Beispiel #1
0
def whois(domain, server=False, depth=0):
	if depth > 2:
		return False
	query = domain.lower()
	tld = query.split('.')[-1]
	sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	sock.settimeout(1)
	# Use WHOIS_SERVERS for identified tld's, magic whois-servers.net other
	if not server:
		if tld in WHOIS_SERVERS:
			server = WHOIS_SERVERS[tld]
		else:
			server = tld + ".whois-servers.net"
	try:
		sock.connect((server, 43))
	except:
		return False
	# Modifiers
	if tld in WHOIS_MODIFIERS_PRE and depth == 0:
		query = WHOIS_MODIFIERS_PRE[tld] + query
	if tld in WHOIS_MODIFIERS_POST and depth == 0:
		query = query + WHOIS_MODIFIERS_POST[tld]
	try:
		sock.send(query + "\r\n")
		response = ""
		while True:
			d = sock.recv(4096)
			response += d
			if d == '':
				break
		sock.close()
	except:
		return False
	# Cleanup
	output = ""
	response = response.decode('utf8')
	response = response.replace("\r", "")
	for line in response.split("\n"):
		output += line.rstrip() + "\n"
	# Apply defluffing regular expressions
	for fluff in WHOIS_DEFLUFF:
		output = re.sub(fluff, "", output, re.DOTALL)

	while output.find("\n\n\n") != -1:
		output = output.replace("\n\n\n", "\n\n")
	output = output.strip()

	output = ("[ QUERY: %s ]\n[ WHOIS SERVER: %s ]\n\n" % (query, server)) + output

	match = re.search("Whois Server: (.*)", output)
	if match:
		extended = whois(domain, server=match.groups()[0], depth=(depth + 1))
		if extended:
			output = output + "\n\n" + extended

	return output
Beispiel #2
0
import sys

domain = str(sys.argv[1])
nslist = []
works = False
nameserver = dns.resolver.query(domain, 'NS')

print "Nameservers for %s:" % (domain)
for data in nameserver:
	print data
	nslist.append(str(data))

print "\nSubdomains for %s:" % (domain)

try:
    for dom in nslist:
        while works is not True:
            zone = dns.zone.from_xfr(dns.query.xfr(dom, domain))
            names = zone.nodes.keys()
            names.sort()


            for n in names:
                query = zone[n].to_text(n)
                query1 = query.split()
                if query1[0] != '@': print("".join(query1[:1]) + "." + domain) 
                works = True

except:
    print "Zone transfer failed. Requests blocked from nameservers."