookup(&reader).await);
}
§Features
This function requires the geoip_lookup
feature toggled.
sourcepub async fn whois_lookup(&self) -> Result<DomainMetadata, Error>
pub async fn whois_lookup(&self) -> Result<DomainMetadata, Error>
Asyncrhonous WhoIs
lookup using cached WhoIs
server config. Note that
the internal lookups are not async and so this should be considered
a heavy/slow call.
use twistrs::enrich::DomainMetadata;
#[tokio::main]
async fn main() {
let domain_metadata = DomainMetadata::new(String::from("www.phishdeck.com"));
println!("{:?}", domain_metadata.whois_lookup().await);
}
§Features
This function requires the whois_lookup
feature toggled.
Trait Implementations§
source§impl Clone for DomainMetadata
impl Clone for DomainMetadata
source§fn clone(&self) -> DomainMetadata
fn clone(&self) -> DomainMetadata
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for DomainMetadata
impl Debug for DomainMetadata
source§impl Default for DomainMetadata
impl Default for DomainMetadata
source§fn default() -> DomainMetadata
fn default() -> DomainMetadata
Auto Trait Implementations§
impl Freeze for DomainMetadata
impl RefUnwindSafe for DomainMetadata
impl Send for DomainMetadata
impl Sync for DomainMetadata
impl Unpin for DomainMetadata
impl UnwindSafe for DomainMetadata
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§default unsafe fn clone_to_uninit(&self, dst: *mut T)
default unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more