def main(key_start, key_end):
    try:
        key_file = open(filename, "r")
    except:
        print "[ERROR]: key file not found. \n  run python redisKeyDump.py > redis-backups/236keys.txt"
        return

    if key_start < 0:
        key_start = 0
    if key_end > 236733 - 1:
        key_end = 236733 - 1
    print "range:", key_start, key_end
    for i, line in enumerate(key_file):
        if i < key_start or i > key_end:
            continue
        key = line.rstrip("\n")
        ip_set = db_dns.smembers(key)
        if ip_set == set():
            # empty set, we need to look it up
            # ip = socket.gethostbyname(key)
            # didn't handle those without ip for now
            print key
        else:
            for ip in ip_set:
                if ip is not "":
                    print "[%i] %s, %s, %s" % (i, key, ip, ip2openResolvers(ip))
                    query(key, ip)
Example #2
0
def validate_zone(zone, parent_zone):
  zone_info = ZoneInfo(zone.name)
  try:
    ns_addr = query(zone.soa.rrset[0].mname.to_text(), dns.rdatatype.A)
    if ns_addr.rrset is None:
      raise RessourceMissingError(f'NS A')
    zone.ns = ns_addr.rrset[0].to_text()
    ds, nsec_type = query_DS(zone, parent_zone)
    if ds:
      zone_info.ds_digests = parse_ds_digests(ds.rrset)
    zone.dnskey = query(zone.name, dns.rdatatype.DNSKEY, zone.ns)
    ## Checks ##
    zone_info.has_dnskey = zone.dnskey.rrset is not None
    zone_info.has_ds = ds is not None
    if zone_info.has_dnskey:
      zone_info.valid_dnskey = validate_rrsigset(
          zone.dnskey.rrset, zone.dnskey.rrsig, zone.name, zone.dnskey.rrset)
      zone_info.num_ksk, zone_info.num_zsk, zone_info.key_algos = parse_deployed_keys(
          zone.dnskey.rrset)
    if ds and parent_zone.dnskey.rrset:
      zone_info.valid_ds = validate_rrsigset(ds.rrset, ds.rrsig, parent_zone.name,
                                             parent_zone.dnskey.rrset)
    zone_info.valid_soa = validate_rrsigset(zone.soa.rrset, zone.soa.rrsig,
                                            zone.name, zone.dnskey.rrset)
    if zone_info.has_ds and zone_info.has_dnskey:
      zone_info.validated = validate_zsk(
          zone.name, zone.dnskey.rrset, ds.rrset)

    if not zone_info.has_ds:
      zone_info.validation_state = 'UNSECURED'
      zone_info.reason = nsec_type
  except Exception as e:
    zone_info.from_error(e)
  return zone, zone_info
Example #3
0
def getTTL(domain, q):
    global wrongCnt,additZero,registered
    TTL = 0
    try:
        response = query(domain, name_server)
        additCnt = len(response.additional)
    except dns.exception.Timeout:
        additCnt = 0
        wrongCnt += 1

    if additCnt == 0:
        additZero+=1

    else:
        addit = response.additional[0]
        Serveraddr = addit.items[0].address

        try:
            response = query(domain, Serveraddr)
            ansCnt = len(response.additional)
        except dns.exception.Timeout:
            ansCnt = 0
            wrongCnt += 1

        ansCnt = len(response.answer)
        if ansCnt != 0:
            registered+=1
            answer = response.answer[0]
            TTL = answer.ttl

    # print domain, TTL
    # f.write(domain + ' ' + str(TTL) + '\n')
    if TTL!=0:
        q.put(domain + ' ' + str(TTL))
Example #4
0
 def __init__(self,
              qname,
              qtype=dns.rdatatype.A,
              qclass=dns.rdataclass.IN):
     self.qname = qname
     self.qtype = qtype
     self.qclass = qclass
     query(self.done, self.lose, qname, qtype=qtype, qclass=qclass)
Example #5
0
    def dnsmap(self):
        result = subprocess.check_output([dnsmapdir + '/dnsmap', self.domain])  # Executes dnsmap
        # Formats output
        out = re.split('IP address #.: ', result)
        domain = re.split('\n', out)
        domain = domain[5]  # Stores first domain found
        store = ''  # Stores previous domain name if >1 ip returned
        for i in out:
            if i.startswith('\n'):
                pass
            else:
                ip = re.split('\n', i)
                if ip[0].startswith('dnsmap'):  # Filters out dnsmap messages
                    pass
                else:
                    if dns.query(ip[0]):
                        if ip[0] in iplist:
                            pass
                        else:
                            iplist.append(ip[0])
                        print(output("%s is hosted at %s" % (domain, ip[0])))

