def dotransform(request, response):
nameserver = request.value
if nslookup_raw("www.google.ca", resolver=nameserver).answer:
for site in config["dnscachesnoop/wordlist"]:
debug("Resolving %s" % site)
msg = nslookup_raw(site, resolver=nameserver, recursive=False)
if not msg.answer:
msg = nslookup_raw("www.%s" % site, resolver=nameserver, recursive=False)
if msg.answer:
e = DNSName(site)
t = Table(["Name", "Query Class", "Query Type", "Data", "TTL"], "Cached Answers")
for rrset in msg.answer:
for rr in rrset:
t.addrow(
[
rrset.name.to_text(),
dns.rdataclass.to_text(rr.rdclass),
dns.rdatatype.to_text(rr.rdtype),
rr.to_text(),
rrset.ttl,
]
)
e += Label("Cached Answers from %s" % nameserver, t, type="text/html")
response += e
else:
response += UIMessage("DNS server did not respond to initial DNS request.")
return response
def dotransform(request, response):
nameserver = request.value
if nslookup_raw('www.google.ca', resolver=nameserver).answer:
for site in config['dnscachesnoop/wordlist']:
debug('Resolving %s' % site)
msg = nslookup_raw(site, resolver=nameserver, recursive=False)
if not msg.answer:
msg = nslookup_raw('www.%s' % site,
resolver=nameserver,
recursive=False)
if msg.answer:
e = DNSName(site)
t = Table(['Name', 'Query Class', 'Query Type', 'Data', 'TTL'],
'Cached Answers')
for rrset in msg.answer:
for rr in rrset:
t.addrow([
rrset.name.to_text(),
dns.rdataclass.to_text(rr.rdclass),
dns.rdatatype.to_text(rr.rdtype),
rr.to_text(), rrset.ttl
])
e += Label('Cached Answers from %s' % nameserver,
t,
type='text/html')
response += e
else:
response += UIMessage(
'DNS server did not respond to initial DNS request.')
return response
def dotransform(request, response):
domain = request.value
wildcard_ips = set()
found_subdomains = {}
try:
msg = nslookup_raw('%s.%s' % (str(uuid4()), domain))
if msg.answer:
wildcard_ips = get_ip_addresses(msg)
name = '*.%s' % domain
response += DNSName(name)
found_subdomains[name] = 1
except dns.exception.Timeout:
pass
if wildcard_ips:
warning = 'Warning: wildcard domain is defined... results may not be accurate'
debug(warning)
response += UIMessage(warning)
ncount = 0
nthreads = config['dnsdiscovery/numthreads']
subdomains = set(config['dnsdiscovery/wordlist'])
threads = []
queue_send = Queue()
queue_recv = Queue()
for i in range(0, nthreads):
t = DNSResolver(request.value, queue_send, queue_recv)
t.start()
threads.append(t)
for s in subdomains:
queue_send.put(s)
for i in range(0, nthreads):
queue_send.put(None)
while True:
msg = queue_recv.get()
if not msg:
ncount += 1
if ncount == nthreads:
break
elif msg.answer:
ips = get_ip_addresses(msg)
if wildcard_ips and wildcard_ips.issuperset(ips):
continue
for name in get_names(domain, msg):
if name in found_subdomains:
continue
else:
found_subdomains[name] = 1
response += DNSName(name)
for t in threads:
t.join()
return response
def dotransform(request, response):
domain = request.value
wildcard_ips = set()
found_subdomains = {}
try:
msg = nslookup_raw('%s.%s' % (str(uuid4()), domain))
if msg.answer:
wildcard_ips = get_ip_addresses(msg)
name = '*.%s' % domain
response += DNSName(name)
found_subdomains[name] = 1
except dns.exception.Timeout:
pass
if wildcard_ips:
warning = 'Warning: wildcard domain is defined... results may not be accurate'
debug(warning)
response += UIMessage(warning)
ncount = 0
nthreads = config['dnsdiscovery/numthreads']
subdomains = set(config['dnsdiscovery/wordlist'])
threads = []
queue_send = Queue()
queue_recv = Queue()
for i in range(0, nthreads):
t = DNSResolver(request.value, queue_send, queue_recv)
t.start()
threads.append(t)
for s in subdomains:
queue_send.put(s)
for i in range(0, nthreads):
queue_send.put(None)
while True:
msg = queue_recv.get()
if not msg:
ncount += 1
if ncount == nthreads:
break
elif msg.answer:
ips = get_ip_addresses(msg)
if wildcard_ips and wildcard_ips.issuperset(ips):
continue
for name in get_names(domain, msg):
if name in found_subdomains:
continue
else:
found_subdomains[name] = 1
response += DNSName(name)
for t in threads:
t.join()
return response
def run(self):
while True:
subdomain = self.queue_recv.get()
if not subdomain:
break
name = '%s.%s' % (subdomain, self.domain)
name = re.sub('\.+', '.', name)
# debug('Resolving name: %s' % name)
try:
msg = nslookup_raw(name)
if msg.answer:
self.queue_send.put(msg)
except dns.exception.Timeout:
debug('Request timed out for name: %s' % name)
pass
sleep(1 / self.lookup_rate)
self.queue_send.put(None)
def run(self):
while True:
subdomain = self.queue_recv.get()
if not subdomain:
break
name = '%s.%s' % (subdomain, self.domain)
name = re.sub('\.+', '.', name)
# debug('Resolving name: %s' % name)
try:
msg = nslookup_raw(name)
if msg.answer:
self.queue_send.put(msg)
except dns.exception.Timeout:
debug('Request timed out for name: %s' % name)
pass
sleep(1 / self.lookup_rate)
self.queue_send.put(None)
