def getNS(domain_name):
'''Returns all IPs for all NS for the given domain using the
system default resolver'''
resolver = dns.resolver.Resolver()
resolver.use_edns(0,dns.flags.DO,4096)
resolver.nameservers=([__default_ns__])
return_ns = set()
try:
response_ns = resolver.query(domain_name, 'NS')
except dns.resolver.NoAnswer:
print "no answer returned"
except dns.resolver.NXDOMAIN:
print "NXDOMAIN"
for ns in response_ns:
try:
response_a = resolver.query(ns.target, 'A')
except dns.resolver.NoAnswer:
print "no answer returned"
except dns.resolver.NXDOMAIN:
print "NXDOMAIN"
for a in response_a:
return_ns.add(a.address)
return return_ns
def validate_python(self, value, state):
if ('recaptcha_challenge_field' or 'recaptcha_response_field') in request.POST:
log.debug("Skiping ip blacklist, reCaptcha present")
return
if not HAVE_DNSPYTHON:
log.warning("Skiping blacklist check, no dnspython package")
return
remote_addr = request.environ['REMOTE_ADDR']
blacklisting_servers = []
self.servers = config['spamfilter.blacklist.servers'].split() or \
self.servers
prefix = '.'.join(reversed(remote_addr.split('.'))) + '.'
for server in self.servers:
try:
query(prefix + server.encode('utf-8'))
except NXDOMAIN: # not blacklisted on this server
log.debug('IP: %s not blacklisted by %s', remote_addr, server)
continue
except (Timeout, NoAnswer, NoNameservers), e:
log.warning('Error checking IP blacklist server "%s" for '
'IP "%s": %s' % (server, remote_addr, e))
continue
else:
blacklisting_servers.append(server)
def dns_query(resolver, subject, qtype):
alarm = Alarm()
answers = []
if qtype == "PTR":
subject = dns.reversename.from_address(subject)
try:
alarm.set(dns_resolver.timeout)
dns_answer = resolver.query(subject, qtype, raise_on_no_answer=False)
if (dns_answer.response.flags & dns.flags.TC) == dns.flags.TC:
dns_answer = resolver.query(subject, qtype, tcp=True)
except:
dns_answer = None
finally:
alarm.clear()
try:
## Some DNS servers return NXDOMAIN as part of TXT
if not re.search(".*?TXT.*?not\s+exist", str(dns_answer.response)):
answers = [str(a) for a in dns_answer]
except:
pass
return answers
def dns_check(name, uuid):
resolver = dns.resolver.Resolver()
resolver.timeout = 3
# get nameservers list (max 4)
try:
ns_list = resolver.query(name, 'NS')
except:
ns_list = []
if len(ns_list) > 4:
ns_list = ns_list[0:4]
servers = []
for ns in ns_list:
ns = str(ns)
#print ns
servers.append( str(resolver.query(ns, 'A')[0]) )
if servers:
resolver.nameservers = servers
parts = name.split('.')
while len(parts) > 1:
try:
print '.'.join(parts)
txt_list = resolver.query('.'.join(parts), 'TXT')
for txt in txt_list:
if 'uwsgi:%s' % uuid in str(txt):
return True
except:
pass
parts = parts[1:]
return False
def validate_host_dns(log, fqdn):
"""
See if the hostname has a DNS A/AAAA record.
"""
try:
answers = resolver.query(fqdn, rdatatype.A)
log.debug(
'IPA: found %d A records for %s: %s' % (len(answers), fqdn,
' '.join(str(answer) for answer in answers))
)
except DNSException as e:
log.debug(
'IPA: DNS A record lookup failed for %s' % fqdn
)
# A record not found, try to find AAAA record
try:
answers = resolver.query(fqdn, rdatatype.AAAA)
log.debug(
'IPA: found %d AAAA records for %s: %s' % (len(answers), fqdn,
' '.join(str(answer) for answer in answers))
)
except DNSException as e:
log.debug(
'IPA: DNS AAAA record lookup failed for %s' % fqdn
)
raise errors.DNSNotARecordError()
def get_server_ip(self, host):
"""获取服务器IP
:param host:
:return:
"""
if utils.is_ipv4_address(host): return host
if utils.is_ipv6_address(host): return host
enable_ipv6 = bool(int(self.__configs["connection"]["enable_ipv6"]))
resolver = dns.resolver.Resolver()
resolver.nameservers = [self.__configs["public"]["remote_dns"]]
try:
if enable_ipv6:
rs = resolver.query(host, "AAAA")
else:
rs = resolver.query(host, "A")
except dns.resolver.NoAnswer:
return None
except dns.resolver.Timeout:
return None
except dns.resolver.NoNameservers:
return None
for anwser in rs:
ipaddr = anwser.__str__()
break
if self.__mode == _MODE_GW: self.__set_tunnel_ip(ipaddr)
return ipaddr
def classifyDomainByRecord(domain):
resolver = dns.resolver.Resolver()
resolver.lifetime = 5
try:
nameserver = getAuthoritativeNameserver(domain)
if nameserver:
resolver.nameservers = [nameserver]
addresses = resolver.query(domain, dns.rdatatype.CNAME)
return {"type": "CNAME", "domain": domain, "addresses": addresses}
except dns.resolver.NXDOMAIN:
pass
except dns.resolver.NoAnswer:
pass
except Exception as e:
return {"type": "PROBLEM", "name": "CNAME record", "value": str(e)}
try:
addresses = resolver.query(domain, dns.rdatatype.A)
return {"type": "A", "domain": domain, "addresses": addresses}
except (NXDOMAIN, NoAnswer):
return {"type": "NONEXISTENT", "domain": domain, "addresses": []}
except Exception as e:
return {"type": "PROBLEM", "name": "A record", "value": str(e)}
def __init__(self, resolver_q, resolver_list, target, wildcards):
multiprocessing.Process.__init__(self, target = self.run)
self.daemon = True
signal_init()
self.time_to_die = False
self.resolver_q = resolver_q
self.wildcards = wildcards
self.resolver_list = resolver_list
resolver = dns.resolver.Resolver()
#The domain provided by the user.
self.target = target
#1 website in the world, modify the following line when this status changes.
