Improve intel check with reverse NS Lookup

Question

Improve intel check with reverse NS Lookup

Opened this issue 2 years ago · 0 comments

NS input seems to be a good source of data when the company has its own nameserver. The results of SecurityTrails & WhoisXMLAPI should be compared before making an implementation.

For WhoisXMLAPI :

require 'typhoeus'
require 'json'

OPTIONS = {
  whoisxmlapi_token: '',
  domain: ''
}

def intel(domains, from=1)
  response = Typhoeus::Request.get(
    "https://reverse-ns.whoisxmlapi.com/api/v1?apiKey=#{OPTIONS[:whoisxmlapi_token]}&ns=#{OPTIONS[:domain]}&from=#{from}"
  )
  return unless response&.code == 200

  response_json = JSON.parse(response.body)
  return unless response_json.key?('result')

  i = 0
  response_json['result'].each do |result|
    domains << result['name']
    i += 1
  end
  return unless i == 300

  intel(domains, domains.last)
end

domains = []
intel(domains)

File.open("whoisxml_intel.txt", 'w+') do |f|
  f.puts(domains)
end