Python zonetransfer Exemples

Exemple #1

Fichier : teemo.py Projet : BenDerPan/Teemo

def main():
    args = parse_args()
    domain = args.domain
    #threads = args.threads
    savefile = args.output
    ports = args.ports
    bruteforce_list = []
    subdomains = []

    if not savefile:
        now = datetime.datetime.now()
        timestr = now.strftime("-%Y-%m-%d-%H-%M")
        savefile = domain+timestr+".txt"


    enable_bruteforce = args.bruteforce
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    #Validate domain
    if not is_domain(domain):
        print R+"[!]Error: Please enter a valid domain"+W
        sys.exit()


    #Print the Banner
    banner()
    waring = "[!] legal disclaimer: Usage of Teemo for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"
    print waring
    print B+"[-] Enumerating subdomains now for %s"% domain+W

    '''
    subdomains.extend(callsites(domain,proxy))
    domains,emails = callengines(domain,500,proxy)
    subdomains.extend(domains)
    #print subdomains
    '''

    Threadlist = []
    q_domains = Queue() #to recevie return values
    q_emails = Queue()
    useragent = random_useragent(allow_random_useragent)

    if args.proxy != None:
        proxy = args.proxy
        proxy = {args.proxy.split(":")[0]: proxy}
    elif default_proxies != None and (proxy_switch ==2 or proxy_switch==1):  #config.py
        proxy = default_proxies
        try:
            sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            sk.settimeout(2)
            ip = default_proxies['http'].split("/")[-2].split(":")[0]
            port = default_proxies['http'].split("/")[-2].split(":")[1]
            sk.connect((ip,int(port)))
            sk.close
        except:
            print "\r\n[!!!]Proxy Test Failed,Please Check!\r\n"
            proxy = {}
    else:
        proxy = {}

    #doing zone transfer checking
    zonetransfer(domain).check()

    for engine in [Alexa, Chaxunla, CrtSearch, DNSdumpster, Googlect, Ilink, Netcraft, PassiveDNS, Pgpsearch, Sitedossier, ThreatCrowd, Threatminer]:
        #print callsites_thread(engine,domain,proxy)
        t = threading.Thread(target=callsites_thread, args=(engine, domain, q_domains, q_emails, proxy))
        Threadlist.append(t)
    for engine in [search_ask,search_baidu,search_bing,search_bing_api,search_dogpile,search_duckduckgo,search_exalead,search_fofa,search_google,search_google_cse,
                   search_shodan,search_so,search_yahoo,search_yandex]:
        if proxy_switch == 1 and engine in proxy_default_enabled:
            pass
        else:
            proxy ={}
        t = threading.Thread(target=callengines_thread, args=(engine, domain, q_domains, q_emails, useragent, proxy, 500))
        #t.setDaemon(True) #变成守护进程，独立于主进程。这里好像不需要
        Threadlist.append(t)
    #for t in Threadlist:
    #    print t
    for t in Threadlist: # use start() not run()
        t.start()
    for t in Threadlist:
        t.join() #主线程将等待这个线程，直到这个线程运行结束

    while not q_domains.empty():
        subdomains.append(q_domains.get())
    emails = []
    while not q_emails.empty():
        emails.append(q_emails.get())


    if enable_bruteforce:
        print G+"[-] Starting bruteforce module now using subbrute.."+W
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = 10
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(domain, record_type, subs, resolvers, process_count, output, json_output, subdomains)
        subdomains.extend(bruteforce_list)


    if subdomains is not None:
        subdomains = sorted(list(set(subdomains)))
        emails = sorted(list(set(emails)))
        subdomains.extend(emails) #this function return value is NoneType ,can't use in function directly
        #print type(subdomains)

        #write_file(savefile, subdomains)

        if ports:
            print G+"[-] Start port scan now for the following ports: %s%s"%(Y,ports)+W
            ports = ports.split(',') #list
            pscan = portscan(subdomains,ports)
            pscan.run()

        else:
            for subdomain in subdomains:
                print G+subdomain+W

    print "[+] {0} domains found in total".format(len(subdomains))
    print "[+] {0} emails found in total".format(len(emails))
    print "[+] Results saved to {0}".format(write_file(savefile, subdomains))