                    # Fixes errors when >1 ip returned for 1 subdomain
                    try:
                        if ip[0] == '127.0.0.1':  # prevents errors by dnsmap warning
                            domain = ip[3]
                        else:
                            domain = ip[2]
                    except:
                        domain = ''
                    if domain == '':
                        domain = store
                    else:
                        store = ip[2]
Example #6
0
def dnsHistory(domain):
    rows = ''
    print("\n-- Checking dns history --")
    url = 'http://toolbar.netcraft.com/site_report?url=' + domain
    try:
        request = urllib.request.urlopen(url)
        html = request.read()
    except:
        html = ''
    soup = BeautifulSoup(''.join(html))
    tables = soup.findAll(attrs={'class': 'TBtable'})
    try:
        table = tables[1]
    except:
        table = ''  # Prevents errors if no history returned
        rows = ''
    if table:
        rows = soup.table.findAll('tr')  # Need to edit out again
    x = -1
    try:
        for tr in rows:
            columns = tr.findAll('td')
            for td in columns:
                text = ''.join(td.find(text=True))
                if x % 5 == 0:  # Only ip addresses are checked
                    if dns.query(text):  # Finds last ip thats not CloudFlare
                        print(output("The last known ip address is: %s" %
                                     text))
                        if text not in iplist:
                            iplist.append(text)
                        raise End  # Breaks from multiple loops
                x += 1
    except End:
        pass
    print("\n#" + "-" * 77 + "#")
Example #7
0
def trusted(answer):
    """Check if one signer in the dns.resolver.Answer is trusted"""
    for signer in signers(answer).keys():
        keyans = query(signer, dns.rdatatype.DNSKEY)
        for key in keyans:
            if signed_by(answer, key):
                return True
Example #8
0
def dnsHistory(domain):
    rows = ''
    print("\n-- Checking dns history --")
    url = 'http://toolbar.netcraft.com/site_report?url=' + domain
    try:
        request = urllib.request.urlopen(url)
        html = request.read()
    except:
        html = ''
    soup = BeautifulSoup(''.join(html))
    tables = soup.findAll(attrs={'class': 'TBtable'})
    try:
        table = tables[1]
    except:
        table = ''  # Prevents errors if no history returned
        rows = ''
    if table:
        rows = soup.table.findAll('tr')  # Need to edit out again
    x = -1
    try:
        for tr in rows:
            columns = tr.findAll('td')
            for td in columns:
                text = ''.join(td.find(text=True))
                if x % 5 == 0:  # Only ip addresses are checked
                    if dns.query(text):  # Finds last ip thats not CloudFlare
                        print(output("The last known ip address is: %s" % text))
                        if text not in iplist:
                            iplist.append(text)
                        raise End  # Breaks from multiple loops
                x += 1
    except End:
        pass
    print("\n#" + "-" * 77 + "#")
Example #9
0
    def dnsmap(self):
        result = subprocess.check_output([dnsmapdir + '/dnsmap',
                                          self.domain])  # Executes dnsmap
        # Formats output
        out = re.split('IP address #.: ', result)
        domain = re.split('\n', out)
        domain = domain[5]  # Stores first domain found
        store = ''  # Stores previous domain name if >1 ip returned
        for i in out:
            if i.startswith('\n'):
                pass
            else:
                ip = re.split('\n', i)
                if ip[0].startswith('dnsmap'):  # Filters out dnsmap messages
                    pass
                else:
                    if dns.query(ip[0]):
                        if ip[0] in iplist:
                            pass
                        else:
                            iplist.append(ip[0])
                        print(output("%s is hosted at %s" % (domain, ip[0])))

                    # Fixes errors when >1 ip returned for 1 subdomain
                    try:
                        if ip[0] == '127.0.0.1':  # prevents errors by dnsmap warning
                            domain = ip[3]
                        else:
                            domain = ip[2]
                    except:
                        domain = ''
                    if domain == '':
                        domain = store
                    else:
                        store = ip[2]
Example #10
0
def domain2ip(domain, ips_Queue, lines_Queue):
    try:
        ips, line = query(domain, record_type='A')
        for ip in ips:
            ips_Queue.put(ip)
        lines_Queue.put(line)
    except Exception, e:
        print e
Example #11
0
 def __init__(self, cb, eb, host, address_families = typemap.values()):
   self.cb = cb
   self.eb = eb
   self.host = host
   self.result = []
   self.queries = [query(self.done, self.lose, host, qtype)
                   for qtype in self.typemap
                   if self.typemap[qtype] in address_families]
Example #12
0
    def ns(self):
        if not self.nameservers:
            return [
                ns.target.to_text() for ns in query(
                    self.domain, dns.rdatatype.NS, self.dnssec).rrset
            ]

        return self.nameservers
Example #13
0
 def __init__(self, cb, eb, host, address_families=typemap.values()):
     self.cb = cb
     self.eb = eb
     self.host = host
     self.result = []
     self.queries = [
         query(self.done, self.lose, host, qtype) for qtype in self.typemap
         if self.typemap[qtype] in address_families
     ]
Example #14
0
    def fast(self):
        print("\n-- Testing common subdomains for misconfiguration --")
        for sub in self.subs:
            subdomain = sub + '.' + self.domain
            response = dns.query(subdomain)
            if response:  # If subdomain exists
                # Prevent  errors if >1 ip returned for domain
                if type(response) == list:
                    for ip in response:
                        self.ips[subdomain] = ip
                else:
                    pass

        # Checks if the discovered domains are behind cloudflare
        for domain, ip in self.ips.iteritems():
            if dns.query(ip):
                print(output("%s is hosted at %s" % (domain, ip)))
                if ip not in iplist:
                    iplist.append(ip)
Example #15
0
    def fast(self):
        print("\n-- Testing common subdomains for misconfiguration --")
        for sub in self.subs:
            subdomain = sub + '.' + self.domain
            response = dns.query(subdomain)
            if response:  # If subdomain exists
                # Prevent  errors if >1 ip returned for domain
                if type(response) == list:
                    for ip in response:
                        self.ips[subdomain] = ip
                else:
                    pass

        # Checks if the discovered domains are behind cloudflare
        for domain, ip in self.ips.iteritems():
            if dns.query(ip):
                print(output("%s is hosted at %s" % (domain, ip)))
                if ip not in iplist:
                    iplist.append(ip)
Example #16
0
    def tld(self):
        print("\n-- Testing common tlds --")
        tmp = re.split('\..*', self.domain)  # Removes current tld

