Beispiel #1
0
        internal void HandleRecord(IEventRecord record)
        {
            if (record.Id == 3018 || record.Id == 3020)
            {
                if (!record.TryGetUnicodeString("QueryName", out string domainName))
                {
                    return;
                }

                if (!record.TryGetUnicodeString("QueryResults", out string queryResult))
                {
                    return;
                }

                if (string.IsNullOrWhiteSpace(queryResult))
                {
                    return;
                }

                var tokens = queryResult.Trim().Split(';');

                var parsed = tokens
                             .Where(s => !string.IsNullOrEmpty(s))
                             .Select(s => s.Trim())
                             .Distinct()
                             .Select(ParsedDnsRecord.Parse)
                             .Where(r => r != null);

                var dnsRecords = parsed.ToArray();
                foreach (var dnsRecord in dnsRecords)
                {
                    ReverseDnsCache.AddOrUpdate(dnsRecord.Address, domainName);
                }
            }
        }
        protected override void BeginProcessing()
        {
            var obj = new PSObject();

            if (IpAddress != null)
            {
                if (!System.Net.IPAddress.TryParse(IpAddress, out IPAddress asIpAddressObj))
                {
                    var error = new ErrorRecord(new PSArgumentException($"{IpAddress} does not appear to be a valid IP"),
                                                nameof(PSArgumentException), ErrorCategory.InvalidArgument, null);

                    WriteError(error);
                    return;
                }
                var domains = ReverseDnsCache.GetDomainsByIPAddress(asIpAddressObj);
                obj.Properties.Add(new PSNoteProperty(nameof(DomainName), domains.ToArray()));
                obj.Properties.Add(new PSNoteProperty(nameof(IpAddress), IpAddress.ToString()));
            }
            else if (!string.IsNullOrWhiteSpace(DomainName))
            {
                var addresses = ReverseDnsCache.GetIPAddressesByDomain(DomainName);
                obj.Properties.Add(new PSNoteProperty(nameof(DomainName), DomainName));
                obj.Properties.Add(new PSNoteProperty(nameof(IpAddress), addresses.ToArray()));
            }
            else // (IPAddress == null && string.IsNullOrEmpty(DomainName))
            {
                var error = new ErrorRecord(new PSArgumentException($"Please specify -{IpAddress} or -{DomainName}."),
                                            nameof(PSArgumentException), ErrorCategory.InvalidArgument, null);

                WriteError(error);
                return;
            }

            WriteObject(obj);
        }