#www.google.cn, I'm looking at you ;)
self.most_popular_website = "www.google.com"
#We shouldn't need the backup_resolver, but we we can use them if need be.
#We must have a resolver, and localhost can work in some environments.
self.backup_resolver = resolver.nameservers + ['127.0.0.1', '8.8.8.8', '8.8.4.4']
#Ideally a nameserver should respond in less than 1 sec.
resolver.timeout = 1
resolver.lifetime = 1
try:
#Lets test the letancy of our connection.
#Google's DNS server should be an ideal time test.
resolver.nameservers = ['8.8.8.8']
resolver.query(self.most_popular_website, "A")
except:
#Our connection is slower than a junebug in molasses
resolver = dns.resolver.Resolver()
self.resolver = resolver
def get_asn_data_by_dns(ip, source_ip=None):
try:
subject = "%s.%s" % ('.'.join(reversed(ip.split('.'))), origin_asn_zone)
resolver = dns.resolver.Resolver()
dns_answer = resolver.query(subject, rdtype=16, source=source_ip)
answer = ''.join([str(a) for a in dns_answer])
asn_str, prefix = [a.strip("\" ") for a in answer.split('|')][:2]
asns = [a.strip() for a in asn_str.split(' ')]
ret = []
for asn in asns:
subject = "AS%s.%s" % (asn, desc_asn_zone)
dns_answer = resolver.query(subject, rdtype=16, source=source_ip)
answer = ''.join([str(a) for a in dns_answer])
name = [a.strip("\" ") for a in answer.split('|')][-1]
ret.append([ip, prefix, asn, name])
return ret
except dns.resolver.NXDOMAIN:
return []
except DNSException, e:
raise Exception("%s: %s" % (e.__class__.__name__, e.__doc__))
def clean(self, *args, **kwargs):
email = super().clean(*args, **kwargs)
if not email:
return email
_node, domain = email.rsplit('@', 1)
if domain in settings.BANNED_EMAIL_DOMAINS:
raise forms.ValidationError(self.error_messages['domain-banned'], params={'domain': domain},
code='domain-banned')
if domain:
exists = False
resolver = dns.resolver.Resolver()
for typ in ['A', 'AAAA', 'MX']:
try:
resolver.query(domain, typ)
exists = True
break
except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
continue
if exists is False:
raise forms.ValidationError(self.error_messages['domain-does-not-exist'] % {
'value': domain,
}, code='domain-does-not-exist')
return email
def _check(self, instance):
hostname, timeout, nameserver, record_type, resolver = self._load_conf(instance)
# Perform the DNS query, and report its duration as a gauge
start_time = time.time()
try:
self.log.debug('Querying "{0}" record for hostname "{1}"...'.format(record_type, hostname))
if record_type == "NXDOMAIN":
try:
resolver.query(hostname)
except dns.resolver.NXDOMAIN:
pass
else:
raise AssertionError("Expected an NXDOMAIN, got a result.")
else:
answer = resolver.query(hostname, rdtype=record_type)
assert(answer.rrset.items[0].to_text())
end_time = time.time()
except dns.exception.Timeout:
self.log.error('DNS resolution of {0} timed out'.format(hostname))
return Status.CRITICAL, 'DNS resolution of {0} timed out'.format(hostname)
except Exception:
self.log.exception('DNS resolution of {0} has failed.'.format(hostname))
return Status.CRITICAL, 'DNS resolution of {0} has failed'.format(hostname)
else:
tags = self._get_tags(instance)
if end_time - start_time > 0:
self.gauge('dns.response_time', end_time - start_time, tags=tags)
self.log.debug('Resolved hostname: {0}'.format(hostname))
return Status.UP, 'UP'
def module_run(self, domains):
max_attempts = 3
resolver = self.get_resolver()
answers = ""
for domain in domains:
attempt = 0
self.verbose('Retrieving MX records for %s.' % (domain))
while attempt < max_attempts:
try:
answers = resolver.query(domain, 'MX')
except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
self.verbose('%s => No record found.' % (domain))
except dns.resolver.Timeout:
self.verbose('%s => Request timed out.' % (domain))
attempt += 1
continue
except (dns.resolver.NoNameservers):
self.verbose('%s => Invalid nameserver.' % (domain))
else:
for rdata in answers:
host = rdata.exchange
host = str(host)
host = host[:-1]
self.add_hosts(host)
# break out of the loop
attempt = max_attempts
# Now look for SPF records
for domain in domains:
attempt = 0
self.verbose('Retrieving SPF records for %s.' % (domain))
while attempt < max_attempts:
try:
answers = resolver.query(domain, 'TXT')
except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
self.verbose('%s => No record found.' % (domain))
except dns.resolver.Timeout:
self.verbose('%s => Request timed out.' % (domain))
attempt += 1
continue
except (dns.resolver.NoNameservers):
self.verbose('%s => Invalid nameserver.' % (domain))
else:
for txtrecord in answers:
self.verbose('TXT record: %s' % (txtrecord))
if "v=spf" in txtrecord.to_text():
resp = txtrecord.to_text()
words = resp.split()
for item in words:
if "ip4" in item:
ipaddr = item.split(':', 1)[1]
if "/" in ipaddr:
self.add_netblocks(ipaddr)
else:
self.add_hosts(ip_address=ipaddr)
elif "a:" in item:
spfhost = item.split(':', 1)[1]
self.add_hosts(host=spfhost)
# break out of the loop
attempt = max_attempts
def assert_nxdomain(resolver, domain, rr_type):
got_nxdomain = False
try:
resolver.query(domain, rr_type)
except dns.resolver.NXDOMAIN:
got_nxdomain = True
assert got_nxdomain
def check_address(address):
parts = address.split("@")
if len(parts) != 2:
return False
try:
query(parts[1], 'MX') #sprawdzamy wpis dns
except DNSException:
return False
return True
def srv_lookup(self, kind, domain):
print('Checking xmpp-%s records for %s' % (kind, domain))
key = '%s_records' % kind
try:
srv_records = resolver.query('_xmpp-%s._tcp.%s' % (kind, domain), 'SRV')
except resolver.NoAnswer:
self.data['dns']['srv'] = False
self.data['dns'][kind] = False
return
has_ipv4 = False
has_ipv6 = False
for record in srv_records:
host = record.target.split(1)[0].to_text()
ip4, ip6 = [], []
# do A/AAAA lookup
try:
ip4 = [r.address for r in resolver.query(host, 'A')]
has_ipv4 = True
except resolver.NXDOMAIN:
# The domain name is not at all defined.
self.data['dns']['srv'] = False
except resolver.NoAnswer:
# The domain name is defined, but there just is no A record. This is not an error
# because there might be other records that provide an A record.
pass
if settings.USE_IP6:
try:
ip6 = [r.address for r in resolver.query(host, 'AAAA')]
has_ipv6 = True
except resolver.NoAnswer:
# The domain name is defined, but there just is no AAAA record. This is not an error
# because there might be other records that provide an AAAA record.
pass
if not ip4 and not ip6:
# This SRV target has neither an IPv4 nor an IPv6 record. We consider this faulty.
# The most common mistake would be to point an SRV record to a domain with e.g.
# only a MX or CNAME record.
self.data['dns']['srv'] = False
self.data['dns'][kind] = False
self.data['dns'][key].append({
'port': record.port,
'host': host,
'ips': ip4 + ip6, # ip4 and ip6 combined
})
# We consider IPv4/6 support ok if there is at least one record of the given type.
self.data['dns']['%s_ipv4' % kind] = has_ipv4
self.data['dns']['%s_ipv6' % kind] = has_ipv6
self.data['dns']['ipv4'] = has_ipv4 and self.data['dns']['ipv4']
self.data['dns']['ipv6'] = has_ipv6 and self.data['dns']['ipv6']
def __discover_config(discover_server = True):
servers = []
try:
if not config.default_realm:
try:
# only import krbV when we need it
import krbV
krbctx = krbV.default_context()
config.default_realm = krbctx.default_realm
except ImportError:
pass
if not config.default_realm:
return False
if not config.default_domain:
# try once with REALM -> domain
domain = str(config.default_realm).lower()
name = "_ldap._tcp." + domain
try:
servers = resolver.query(name, rdatatype.SRV)
except DNSException:
# try cycling on domain components of FQDN
try:
domain = dns.name.from_text(socket.getfqdn())
except DNSException:
return False
while True:
domain = domain.parent()
if str(domain) == '.':
return False
name = "_ldap._tcp.%s" % domain
try:
servers = resolver.query(name, rdatatype.SRV)
break
except DNSException:
pass
config.default_domain = str(domain).rstrip(".")
if discover_server:
if not servers:
name = "_ldap._tcp.%s." % config.default_domain
try:
servers = resolver.query(name, rdatatype.SRV)
except DNSException:
pass
for server in servers:
hostname = str(server.target).rstrip(".")
config.default_server.append(hostname)
except:
pass
def reverse_dns_query(self, ip):
addr = dns.reversename.from_address(ip)
resolver = dns.resolver.Resolver()
resolver.timeout = 1
resolver.lifetime = 1
try:
print(str(resolver.query(addr,"PTR")[0])[:-1])
return str(resolver.query(addr,"PTR")[0])[:-1]
except:
return("(DNS Error)")
def is_host_resolvable(fqdn):
for rdtype in (rdatatype.A, rdatatype.AAAA):
try:
resolver.query(fqdn, rdtype)
except DNSException:
continue
else:
return True
return False
def test_ptr_lookup(self):
environ = self.environ.copy()
environ['REMOTE_ADDR'] = '1.2.3.4'
resolver.query(IgnoreArg(), 'PTR').AndRaise(DNSException)
resolver.query(IgnoreArg(), 'PTR').AndReturn(['example.com'])
self.mox.ReplayAll()
w = WsgiEdge(None)
w._ptr_lookup(environ)
self.assertNotIn('slimta.reverse_address', environ)
w._ptr_lookup(environ)
self.assertEqual('example.com', environ['slimta.reverse_address'])
def __call__(self, value, *args, **kwargs):
super(EmailValidator, self).__call__(value, *args, **kwargs)
value = force_text(value)
domain = value.split('@')[1]
try:
resolver.query(domain, 'MX')
except DNSException:
raise ValidationError('Enter a valid email address domain.',
code=self.code)
def test_ptr_lookup(self):
self.mox.StubOutWithMock(resolver, 'query')
resolver.query(IgnoreArg(), 'PTR').AndRaise(DNSException)
resolver.query(IgnoreArg(), 'PTR').AndReturn(['example.com'])
self.mox.ReplayAll()
h = SmtpSession(('1.2.3.4', None), None, None)
with self.assertRaises(DNSException):
h._ptr_lookup()
self.assertIsNone(h.reverse_address)
h._ptr_lookup()
self.assertEqual('example.com', h.reverse_address)
def detect_dns_zone_realm_type(api, domain):
"""
Detects the type of the realm that the given DNS zone belongs to.
Note: This method is heuristic. Possible values:
- 'current': For IPA domains belonging in the current realm.
- 'foreign': For domains belonging in a foreing kerberos realm.
- 'unknown': For domains whose allegiance could not be detected.
"""
# First, try to detect _kerberos TXT record in the domain
# This would indicate that the domain belongs to IPA realm
kerberos_prefix = DNSName('_kerberos')
domain_suffix = DNSName(domain)
kerberos_record_name = kerberos_prefix + domain_suffix
response = None
try:
result = resolver.query(kerberos_record_name, rdatatype.TXT)
answer = result.response.answer
# IPA domain will have only one _kerberos TXT record
if (len(answer) == 1 and
len(answer[0]) == 1 and
answer[0].rdtype == rdatatype.TXT):
record = answer[0][0]
# If the record contains our current realm, it is 'ipa-current'
if record.to_text() == '"{0}"'.format(api.env.realm):
return 'current'
else:
return 'foreign'
except DNSException as e:
pass
# Try to detect AD specific record in the zone.
# This would indicate that the domain belongs to foreign (AD) realm
gc_prefix = DNSName('_ldap._tcp.gc._msdcs')
ad_specific_record_name = gc_prefix + domain_suffix
try:
# The presence of this record is enough, return foreign in such case
result = resolver.query(ad_specific_record_name, rdatatype.SRV)
return 'foreign'
except DNSException as e:
pass
# If we could not detect type with certainity, return unknown
return 'unknown'
def gather_txt(cls, domain):
""" Basic DNS TXT query for the domain domain. """
try:
try:
answers = resolver.query(domain, 'TXT')
except:
answers = resolver.query(domain, 'SPF')
except Exception, e:
if cls._logger is not None:
cls._logger.critcal("Error during DNS query.")