        for i in self.tlds:
            testDomain = tmp[0] + i
            response = dns.query(testDomain)
            if response:
                if type(response) == list:  # If >1 ips returned
                    for ip in response:
                        if dns.query(ip):
                            print(output("%s is hosted at %s" % (testDomain, ip)))
                            if ip not in iplist:
                                iplist.append(ip)
                else:
                    if dns.query(ip):
                        print(output("%s is hosted at %s" % (testDomain, ip)))
                        if ip not in iplist:
                            iplist.append(ip)
Example #17
0
def domains2ips(domain_list, server=None):
    IP_list = []
    lines = []
    domain_list = strip_list(domain_list)
    for domain in set(domain_list):
        try:
            ips, line = query(domain, record_type='A', server=server)
            IP_list.extend(ips)
            lines.append(line)
        except Exception, e:
            print e
Example #18
0
def recursive_query(resolver, domain, record_type='NS'):
    query_domain = str(domain)
    query_response = None
    try:
        while query_response is None:
            query_response = query(resolver, query_domain, record_type)
            query_domain = query_domain.split('.', 1)[1]
    except IndexError:
        return None

    return query_response
Example #19
0
def recursive_query(resolver, domain, record_type='NS'):
    query_domain = str(domain)
    query_response = None
    try:
        while query_response is None:
            query_response = query(resolver, query_domain, record_type)
            query_domain = query_domain.split('.', 1)[1]
    except IndexError:
        return None

    return query_response
Example #20
0
    def tld(self):
        print("\n-- Testing common tlds --")
        tmp = re.split('\..*', self.domain)  # Removes current tld

        for i in self.tlds:
            testDomain = tmp[0] + i
            response = dns.query(testDomain)
            if response:
                if type(response) == list:  # If >1 ips returned
                    for ip in response:
                        if dns.query(ip):
                            print(
                                output("%s is hosted at %s" %
                                       (testDomain, ip)))
                            if ip not in iplist:
                                iplist.append(ip)
                else:
                    if dns.query(ip):
                        print(output("%s is hosted at %s" % (testDomain, ip)))
                        if ip not in iplist:
                            iplist.append(ip)
Example #21
0
    def subdomainWorker(visited):
        while True:
            subdomain = subdomainQueue.get()
            if type(subdomain) is int:
                return
            url = concatenate_subdomains(domain, [subdomain])
            try:
                record = query(resolver, url, record_type='A')
            except dns.exception.Timeout:
                return

            if record is None:
                continue

            try:
                ip = ipaddress.IPv4Address(record[0].address)
            except TypeError:
                return

            headers = False
            if kwargs.get('connect') and not ip.is_private:
                headers = head_request(str(ip))

            if kwargs.get("traverse"):
                traverse = kwargs.get("traverse")
            else:
                traverse = 5

            if kwargs.get("wide"):
                ips = wide_expander(ip)
            else:
                ips = traverse_expander(ip, traverse)

            filter_func = None
            if kwargs.get("search"):
                filter_func = functools.partial(search_filter, kwargs["search"])

            ips = set(ips) - set(visited)
            visited |= ips

            hosts.put({
                str(url): {
                    'ip': str(ip),
                    'headers': headers,
                    'nearby': find_nearby(resolver, ips, filter_func=filter_func)
                }
            })

            if kwargs.get("delay"):
                time.sleep(kwargs["delay"])
            else:
                time.sleep(0)
Example #22
0
def validate_root_zone():
  global root_zone
  ns = '198.41.0.4'  # IP of a.root-servers.net. This doesn't have to be validated!
  dnskey = query('.', dns.rdatatype.DNSKEY, ns)
  if dnskey.rrset is None:
    raise RessourceMissingError('DNSKEY')
  zone = Zone('.', dnskey, ns, None, None)

  # Validate
  if not validate_rrsigset(
          dnskey.rrset, dnskey.rrsig, '.', dnskey.rrset):
    raise ShouldNotHappenError('could not validate root DNSKEY RRSIG')
  validate_root_zsk(dnskey.rrset)
  root_zone = zone
Example #23
0
    def query(self, name, rdtype):
        """Lookup."""
        if self.direct:
            raised = None
            for ns in self.ns:
                try:
                    ans = self.query_at(name, rdtype, ns)
                    return ans
                except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer,
                        exceptions.BadRcode) as e:
                    raised = e
            if raised:
                raise raised

        return query(name, rdtype, self.dnssec)
Example #24
0
 def run(self):
     while True:
         if input_Queue.empty():
             break
         domain = input_Queue.get(1)
         #input_Queue.task_done() #no need in this program
         domain = domain.strip()
         try:
             ips, line = query(domain, record_type='A')
             print line
             for ip in ips:
                 outout_ips_Queue.put(ip)
             outout_lines_Queue.put(line)
         except Exception, e:
             print e
Example #25
0
def is_valid_zone(zone):
  # Has this zone been checked before?
  if zone in nonexisting_zones:
    return False, None
  if zone in existing_zones:
    return True, existing_zones.get(zone)

  # Has not been checked before. Check it!
  soa = query(zone, dns.rdatatype.SOA)
  if soa.rrset is None:
    raise RessourceMissingError(f'SOA')
  exists = soa.rrset.name.to_text() == zone
  if exists:
    existing_zones[zone] = soa
    return exists, soa
  nonexisting_zones.add(zone)
  return False, None
Example #26
0
def check_authority(url, nameservers):
    """check the list of authoritative nameservers for one of our canonical ones"""

    owned = 'N/A'

    # get a nameserver to resolve for us
    nameserver = '8.8.8.8' # Google's

    # create a dns name from the URL
    subject = dns.name.from_text(url)

    def query(nameserver, domain, response_type):
      """ generalize queries so we can do SOA, NS, etc; take params, return response """
      try:
        query = dns.message.make_query(domain, response_type)
        return dns.query.udp(query, nameserver, timeout=5)
      except:
        log.msg('Unable to lookup %s on %s: %s' % (url, nameserver, sys.exc_info()[0]), level=log.WARNING)
        # TODO: retry?

    response = query(nameserver, subject, dns.rdatatype.SOA)

    # handle some errors
    rcode = response.rcode()
    if rcode == dns.rcode.REFUSED:
      log.msg('Nameserver Error: %s refused to lookup %s.' % (nameserver, url), level=log.WARNING)
      return owned
    elif rcode == dns.rcode.NXDOMAIN:
      log.msg('Nameserver cannot find %s.' % url, level=log.DEBUG)
    elif rcode != dns.rcode.NOERROR:
      log.msg('Nameserver Error: while looking up %s received %s' % (url, dns.rcode.to_text(rcode)), level=log.WARNING)
      return owned

    # get the dns representation of the response
    ns = response.authority if len(response.authority) > 0 else response.answer
    # get the text representation of its first record
    ns = ns[0][0].to_text()
    # get the nameserver out of that
    ns = ns.split()[0].rstrip('.')

