2018-12-28 08:49:56 +08:00
|
|
|
import discovery.DNS as DNS
|
2019-01-11 10:09:47 +08:00
|
|
|
import discovery.IPy as IPy
|
2018-12-28 08:49:56 +08:00
|
|
|
import os
|
2019-01-11 10:09:47 +08:00
|
|
|
import sys
|
2018-12-28 08:49:56 +08:00
|
|
|
|
|
|
|
|
|
|
|
class dns_reverse():
|
|
|
|
|
|
|
|
def __init__(self, range, verbose=True):
|
|
|
|
self.range = range
|
|
|
|
self.iplist = ''
|
|
|
|
self.results = []
|
|
|
|
self.verbose = verbose
|
|
|
|
try:
|
2019-01-14 07:58:38 +08:00
|
|
|
DNS.ParseResolvConf('/etc/resolv.conf')
|
2018-12-28 08:49:56 +08:00
|
|
|
nameserver = DNS.defaults['server'][0]
|
|
|
|
except:
|
2019-01-14 07:58:38 +08:00
|
|
|
print('Error in DNS resolvers')
|
2018-12-28 08:49:56 +08:00
|
|
|
sys.exit()
|
|
|
|
|
|
|
|
def run(self, host):
|
|
|
|
a = host.split('.')
|
|
|
|
a.reverse()
|
|
|
|
s = '.'
|
|
|
|
b = s.join(a) + '.in-addr.arpa'
|
|
|
|
nameserver = DNS.defaults['server'][0]
|
|
|
|
if self.verbose:
|
|
|
|
ESC = chr(27)
|
|
|
|
sys.stdout.write(ESC + '[2K' + ESC + '[G')
|
2019-01-14 07:58:38 +08:00
|
|
|
sys.stdout.write('\r\t' + host)
|
2018-12-28 08:49:56 +08:00
|
|
|
sys.stdout.flush()
|
|
|
|
try:
|
|
|
|
name = DNS.Base.DnsRequest(b, qtype='ptr').req().answers[0]['data']
|
2019-01-14 07:58:38 +08:00
|
|
|
return host + ':' + name
|
2018-12-28 08:49:56 +08:00
|
|
|
except:
|
|
|
|
pass
|
|
|
|
|
|
|
|
def get_ip_list(self, ips):
|
2019-01-14 07:58:38 +08:00
|
|
|
"""Generates the list of IPs to reverse"""
|
2018-12-28 08:49:56 +08:00
|
|
|
try:
|
|
|
|
list = IPy.IP(ips)
|
|
|
|
except:
|
2019-01-14 07:58:38 +08:00
|
|
|
print('Error in IP format, check the input and try again. (Eg. 192.168.1.0/24)')
|
2018-12-28 08:49:56 +08:00
|
|
|
sys.exit()
|
|
|
|
name = []
|
|
|
|
for x in list:
|
|
|
|
name.append(str(x))
|
|
|
|
return name
|
|
|
|
|
|
|
|
def list(self):
|
|
|
|
self.iplist = self.get_ip_list(self.range)
|
|
|
|
return self.iplist
|
|
|
|
|
|
|
|
def process(self):
|
|
|
|
for x in self.iplist:
|
|
|
|
host = self.run(x)
|
|
|
|
if host is not None:
|
|
|
|
self.results.append(host)
|
|
|
|
return self.results
|
|
|
|
|
|
|
|
|
|
|
|
class dns_force():
|
|
|
|
|
|
|
|
def __init__(self, domain, dnsserver, verbose=False):
|
|
|
|
self.domain = domain
|
|
|
|
self.nameserver = dnsserver
|
2019-01-14 07:58:38 +08:00
|
|
|
self.file = 'wordlists/dns-big.txt'
|
2018-12-28 08:49:56 +08:00
|
|
|
self.subdo = False
|
|
|
|
self.verbose = verbose
|
|
|
|
try:
|
|
|
|
fileDir = os.path.dirname(os.path.realpath('__file__'))
|
|
|
|
res_path = os.path.join(fileDir,'lib/resolvers.txt')
|
|
|
|
with open(res_path) as f:
|
|
|
|
self.resolvers = f.read().splitlines()
|
2019-01-06 17:50:07 +08:00
|
|
|
except Exception:
|
2019-01-14 07:58:38 +08:00
|
|
|
print("Resolvers file can't be open.")
