From 1285535cf54f0e0f65c58a229c0af0cbd7b86ca7 Mon Sep 17 00:00:00 2001
From: Pierre Lalet <pierre@droids-corp.org>
Date: Sun, 20 Oct 2024 22:06:13 +0200
Subject: [PATCH 1/2] Active/Nuclei: support DNS "ptr-fingerprint" template

---
 ivre/db/__init__.py | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/ivre/db/__init__.py b/ivre/db/__init__.py
index 5363514779..91a4535033 100644
--- a/ivre/db/__init__.py
+++ b/ivre/db/__init__.py
@@ -57,6 +57,7 @@
 from ivre.active.cpe import add_cpe_values
 from ivre.active.data import (
     add_cert_hostnames,
+    add_hostname,
     create_ssl_cert,
     handle_http_content,
     handle_http_headers,
@@ -2986,6 +2987,37 @@ def store_scan_json_nuclei(
                     except ValueError:
                         utils.LOGGER.warning("Invalid URL [%r]", url)
                         continue
+                elif rec.get("type") == "dns":
+                    if rec.get("template-id") != "ptr-fingerprint":
+                        # only supported template for now
+                        continue
+                    if not (hostnames := rec.get("extracted-results")):
+                        continue
+                    addr = utils.ptr2addr(rec["host"])
+                    host = {
+                        "addr": addr,
+                        "schema_version": xmlnmap.SCHEMA_VERSION,
+                        "hostnames": [],
+                    }
+                    for hostname in hostnames:
+                        add_hostname(hostname, "PTR", host["hostnames"])
+                    # DNS reocrds are very specific, so we handle them
+                    # differently and continue to the next record
+                    if "timestamp" in rec:
+                        host["starttime"] = host["endtime"] = rec["timestamp"][
+                            :19
+                        ].replace("T", " ")
+                    if categories:
+                        host["categories"] = categories
+                    if tags:
+                        add_tags(host, tags)
+                    if source is not None:
+                        host["source"] = source
+                    host = self.json2dbrec(host)
+                    self.store_host(host)
+                    if callback is not None:
+                        callback(host)
+                    continue
                 else:
                     utils.LOGGER.warning(
                         "Data type %r from nuclei not (yet) supported",

From 6725209b72d540c2e581ad935e8d0e4c06bba2ea Mon Sep 17 00:00:00 2001
From: Pierre Lalet <pierre@droids-corp.org>
Date: Sun, 20 Oct 2024 22:54:12 +0200
Subject: [PATCH 2/2] CI: 8.8.8.8 is no longer marked as Google CDN by cdncheck

---
 tests/tests.py | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/tests/tests.py b/tests/tests.py
index 0e3248eeac..dc38a1d2f6 100644
--- a/tests/tests.py
+++ b/tests/tests.py
@@ -3739,7 +3739,6 @@ def test_10_data(self):
     registered_country_name United States
     coordinates (37.751, -97.822)
     coordinates_accuracy_radius 1000
-    CDN: google as listed by cdncheck (projectdiscovery)
 """.splitlines()
             ),
         )
@@ -3760,13 +3759,6 @@ def test_10_data(self):
                 "registered_country_name": "United States",
                 "coordinates": [37.751, -97.822],
                 "coordinates_accuracy_radius": 1000,
-                "tags": [
-                    {
-                        "value": "CDN",
-                        "type": "info",
-                        "info": ["google as listed by cdncheck (projectdiscovery)"],
-                    }
-                ],
             },
         )