raise e
def load_ipmi_info(self):
# Also per IT, the IPMI Interface, if it exists, can
# always be found by appending "-mgmt.build.mozilla.org" to the name.
try:
ipmi_fqdn = "%s-mgmt.%s" % (self.name, config["default_domain"])
resolver.query(ipmi_fqdn)
# This will return None if the IPMI interface doesn't work for some
# reason.
self.ipmi = IPMIInterface.get_if_exists(ipmi_fqdn, config["ipmi_username"], config["ipmi_password"])
except resolver.NXDOMAIN:
# IPMI Interface doesn't exist.
pass
def get_tld_nameservers(tld):
print "querying {} nameservers".format(tld)
servers = set()
try:
ans = resolver.query(tld, 'NS')
for rr in ans.rrset.items:
a = resolver.query(rr.to_text())
for record in a.rrset:
servers.add(record.to_text())
except Exception as e:
print e.__class__, e.message
return list(servers)
def check_resolvers(file_name):
ret=[]
resolver=dns.resolver.Resolver()
file=open(file_name).read()
for server in file.split("\n"):
resolver.nameservers=[server]
try:
resolver.query("www.google.com")
ret.append(server)
#should throw an exception before this line.
except:
pass
return ret
def module_run(self, domains):
max_attempts = 3
wordlist = self.options['wordlist']
if not os.path.exists(wordlist):
self.error('Wordlist file (\'%s\') not found.' % (wordlist))
return
words = open(wordlist).read().split()
resolver = self.get_resolver()
cnt = 0
new = 0
for domain in domains:
self.heading(domain, level=0)
try:
answers = resolver.query('*.%s' % (domain))
self.output('Wildcard DNS entry found for \'%s\'. Cannot brute force hostnames.' % (domain))
continue
except (dns.resolver.NoNameservers, dns.resolver.Timeout):
self.error('Invalid nameserver.')
continue
except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
self.verbose('No Wildcard DNS entry found.')
for word in words:
attempt = 0
while attempt < max_attempts:
host = '%s.%s' % (word, domain)
try:
answers = resolver.query(host)
except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
self.verbose('%s => No record found.' % (host))
except dns.resolver.Timeout:
self.verbose('%s => Request timed out.' % (host))
attempt += 1
continue
else:
# process answers
for answer in answers.response.answer:
for rdata in answer:
if rdata.rdtype in (1, 5):
if rdata.rdtype == 1:
self.alert('%s => (A) %s - Host found!' % (host, host))
cnt += 1
if rdata.rdtype == 5:
cname = rdata.target.to_text()[:-1]
self.alert('%s => (CNAME) %s - Host found!' % (host, cname))
new += self.add_hosts(cname)
cnt += 1
# add the host in case a CNAME exists without an A record
new += self.add_hosts(host)
# break out of the loop
attempt = max_attempts
self.summarize(new, cnt)
def check_smtp_domain (self, mail):
"""
Check a single mail address.
"""
from dns.exception import DNSException
log.debug(LOG_CHECK, "checking mail address %r", mail)
mail = strformat.ascii_safe(mail)
username, domain = mail.rsplit('@', 1)
log.debug(LOG_CHECK, "looking up MX mailhost %r", domain)
try:
answers = resolver.query(domain, 'MX')
except DNSException:
answers = []
if len(answers) == 0:
self.add_warning(_("No MX mail host for %(domain)s found.") %
{'domain': domain},
tag=WARN_MAIL_NO_MX_HOST)
try:
answers = resolver.query(domain, 'A')
except DNSException:
answers = []
if len(answers) == 0:
self.set_result(_("No host for %(domain)s found.") %
{'domain': domain}, valid=False,
overwrite=True)
return
# set preference to zero
mxdata = [(0, rdata.to_text(omit_final_dot=True))
for rdata in answers]
else:
from dns.rdtypes.mxbase import MXBase
mxdata = [(rdata.preference,
rdata.exchange.to_text(omit_final_dot=True))
for rdata in answers if isinstance(rdata, MXBase)]
if not mxdata:
self.set_result(
_("Got invalid DNS answer %(answer)s for %(domain)s.") %
{'answer': answers, 'domain': domain}, valid=False,
overwrite=True)
return
# sort according to preference (lower preference means this
# host should be preferred)
mxdata.sort()
# debug output
log.debug(LOG_CHECK, "found %d MX mailhosts:", len(answers))
for preference, host in mxdata:
log.debug(LOG_CHECK,
"MX host %r, preference %d", host, preference)
# connect
self.check_smtp_connect(mxdata, username, domain)
def wait_for_nxdomain_cache_to_clear(resolver, domain, rr_type):
SECONDS_TO_WAIT = 20
for i in range(SECONDS_TO_WAIT + 1):
try:
resolver.query(domain, rr_type)
# If we get this far, hooray, we are done waiting.
return
except dns.resolver.NXDOMAIN:
# Wait a sec, and let's retry.
print '.',
time.sleep(1)
raise RuntimeError, "We waited a while but the NXDOMAIN did not go away."
def reverse_record_exists(ip_address):
"""
Checks if IP address have some reverse record somewhere.
Does not care where it points.
