def run(self, info):
# Get the root domain only.
root = info.root
# Skip localhost.
if root == "localhost":
return
# Skip if the root domain is out of scope.
if root not in Config.audit_scope:
return
# Skip root domains we've already processed.
if self.state.put(root, True):
return
# Attempt a DNS zone transfer.
ns_servers, resolv = DNS.zone_transfer(root,
ns_allowed_zone_transfer=True)
# On failure, skip.
if not resolv:
Logger.log_verbose(
"DNS zone transfer failed, server %r not vulnerable" % root)
return
# Create a Domain object for the root domain.
domain = Domain(root)
# Associate all the results with the root domain.
for r in resolv:
map(domain.add_information, r)
# Add the root domain to the results.
results = []
results.append(domain)
# We have a vulnerability on each of the nameservers involved.
msg = "DNS zone transfer successful, "
if len(ns_servers) > 1:
msg += "%d nameservers for %r are vulnerable!"
msg %= (len(ns_servers), root)
else:
msg += "nameserver for %r is vulnerable!" % root
Logger.log(msg)
# If we don't have the name servers...
if not ns_servers:
# Assume the root domain also points to the nameserver.
vulnerability = DNSZoneTransfer(domain, root)
results.append(vulnerability)
# If we have the name servers...
else:
# Create a vulnerability for each nameserver in scope.
for ns in ns_servers:
vulnerability = DNSZoneTransfer(domain, ns)
results.append(vulnerability)
# Return the results.
return results
def run(self, info):
# Get the root domain only.
root = info.root
# Skip localhost.
if root == "localhost":
return
# Skip if the root domain is out of scope.
if root not in Config.audit_scope:
return
# Skip root domains we've already processed.
if self.state.put(root, True):
return
# Attempt a DNS zone transfer.
ns_servers, resolv = DNS.zone_transfer(
root, ns_allowed_zone_transfer = True)
# On failure, skip.
if not resolv:
Logger.log_verbose(
"DNS zone transfer failed, server %r not vulnerable"
% root)
return
# Create a Domain object for the root domain.
domain = Domain(root)
# Associate all the results with the root domain.
for r in resolv:
map(domain.add_information, r)
# Add the root domain to the results.
results = []
results.append(domain)
# We have a vulnerability on each of the nameservers involved.
msg = "DNS zone transfer successful, "
if len(ns_servers) > 1:
msg += "%d nameservers for %r are vulnerable!"
msg %= (len(ns_servers), root)
else:
msg += "nameserver for %r is vulnerable!" % root
Logger.log(msg)
# If we don't have the name servers...
if not ns_servers:
# Assume the root domain also points to the nameserver.
vulnerability = DNSZoneTransfer(domain, root)
results.append(vulnerability)
# If we have the name servers...
else:
# Create a vulnerability for each nameserver in scope.
for ns in ns_servers:
vulnerability = DNSZoneTransfer(domain, ns)
results.append(vulnerability)
# Return the results.
return results
def recv_info(self, info):
# Get the root domain only.
root = info.root
# Skip localhost.
if root == "localhost":
return
# Skip if the root domain is out of scope.
if root not in Config.audit_scope:
return
# Skip root domains we've already processed.
if self.state.put(root, True):
return
# Attempt a DNS zone transfer.
ns_servers, results = DNS.zone_transfer(
root, ns_allowed_zone_transfer = True)
# On failure, skip.
if not results:
Logger.log_verbose(
"DNS zone transfer failed, server %r not vulnerable"
% root)
return
# Create a Domain object for the root domain.
domain = Domain(root)
# Associate all the results with the root domain.
map(domain.add_information, results)
# Add the root domain to the results.
results.append(domain)
# We have a vulnerability on each of the nameservers involved.
msg = "DNS zone transfer successful, "
if len(ns_servers) > 1:
msg += "%d nameservers for %r are vulnerable!"
msg %= (len(ns_servers), root)
else:
msg += "nameserver for %r is vulnerable!" % root
Logger.log(msg)
# If we don't have the name servers...
if not ns_servers:
# Link the vulnerability to the root domain instead.
vulnerability = DNSZoneTransfer(root)
vulnerability.add_resource(domain)
results.append(vulnerability)
# If we have the name servers...
else:
# Create a vulnerability for each nameserver in scope.
for ns in ns_servers:
# Instance the vulnerability object.
vulnerability = DNSZoneTransfer(ns)
# Instance a Domain or IP object.
try:
resource = IP(ns)
except ValueError:
resource = Domain(ns)
# Associate the resource to the root domain.
domain.add_resource(resource)