Exemple #2

Fichier : teemo.py Projet : bjbjbjbj/teemo

def main():
    try:
        banner()
        args = adjust_args()

        print "[-] Enumerating subdomains now for %s" % args.domain

        #doing zone transfer checking
        zonetransfer(args.domain).check()


        Threadlist = []
        q_domains = Queue.Queue() #to recevie return values,use it to ensure thread safe.
        q_similar_domains = Queue.Queue()
        q_related_domains = Queue.Queue()
        q_emails = Queue.Queue()


        for engine in [Alexa, Chaxunla, CrtSearch, DNSdumpster, Googlect, Hackertarget, Ilink, Netcraft, PassiveDNS, Pgpsearch, Sitedossier, ThreatCrowd, Threatminer,Virustotal]:
            #print callsites_thread(engine,domain,proxy)
            #print engine.__name__
            if proxy_switch == 1 and engine.__name__ in proxy_default_enabled:
                proxy = args.proxy #通过配置或者参数获取到的proxy
            else:
                proxy ={} #不使用proxy
            t = threading.Thread(target=callsites_thread, args=(engine, args.domain, q_domains, q_similar_domains, q_related_domains, q_emails, proxy))
            Threadlist.append(t)

        for engine in [search_ask,search_baidu,search_bing,search_bing_api,search_dogpile,search_duckduckgo,search_exalead,search_fofa,search_google,search_google_cse,
                       search_shodan,search_so,search_yahoo,search_yandex]:
            if proxy_switch == 1 and engine.__name__ in proxy_default_enabled:
                proxy = args.proxy
            else:
                proxy ={}
            t = threading.Thread(target=callengines_thread, args=(engine, args.domain, q_domains, q_emails, proxy, 500))
            t.setDaemon(True) #变成守护进程，独立于主进程。这里好像不需要
            Threadlist.append(t)

        #for t in Threadlist:
        #    print t
        for t in Threadlist: # use start() not run()
            t.start()
        for t in Threadlist: #为什么需要2次循环，不能在一次循环中完成？
            t.join() #主线程将等待这个线程，直到这个线程运行结束


        subdomains = []
        while not q_domains.empty():
            subdomains.append(q_domains.get())
        emails = []
        while not q_emails.empty():
            emails.append(q_emails.get())
        related_domains =[]
        while not q_related_domains.empty():
            related_domains.append(q_related_domains.get())


        if args.bruteforce:
            print G+"[-] Starting bruteforce using subDomainsBrute.."+W
            d = SubNameBrute(target=args.domain)
            d.run()
            brute_lines = d.result_lines
            brute_domains = d.result_domains
            brute_ips = d.result_ips
        else:
            brute_ips = []
            brute_lines = []
            brute_domains = []



        ##########print to console and write to file#########################
        if subdomains is not None: #prepaire output
            IP_list, lines = domains2ips(subdomains) #query domains that got from website and search engine

            IP_list.extend(brute_ips)
            IPrange_list = iprange(IP_list) #1. IP段

            subdomains.extend(brute_domains)
            subdomains = tolower_list(subdomains)
            subdomains = sorted(list(set(subdomains)))#2. 子域名,包括爆破所得
            subdomain_number = len(subdomains)#子域名数量

            lines.extend(brute_lines)
            lines = list(set(lines)) #3. 域名和IP对

            emails = sorted(list(set(emails))) #4. 邮箱

            related_domains = sorted(list(set(related_domains))) # 5. 相关域名

            subdomains.extend(emails) #this function return value is NoneType ,can't use in function directly
            subdomains.extend(IPrange_list) #子域名+邮箱+网段
            subdomains.extend(related_domains) ##子域名+邮箱+网段+相关域名
            #print type(subdomains)
            for subdomain in subdomains:
                print G+subdomain+W

            subdomains.extend(lines)
            fp = open(args.output,"wb")
            #fp.writelines("\n".join(subdomains).decode("utf-8"))
            fp.writelines("\n".join(subdomains).encode("utf-8"))


        print "[+] {0} domains found in total".format(subdomain_number)
        print "[+] {0} related domains found in total".format(len(related_domains))
        print "[+] {0} emails found in total".format(len(emails))
        print "[+] Results saved to {0}".format(args.output)
    except KeyboardInterrupt as e:
        logger.info("Exit. Due To KeyboardInterrupt")