Returns True/False
"""
reverse = reversename.from_address(str(ip_address))
try:
resolver.query(reverse, "PTR")
except DNSException:
# really don't care what exception, PTR is simply unresolvable
return False
return True
def find_dns_cdn(self, domain, depth=0):
"""Recursively check a CNAME chain"""
from dns import resolver
provider = self.check_cdn_name(domain)
logging.debug("Looking up %s", domain)
# First do a CNAME check
if provider is None:
try:
answers = resolver.query(domain, 'CNAME')
if answers and len(answers):
for rdata in answers:
name = '.'.join(rdata.target).strip(' .')
logging.debug("%s -> %s", domain, name)
if name != domain:
provider = self.check_cdn_name(name)
if provider is None and depth < 10:
provider = self.find_dns_cdn(name, depth + 1)
if provider is not None:
break
except Exception:
pass
# Try a reverse-lookup of the address
if provider is None:
try:
import socket
addresses = socket.getaddrinfo(domain, 80)
if addresses:
addr = addresses[0][4][0]
answer = socket.gethostbyaddr(addr)
if answer:
name = answer[0]
logging.debug("%s -> %s -> %s", domain, addr, name)
provider = self.check_cdn_name(name)
except Exception:
pass
return provider
def exec_query(hostname, record_type, ns_server=None):
"""Execute a DNS query against a given name source.
ns_server must be an IP address!!!
"""
try:
# if nameserver specified then try it first
if ns_server:
resolver = get_resolver()
resolver.nameservers = [ns_server]
try:
return resolver.query(hostname, record_type, tcp=True)
except dns.exception.Timeout:
pass
# if it's not specified or timed out then use default nameserver
return get_resolver().query(hostname, record_type, tcp=True)
# in case of timeouts and socket errors return []
except dns.exception.Timeout:
return []
except socket.error:
return []
def subdomain_enum(target):
print '\n[*] Sub-Domain Enumeration for: %s' % (target)
print '-' * 40
#Get word list
subs = arg_parser(name='wordlist',
flag='-w',
type=file,
default='../resources/dns_enum_subdomains.txt')
# DNS query for each subdomain
for s in subs:
query = s + '.' + target
try:
# Setup DNS query
resolver = dns.resolver.Resolver()
resolver.timeout = 3
resolver.lifetime = 3
dns_query = resolver.query(query, 'A')
dns_query.nameservers = ['8.8.8.8', '8.8.4.4']
for resp in dns_query:
# Print Output
space_num = len(sys.argv[-1]) + 10
print '%-*s--> %s' % (space_num, query, resp)
except Exception as e:
pass
def get_fqdn(nameserver):
# register nameserver
resolver = _get_dns_resolver(nameserver)
# perform a reverse lookup
try:
reverse_address = dns.reversename.from_address(nameserver)
MODULE.info('Found reverse address: %s' % (reverse_address,))
reverse_lookup = resolver.query(reverse_address, 'PTR')
if not len(reverse_lookup):
return None
fqdn = reverse_lookup[0]
parts = [i for i in fqdn.target.labels if i]
domain = '.'.join(parts)
return domain
except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.NoNameservers) as exc:
MODULE.warn('Lookup for nameserver %s failed: %s %s' % (nameserver, type(exc).__name__, exc))
except dns.exception.Timeout as exc:
MODULE.warn('Lookup for nameserver %s timed out: %s' % (nameserver, exc))
except dns.exception.DNSException as exc:
MODULE.error('DNS Exception: %s' % (traceback.format_exc()))
return None
def checarDominio(self):
print("Checando mudança entrada %s no domínio %s." % (self.entrada, self.dominio))
self.tentativas += 1
resolver = dns.resolver.Resolver()
resolver.nameservers=[socket.gethostbyname(self.dns_root)]
try:
for data in resolver.query(self.dominio, self.entrada):
# Primeiro Valor
if(self.ultimo_valor == None):
self.ultimo_valor = data
# Checa se o valor do DNS mudou
if(data != self.ultimo_valor or data == self.valor):
print("DNS atualizado!")
self.ultimo_valor = data
except Exception as e:
print("Erro:",e)
if(self.tentativas < self.max_tentativas):
self.thread = Timer(self.tempo_tentativas,self.checarDominio)
self.thread.start()
def req(url):
i = parse.urlparse(url)
host = i.hostname
path = i.path
header = "GET {} HTTP/1.1\r\nHost:{}\r\nConnection:close\r\nUser-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36\r\n\r\n".format(
path, host).encode('utf8')
host_ip_list = resolver.query(host)
host_ip = host_ip_list.response.answer[0].items[0].address
ss = socket.socket()
addr = (host_ip, 80)
ss.connect(addr)
ss.send(header)
data = b""
while 1:
msg = ss.recv(10)
if not msg:
break
data += msg
data = data.split(b'\r\n\r\n')
html_list = data[1:]
html = b"".join(html_list)
print(html.decode('utf8'))
def query_ns(qname, rdtype, origin=None):
"""
query a dns name from our master server
:param qname: the query name
:type qname: dns.name.Name object or str
:param rdtype: the query type
:type rdtype: int or str
:return: IP (as str)
"""
origin, name = parse_name(qname, origin)
origin_str = str(origin)
nameserver = get_ns_info(origin_str)[0]
resolver = dns.resolver.Resolver(configure=False)
# we do not configure it from resolv.conf, but patch in the values we
# want into the documented attributes:
resolver.nameservers = [
nameserver,
]
resolver.search = [
dns.name.from_text(settings.BASEDOMAIN),
]
answer = resolver.query(qname, rdtype)
return str(list(answer)[0])
def query_dns(qname, rtype, nxdomain='[Not Set]', at=None):
# Make the qname absolute by appending a period. Without this, dns.resolver.query
# will fall back a failed lookup to a second query with this machine's hostname
# appended. This has been causing some false-positive Spamhaus reports. The
# reverse DNS lookup will pass a dns.name.Name instance which is already
# absolute so we should not modify that.
if isinstance(qname, str):
qname += "."