    # check if the ns is in our list of nameservers
    owned = ns in nameservers
    if owned: 
      log.msg('->Mozilla is authoritative for %s.' % (url), level=log.DEBUG)

    return owned
Example #27
0
 def remote_resolve(self, host, dnsserver, timeout=2, udp=False):
     try:
         request = dns.message.make_query(dns.name.from_text(host),
                                          dns.rdatatype.A)
         query = dns.query.udp if udp else dns.query.tcp
         response = query(request, dnsserver, timeout=timeout)
         if response.answer:
             return sum(
                 map(lambda ans: [addr.address for addr in ans], [
                     ans for ans in response.answer
                     if ans.rdtype == dns.rdatatype.A
                 ]), [])
         else:
             return []
     except dns.exception.Timeout:
         return []
     except:  # remote connection failed
         return []
Example #28
0
 def run(self):
     while True:
         if input_Queue.empty():
             break
         domain = input_Queue.get(1)
         # input_Queue.task_done()#配合写法一,但是写在这里可能导致结果缺少数据
         domain = domain.strip()
         try:
             ips, line = query(domain, record_type='A')
             print line
             for ip in ips:
                 outout_ips_Queue.put(ip)
             outout_lines_Queue.put(line)
         except Exception, e:
             print e
         #配合写法一
         # signals to queue job is done
         input_Queue.task_done()  # 配合写法一
Example #29
0
def query(domain, record_type='A', server=None):
    domain = domain.strip()
    resolver = dns.resolver.Resolver()
    if server != None:
        resolver.nameservers = [server]
    ips = []
    try:
        resp = resolver.query(domain, record_type, raise_on_no_answer=False)
        if resp.response.answer:
            tmpip = []
            tmpcname = []
            for i in resp.response.answer:
                for j in i.items:
                    try:
                        #print "{0}   {1}".format(domain,j.address)
                        tmpip.append(j.address)
                    except:  # CNAME here
                        #print "{0}   {1}".format(domain,j.to_text())
                        tmpcname.append(j.to_text())
            line = "{0}\t{1}\t{2}".format(domain.ljust(30),
                                          ", ".join(tmpcname),
                                          ", ".join(tmpip))
            if tmpip != None:  #only collect IPs that don't use CDN (cname)
                ips.extend(tmpip)
            #print line
            return ips, line

        # If we don't receive an answer from our current resolver let's
        # assume we received information on nameservers we can use and
        # perform the same query with those nameservers
        if resp.response.additional and resp.response.authority:
            ns = [
                rdata.address for additionals in resp.response.additional
                for rdata in additionals.items
            ]
            resolver.nameservers = ns
            return query(resolver, domain, record_type)
        #print domain
        return [], domain
    except (dns.resolver.NXDOMAIN, dns.resolver.NoNameservers,
            dns.exception.Timeout):
        #print domain
        return [], domain
Example #30
0
    def get_soa(self):
        """
        Function for SOA Record resolving. Returns all SOA records. Returns also the IP
        address of the host both in IPv4 and IPv6. Returns an Array.
        """
        soa_records = []
        tcp = True if self._proto == "tcp" else False
        query = dns.message.make_query(self._domain, dns.rdatatype.SOA)
        try:
            response = query(query, self._res.nameservers[0],
                             self._res.timeout)
            if len(response.answer) > 0:
                answers = response.answer
            elif len(response.authority) > 0:
                answers = response.authority
            for rdata in answers:
                # A zone only has one SOA record so we select the first.
                name = rdata[0].mname.to_text()
                ipv4_answers = self._res.query(name, 'A', tcp=tcp)
                for ardata in ipv4_answers:
                    if name.endswith('.'):
                        soa_records.append(['SOA', name[:-1], ardata.address])
                    else:
                        soa_records.append(['SOA', name, ardata.address])
        except (dns.resolver.NXDOMAIN, dns.exception.Timeout,
                dns.resolver.NoAnswer, socket.error, dns.query.BadResponse):
            print_error('Error while resolving SOA record.')
            return soa_records

        try:
            for rdata in answers:
                name = rdata.mname.to_text()
                ipv4_answers = self._res.query(name, 'AAAA', tcp=tcp)
                for ardata in ipv4_answers:
                    if name.endswith('.'):
                        soa_records.append(['SOA', name[:-1], ardata.address])
                    else:
                        soa_records.append(['SOA', name, ardata.address])

            return soa_records
        except:
            return soa_records
Example #31
0
def query(resolver, domain, record_type='A'):
    try:
        resp = resolver.query(domain, record_type, raise_on_no_answer=False)
        if resp.response.answer:
            return resp

        # If we don't receive an answer from our current resolver let's
        # assume we received information on nameservers we can use and
        # perform the same query with those nameservers
        if resp.response.additional and resp.response.authority:
            ns = [
                rdata.address for additionals in resp.response.additional
                for rdata in additionals.items
            ]
            resolver.nameservers = ns
            return query(resolver, domain, record_type)

        return None
    except (dns.resolver.NXDOMAIN, dns.resolver.NoNameservers):
        return None
Example #32
0
def query(resolver, domain, record_type='A'):
    try:
        resp = resolver.query(domain, record_type, raise_on_no_answer=False)
        if resp.response.answer:
            return resp