|
2018-12-28 08:49:56 +08:00
|
|
|
try:
|
2019-01-14 07:58:38 +08:00
|
|
|
f = open(self.file, 'r')
|
2018-12-28 08:49:56 +08:00
|
|
|
except:
|
2019-01-14 07:58:38 +08:00
|
|
|
print('Error opening DNS dictionary file.')
|
2018-12-28 08:49:56 +08:00
|
|
|
sys.exit()
|
|
|
|
self.list = f.readlines()
|
|
|
|
|
|
|
|
def getdns(self, domain):
|
2019-01-14 07:58:38 +08:00
|
|
|
DNS.ParseResolvConf('/etc/resolv.conf')
|
2018-12-28 08:49:56 +08:00
|
|
|
dom = domain
|
2019-01-06 17:50:07 +08:00
|
|
|
if self.subdo is True:
|
2019-01-14 07:58:38 +08:00
|
|
|
dom = domain.split('.')
|
2018-12-28 08:49:56 +08:00
|
|
|
dom.pop(0)
|
2019-01-14 07:58:38 +08:00
|
|
|
rootdom = '.'.join(dom)
|
2018-12-28 08:49:56 +08:00
|
|
|
else:
|
|
|
|
rootdom = dom
|
|
|
|
if self.nameserver == "":
|
|
|
|
try:
|
|
|
|
r = DNS.Request(rootdom, qtype='SOA').req()
|
|
|
|
primary, email, serial, refresh, retry, expire, minimum = r.answers[
|
|
|
|
0]['data']
|
|
|
|
test = DNS.Request(
|
|
|
|
rootdom,
|
|
|
|
qtype='NS',
|
|
|
|
server=primary,
|
|
|
|
aa=1).req()
|
|
|
|
|
|
|
|
except Exception as e:
|
|
|
|
print(e)
|
|
|
|
try:
|
2019-01-11 10:09:47 +08:00
|
|
|
# Check if variable is defined.
|
2018-12-28 08:49:56 +08:00
|
|
|
test
|
|
|
|
except NameError:
|
2019-01-14 07:58:38 +08:00
|
|
|
print('Error, test is not defined.')
|
2018-12-28 08:49:56 +08:00
|
|
|
sys.exit()
|
2019-01-14 07:58:38 +08:00
|
|
|
if test.header['status'] != 'NOERROR':
|
|
|
|
print('[!] Error')
|
2018-12-28 08:49:56 +08:00
|
|
|
sys.exit()
|
|
|
|
self.nameserver = test.answers[0]['data']
|
2019-01-14 07:58:38 +08:00
|
|
|
elif self.nameserver == 'local':
|
2018-12-28 08:49:56 +08:00
|
|
|
self.nameserver = nameserver
|
|
|
|
return self.nameserver
|
|
|
|
|
|
|
|
def run(self, host):
|
|
|
|
if self.nameserver == "":
|
|
|
|
self.nameserver = self.getdns(self.domain)
|
2019-01-14 07:58:38 +08:00
|
|
|
print('\n\033[94m[-] Using DNS server: ' + self.nameserver + '\033[1;33;40m\n')
|
2018-12-28 08:49:56 +08:00
|
|
|
|
2019-01-14 07:58:38 +08:00
|
|
|
hostname = str(host.split('\n')[0]) + '.' + str(self.domain)
|
2018-12-28 08:49:56 +08:00
|
|
|
if self.verbose:
|
|
|
|
ESC = chr(27)
|
|
|
|
sys.stdout.write(ESC + '[2K' + ESC + '[G')
|
2019-01-14 07:58:38 +08:00
|
|
|
sys.stdout.write('\r' + hostname)
|
2018-12-28 08:49:56 +08:00
|
|
|
sys.stdout.flush()
|
|
|
|
try:
|
|
|
|
test = DNS.Request(
|
|
|
|
hostname,
|
|
|
|
qtype='a',
|
|
|
|
server=self.nameserver).req(
|
|
|
|
)