# Use the default nameservers (as defined by the system, which is our locally
# running bind server), or if the 'at' argument is specified, use that host
# as the nameserver.
resolver = dns.resolver.get_default_resolver()
if at:
resolver = dns.resolver.Resolver()
resolver.nameservers = [at]
# Set a timeout so that a non-responsive server doesn't hold us back.
resolver.timeout = 5
# Do the query.
try:
response = resolver.query(qname, rtype)
except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN,
dns.resolver.NoAnswer):
# Host did not have an answer for this query; not sure what the
# difference is between the two exceptions.
return nxdomain
except dns.exception.Timeout:
return "[timeout]"
# There may be multiple answers; concatenate the response. Remove trailing
# periods from responses since that's how qnames are encoded in DNS but is
# confusing for us. The order of the answers doesn't matter, so sort so we
# can compare to a well known order.
return "; ".join(sorted(str(r).rstrip('.') for r in response))
def process_data(threadName, q):
while not exitFlag:
queueLock.acquire()
if not workQueue.empty():
data = q.get()
queueLock.release()
host = data.strip() + '.' + domain.strip()
try:
answers = resolver.query(host)
try:
output = gethostbyaddr(host)
if len(host) < 16:
stdout.write("\r\x1b[K")
stdout.flush()
print("\r" + str(host) + "\t\t" + str(output[0]) +
" " + str(output[2]))
found.append(
str(host) + "\t\t" + str(output[0]) + " " +
str(output[2]))
else:
stdout.write("\r\x1b[K")
stdout.flush()
print("\r" + str(host) + "\t" + str(output[0]) + " " +
str(output[2]))
found.append(
str(host) + "\t" + str(output[0]) + " " +
str(output[2]))
except:
stdout.write("\r\x1b[K")
stdout.flush()
print("\r" + str(host))
found.append(str(host))
except:
pass
else:
queueLock.release()
def module_thread(self, word, domain, resolver, wildcard):
max_attempts = 3
attempt = 0
while attempt < max_attempts:
host = '%s.%s' % (word, domain)
try:
answers = resolver.query(host)
except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
self.verbose('%s => No record found.' % (host))
except dns.resolver.Timeout:
self.verbose('%s => Request timed out.' % (host))
attempt += 1
continue
else:
# process answers
if answers.response.answer[0][0] == wildcard:
self.verbose('%s => Response matches the wildcard.' %
(host))
else:
for answer in answers.response.answer:
for rdata in answer:
if rdata.rdtype in (1, 5):
if rdata.rdtype == 1:
address = rdata.address
self.alert('%s => (A) %s' %
(host, address))
self.add_hosts(host, address)
if rdata.rdtype == 5:
cname = rdata.target.to_text()[:-1]
self.alert('%s => (CNAME) %s' %
(host, cname))
self.add_hosts(cname)
# add the host in case a CNAME exists without an A record
self.add_hosts(host)
# break out of the loop
attempt = max_attempts
def _get_hostname_from_srv(hostname):
# May return e.g.:
# canonical name = mail.ucl.dk.
# service = 8 100 443 webmail.ucn.dk.
# or throw dns.resolver.NoAnswer
log.debug('Attempting to get SRV record on %s', hostname)
resolver = dns.resolver.Resolver()
resolver.timeout = TIMEOUT
try:
answers = resolver.query(hostname, 'SRV')
for rdata in answers:
try:
vals = rdata.to_text().strip().rstrip('.').split(' ')
priority, weight, port, svr = int(vals[0]), int(vals[1]), int(vals[2]), vals[3]
except (ValueError, KeyError) as e:
raise_from(AutoDiscoverFailed('Incompatible SRV record for %s (%s)' % (hostname, rdata.to_text())), e)
else:
return svr
except dns.resolver.NoNameservers as e:
raise_from(AutoDiscoverFailed('No name servers for %s' % hostname), e)
except dns.resolver.NoAnswer as e:
raise_from(AutoDiscoverFailed('No SRV record for %s' % hostname), e)
except dns.resolver.NXDOMAIN as e:
raise_from(AutoDiscoverFailed('Nonexistent domain %s' % hostname), e)
def query_dns_rr(qname, rdtype="A", nameserver="8.8.8.8", debug=False):
if 'http' in qname:
qname = get_domain_name_from_url(qname)
resolver = dns.resolver.Resolver()
resolver.timeout = 3 # TODO(Guodong) does it really works?
resolver.nameservers = [nameserver
] # default_nameserver = resolver.nameservers
resolver.cache = False
answer = None
try:
answer = resolver.query(qname, rdtype).response.answer
except dns.resolver.NoAnswer as e:
if debug:
print(e)
pass
except dns.resolver.NXDOMAIN as e:
if debug:
print(e)
pass
except dns.exception.Timeout as e:
if debug:
print(e)
pass
except dns.resolver.NoNameservers as e:
if debug:
print(e)
pass
records = []
if answer:
for record in answer[-1]:
records.append(str(record))
return records
else:
return records
def mxlookup(domain):
try:
if HAVE_DNSPYTHON:
mxrecs = []
mxrequest = resolver.query(domain, QTYPE_MX)
for rec in mxrequest:
mxrecs.append(rec.to_text())
mxrecs.sort() # automatically sorts by priority
return [x.split(None, 1)[-1] for x in mxrecs]
elif HAVE_PYDNS:
mxrecs = []
mxrequest = DNS.mxlookup(domain)
for dataset in mxrequest:
if type(dataset) == tuple:
mxrecs.append(dataset)
mxrecs.sort() # automatically sorts by priority
return [x[1] for x in mxrecs]
except Exception:
return None
return None
def _has_dns_propagated(self):
"""Checks if the TXT record has propagated."""
txt_records = []
name = "_acme-challenge." + self.domain
try:
resolver = dns.resolver.Resolver()
nameservers = self.nameservers
nameservers.extend(resolver.nameservers)
resolver.nameservers = nameservers
dns_response = resolver.query(name, "TXT")
if hasattr(dns_response.response, "answer"):
for answer in dns_response.response.answer:
for record in answer.items:
txt_records.append(record.to_text().replace("\"", ""))
except dns.exception.DNSException as error:
if (self.debug):
traceback.print_exc()
return False
for txt_record in txt_records:
if txt_record == self.validation:
return True
return False
def _get_srv_records(hostname):
"""Send a DNS query for SRV entries for the hostname.
An SRV entry that has been formatted for autodiscovery will have the following format:
canonical name = mail.example.com.
service = 8 100 443 webmail.example.com.