        # If we don't receive an answer from our current resolver let's
        # assume we received information on nameservers we can use and
        # perform the same query with those nameservers
        if resp.response.additional and resp.response.authority:
            ns = [
                rdata.address
                for additionals in resp.response.additional
                for rdata in additionals.items
            ]
            resolver.nameservers = ns
            return query(resolver, domain, record_type)

        return None
    except (dns.resolver.NXDOMAIN, dns.resolver.NoNameservers):
        return None
Example #33
0
        def run(self):
            while True:
                if input_Queue.empty():
                    break
                target = input_Queue.get(1)
                # input_Queue.task_done() #no need in this program
                target = target.strip()
                http = "http://{0}".format(target)
                https = "https://{0}".format(target)
                lastURL1, code1, title1 = getTitle(http)
                lastURL2, code2, title2 = getTitle(https)

                titlelist = []
                if code1 != 503 and title1 != None:
                    titlelist.append(title1)
                if code2 != 503 and title2 != None and title2 != title1:
                    titlelist.append(title2)
                title = " || ".join(titlelist)

                if isIPAddress(target):
                    ips = [target]
                    if title == "":
                        line = ""
                    else:
                        line = "\t\t{0}\t{1}".format(target, title)
                        print line
                else:
                    ips, line = query(target)
                    if title == "":
                        line = ""
                    else:
                        line = "{0}\t{1}".format(line, title)
                        print line

                for ip in ips:
                    ips_Queue.put(ip)

                if line != "":
                    lines_Queue.put(line)
def getAnswer(domain, q, name_server):
    global wrongCnt,logsCnt,numofthreads,alllogs,currenttimeinseconds
    
    try:
        response = query(domain, name_server)
        if len(response.answer) != 0:
            ttl = response.answer[0].ttl
            if ttl == 0:
                ttl = 1
            q.put(domain + ',' + name_server + ',' + str(response.answer[0].ttl) + ',' + str(currenttimeinseconds))
            # all logs

            log = '  ' + '\n'
            log+=domain + ' ' + str(currenttimeinseconds) + '\n'
            for i in response.answer:
                log+= str(i) + '\n'
            for i in response.authority:
                log+= str(i) + '\n'
            for i in response.additional:
                log+= str(i) + '\n'
            alllogs.append(log)
            logsCnt+=1

        else:
            q.put(domain + ',' + name_server + ',' + str(0) + ',' + str(currenttimeinseconds))


    except dns.exception.Timeout:
        wrongCnt += 1
    
    except dns.exception.FormError:
        pass
        #print 'formerror'
    
    except socket.error:
        pass
        #print 'socket error,connection forced closed'

    numofthreads-=1
Example #35
0
    def subdomainWorker(visited):
        while True:
            subdomain = subdomainQueue.get()
            if type(subdomain) is int:
                return
            url = concatenate_subdomains(domain, [subdomain])
            record = query(resolver, url, record_type='A')

            if record is None:
                continue

            ip = ipaddress.IPv4Address(record[0].address)
            print("Found: {} ({})".format(url, ip))

            if kwargs.get('connect') and not ip.is_private:
                headers = head_request(str(ip))
                if headers:
                    print("HTTP connected:")
                    pprint.pprint(headers)

            if kwargs.get("wide"):
                ips = wide_expander(ip)
            elif kwargs.get("traverse"):
                ips = traverse_expander(ip, kwargs["traverse"])
            else:
                continue

            filter_func = None
            if kwargs.get("search"):
                filter_func = functools.partial(search_filter,
                                                kwargs["search"])

            ips = set(ips) - set(visited)
            visited |= ips

            find_nearby(resolver, ips, filter_func=filter_func)

            if kwargs.get("delay"):
                time.sleep(kwargs["delay"])
Example #36
0
def target2line(target, ips_Queue, lines_Queue):
    target = target.strip()
    http = "http://{0}".format(target)
    https = "https://{0}".format(target)
    lastURL1, code1, title1 = getTitle(http)
    lastURL2, code2, title2 = getTitle(https)

    titlelist = []
    if code1 != 503 and title1 != None:
        titlelist.append(title1)
    if code2 != 503 and title2 != None and title2 != title1:
        titlelist.append(title2)
    title = " || ".join(titlelist)

    if isIPAddress(target):
        ips = [target]
        if title == "":
            line = ""
        else:
            line = "\t\t{0}\t{1}".format(target, title)
            print line
    else:
        ips, line = query(target)
        if title == "":
            line = ""
        else:
            line = "{0}\t{1}".format(line, title)
            print line

    for ip in ips:
        ips_Queue.put(ip)

    if line != "":
        lines_Queue.put(line)

    return line
Example #37
0
def reverse_query(resolver, ip, tcp=False):
    return query(resolver,
                 dns.reversename.from_address(ip),
                 record_type='PTR',
                 tcp=tcp)
Example #38
0
def fierce(**kwargs):
    resolver = dns.resolver.Resolver()

    nameservers = None
    if kwargs.get('dns_servers'):
        nameservers = kwargs['dns_servers']
    elif kwargs.get('dns_file'):
        nameservers = [ns.strip() for ns in open(kwargs["dns_file"]).readlines()]

    if nameservers:
        resolver.nameservers = nameservers

    if kwargs.get("range"):
        internal_range = ipaddress.IPv4Network(kwargs.get("range"))
        find_nearby(resolver, list(internal_range))

    if not kwargs.get("domain"):
        return

    domain = dns.name.from_text(kwargs['domain'])
    if not domain.is_absolute():
        domain = domain.concatenate(dns.name.root)

    ns = query(resolver, domain, record_type='NS')
    domain_name_servers = [n.to_text() for n in ns]
    print("NS: {}".format(" ".join(domain_name_servers)))

