def get_name(self, domain):
global wildcard, addresses
try:
if sys.stdout.isatty(): # Don't spam output if redirected
sys.stdout.write(domain + " \r")
sys.stdout.flush()
res = lookup(domain, recordtype)
if args.tld and res:
nameservers = sorted(list(res))
ns0 = str(nameservers[0])[:-1] # First nameserver
print(domain + " - " + col.brown + ns0 + col.end)
if args.tld:
if res:
print(domain + " - " + res)
return
for rdata in res:
address = rdata.address
if wildcard:
if address == wildcard:
return
if args.domain_first:
print(domain + " - " + col.brown + address + col.end)
else:
print(address + " - " + col.brown + domain + col.end)
if outfile:
if args.domain_first:
print(domain + " - " + address, file=outfile)
else:
print(address + " - " + domain, file=outfile)
addresses.add(ipaddr(unicode(address)))
if domain != target and args.recurse: # Don't scan root domain twice
add_target(domain) # Recursively scan subdomains
except:
pass
def get_web_index(hoststr):
try:
hostdeny
except:
hostfilter_init()
try:
host = str(ipaddr(hoststr))
except:
host = hoststr
if host in hostdeny:
raise Exception("This host has been added to the hostfilter.")
ipaddrs = []
try:
ipaddrs.append(str(ipaddr(host)))
except:
try:
gunk = resolve(hoststr, 80)
except:
pass
else:
for ipset in gunk:
ip = ipaddr(ipset[-1][0])
if str(ip) not in ipaddrs:
ipaddrs.append(str(ip))
if (len(hostdeny) > len(list(set(hostdeny) - set(ipaddrs)))):
raise Exception("This host resolves to at least one blacklisted host.")
else:
hosts = []
try:
gunk = unresolve(hoststr)
except:
pass
else:
hosts.append(gunk[0])
for host in gunk[1]:
hosts.append(host)
if (len(hostdeny) > len(list(set(hostdeny) - set(hosts)))):
raise Exception("This host resolves to at least one blacklisted host.")
try:
index = fetchurl("http://"+hoststr)
except Exception as e:
return "No page"
html = index.read()
return html
def remove_host(ipstr):
try:
hostdeny
except:
hostfilter_init()
ip = ipaddr(ipstr)
if ip not in hostdeny:
raise Exception("IP address does not exist in configuration.")
else:
hostdeny.remove(ip)
conf_file = open(path.expanduser("~/.jam927_hostdeny"), "wb")
pickle.dump(hostdeny, conf_file)
conf_file.close()
def get_name(self, domain):
global wildcard, addresses
try:
if sys.stdout.isatty(): # Don't spam output if redirected
sys.stdout.write(domain + " \r")
sys.stdout.flush()
res = lookup(domain, recordtype)
if args.tld and res:
nameservers = sorted(list(res))
ns0 = str(nameservers[0])[:-1] # First nameserver
print(domain + " - " + col.brown + ns0 + col.end)
if args.tld:
if res:
print(domain + " - " + res)
return
for rdata in res:
address = rdata.address
if wildcard:
if address == wildcard:
return
if args.domain_first:
print(domain + " - " + col.brown + address + col.end)
else:
print(address + " - " + col.brown + domain + col.end)
if outfile:
if args.domain_first:
print(domain + " - " + address, file=outfile)
else:
print(address + " - " + domain, file=outfile)
try:
addresses.add(ipaddr(unicode(address)))
except NameError:
addresses.add(ipaddr(str(address)))
if domain != target and args.recurse: # Don't scan root domain twice
add_target(domain) # Recursively scan subdomains
except:
pass
def get_web_index(ipstr):
try:
hostdeny
except:
hostfilter_init()
ip = ipaddr(ipstr)
if ip in hostdeny:
raise Exception("This IP address has been added to the hostfilter.")
try:
index = fetchurl("http://"+str(ip))
except Exception as e:
return "No page"
html = index.read()
return html
def remove_host(hoststr):
try:
hostdeny
except:
hostfilter_init()
host = ''
try:
host = str(ipaddr(hoststr))
except:
host = hoststr
if host not in hostdeny:
raise Exception("This host does not exist in the configuration.")
