theHarvester/discovery/dnssearch.py

234 lines
9 KiB
Python
Raw Normal View History

import discovery.DNS as DNS
2019-01-11 10:09:47 +08:00
import discovery.IPy as IPy
import os
2019-01-11 10:09:47 +08:00
import sys
class dns_reverse():
def __init__(self, range, verbose=True):
self.range = range
self.iplist = ''
self.results = []
self.verbose = verbose
try:
2019-01-14 07:58:38 +08:00
DNS.ParseResolvConf('/etc/resolv.conf')
nameserver = DNS.defaults['server'][0]
except:
2019-01-14 07:58:38 +08:00
print('Error in DNS resolvers')
sys.exit()
def run(self, host):
a = host.split('.')
a.reverse()
s = '.'
b = s.join(a) + '.in-addr.arpa'
nameserver = DNS.defaults['server'][0]
if self.verbose:
ESC = chr(27)
sys.stdout.write(ESC + '[2K' + ESC + '[G')
2019-01-14 07:58:38 +08:00
sys.stdout.write('\r\t' + host)
sys.stdout.flush()
try:
name = DNS.Base.DnsRequest(b, qtype='ptr').req().answers[0]['data']
2019-01-14 07:58:38 +08:00
return host + ':' + name
except:
pass
def get_ip_list(self, ips):
2019-01-14 07:58:38 +08:00
"""Generates the list of IPs to reverse"""
try:
list = IPy.IP(ips)
except:
2019-01-14 07:58:38 +08:00
print('Error in IP format, check the input and try again. (Eg. 192.168.1.0/24)')
sys.exit()
name = []
for x in list:
name.append(str(x))
return name
def list(self):
self.iplist = self.get_ip_list(self.range)
return self.iplist
def process(self):
for x in self.iplist:
host = self.run(x)
if host is not None:
self.results.append(host)
return self.results
class dns_force():
def __init__(self, domain, dnsserver, verbose=False):
self.domain = domain
self.nameserver = dnsserver
2019-01-14 07:58:38 +08:00
self.file = 'wordlists/dns-big.txt'
self.subdo = False
self.verbose = verbose
try:
fileDir = os.path.dirname(os.path.realpath('__file__'))
res_path = os.path.join(fileDir,'lib/resolvers.txt')
with open(res_path) as f:
self.resolvers = f.read().splitlines()
except Exception:
2019-01-14 07:58:38 +08:00
print("Resolvers file can't be open.")
try:
2019-01-14 07:58:38 +08:00
f = open(self.file, 'r')
except:
2019-01-14 07:58:38 +08:00
print('Error opening DNS dictionary file.')
sys.exit()
self.list = f.readlines()
def getdns(self, domain):
2019-01-14 07:58:38 +08:00
DNS.ParseResolvConf('/etc/resolv.conf')
dom = domain
if self.subdo is True:
2019-01-14 07:58:38 +08:00
dom = domain.split('.')
dom.pop(0)
2019-01-14 07:58:38 +08:00
rootdom = '.'.join(dom)
else:
rootdom = dom
if self.nameserver == "":
try:
r = DNS.Request(rootdom, qtype='SOA').req()
primary, email, serial, refresh, retry, expire, minimum = r.answers[
0]['data']
test = DNS.Request(
rootdom,
qtype='NS',
server=primary,
aa=1).req()
except Exception as e:
print(e)
try:
2019-01-11 10:09:47 +08:00
# Check if variable is defined.
test
except NameError:
2019-01-14 07:58:38 +08:00
print('Error, test is not defined.')
sys.exit()
2019-01-14 07:58:38 +08:00
if test.header['status'] != 'NOERROR':
print('[!] Error')
sys.exit()
self.nameserver = test.answers[0]['data']
2019-01-14 07:58:38 +08:00
elif self.nameserver == 'local':
self.nameserver = nameserver
return self.nameserver
def run(self, host):
if self.nameserver == "":
self.nameserver = self.getdns(self.domain)
2019-01-14 07:58:38 +08:00
print('\n\033[94m[-] Using DNS server: ' + self.nameserver + '\033[1;33;40m\n')
2019-01-14 07:58:38 +08:00
hostname = str(host.split('\n')[0]) + '.' + str(self.domain)
if self.verbose:
ESC = chr(27)
sys.stdout.write(ESC + '[2K' + ESC + '[G')
2019-01-14 07:58:38 +08:00
sys.stdout.write('\r' + hostname)
sys.stdout.flush()
try:
test = DNS.Request(
hostname,
qtype='a',
server=self.nameserver).req(
)
