def run(self, info): # Get the root domain only. root = info.root # Skip localhost. if root == "localhost": return # Skip if the root domain is out of scope. if root not in Config.audit_scope: return # Skip root domains we've already processed. if self.state.put(root, True): return # Attempt a DNS zone transfer. ns_servers, resolv = DNS.zone_transfer(root, ns_allowed_zone_transfer=True) # On failure, skip. if not resolv: Logger.log_verbose( "DNS zone transfer failed, server %r not vulnerable" % root) return # Create a Domain object for the root domain. domain = Domain(root) # Associate all the results with the root domain. for r in resolv: map(domain.add_information, r) # Add the root domain to the results. results = [] results.append(domain) # We have a vulnerability on each of the nameservers involved. msg = "DNS zone transfer successful, " if len(ns_servers) > 1: msg += "%d nameservers for %r are vulnerable!" msg %= (len(ns_servers), root) else: msg += "nameserver for %r is vulnerable!" % root Logger.log(msg) # If we don't have the name servers... if not ns_servers: # Assume the root domain also points to the nameserver. vulnerability = DNSZoneTransfer(domain, root) results.append(vulnerability) # If we have the name servers... else: # Create a vulnerability for each nameserver in scope. for ns in ns_servers: vulnerability = DNSZoneTransfer(domain, ns) results.append(vulnerability) # Return the results. return results
def run(self, info): # Get the root domain only. root = info.root # Skip localhost. if root == "localhost": return # Skip if the root domain is out of scope. if root not in Config.audit_scope: return # Skip root domains we've already processed. if self.state.put(root, True): return # Attempt a DNS zone transfer. ns_servers, resolv = DNS.zone_transfer( root, ns_allowed_zone_transfer = True) # On failure, skip. if not resolv: Logger.log_verbose( "DNS zone transfer failed, server %r not vulnerable" % root) return # Create a Domain object for the root domain. domain = Domain(root) # Associate all the results with the root domain. for r in resolv: map(domain.add_information, r) # Add the root domain to the results. results = [] results.append(domain) # We have a vulnerability on each of the nameservers involved. msg = "DNS zone transfer successful, " if len(ns_servers) > 1: msg += "%d nameservers for %r are vulnerable!" msg %= (len(ns_servers), root) else: msg += "nameserver for %r is vulnerable!" % root Logger.log(msg) # If we don't have the name servers... if not ns_servers: # Assume the root domain also points to the nameserver. vulnerability = DNSZoneTransfer(domain, root) results.append(vulnerability) # If we have the name servers... else: # Create a vulnerability for each nameserver in scope. for ns in ns_servers: vulnerability = DNSZoneTransfer(domain, ns) results.append(vulnerability) # Return the results. return results
def recv_info(self, info): # Get the root domain only. root = info.root # Skip localhost. if root == "localhost": return # Skip if the root domain is out of scope. if root not in Config.audit_scope: return # Skip root domains we've already processed. if self.state.put(root, True): return # Attempt a DNS zone transfer. ns_servers, results = DNS.zone_transfer( root, ns_allowed_zone_transfer = True) # On failure, skip. if not results: Logger.log_verbose( "DNS zone transfer failed, server %r not vulnerable" % root) return # Create a Domain object for the root domain. domain = Domain(root) # Associate all the results with the root domain. map(domain.add_information, results) # Add the root domain to the results. results.append(domain) # We have a vulnerability on each of the nameservers involved. msg = "DNS zone transfer successful, " if len(ns_servers) > 1: msg += "%d nameservers for %r are vulnerable!" msg %= (len(ns_servers), root) else: msg += "nameserver for %r is vulnerable!" % root Logger.log(msg) # If we don't have the name servers... if not ns_servers: # Link the vulnerability to the root domain instead. vulnerability = DNSZoneTransfer(root) vulnerability.add_resource(domain) results.append(vulnerability) # If we have the name servers... else: # Create a vulnerability for each nameserver in scope. for ns in ns_servers: # Instance the vulnerability object. vulnerability = DNSZoneTransfer(ns) # Instance a Domain or IP object. try: resource = IP(ns) except ValueError: resource = Domain(ns) # Associate the resource to the root domain. domain.add_resource(resource) # Associate the nameserver to the vulnerability. vulnerability.add_resource(resource) # Add both to the results. results.append(resource) results.append(vulnerability) # Return the results. return results