else:
hostdeny.remove(host)
conf_file = open(path.expanduser("~/.jam927_hostdeny2"), "wb")
pickle.dump(hostdeny, conf_file)
conf_file.close()
sys.exit(0)
except:
out.warn("Getting nameservers failed")
# resolver.nameservers = targetns # Use target's NS servers for lokups
# Missing results using domain's NS - removed for now
out.warn("Zone transfer failed\n")
if args.zonetransfer:
sys.exit(0)
get_v6(target)
get_txt(target)
get_mx(target)
wildcard = get_wildcard(target)
if wildcard:
try:
addresses.add(ipaddr(unicode(wildcard)))
except NameError:
addresses.add(ipaddr(str(wildcard)))
out.status("Scanning " + target + " for " + recordtype + " records")
add_target(target)
for i in range(args.threads):
t = scanner(queue)
t.setDaemon(True)
t.start()
try:
for i in range(args.threads):
t.join(1024) # Timeout needed or threads ignore exceptions
except KeyboardInterrupt:
out.fatal("Caught KeyboardInterrupt, quitting...")
if outfile:
def infer_originator_type(originator):
dic_domain_keyword_pattern = {
'mail': [
'hinet', 'mail', 'mx', 'smtp', 'post', 'correo', 'poczta', 'send',
'lists', 'newsletter', 'zimbra', 'mta', 'pop', 'imap'
], # hinet: a taiwan mail server
'firewall': ['wall', 'fw'],
'antispam': ['ironport', 'spam'],
'cdn': ['cdn', 'mip'], # mip: Mobile Instant Pages
'dns': ['dns', 'resolv', 'name', 'cns', 'ns', 'cache'],
'home': [
'ap', 'cable', 'cpe', 'customer', 'dsl', 'dynamic', 'pop', 'fiber',
'flets', 'home', 'host', 'ip', 'pool', 'retail', 'user'
],
'majorservice': ['www', 'vps', 'cloud'],
'cernet': ['cernet'],
'ntp': ['ntp', 'time'],
'web': ['www'],
'tunnel': ['tunnel'],
'tor': ['tor']
}
dic_as_pattern = {
'majorservice': [15169], #15169 Google 13335 CloudFlare
'cdn': [13335],
'cernet': [133111, 23910, 133512,
133513] # 133111 cernet, 23910 CERNET2, 133512 IANA
}
dic_ipaddr_pattern = {
'tunnel': ['2001::/32', '2002::/16'],
'majorservice': ['2607:f8b0::/16'], # google network
'lan': ['ffff::/4'] # lan
}
for item in dic_domain_keyword_pattern['mail']:
if item in originator.domain:
return OriginatorType.Mail
for item in dic_domain_keyword_pattern['cdn']:
if item in originator.domain:
return OriginatorType.CDN
for item in dic_as_pattern['cdn']:
if item == originator.as_num:
return OriginatorType.CDN
for item in dic_domain_keyword_pattern['dns']:
if item in originator.domain:
return OriginatorType.DNS
for item in dic_domain_keyword_pattern['majorservice']:
if item in originator.domain:
return OriginatorType.MajorService
for item in dic_as_pattern['majorservice']:
if item == originator.as_num:
return OriginatorType.MajorService
for item in dic_ipaddr_pattern['majorservice']:
if ipaddr(originator.ipaddr).ip in ipaddr(item).network:
return OriginatorType.MajorService
for item in dic_domain_keyword_pattern['ntp']:
if item in originator.domain:
return OriginatorType.NTP
for item in dic_domain_keyword_pattern['web']:
if item in originator.domain:
return OriginatorType.Web
for item in dic_domain_keyword_pattern['tor']:
if item in originator.domain:
return OriginatorType.Tor
for item in dic_domain_keyword_pattern['tunnel']:
if item in originator.domain:
return OriginatorType.Tunnel
for item in dic_ipaddr_pattern['tunnel']:
if ipaddr(originator.ipaddr).ip in ipaddr(item).network:
return OriginatorType.Tunnel
for item in dic_domain_keyword_pattern['cernet']:
if item in originator.domain:
return OriginatorType.Cernet
for item in dic_as_pattern['cernet']:
if item == originator.as_num:
return OriginatorType.Cernet
if (originator.domain != 'unknown' and originator.domain != ''):
print('[unknown type report]', originator.domain)
return OriginatorType.Unknown
hostdeny = []
if (path.isfile(path.expanduser("~/.jam927_hostdeny"))):
conf_file = open(path.expanduser("~/.jam927_hostdeny"), "rb")
hostdeny = pickle.load(conf_file)
conf_file.close()
else:
conf_file = open(path.expanduser("~/.jam927_hostdeny"), "wb")
pickle.dump(hostdeny, conf_file)
conf_file.close()
def add_host(ipstr):
try:
hostdeny
except:this
hostfilter_init()
ip = ipaddr(ipstr)
if ip in hostdeny:
raise Exception("IP address already exists in configuration.")