The first three numbers in the service line are: priority, weight, port
"""
log.debug('Attempting to get SRV records for %s', hostname)
resolver = dns.resolver.Resolver()
resolver.timeout = AutodiscoverProtocol.TIMEOUT
records = []
try:
answers = resolver.query('%s.' % hostname, 'SRV')
except (dns.resolver.NoNameservers, dns.resolver.NoAnswer,
dns.resolver.NXDOMAIN) as e:
log.debug('DNS lookup failure: %s', e)
return records
for rdata in answers:
try:
vals = rdata.to_text().strip().rstrip('.').split(' ')
# Raise ValueError if the first three are not ints, and IndexError if there are less than 4 values
priority, weight, port, srv = int(vals[0]), int(vals[1]), int(
vals[2]), vals[3]
record = SrvRecord(priority=priority,
weight=weight,
port=port,
srv=srv)
log.debug('Found SRV record %s ', record)
records.append(record)
except (ValueError, IndexError):
log.debug('Incompatible SRV record for %s (%s)', hostname,
rdata.to_text())
return records
def query(name, rdatatype, resolver=None):
"""Send query to supplied DNS resolver
:return: None if no results could be found
"""
if not resolver:
resolver = dns.resolver.Resolver()
query_str = '%s IN %s' % (name, dns.rdatatype.to_text(rdatatype))
try:
return resolver.query(name, rdatatype, tcp=True)
except dns.exception.Timeout as err:
_LOGGER.debug('Timeout while querying %s: %s', query_str, err)
except dns.resolver.NXDOMAIN as err:
_LOGGER.debug('Query: "%s" does not exist in DNS: %s', query_str, err)
except dns.resolver.YXDOMAIN:
# TODO: not sure what "too long" means...
_LOGGER.debug('Query: "%s" is too long.', query_str)
except dns.resolver.NoAnswer:
_LOGGER.debug('Query: "%s" has no answer.', query_str)
except dns.resolver.NoNameservers:
_LOGGER.debug('Query "%s" has no name server.', query_str)
return []
def query(resolver, domain, record_type='A', tcp=False):
try:
resp = resolver.query(domain,
record_type,
raise_on_no_answer=False,
tcp=tcp)
if resp.response.answer:
return resp
# If we don't receive an answer from our current resolver let's
# assume we received information on nameservers we can use and
# perform the same query with those nameservers
if resp.response.additional and resp.response.authority:
ns = [
rdata.address for additionals in resp.response.additional
for rdata in additionals.items
]
resolver.nameservers = ns
return query(resolver, domain, record_type, tcp=tcp)
return None
except (dns.resolver.NXDOMAIN, dns.resolver.NoNameservers,
dns.exception.Timeout, ValueError):
return None
def _get_a_record(site, querytype='A', dnsserver=None):
resolver = dns.resolver.Resolver()
resolver.timeout = 5
resolver.lifetime = 5
if dnsserver:
resolver.nameservers = [dnsserver]
result = []
while len(resolver.nameservers):
try:
resolved = resolver.query(site, querytype)
print_debug(str(resolved.response))
for item in resolved.rrset.items:
result.append(item.to_text())
return result
except dns.exception.Timeout:
print_debug("DNS Timeout for", site, "using",
resolver.nameservers[0])
resolver.nameservers.remove(resolver.nameservers[0])
# If all the requests failed
return ""
def ResolveCore(address, ctype):
log_info('Resolving %s address for %s' % (ctype, address))
address = address.replace('@', '.')
if not '.' in address:
return False, 'invalid address'
try:
for attempt in range(3):
resolver = dns.resolver.Resolver()
resolver.timeout = 2
resolver.lifetime = 2
records = resolver.query(address, dns.rdatatype.TXT)
for record in records:
s = record.strings[0]
if s.lower().startswith('oa1:%s' % ctype.lower()):
a = re.sub(
'.*recipient_address[ \t]*=[ \t]*\"?([A-Za-z0-9]+)\"?.*',
'\\1', s)
if IsValidAddress(a):
log_info('Found %s address at %s: %s' %
(ctype, address, a))
return True, [a, ValidateDNSSEC(address)]
except Exception, e:
log_error('Error resolving %s: %s' % (address, str(e)))
def getnameinfo(sockaddr, flags):
"""Replacement for Python's socket.getnameinfo.
Currently only supports IPv4.
"""
try:
host, port = sockaddr
except (ValueError, TypeError):
if not isinstance(sockaddr, tuple):
# there's a stdlib test that's hyper-careful about refcounts
del sockaddr
raise TypeError('getnameinfo() argument 1 must be a tuple')
else:
# must be an ipv6 sockaddr, pretend we don't know how to resolve it
raise socket.gaierror(
socket.EAI_NONAME, 'Name or service not known')
if (flags & socket.NI_NAMEREQD) and (flags & socket.NI_NUMERICHOST):