    soa = query(resolver, domain, record_type='SOA')
    soa_mname = soa[0].mname
    master = query(resolver, soa_mname, record_type='A')
    master_address = master[0].address
    print("SOA: {} ({})".format(soa_mname, master_address))

    zone = zone_transfer(master_address, domain)
    print("Zone: {}".format("success" if zone else "failure"))
    if zone:
        pprint.pprint({k: v.to_text(k) for k, v in zone.items()})
        return

    random_subdomain = str(random.randint(1e10, 1e11))
    random_domain = concatenate_subdomains(domain, [random_subdomain])
    wildcard = query(resolver, random_domain, record_type='A')
    print("Wildcard: {}".format("success" if wildcard else "failure"))

    if kwargs.get('subdomains'):
        subdomains = kwargs["subdomains"]
    else:
        subdomains = [sd.strip() for sd in open(kwargs["subdomain_file"]).readlines()]

    visited = set()

    for subdomain in subdomains:
        url = concatenate_subdomains(domain, [subdomain])
        record = query(resolver, url, record_type='A')

        if record is None:
            continue

        ip = ipaddress.IPv4Address(record[0].address)
        print("Found: {} ({})".format(url, ip))

        if kwargs.get('connect') and not ip.is_private:
            headers = head_request(str(ip))
            if headers:
                print("HTTP connected:")
                pprint.pprint(headers)

        if kwargs.get("wide"):
            ips = wide_expander(ip)
        elif kwargs.get("traverse"):
            ips = traverse_expander(ip, kwargs["traverse"])
        else:
            continue

        filter_func = None
        if kwargs.get("search"):
            filter_func = functools.partial(search_filter, kwargs["search"])

        ips = set(ips) - set(visited)
        visited |= ips

        find_nearby(resolver, ips, filter_func=filter_func)

        if kwargs.get("delay"):
            time.sleep(kwargs["delay"])
Example #39
0
def reverse_query(resolver, ip):
    return query(resolver, dns.reversename.from_address(ip), record_type='PTR')
Example #40
0
def fierce(**kwargs):
    """
    fierce function is directly callable and returns a results dictionary
    :param concurrency:
    :param domain:
    :param print:
    :param connect:
    :return: python dictionary of results
    """

    resolver = dns.resolver.Resolver()

    nameservers = []
    if kwargs.get('dns_servers'):
        nameservers = kwargs['dns_servers']
    elif kwargs.get('dns_file'):
        nameservers = [ns.strip() for ns in open(kwargs["dns_file"]).readlines()]

    if nameservers:
        resolver.nameservers = nameservers

    reversed_ips = False
    if kwargs.get("range"):
        internal_range = ipaddress.IPv4Network(kwargs.get("range"))
        reversed_ips = find_nearby(resolver, list(internal_range))

    if not kwargs.get("concurrency"):
        numWorkers = 1
    else:
        numWorkers = kwargs.get("concurrency")

    if kwargs.get("domain"):
        domain = dns.name.from_text(kwargs['domain'])
    else:
        return

    if not domain.is_absolute():
        domain = domain.concatenate(dns.name.root)

    # DNS times out sometimes
    domain_name_servers = []
    for attempt in range(0, 5):
        ns = query(resolver, domain, record_type='NS')
        if ns is not None:
            domain_name_servers = [n.to_text() for n in ns]
            break
        time.sleep(3)


    soa = query(resolver, domain, record_type='SOA')
    zone = {}
    soa_mname = ''
    if soa:
        soa_mname = soa[0].mname
        master = query(resolver, soa_mname, record_type='A')
        if master:
            master_address = master[0].address

            zone_dump = zone_transfer(master_address, domain)
            if zone_dump is not None:
                zone = {(k.to_text() + '.' + domain.to_text()): v.to_text(k) for k, v in zone_dump.items()}

    random_subdomain = str(random.randint(1e10, 1e11))
    random_domain = concatenate_subdomains(domain, [random_subdomain])
    wildcard = query(resolver, random_domain, record_type='A')

    if kwargs.get('subdomains'):
        subdomains = kwargs["subdomains"]
    else:
        if kwargs.get("subdomain_file"):
            subdomain_file = kwargs.get("subdomain_file")
        else:
            subdomain_file = find_subdomain_list_file('default.txt')

        subdomains = [sd.strip() for sd in open(subdomain_file).readlines()]


    visited = set()

    hosts = Queue()

    def subdomainWorker(visited):
        while True:
            subdomain = subdomainQueue.get()
            if type(subdomain) is int:
                return
            url = concatenate_subdomains(domain, [subdomain])
            try:
                record = query(resolver, url, record_type='A')
            except dns.exception.Timeout:
                return

            if record is None:
                continue

            try:
                ip = ipaddress.IPv4Address(record[0].address)
            except TypeError:
                return

            headers = False
            if kwargs.get('connect') and not ip.is_private:
                headers = head_request(str(ip))

            if kwargs.get("traverse"):
                traverse = kwargs.get("traverse")
            else:
                traverse = 5

            if kwargs.get("wide"):
                ips = wide_expander(ip)
            else:
                ips = traverse_expander(ip, traverse)

            filter_func = None
            if kwargs.get("search"):
                filter_func = functools.partial(search_filter, kwargs["search"])

            ips = set(ips) - set(visited)
            visited |= ips

            hosts.put({
                str(url): {
                    'ip': str(ip),
                    'headers': headers,
                    'nearby': find_nearby(resolver, ips, filter_func=filter_func)
                }
            })

            if kwargs.get("delay"):
                time.sleep(kwargs["delay"])
            else:
                time.sleep(0)

    workers = []
    subdomainQueue = Queue()
    for i in range(numWorkers):
        p = Process(target=subdomainWorker, args=(visited,))
        workers.append(p)
        p.start()
    for subdomain in subdomains:
        subdomainQueue.put(subdomain)
    while True:
        if subdomainQueue.empty():
            for i in range(numWorkers):
                # workers terminate when they encounter an int
                subdomainQueue.put(50)
            for worker in workers:
                # blocks until process terminates
                worker.join()