Exemple #3

Fichier : teemoapi.py Projet : xiaoshuier/farmscan_domain_plus

def main():
    args = adjust_args()

    print "[-] Enumerating subdomains now for %s" % args.domain

    #doing zone transfer checking
    zonetransfer(args.domain).check()

    #all possible result parameters
    Result_Sub_Domains = []
    Result_Similar_Domains = []
    Result_Related_Domains = []
    Result_Emails = []
    Result_Subnets = []

    Temp_IP_List = []
    Domain_IP_Records = []

    ################using search engine and web api to query subdomains and related domains#####################
    Threadlist = []
    q_domains = Queue.Queue(
    )  #to recevie return values,use it to ensure thread safe.
    q_similar_domains = Queue.Queue()
    q_related_domains = Queue.Queue()
    q_emails = Queue.Queue()

    for engine in [
            Alexa, Chaxunla, CrtSearch, DNSdumpster, Googlect, Hackertarget,
            Ilink, Netcraft, PassiveDNS, Pgpsearch, Sitedossier, ThreatCrowd,
            Threatminer, Virustotal
    ]:
        #print callsites_thread(engine,domain,proxy)
        #print engine.__name__
        if proxy_switch == 1 and engine.__name__ in proxy_default_enabled:
            proxy = args.proxy  #通过配置或者参数获取到的proxy
        else:
            proxy = {}  #不使用proxy
        t = threading.Thread(target=callsites_thread,
                             args=(engine, args.domain, q_domains,
                                   q_similar_domains, q_related_domains,
                                   q_emails, proxy))
        Threadlist.append(t)

    for engine in [
            search_ask, search_baidu, search_bing, search_bing_api,
            search_dogpile, search_duckduckgo, search_exalead, search_fofa,
            search_google, search_google_cse, search_shodan, search_so,
            search_yahoo, search_yandex
    ]:
        if proxy_switch == 1 and engine.__name__ in proxy_default_enabled:
            proxy = args.proxy
        else:
            proxy = {}
        t = threading.Thread(target=callengines_thread,
                             args=(engine, args.domain, q_domains, q_emails,
                                   proxy, 500))
        t.setDaemon(True)  #变成守护进程，独立于主进程。这里好像不需要
        Threadlist.append(t)

    #for t in Threadlist:
    #    print t
    for t in Threadlist:  # use start() not run()
        t.start()
    for t in Threadlist:  #为什么需要2次循环，不能在一次循环中完成？
        t.join()  #主线程将等待这个线程，直到这个线程运行结束

    while not q_domains.empty():
        Result_Sub_Domains.append(q_domains.get())
    while not q_emails.empty():
        Result_Emails.append(q_emails.get())
    while not q_related_domains.empty():
        Result_Related_Domains.append(q_related_domains.get())

    ################using subDomainsBrute to get more subdomains#####################
    if args.bruteforce:
        print G + "[-] Starting bruteforce using subDomainsBrute.." + W
        d = SubNameBrute(target=args.domain)
        d.run()
        Domain_IP_Records.extend(d.result_lines)
        Result_Sub_Domains.extend(d.result_domains)
        Temp_IP_List.extend(d.result_ips)

    #############do some deal#############
    ips, lines = domains2ips(Result_Sub_Domains)
    Temp_IP_List.extend(ips)
    Domain_IP_Records.extend(lines)

    Result_Subnets.extend(iprange(Temp_IP_List))  #1. IP段
    Result_Sub_Domains = sorted(list(set(
        tolower_list(Result_Sub_Domains))))  #2. 子域名,包括爆破所得
    Domain_IP_Records = list(set(Domain_IP_Records))  #3. 域名和IP的解析记录
    Result_Emails = sorted(list(set(Result_Emails)))  #4. 邮箱
    Result_Related_Domains = sorted(list(
        set(Result_Related_Domains)))  # 5. 相关域名

    ToPrint = Result_Sub_Domains  #this function return value is NoneType ,can't use in function directly
    ToPrint.extend(Result_Emails)
    ToPrint.extend(Result_Subnets)
    ToPrint.extend(Result_Related_Domains)

    jsonString = "{'Result_Sub_Domains':{0},'Result_Emails':{1},'Result_Subnets':{2},'Result_Related_Domains':{3}}"\
        .format(Result_Sub_Domains,Result_Emails,Result_Subnets,Result_Related_Domains)
    print jsonString
    return jsonString