# Associate the nameserver to the vulnerability.
vulnerability.add_resource(resource)
# Add both to the results.
results.append(resource)
results.append(vulnerability)
# Return the results.
return results
def recv_info(self, info):
# Get the root domain only.
root = info.root
# Skip localhost.
if root == "localhost":
return
# Skip if the root domain is out of scope.
if root not in Config.audit_scope:
return
# Skip root domains we've already processed.
if self.state.put(root, True):
return
# Attempt a DNS zone transfer.
ns_servers, results = DNS.zone_transfer(root,
ns_allowed_zone_transfer=True)
# On failure, skip.
if not results:
Logger.log_verbose(
"DNS zone transfer failed, server %r not vulnerable" % root)
return
# Create a Domain object for the root domain.
domain = Domain(root)
# Associate all the results with the root domain.
map(domain.add_information, results)
# Add the root domain to the results.
results.append(domain)
# We have a vulnerability on each of the nameservers involved.
msg = "DNS zone transfer successful, "
if len(ns_servers) > 1:
msg += "%d nameservers for %r are vulnerable!"
msg %= (len(ns_servers), root)
else:
msg += "nameserver for %r is vulnerable!" % root
Logger.log(msg)
# If we don't have the name servers...
if not ns_servers:
# Link the vulnerability to the root domain instead.
vulnerability = DNSZoneTransfer(root)
vulnerability.add_resource(domain)
results.append(vulnerability)
# If we have the name servers...
else:
# Create a vulnerability for each nameserver in scope.
for ns in ns_servers:
# Instance the vulnerability object.
vulnerability = DNSZoneTransfer(ns)
# Instance a Domain or IP object.
try:
resource = IP(ns)
except ValueError:
resource = Domain(ns)
# Associate the resource to the root domain.
domain.add_resource(resource)
# Associate the nameserver to the vulnerability.
vulnerability.add_resource(resource)
# Add both to the results.
results.append(resource)
results.append(vulnerability)
# Return the results.
return results
def recv_info(self, info):
m_domain = info.root
# Skips localhost
if m_domain == "localhost":
return
m_return = None
# Checks if the hostname has been already processed
if not self.state.check(m_domain):
Logger.log_more_verbose("Starting DNS zone transfer plugin")
m_return = []
#
# Make the zone transfer
#
m_ns_servers, m_zone_transfer = DNS.zone_transfer(m_domain, ns_allowed_zone_transfer=True)
m_return_append = m_return.append
if m_zone_transfer:
Logger.log_more_verbose("DNS zone transfer successful")
m_return.extend(m_zone_transfer)
for l_ns in m_ns_servers:
# Create the vuln
l_v = DNSZoneTransfer(l_ns)
l_resource = None
# Is a IPaddress?
try:
ip = IPAddress(l_ns)
except Exception:
ip = None
if ip is not None:
# Create the IP resource
l_resource = IP(l_ns)
else:
# Create the Domain resource
l_resource = Domain(l_ns)
# Associate the resource to the vuln
l_v.add_resource(l_resource)
# Append to the results: the resource and the vuln
m_return_append(l_v)
m_return_append(l_resource)
else:
Logger.log_more_verbose("DNS zone transfer failed, server not vulnerable")
m_return.extend(m_ns_servers)
# Set the domain parsed
self.state.set(m_domain, True)
return m_return
def recv_info(self, info):
m_domain = info.root
# Skips localhost
if m_domain == "localhost":
return
m_return = None
# Checks if the hostname has been already processed
if not self.state.check(m_domain):
Logger.log_more_verbose("Starting DNS zone transfer plugin")
m_return = []
#
# Make the zone transfer
#
m_ns_servers, m_zone_transfer = DNS.zone_transfer(
m_domain, ns_allowed_zone_transfer=True)
m_return_append = m_return.append
if m_zone_transfer:
Logger.log_more_verbose("DNS zone transfer successful")
m_return.extend(m_zone_transfer)
for l_ns in m_ns_servers:
# Create the vuln
l_v = DNSZoneTransfer(l_ns)
l_resource = None
# Is a IPaddress?
try:
ip = IPAddress(l_ns)
except Exception:
ip = None
if ip is not None:
# Create the IP resource
l_resource = IP(l_ns)
else:
# Create the Domain resource
l_resource = Domain(l_ns)
# Associate the resource to the vuln
l_v.add_resource(l_resource)
# Append to the results: the resource and the vuln
m_return_append(l_v)
m_return_append(l_resource)
else:
Logger.log_more_verbose(
"DNS zone transfer failed, server not vulnerable")
m_return.extend(m_ns_servers)
# Set the domain parsed
self.state.set(m_domain, True)
return m_return