            def get_hosts(q):
                d = {}
                while q.qsize() > 0:
                    for fqdn, nearby in q.get().items():
                        d[fqdn] = nearby
                return d

            results = {'target': domain.to_text(),
                       'hosts': get_hosts(hosts),
                       'nameservers': domain_name_servers,
                       'zone': zone if len(zone) > 0 else False,
                       'wildcard': bool(wildcard),
                       'range': reversed_ips
                       }

            results['soa_mname'] = soa_mname.to_text() if soa_mname else ''

            if kwargs.get('pretty_print'):
                print(json.dumps(results, indent=4))
            if kwargs.get('print'):
                print(json.dumps(results))

            return results
Example #41
0
def test_wildcard_rdtype_mismatch(label, rdtype, named_port):
    """any label non-matching rdtype must result in to NODATA"""
    check_answer_nodata(*query(IPADDR, named_port, label, rdtype))
Example #42
0
def test_query_MX():
    answers = query("dnspython.org","MX")
    for rr in answers:
        print(rr.exchange,rr.preference)
    assert 0
Example #43
0
def test_query_A():
    answers = query("www.nist.gov","A")
    for rr in answers:
        print(dir(rr))
Example #44
0
def test_wildcard_match(label, named_port):
    """any label with maching rdtype must result in wildcard data in answer"""
    check_answer_noerror(*query(IPADDR, named_port, label, WILDCARD_RDTYPE))
Example #45
0
 def __init__(self, qname, qtype = dns.rdatatype.A, qclass = dns.rdataclass.IN):
   self.qname = qname
   self.qtype = qtype
   self.qclass = qclass
   query(self.done, self.lose, qname, qtype = qtype, qclass = qclass)
Example #46
0
def fierce(**kwargs):
    resolver = dns.resolver.Resolver()

    resolver = update_resolver_nameservers(resolver, kwargs['dns_servers'],
                                           kwargs['dns_file'])

    if kwargs.get("range"):
        internal_range = ipaddress.IPv4Network(kwargs.get("range"))
        find_nearby(resolver, list(internal_range))

    if not kwargs.get("domain"):
        return

    domain = dns.name.from_text(kwargs['domain'])
    if not domain.is_absolute():
        domain = domain.concatenate(dns.name.root)

    ns = recursive_query(resolver, domain, 'NS')

    if ns:
        domain_name_servers = [n.to_text() for n in ns]
    else:
        domain_name_servers = []

    print("NS: {}".format(" ".join(domain_name_servers) if ns else "failure"))

    soa = recursive_query(resolver, domain, record_type='SOA')
    if soa:
        soa_mname = soa[0].mname
        master = query(resolver, soa_mname, record_type='A')
        master_address = master[0].address
        print("SOA: {} ({})".format(soa_mname, master_address))
    else:
        print("SOA: failure")
        print("Failed to lookup NS/SOA, Domain does not exist")
        exit(-1)

    zone = zone_transfer(master_address, domain)
    print("Zone: {}".format("success" if zone else "failure"))
    if zone:
        pprint.pprint({k: v.to_text(k) for k, v in zone.items()})
        return

    random_subdomain = str(random.randint(1e10, 1e11))
    random_domain = concatenate_subdomains(domain, [random_subdomain])
    wildcard = query(resolver, random_domain, record_type='A')
    print(
        "Wildcard: {}".format(wildcard[0].address if wildcard else "failure"))

    subdomains = get_subdomains(kwargs["subdomains"], kwargs["subdomain_file"])

    visited = set()

    for subdomain in subdomains:
        url = concatenate_subdomains(domain, [subdomain])
        record = query(resolver, url, record_type='A')

        if record is None or record.rrset is None:
            continue

        ip = ipaddress.IPv4Address(record[0].address)
        print("Found: {} ({})".format(url, ip))

        if kwargs.get('connect') and not ip.is_private:
            headers = head_request(str(ip))
            if headers:
                print("HTTP connected:")
                pprint.pprint(headers)

        if kwargs.get("wide"):
            ips = wide_expander(ip)
        elif kwargs.get("traverse"):
            ips = traverse_expander(ip, kwargs["traverse"])
        else:
            continue

        filter_func = None
        if kwargs.get("search"):
            filter_func = functools.partial(search_filter, kwargs["search"])

        ips = set(ips) - set(visited)
        visited |= ips

        find_nearby(resolver, ips, filter_func=filter_func)

        if kwargs.get("delay"):
            time.sleep(kwargs["delay"])
Example #47
0
def fierce(**kwargs):
    resolver = dns.resolver.Resolver()

    resolver = update_resolver_nameservers(resolver, kwargs['dns_servers'],
                                           kwargs['dns_file'])

    if kwargs.get("range"):
        range_ips = range_expander(kwargs.get("range"))
        nearby = find_nearby(
            resolver,
            range_ips,
        )
        if nearby:
            print("Nearby:")
            pprint.pprint(nearby)

    if not kwargs.get("domain"):
        return

    domain = dns.name.from_text(kwargs['domain'])
    if not domain.is_absolute():
        domain = domain.concatenate(dns.name.root)

    ns = recursive_query(resolver, domain, 'NS', tcp=kwargs["tcp"])

    if ns:
        domain_name_servers = [n.to_text() for n in ns]
    else:
        domain_name_servers = []

    print("NS: {}".format(" ".join(domain_name_servers) if ns else "failure"))

    soa = recursive_query(resolver,
                          domain,
                          record_type='SOA',
                          tcp=kwargs["tcp"])
    if soa:
        soa_mname = soa[0].mname
        master = query(resolver, soa_mname, record_type='A', tcp=kwargs["tcp"])
        master_address = master[0].address
        print("SOA: {} ({})".format(soa_mname, master_address))
    else:
        print("SOA: failure")
        fatal("Failed to lookup NS/SOA, Domain does not exist")