Exemple #4

Fichier : teemo.py Projet : zzwlpx/teemo

def main():
    try:
        banner()
        args = adjust_args()

        print "[-] Enumerating subdomains now for %s" % args.domain

        #doing zone transfer checking
        issuccess = zonetransfer(args.domain).check()
        if issuccess:
            print "[+] Zone Transfer Results saved to output directory"
            exit()

        #all possible result parameters
        Result_Sub_Domains = []
        Result_Similar_Domains = []
        Result_Related_Domains = []
        Result_Emails = []
        Result_Subnets = []
        Line_Records = []

        ################using search engine and web api to query subdomains and related domains#####################
        Threadlist = []
        q_domains = Queue.Queue(
        )  #to recevie return values,use it to ensure thread safe.
        q_similar_domains = Queue.Queue()
        q_related_domains = Queue.Queue()
        q_emails = Queue.Queue()

        for engine in [
                Alexa, Chaxunla, CrtSearch, DNSdumpster, Googlect,
                Hackertarget, Ilink, Netcraft, PassiveDNS, Pgpsearch,
                Sitedossier, ThreatCrowd, Threatminer, Virustotal
        ]:
            #print callsites_thread(engine,domain,proxy)
            #print engine.__name__
            if proxy_switch == 1 and engine.__name__ in proxy_default_enabled:
                proxy = args.proxy  #通过配置或者参数获取到的proxy
            else:
                proxy = {}  #不使用proxy
            t = threading.Thread(target=callsites_thread,
                                 args=(engine, args.domain, q_domains,
                                       q_similar_domains, q_related_domains,
                                       q_emails, proxy))
            Threadlist.append(t)

        for engine in [
                search_ask, search_baidu, search_bing, search_bing_api,
                search_dogpile, search_duckduckgo, search_exalead, search_fofa,
                search_google, search_google_cse, search_shodan, search_so,
                search_sogou, search_yahoo, search_yandex
        ]:
            if proxy_switch == 1 and engine.__name__ in proxy_default_enabled:
                proxy = args.proxy
            else:
                proxy = {}
            t = threading.Thread(target=callengines_thread,
                                 args=(engine, args.domain, q_domains,
                                       q_emails, proxy, 500))
            t.setDaemon(True)  #变成守护进程，独立于主进程。这里好像不需要
            Threadlist.append(t)

        #for t in Threadlist:
        #    print t
        for t in Threadlist:  # use start() not run()
            t.start()
        for t in Threadlist:  #为什么需要2次循环，不能在一次循环中完成？如果只在一个循环中，线程会在启动后马上加入到当前的执行流程，不会有并发的效果
            t.join()  #主线程将等待这个线程，直到这个线程运行结束

        while not q_domains.empty():
            Result_Sub_Domains.append(q_domains.get())
        while not q_emails.empty():
            Result_Emails.append(q_emails.get())
        while not q_related_domains.empty():
            Result_Related_Domains.append(q_related_domains.get())

        ################using subDomainsBrute to get more subdomains#####################
        if args.bruteforce:
            print G + "[-] Starting bruteforce using subDomainsBrute.." + W
            d = SubNameBrute(target=args.domain)
            d.run()
            Result_Sub_Domains.extend(d.result_domains)

        #############do some deal#############
        print G + "[-] Starting do DNS query ..." + W
        Result_Sub_Domains = sorted(list(set(
            tolower_list(Result_Sub_Domains))))  # 2. 子域名,包括爆破所得
        if args.title:  #to get title
            ips, lines = targets2lines(Result_Sub_Domains)
            iplist = set(iprange2iplist(iprange(ips))) - set(ips)
            ips1, lines1 = targets2lines(iplist)
            lines.extend(lines1)
        else:
            ips, lines = domains2ips(Result_Sub_Domains)

        Result_Subnets.extend(iprange(ips))  #1. IP段
        #Result_Sub_Domains = sorted(list(set(tolower_list(Result_Sub_Domains))))#2. 子域名,包括爆破所得

        Line_Records = list(set(lines))  #3. 域名和IP的解析记录
        Result_Emails = sorted(list(set(Result_Emails)))  #4. 邮箱
        Result_Related_Domains = sorted(list(
            set(Result_Related_Domains)))  # 5. 相关域名

        fp = open(
            "{0}-{1}".format(args.output.replace(".txt", ""), "lines.csv"),
            "wb")
        fp.writelines("\n".join(Line_Records))
        fp.close()