|
2019-01-11 10:09:47 +08:00
|
|
|
# TODO FIX test is sometimes not getting answers and leads to an indexing error.
|
2018-12-28 08:49:56 +08:00
|
|
|
hostip = test.answers[0]['data']
|
2019-01-14 07:58:38 +08:00
|
|
|
return hostname + ':' + hostip
|
2019-01-06 17:50:07 +08:00
|
|
|
except Exception:
|
2018-12-28 08:49:56 +08:00
|
|
|
pass
|
|
|
|
|
|
|
|
def process(self):
|
|
|
|
results = []
|
|
|
|
for x in self.list:
|
|
|
|
host = self.run(x)
|
|
|
|
if host is not None:
|
2019-01-14 07:58:38 +08:00
|
|
|
print(' : ' + host.split(':')[1])
|
2018-12-28 08:49:56 +08:00
|
|
|
results.append(host)
|
|
|
|
return results
|
|
|
|
|
|
|
|
|
|
|
|
class dns_tld():
|
|
|
|
|
|
|
|
def __init__(self, domain, dnsserver, verbose=False):
|
|
|
|
self.domain = domain
|
|
|
|
self.nameserver = dnsserver
|
|
|
|
self.subdo = False
|
|
|
|
self.verbose = verbose
|
|
|
|
# Updated from http://data.iana.org/TLD/tlds-alpha-by-domain.txt
|
|
|
|
self.tlds = [
|
2019-01-14 07:58:38 +08:00
|
|
|
'ac', 'academy', 'ad', 'ae', 'aero', 'af', 'ag', 'ai', 'al', 'am', 'an', 'ao', 'aq', 'ar', 'arpa', 'as',
|
|
|
|
'asia', 'at', 'au', 'aw', 'ax', 'az', 'ba', 'bb', 'bd', 'be', 'bf', 'bg', 'bh', 'bi', 'bike', 'biz', 'bj',
|
|
|
|
'bm', 'bn', 'bo', 'br', 'bs', 'bt', 'builders', 'buzz', 'bv', 'bw', 'by', 'bz', 'ca', 'cab', 'camera',
|
|
|
|
'camp', 'careers', 'cat', 'cc', 'cd', 'center', 'ceo', 'cf', 'cg', 'ch', 'ci', 'ck', 'cl', 'clothing',
|
|
|
|
'cm', 'cn', 'co', 'codes', 'coffee', 'com', 'company', 'computer', 'construction', 'contractors', 'coop',
|
|
|
|
'cr', 'cu', 'cv', 'cw', 'cx', 'cy', 'cz', 'de', 'diamonds', 'directory', 'dj', 'dk', 'dm', 'do',
|
|
|
|
'domains', 'dz', 'ec', 'edu', 'education', 'ee', 'eg', 'email', 'enterprises', 'equipment', 'er', 'es',
|
|
|
|
'estate', 'et', 'eu', 'farm', 'fi', 'fj', 'fk', 'florist', 'fm', 'fo', 'fr', 'ga', 'gallery', 'gb', 'gd',
|
|
|
|
'ge', 'gf', 'gg', 'gh', 'gi', 'gl', 'glass', 'gm', 'gn', 'gov', 'gp', 'gq', 'gr', 'graphics', 'gs', 'gt',
|
|
|
|
'gu', 'guru', 'gw', 'gy', 'hk', 'hm', 'hn', 'holdings', 'holiday', 'house', 'hr', 'ht', 'hu', 'id', 'ie',
|
|
|
|
'il', 'im', 'immobilien', 'in', 'info', 'institute', 'int', 'international', 'io', 'iq', 'ir', 'is', 'it',
|
|
|
|
'je', 'jm', 'jo', 'jobs', 'jp', 'kaufen', 'ke', 'kg', 'kh', 'ki', 'kitchen', 'kiwi', 'km', 'kn', 'kp',
|
|
|
|
'kr', 'kw', 'ky', 'kz', 'la', 'land', 'lb', 'lc', 'li', 'lighting', 'limo', 'lk', 'lr', 'ls', 'lt', 'lu',
|
|
|
|
'lv', 'ly', 'ma', 'management', 'mc', 'md', 'me', 'menu', 'mg', 'mh', 'mil', 'mk', 'ml', 'mm', 'mn', 'mo',
|
|
|
|
'mobi', 'mp', 'mq', 'mr', 'ms', 'mt', 'mu', 'museum', 'mv', 'mw', 'mx', 'my', 'mz', 'na', 'name', 'nc',
|
|
|
|
'ne', 'net', 'nf', 'ng', 'ni', 'ninja', 'nl', 'no', 'np', 'nr', 'nu', 'nz', 'om', 'onl', 'org', 'pa', 'pe',
|
|
|