    zone = zone_transfer(master_address, domain)
    print("Zone: {}".format("success" if zone else "failure"))
    if zone:
        pprint.pprint({k: v.to_text(k) for k, v in zone.items()})
        return

    random_subdomain = str(random.randint(
        1e10, 1e11))  # noqa DUO102, non-cryptographic random use
    random_domain = concatenate_subdomains(domain, [random_subdomain])
    wildcard = query(resolver,
                     random_domain,
                     record_type='A',
                     tcp=kwargs["tcp"])
    wildcard_ips = set(rr.address
                       for rr in wildcard.rrset) if wildcard else set()
    print("Wildcard: {}".format(
        ', '.join(wildcard_ips) if wildcard_ips else "failure"))

    subdomains = get_subdomains(kwargs["subdomains"], kwargs["subdomain_file"])

    filter_func = None
    if kwargs.get("search"):
        filter_func = functools.partial(search_filter, kwargs["search"])

    expander_func = default_expander
    if kwargs.get("wide"):
        expander_func = wide_expander
    elif kwargs.get("traverse"):
        expander_func = functools.partial(traverse_expander,
                                          n=kwargs["traverse"])

    unvisited = unvisited_closure()

    for subdomain in subdomains:
        try:
            url = concatenate_subdomains(domain, [subdomain])
        except dns.exception.DNSException:
            print("Error occured for subdomain: " + str(subdomain) +
                  ". Skipping.")
            continue

        record = query(resolver, url, record_type='A', tcp=kwargs["tcp"])

        if record is None or record.rrset is None:
            continue

        ips = [rr.address for rr in record.rrset]
        if wildcard_ips == set(ips):
            continue

        ip = ipaddress.IPv4Address(ips[0])

        http_connection_headers = None
        if kwargs.get('connect') and not ip.is_private:
            http_connection_headers = head_request(str(ip))

        ips = expander_func(ip)
        unvisited_ips = unvisited(ips)

        nearby = find_nearby(resolver, unvisited_ips, filter_func=filter_func)

        print_subdomain_result(url,
                               ip,
                               http_connection_headers=http_connection_headers,
                               nearby=nearby)

        if kwargs.get("delay"):
            time.sleep(kwargs["delay"])
Example #48
0
def fierce(**kwargs):
    resolver = dns.resolver.Resolver()

    nameservers = None
    if kwargs.get('dns_servers'):
        nameservers = kwargs['dns_servers']
    elif kwargs.get('dns_file'):
        nameservers = [ns.strip() for ns in open(kwargs["dns_file"]).readlines()]

    if nameservers:
        resolver.nameservers = nameservers

    if kwargs.get("range"):
        internal_range = ipaddress.IPv4Network(kwargs.get("range"))
        find_nearby(resolver, list(internal_range))

    if not kwargs.get("domain"):
        return
    
    if not kwargs.get("concurrency"):
        numWorkers = 1
    else:
        numWorkers = kwargs.get("concurrency")

    domain = dns.name.from_text(kwargs['domain'])
    if not domain.is_absolute():
        domain = domain.concatenate(dns.name.root)

    ns = query(resolver, domain, record_type='NS')
    domain_name_servers = [n.to_text() for n in ns]
    print("NS: {}".format(" ".join(domain_name_servers)))

    soa = query(resolver, domain, record_type='SOA')
    soa_mname = soa[0].mname
    master = query(resolver, soa_mname, record_type='A')
    master_address = master[0].address
    print("SOA: {} ({})".format(soa_mname, master_address))

    zone = zone_transfer(master_address, domain)
    print("Zone: {}".format("success" if zone else "failure"))
    if zone:
        pprint.pprint({k: v.to_text(k) for k, v in zone.items()})
        return

    random_subdomain = str(random.randint(1e10, 1e11))
    random_domain = concatenate_subdomains(domain, [random_subdomain])
    wildcard = query(resolver, random_domain, record_type='A')
    print("Wildcard: {}".format("success" if wildcard else "failure"))

    if kwargs.get('subdomains'):
        subdomains = kwargs["subdomains"]
    else:
        subdomains = [sd.strip() for sd in open(kwargs["subdomain_file"]).readlines()]

    visited = set()

    def subdomainWorker(visited):  
        while True:
            subdomain = subdomainQueue.get()
            if type(subdomain) is int:
                return
            url = concatenate_subdomains(domain, [subdomain])
            record = query(resolver, url, record_type='A')

            if record is None:
                continue

            ip = ipaddress.IPv4Address(record[0].address)
            print("Found: {} ({})".format(url, ip))

            if kwargs.get('connect') and not ip.is_private:
                headers = head_request(str(ip))
                if headers:
                    print("HTTP connected:")
                    pprint.pprint(headers)

            if kwargs.get("wide"):
                ips = wide_expander(ip)
            elif kwargs.get("traverse"):
                ips = traverse_expander(ip, kwargs["traverse"])
            else:
                continue

            filter_func = None
            if kwargs.get("search"):
                filter_func = functools.partial(search_filter, kwargs["search"])

            ips = set(ips) - set(visited)
            visited |= ips

            find_nearby(resolver, ips, filter_func=filter_func)

            if kwargs.get("delay"):
                time.sleep(kwargs["delay"])


    workers = []
    subdomainQueue = Queue()
    for i in range(numWorkers):
        p = Process(target=subdomainWorker, args=(visited,))
        workers.append(p)
        p.start()
    for subdomain in subdomains:
        subdomainQueue.put(subdomain)
    while True:
        if subdomainQueue.empty():
            for i in range(numWorkers):
                subdomainQueue.put(50)
            for worker in workers:
                worker.join()
            sys.exit()