        ToPrint = Result_Sub_Domains  #this function return value is NoneType ,can't use in function directly
        ToPrint.extend(Result_Emails)
        ToPrint.extend(Result_Subnets)
        ToPrint.extend(Result_Related_Domains)
        for item in ToPrint:
            print G + item + W

        fp = open(args.output, "wb")
        fp.writelines("\n".join(ToPrint).encode("utf-8"))
        fp.close()

        print "[+] {0} sub domains found in total".format(
            len(Result_Sub_Domains))
        print "[+] {0} related domains found in total".format(
            len(Result_Related_Domains))
        print "[+] {0} emails found in total".format(len(Result_Emails))
        print "[+] Results saved to {0}".format(args.output)
    except KeyboardInterrupt as e:
        logger.info("Exit. Due To KeyboardInterrupt")

Exemple #5

def main():
    try:
        banner()
        args = adjust_args()
        subdomains = []
        print("[-] Enumerating subdomains now for %s" % args.domain)

        #doing zone transfer checking
        zonetransfer(args.domain).check()

        Threadlist = []
        q_domains = Queue.Queue(
        )  #to recevie return values,use it to ensure thread safe.
        q_emails = Queue.Queue()
        useragent = random_useragent(allow_random_useragent)

        for engine in [
                Alexa, Chaxunla, CrtSearch, DNSdumpster, Googlect, Ilink,
                Netcraft, PassiveDNS, Pgpsearch, Sitedossier, ThreatCrowd,
                Threatminer
        ]:
            #print callsites_thread(engine,domain,proxy)
            t = threading.Thread(target=callsites_thread,
                                 args=(engine, args.domain, q_domains,
                                       q_emails, args.proxy))
            Threadlist.append(t)

        for engine in [
                search_ask, search_baidu, search_bing, search_bing_api,
                search_dogpile, search_duckduckgo, search_exalead, search_fofa,
                search_google, search_google_cse, search_shodan, search_so,
                search_yahoo, search_yandex
        ]:
            if proxy_switch == 1 and engine in proxy_default_enabled:
                pass
            else:
                proxy = {}
            t = threading.Thread(target=callengines_thread,
                                 args=(engine, args.domain, q_domains,
                                       q_emails, useragent, proxy, 500))
            t.setDaemon(True)  #变成守护进程，独立于主进程。这里好像不需要
            Threadlist.append(t)

        #for t in Threadlist:
        #    print t
        for t in Threadlist:  # use start() not run()
            t.start()
        for t in Threadlist:  #为什么需要2次循环，不能在一次循环中完成？
            t.join()  #主线程将等待这个线程，直到这个线程运行结束

        while not q_domains.empty():
            subdomains.append(q_domains.get())
        emails = []
        while not q_emails.empty():
            emails.append(q_emails.get())

        if args.bruteforce:
            print("[-] Starting bruteforce using subDomainsBrute..")
            d = SubNameBrute(target=args.domain)
            d.run()
            brute_lines = d.result_lines
            brute_domains = d.result_domains
            brute_ips = d.result_ips
        else:
            brute_ips = []
            brute_lines = []
            brute_domains = []

        if subdomains is not None:  #prepaire output
            lines = domains2ips(
                subdomains
            )  #query domains that got from website and search engine

            #IP_list.extend(brute_ips)
            #IPrange_list = iprange(IP_list)

            subdomains.extend(brute_domains)
            subdomains = sorted(list(set(subdomains)))

            lines = list(set(lines))

            #emails = sorted(list(set(emails)))

            #subdomains.extend(emails) #this function return value is NoneType ,can't use in function directly
            #subdomains.extend(IPrange_list)
            #print type(subdomains)
            for subdomain in subdomains:
                print(subdomain)

            subdomains.extend(lines)
            fp = open(args.output, "a+")
            #fp.writelines("\n".join(subdomains).decode("utf-8"))
            fp.writelines("\n".join(subdomains).encode("utf-8"))

        print("[+] {0} domains found in total".format(len(subdomains)))
        print("[+] {0} emails found in total".format(len(emails)))
        print("[+] Results saved to {0}".format(args.output))
    except KeyboardInterrupt as e:
        logger.info("exit. due to KeyboardInterrupt")