|
'pf', 'pg', 'ph', 'photography', 'photos', 'pk', 'pl', 'plumbing', 'pm', 'pn', 'post', 'pr', 'pro', 'ps',
|
|
|
|
'pt', 'pw', 'py', 'qa', 're', 'recipes', 'repair', 'ro', 'rs', 'ru', 'ruhr', 'rw', 'sa', 'sb', 'sc', 'sd',
|
|
|
|
'se', 'sexy', 'sg', 'sh', 'shoes', 'si', 'singles', 'sj', 'sk', 'sl', 'sm', 'sn', 'so', 'solar',
|
|
|
|
'solutions', 'sr', 'st', 'su', 'support', 'sv', 'sx', 'sy', 'systems', 'sz', 'tattoo', 'tc', 'td',
|
|
|
|
'technology', 'tel', 'tf', 'tg', 'th', 'tips', 'tj', 'tk', 'tl', 'tm', 'tn', 'to', 'today', 'tp', 'tr',
|
|
|
|
'training', 'travel', 'tt', 'tv', 'tw', 'tz', 'ua', 'ug', 'uk', 'uno', 'us', 'uy', 'uz', 'va', 'vc',
|
|
|
|
've', 'ventures', 'vg', 'vi', 'viajes', 'vn', 'voyage', 'vu', 'wang', 'wf', 'wien', 'ws', 'xxx', 'ye',
|
|
|
|
'yt', 'za', 'zm', 'zw']
|
2018-12-28 08:49:56 +08:00
|
|
|
|
|
|
|
def getdns(self, domain):
|
|
|
|
dom = domain
|
2019-01-06 17:50:07 +08:00
|
|
|
if self.subdo is True:
|
2019-01-14 07:58:38 +08:00
|
|
|
dom = domain.split('.')
|
2018-12-28 08:49:56 +08:00
|
|
|
dom.pop(0)
|
2019-01-14 07:58:38 +08:00
|
|
|
rootdom = '.'.join(dom)
|
2018-12-28 08:49:56 +08:00
|
|
|
else:
|
|
|
|
rootdom = dom
|
2019-01-06 17:50:07 +08:00
|
|
|
if self.nameserver is False:
|
2018-12-28 08:49:56 +08:00
|
|
|
r = DNS.Request(rootdom, qtype='SOA').req()
|
|
|
|
primary, email, serial, refresh, retry, expire, minimum = r.answers[
|
|
|
|
0]['data']
|
|
|
|
test = DNS.Request(rootdom, qtype='NS', server=primary, aa=1).req()
|
2019-01-14 07:58:38 +08:00
|
|
|
if test.header['status'] != 'NOERROR':
|
|
|
|
print('Error')
|
2018-12-28 08:49:56 +08:00
|
|
|
sys.exit()
|
|
|
|
self.nameserver = test.answers[0]['data']
|
2019-01-14 07:58:38 +08:00
|
|
|
elif self.nameserver == 'local':
|
2018-12-28 08:49:56 +08:00
|
|
|
self.nameserver = nameserver
|
|
|
|
return self.nameserver
|
|
|
|
|
|
|
|
def run(self, tld):
|
|
|
|
self.nameserver = self.getdns(self.domain)
|
2019-01-14 07:58:38 +08:00
|
|
|
hostname = self.domain.split('.')[0] + '.' + tld
|
2018-12-28 08:49:56 +08:00
|
|
|
if self.verbose:
|
|
|
|
ESC = chr(27)
|
|
|
|
sys.stdout.write(ESC + '[2K' + ESC + '[G')
|
2019-01-14 07:58:38 +08:00
|
|
|
sys.stdout.write('\r\tSearching for: ' + hostname)
|
2018-12-28 08:49:56 +08:00
|
|
|
sys.stdout.flush()
|
|
|
|
try:
|
|
|
|
test = DNS.Request(
|
|
|
|
hostname,
|
|
|
|
qtype='a',
|
|
|
|
server=self.nameserver).req(
|
|
|
|
)
|
|
|
|
hostip = test.answers[0]['data']
|
2019-01-14 07:58:38 +08:00
|
|
|
return hostip + ':' + hostname
|
2019-01-06 17:50:07 +08:00
|
|
|
except Exception:
|
2018-12-28 08:49:56 +08:00
|
|
|
pass
|
|
|
|
|
|
|
|
def process(self):
|
|
|
|
results = []
|
|
|
|
for x in self.tlds:
|
|
|
|
host = self.run(x)
|
|
|
|
if host is not None:
|
|
|
|
results.append(host)
|
|
|
|
return results
|