rendicott/dns-looker.py

## dns-looker.py
"""
Platform: Lambda - Python 2.7
This function is designed to troubleshoot lambda DNS resolution
and log the current source IP of a lambda request.

Change the host var to whatever you want to test and go.
"""
import urllib2
import socket
import logging
logger = logging.getLogger()
logger.setLevel(logging.INFO)


def lambda_handler(event, context):
    host = 'my.suspicious.host.com'
    addr1 = socket.gethostbyname(host)
    url = 'https://' + host
    response = {
        'host': host,
        'socket_resolved_addr': addr1,
        'response': '',
        'response_resolved_addr': '',
        'my_public_ip': ''
    }
    whatipurl = "https://ipinfo.io/ip"
    request = urllib2.urlopen(whatipurl)
    pubip = request.read().strip('\n')
    response['my_public_ip'] = pubip
    logger.info("My public ip is %s" % pubip)


    # Test TCP exchange
    logger.info("Attempting to TCP connect to {}".format(addr1))
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((addr1, 443))
    logger.info("Successfully did a socket to {}:{}".format(addr1, 443))
    s.close()

    # Test HTTPS
    logger.info("I think I'm about to make a request to %s" % addr1)
    request = urllib2.Request(url, None,)
    data =  urllib2.urlopen(request)
    actual_responder = data.fp._sock.fp._sock.getpeername()[0]
    logger.info("I actually made a successful request to %s" % actual_responder)
    actual_response = data.read()
    logger.info("Actual response: '%s'" % actual_response)
    response['response_resolved_addr'] = actual_responder
    response['response'] = actual_response
    return response
	"""
	Platform: Lambda - Python 2.7
	This function is designed to troubleshoot lambda DNS resolution
	and log the current source IP of a lambda request.

	Change the host var to whatever you want to test and go.
	"""
	import urllib2
	import socket
	import logging
	logger = logging.getLogger()
	logger.setLevel(logging.INFO)


	def lambda_handler(event, context):
	host = 'my.suspicious.host.com'
	addr1 = socket.gethostbyname(host)
	url = 'https://' + host
	response = {
	'host': host,
	'socket_resolved_addr': addr1,
	'response': '',
	'response_resolved_addr': '',
	'my_public_ip': ''
	}
	whatipurl = "https://ipinfo.io/ip"
	request = urllib2.urlopen(whatipurl)
	pubip = request.read().strip('\n')
	response['my_public_ip'] = pubip
	logger.info("My public ip is %s" % pubip)


	# Test TCP exchange
	logger.info("Attempting to TCP connect to {}".format(addr1))
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect((addr1, 443))
	logger.info("Successfully did a socket to {}:{}".format(addr1, 443))
	s.close()

	# Test HTTPS
	logger.info("I think I'm about to make a request to %s" % addr1)
	request = urllib2.Request(url, None,)
	data = urllib2.urlopen(request)
	actual_responder = data.fp._sock.fp._sock.getpeername()[0]
	logger.info("I actually made a successful request to %s" % actual_responder)
	actual_response = data.read()
	logger.info("Actual response: '%s'" % actual_response)
	response['response_resolved_addr'] = actual_responder
	response['response'] = actual_response
	return response