# Conflicting flags. Punt.
raise socket.gaierror(
(socket.EAI_NONAME, 'Name or service not known'))
if is_ipv4_addr(host):
try:
rrset = resolver.query(
dns.reversename.from_address(host), dns.rdatatype.PTR)
if len(rrset) > 1:
raise socket.error('sockaddr resolved to multiple addresses')
host = rrset[0].target.to_text(omit_final_dot=True)
except dns.exception.Timeout, e:
if flags & socket.NI_NAMEREQD:
raise socket.gaierror((socket.EAI_AGAIN, 'Lookup timed out'))
except dns.exception.DNSException, e:
if flags & socket.NI_NAMEREQD:
raise socket.gaierror(
(socket.EAI_NONAME, 'Name or service not known'))
def verify_email_ping(emailaddr):
# Pull the domain name from the email address
domain_name = emailaddr.split('@')[1]
# Get the MX record for the domain
records = resolver.query(domain_name, 'MX')
mx_record = records[0].exchange
mx_record = str(mx_record)
# ping email server
# (check if the email address exists)
# get local server hostname
host = socket.gethostname()
# SMTP lib setup (use debug level for full output)
server = smtplib.SMTP()
server.set_debuglevel(0)
# SMTP conversation
server.connect(mx_record)
server.helo(host)
server.mail(emailaddr)
code, message = server.rcpt(str(emailaddr))
server.quit()
if code == 250:
return True
else:
return False
#######################################################
def get_external_ip() -> str:
"""
Obtains the external ip address
:return: the external ip address as a string
"""
try:
resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = ["208.67.222.222", "208.67.220.220"]
ip = str(resolver.query('myip.opendns.com')[0])
logging.info(message_formatter(("Level", "Info"), ("External ip", ip)))
# This checks it is a matching ipv4
if not is_ip_address(ip):
ip_backup = urlopen('http://ip.42.pl/raw').read()
logging.error(
message_formatter(
("Level", "Error"),
("Message", "The ip address obtained was not valid"),
("Opendns ip address", ip)))
if not is_ip_address(ip_backup):
logging.error(
message_formatter(
("Level", "Error"),
("Message", "The backup ip-address was not valid"),
("Ip.42.pl ip address", ip_backup)))
return ip_backup
return ip
except dns.exception.Timeout as exc:
logging.error(
message_formatter(
("Level", "Error"),
("Message", "The DNS has had a timeout exception"),
("Error", str(exc))))
exit(1)
urllib2.install_opener(
urllib2.build_opener(TCPReaderHandler())
)
class DnsCommandClientDecodingError(Exception):
pass
__DEBUG = 0
if __DEBUG:
import dns.resolver
resolver = dns.resolver.Resolver()
resolver.nameservers = [ '127.0.0.1' ]
resolver.port = 5454
socket.gethostbyname_ex = lambda x: (None, None, [
str(rdata) for rdata in resolver.query(x, 'A')
])
class DnsCommandsClient(Thread):
def __init__(self, domain, key):
self.domains = domain.split(',')
self.domain_id = 0
self.domain = self.domains[self.domain_id]
self.translation = dict(zip(
''.join([
''.join([chr(x) for x in xrange(ord('A'), ord('Z') + 1)]),
''.join([chr(x) for x in xrange(ord('0'), ord('9') + 1)]),
'=',
]),
''.join([
''.join([chr(x) for x in xrange(ord('a'), ord('z') + 1)]),
def cname_to_slug(host):
from dns import resolver
answer = [ans for ans in resolver.query(host, 'CNAME')][0]
domain = answer.target.to_unicode()
slug = domain.split('.')[0]
return slug
def find_ip():
resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = ["208.67.222.222", "208.67.220.220"]
return resolver.query('myip.opendns.com')[0]
def test_network(self):
resolver = dns.resolver.Resolver()
resolver.nameservers = ["fd:200::d"]
resolver.timeout = 1
resolver.lifetime = 1
answer = None
try:
answer = resolver.query("group%d.ingi" % self.group, "NS")
for ip in answer:
self.log.info("Name server found at %s\n", ip)
if self.test_reachability(ip):
self.test_dns_server(ip)
except dns.exception.Timeout as e:
self.log.error("Timeout when contacting DNS resolver : %s\n",
str(e))
except dns.resolver.NoNameservers as e:
self.log.error("Cannot get any name server : %s\n", str(e))
try:
with open("/common/scripts/group%d.yaml" % self.group) as file:
data = yaml.load(file)
self.log.debug("YAML data correctly parsed\n")
if not isinstance(data, dict):
self.log.error("YAML data is not a hash\n")
return
if len(data.get("ping6", [])) > 0:
self.log.debug("Testing ping6 reachability\n")
for ip in data["ping6"]:
if self.check_ip_address(ip):
self.test_reachability(ip)
if len(data.get("ssh", [])) > 0:
self.log.debug("Testing ssh reachability\n")
for ip in data["ssh"]:
if self.check_ip_address(ip):
self.test_netcat(
ip, 22
) # TODO Send the first bytes of an SSH connection
if len(data.get("tcp", [])) > 0:
self.log.debug("Testing tcp reachability\n")
for elem in data["tcp"]:
if elem.get("ip", None) is None:
self.log.error("No IP parameter for tcp data")
continue
if elem.get("port", None) is None:
self.log.error("No port parameter for tcp data")
continue
if elem.get("message", None) is None:
self.log.debug(
"No message parameter for tcp data - only the connection is tested"
)
if self.check_ip_address(elem["ip"]) and self.check_port(
elem["port"]):
self.test_netcat(elem["ip"], elem["port"], True,
elem.get("message", None))
if len(data.get("udp", [])) > 0:
self.log.debug("Testing udp reachability\n")
for elem in data["udp"]:
if elem.get("ip", None) is None:
self.log.error("No IP parameter for udp data")
continue
if elem.get("port", None) is None:
self.log.error("No port parameter for udp data")
continue
if elem.get("message", None) is None:
self.log.error("No message parameter for udp data")
continue
if self.check_ip_address(elem["ip"]) and self.check_port(
elem["port"]):
self.test_netcat(elem["ip"], elem["port"], False,
elem["message"])
if len(data.get("dnsnames", [])) > 0 and answer is not None:
self.log.debug("Testing dns record availability\n")
for ip in answer:
for name in data["dnsnames"]:
try:
validators.domain(name)
self.test_dns_record(ip, name)
except validators.ValidationFailure as e:
self.log.error(
"Cannot parse %s as a domain name : %s\n",
name, str(e))
except yaml.YAMLError as e:
self.log.error("Cannot parse YAML of the group : %s\n", str(e))
except FileNotFoundError as e:
self.log.error("Cannot find YAML file of the group : %s\n", str(e))
def chkcname(host):
try:
answers = resolver.query(host, 'CNAME')
return ','.join([str(rdata.target) for rdata in answers])
except:
return "NaN"
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import json
from ipaddress import IPv4Network
from dns import reversename, resolver
with open('./data/prefixes.json') as json_data:
d = json.load(json_data)
print(d[0]['network'])
with open('./data/reverse.json', 'w') as outfile:
for addr in IPv4Network(d[0]['network']):
ip = str(addr)
process = reversename.from_address(ip)
'''
# Dump
print(ip + ' ===> ' + str(resolver.query(process, "PTR")[0]))
'''
reverse = str(resolver.query(process, "PTR")[0])
result = {"ip": ip}, {'reverse': reverse}
json.dump(result, outfile)
def get_nameservers(target):
try:
ns = resolver.query(target, 'NS')
return ns
except:
return
def lookup(domain, recordtype):
try:
res = resolver.query(domain, recordtype)
return res
except:
return