2019-01-11 10:09:47 +08:00
# TODO FIX test is sometimes not getting answers and leads to an indexing error.
hostip = test.answers[0]['data']
2019-01-14 07:58:38 +08:00
return hostname + ':' + hostip
except Exception:
pass
def process(self):
results = []
for x in self.list:
host = self.run(x)
if host is not None:
2019-01-14 07:58:38 +08:00
print(' : ' + host.split(':')[1])
results.append(host)
return results
class dns_tld():
def __init__(self, domain, dnsserver, verbose=False):
self.domain = domain
self.nameserver = dnsserver
self.subdo = False
self.verbose = verbose
# Updated from http://data.iana.org/TLD/tlds-alpha-by-domain.txt
self.tlds = [
2019-01-14 07:58:38 +08:00
'ac', 'academy', 'ad', 'ae', 'aero', 'af', 'ag', 'ai', 'al', 'am', 'an', 'ao', 'aq', 'ar', 'arpa', 'as',
'asia', 'at', 'au', 'aw', 'ax', 'az', 'ba', 'bb', 'bd', 'be', 'bf', 'bg', 'bh', 'bi', 'bike', 'biz', 'bj',
'bm', 'bn', 'bo', 'br', 'bs', 'bt', 'builders', 'buzz', 'bv', 'bw', 'by', 'bz', 'ca', 'cab', 'camera',
'camp', 'careers', 'cat', 'cc', 'cd', 'center', 'ceo', 'cf', 'cg', 'ch', 'ci', 'ck', 'cl', 'clothing',
'cm', 'cn', 'co', 'codes', 'coffee', 'com', 'company', 'computer', 'construction', 'contractors', 'coop',
'cr', 'cu', 'cv', 'cw', 'cx', 'cy', 'cz', 'de', 'diamonds', 'directory', 'dj', 'dk', 'dm', 'do',
'domains', 'dz', 'ec', 'edu', 'education', 'ee', 'eg', 'email', 'enterprises', 'equipment', 'er', 'es',
'estate', 'et', 'eu', 'farm', 'fi', 'fj', 'fk', 'florist', 'fm', 'fo', 'fr', 'ga', 'gallery', 'gb', 'gd',
'ge', 'gf', 'gg', 'gh', 'gi', 'gl', 'glass', 'gm', 'gn', 'gov', 'gp', 'gq', 'gr', 'graphics', 'gs', 'gt',
'gu', 'guru', 'gw', 'gy', 'hk', 'hm', 'hn', 'holdings', 'holiday', 'house', 'hr', 'ht', 'hu', 'id', 'ie',
'il', 'im', 'immobilien', 'in', 'info', 'institute', 'int', 'international', 'io', 'iq', 'ir', 'is', 'it',
'je', 'jm', 'jo', 'jobs', 'jp', 'kaufen', 'ke', 'kg', 'kh', 'ki', 'kitchen', 'kiwi', 'km', 'kn', 'kp',
'kr', 'kw', 'ky', 'kz', 'la', 'land', 'lb', 'lc', 'li', 'lighting', 'limo', 'lk', 'lr', 'ls', 'lt', 'lu',
'lv', 'ly', 'ma', 'management', 'mc', 'md', 'me', 'menu', 'mg', 'mh', 'mil', 'mk', 'ml', 'mm', 'mn', 'mo',
'mobi', 'mp', 'mq', 'mr', 'ms', 'mt', 'mu', 'museum', 'mv', 'mw', 'mx', 'my', 'mz', 'na', 'name', 'nc',
'ne', 'net', 'nf', 'ng', 'ni', 'ninja', 'nl', 'no', 'np', 'nr', 'nu', 'nz', 'om', 'onl', 'org', 'pa', 'pe',
'pf', 'pg', 'ph', 'photography', 'photos', 'pk', 'pl', 'plumbing', 'pm', 'pn', 'post', 'pr', 'pro', 'ps',
'pt', 'pw', 'py', 'qa', 're', 'recipes', 'repair', 'ro', 'rs', 'ru', 'ruhr', 'rw', 'sa', 'sb', 'sc', 'sd',
'se', 'sexy', 'sg', 'sh', 'shoes', 'si', 'singles', 'sj', 'sk', 'sl', 'sm', 'sn', 'so', 'solar',
'solutions', 'sr', 'st', 'su', 'support', 'sv', 'sx', 'sy', 'systems', 'sz', 'tattoo', 'tc', 'td',
'technology', 'tel', 'tf', 'tg', 'th', 'tips', 'tj', 'tk', 'tl', 'tm', 'tn', 'to', 'today', 'tp', 'tr',
'training', 'travel', 'tt', 'tv', 'tw', 'tz', 'ua', 'ug', 'uk', 'uno', 'us', 'uy', 'uz', 'va', 'vc',
've', 'ventures', 'vg', 'vi', 'viajes', 'vn', 'voyage', 'vu', 'wang', 'wf', 'wien', 'ws', 'xxx', 'ye',
'yt', 'za', 'zm', 'zw']
def getdns(self, domain):
dom = domain
if self.subdo is True:
2019-01-14 07:58:38 +08:00
dom = domain.split('.')
dom.pop(0)
2019-01-14 07:58:38 +08:00
rootdom = '.'.join(dom)
else:
rootdom = dom
if self.nameserver is False:
r = DNS.Request(rootdom, qtype='SOA').req()
primary, email, serial, refresh, retry, expire, minimum = r.answers[
0]['data']
test = DNS.Request(rootdom, qtype='NS', server=primary, aa=1).req()
2019-01-14 07:58:38 +08:00
if test.header['status'] != 'NOERROR':
print('Error')
sys.exit()
self.nameserver = test.answers[0]['data']
2019-01-14 07:58:38 +08:00
elif self.nameserver == 'local':
self.nameserver = nameserver
return self.nameserver
def run(self, tld):
self.nameserver = self.getdns(self.domain)
2019-01-14 07:58:38 +08:00
hostname = self.domain.split('.')[0] + '.' + tld
if self.verbose:
ESC = chr(27)
sys.stdout.write(ESC + '[2K' + ESC + '[G')
2019-01-14 07:58:38 +08:00
sys.stdout.write('\r\tSearching for: ' + hostname)
sys.stdout.flush()
try:
test = DNS.Request(
hostname,
qtype='a',
server=self.nameserver).req(
)
hostip = test.answers[0]['data']
2019-01-14 07:58:38 +08:00
return hostip + ':' + hostname
except Exception:
pass
def process(self):
results = []
for x in self.tlds:
host = self.run(x)
if host is not None:
results.append(host)
return results