def recv_info(self, info): # Get the root domain only. root = info.root # Skip localhost. if root == "localhost": return # Skip if the root domain is out of scope. if root not in Config.audit_scope: return # Skip root domains we've already processed. if self.state.put(root, True): return # Attempt a DNS zone transfer. ns_servers, results = DNS.zone_transfer(root, ns_allowed_zone_transfer=True) # On failure, skip. if not results: Logger.log_verbose( "DNS zone transfer failed, server %r not vulnerable" % root) return # Create a Domain object for the root domain. domain = Domain(root) # Associate all the results with the root domain. map(domain.add_information, results) # Add the root domain to the results. results.append(domain) # We have a vulnerability on each of the nameservers involved. msg = "DNS zone transfer successful, " if len(ns_servers) > 1: msg += "%d nameservers for %r are vulnerable!" msg %= (len(ns_servers), root) else: msg += "nameserver for %r is vulnerable!" % root Logger.log(msg) # If we don't have the name servers... if not ns_servers: # Link the vulnerability to the root domain instead. vulnerability = DNSZoneTransfer(root) vulnerability.add_resource(domain) results.append(vulnerability) # If we have the name servers... else: # Create a vulnerability for each nameserver in scope. for ns in ns_servers: # Instance the vulnerability object. vulnerability = DNSZoneTransfer(ns) # Instance a Domain or IP object. try: resource = IP(ns) except ValueError: resource = Domain(ns) # Associate the resource to the root domain. domain.add_resource(resource) # Associate the nameserver to the vulnerability. vulnerability.add_resource(resource) # Add both to the results. results.append(resource) results.append(vulnerability) # Return the results. return results
def recv_info(self, info): m_domain = info.root # Skips localhost if m_domain == "localhost": return m_return = None # Checks if the hostname has been already processed if not self.state.check(m_domain): Logger.log_more_verbose("Starting DNS zone transfer plugin") m_return = [] # # Make the zone transfer # m_ns_servers, m_zone_transfer = DNS.zone_transfer(m_domain, ns_allowed_zone_transfer=True) m_return_append = m_return.append if m_zone_transfer: Logger.log_more_verbose("DNS zone transfer successful") m_return.extend(m_zone_transfer) for l_ns in m_ns_servers: # Create the vuln l_v = DNSZoneTransfer(l_ns) l_resource = None # Is a IPaddress? try: ip = IPAddress(l_ns) except Exception: ip = None if ip is not None: # Create the IP resource l_resource = IP(l_ns) else: # Create the Domain resource l_resource = Domain(l_ns) # Associate the resource to the vuln l_v.add_resource(l_resource) # Append to the results: the resource and the vuln m_return_append(l_v) m_return_append(l_resource) else: Logger.log_more_verbose("DNS zone transfer failed, server not vulnerable") m_return.extend(m_ns_servers) # Set the domain parsed self.state.set(m_domain, True) return m_return
def recv_info(self, info): m_domain = info.root # Skips localhost if m_domain == "localhost": return m_return = None # Checks if the hostname has been already processed if not self.state.check(m_domain): Logger.log_more_verbose("Starting DNS zone transfer plugin") m_return = [] # # Make the zone transfer # m_ns_servers, m_zone_transfer = DNS.zone_transfer( m_domain, ns_allowed_zone_transfer=True) m_return_append = m_return.append if m_zone_transfer: Logger.log_more_verbose("DNS zone transfer successful") m_return.extend(m_zone_transfer) for l_ns in m_ns_servers: # Create the vuln l_v = DNSZoneTransfer(l_ns) l_resource = None # Is a IPaddress? try: ip = IPAddress(l_ns) except Exception: ip = None if ip is not None: # Create the IP resource l_resource = IP(l_ns) else: # Create the Domain resource l_resource = Domain(l_ns) # Associate the resource to the vuln l_v.add_resource(l_resource) # Append to the results: the resource and the vuln m_return_append(l_v) m_return_append(l_resource) else: Logger.log_more_verbose( "DNS zone transfer failed, server not vulnerable") m_return.extend(m_ns_servers) # Set the domain parsed self.state.set(m_domain, True) return m_return