else:
hostdeny.append(ip)
conf_file = open(path.expanduser("~/.jam927_hostdeny"), "wb")
pickle.dump(hostdeny, conf_file)
conf_file.close()
def remove_host(ipstr):
try:
hostdeny
except:
hostfilter_init()
ip = ipaddr(ipstr)
if ip not in hostdeny:
sys.exit(0)
except:
out.warn("Getting nameservers failed")
# resolver.nameservers = targetns # Use target's NS servers for lokups
# Missing results using domain's NS - removed for now
out.warn("Zone transfer failed\n")
if args.zonetransfer:
sys.exit(0)
get_v6(target)
get_txt(target)
get_mx(target)
wildcard = get_wildcard(target)
if wildcard:
try:
addresses.add(ipaddr(unicode(wildcard)))
except NameError:
addresses.add(ipaddr(str(wildcard)))
out.status("Scanning " + target + " for " + recordtype + " records")
add_target(target)
for i in range(args.threads):
t = scanner(queue)
t.setDaemon(True)
t.start()
try:
for i in range(args.threads):
t.join(1024) # Timeout needed or threads ignore exceptions
except KeyboardInterrupt:
out.fatal("Caught KeyboardInterrupt, quitting...")
if outfile:
def get_name(self, domain):
global wildcard, addresses
try:
if sys.stdout.isatty(): # Don't spam output if redirected
size = int(os.popen('stty size', 'r').read().split(
)[1]) - 1 # Get terminal width in order to clean output later
sys.stdout.write(domain + " " * (size - len(domain)) + "\r")
sys.stdout.flush()
else:
size = 0
res = lookup(domain, recordtype)
if args.tld and res:
nameservers = sorted(list(res))
ns0 = str(nameservers[0])[:-1] # First nameserver
sys.stdout.write(" " * size + "\r")
sys.stdout.flush()
print(domain + " - " + col.brown + ns0 + col.end)
if args.tld:
if res:
sys.stdout.write(" " * size + "\r")
sys.stdout.flush()
print(domain + " - " + res)
return
for rdata in res:
address = rdata.address
if wildcard:
for wildcard_ip in wildcard:
if address == wildcard_ip:
return
sys.stdout.write(" " * size + "\r")
sys.stdout.flush()
if args.no_ip:
print(col.brown + domain + col.end)
break
elif args.domain_first:
print(domain + " - " + col.brown + address + col.end)
else:
print(address + " - " + col.brown + domain + col.end)
if outfile:
if args.domain_first:
print(domain + " - " + address, file=outfile)
else:
print(address + " - " + domain, file=outfile)
try:
addresses.add(ipaddr(unicode(address)))
except NameError:
addresses.add(ipaddr(str(address)))
if ( domain != target and \
args.recurse and \
domain.count('.') - target.count('.') <= args.maxdepth
):
# Check if subdomain is wildcard so can filter false positives in the recursive scan
wildcard = get_wildcard(domain)
for wildcard_ip in wildcard:
try:
addresses.add(ipaddr(unicode(wildcard_ip)))
except NameError:
addresses.add(ipaddr(str(wildcard_ip)))
add_target(domain) # Recursively scan subdomains
except:
pass
def _real_get_domain(ip):
ipobj = ipaddr(ip)
for cidr, domain in dmap:
if ipobj in cidr:
return domain
return None
