def _build_list(self, zone, exclude=None):
li = []
for name, node in zone.items():
for rdataset in node.rdatasets:
if not exclude or not exclude(name, rdataset):
li.append((name, rdataset))
return li
def _build_list(self, zone, exclude=None):
li = []
for name, node in zone.items():
for rdataset in node.rdatasets:
if not exclude or not exclude(name, rdataset):
li.append((name, rdataset))
return li
def delete_all(self, zone, exclude=None):
deletes = []
for name, node in zone.items():
for rdataset in node.rdatasets:
if not exclude or not exclude(name, rdataset):
deletes.append((name, rdataset))
return self._xml_changes(zone, deletes=deletes)
def updateHostIp(self, host, ip):
"""
Update the IP of a host.
@param host string: hostname
@param ip string: ip
"""
map = self.map
record = map.get(host)
if not record:
raise j.exceptions.RuntimeError("Invalid host name")
for r in record:
file = r["file"]
old_ip = r["ip"]
zone = dns.zone.from_file(file,
os.path.basename(file),
relativize=False)
for k, v in zone.items():
for dataset in v.rdatasets:
for item in dataset.items:
if hasattr(item, "address") and item.address == old_ip:
item.address = ip
zone.to_file(file)
self.restart()
def updateHostIp(self, host, ip):
map = self.map
record = map.get(host)
if not record:
raise j.exceptions.RuntimeError("Invalid host name")
for r in record:
file = r['file']
old_ip = r['ip']
zone = dns.zone.from_file(file, os.path.basename(file),relativize=False)
for k, v in zone.items():
for dataset in v.rdatasets:
for item in dataset.items:
if hasattr(item, 'address') and item.address == old_ip:
item.address = ip
zone.to_file(file)
self.restart()
def updateHostIp(self, host, ip):
map = self.map
record = map.get(host)
if not record:
raise j.exceptions.RuntimeError("Invalid host name")
for r in record:
file = r['file']
old_ip = r['ip']
zone = dns.zone.from_file(file,
os.path.basename(file),
relativize=False)
for k, v in zone.items():
for dataset in v.rdatasets:
for item in dataset.items:
if hasattr(item, 'address') and item.address == old_ip:
item.address = ip
zone.to_file(file)
self.restart()
def fierce(**kwargs):
resolver = dns.resolver.Resolver()
resolver = update_resolver_nameservers(resolver, kwargs['dns_servers'],
kwargs['dns_file'])
if kwargs.get("range"):
range_ips = range_expander(kwargs.get("range"))
nearby = find_nearby(
resolver,
range_ips,
)
if nearby:
print("Nearby:")
pprint.pprint(nearby)
if not kwargs.get("domain"):
return
domain = dns.name.from_text(kwargs['domain'])
if not domain.is_absolute():
domain = domain.concatenate(dns.name.root)
ns = recursive_query(resolver, domain, 'NS', tcp=kwargs["tcp"])
if ns:
domain_name_servers = [n.to_text() for n in ns]
else:
domain_name_servers = []
print("NS: {}".format(" ".join(domain_name_servers) if ns else "failure"))
soa = recursive_query(resolver,
domain,
record_type='SOA',
tcp=kwargs["tcp"])
if soa:
soa_mname = soa[0].mname
master = query(resolver, soa_mname, record_type='A', tcp=kwargs["tcp"])
master_address = master[0].address
print("SOA: {} ({})".format(soa_mname, master_address))
else:
print("SOA: failure")
fatal("Failed to lookup NS/SOA, Domain does not exist")
zone = zone_transfer(master_address, domain)
print("Zone: {}".format("success" if zone else "failure"))
if zone:
pprint.pprint({k: v.to_text(k) for k, v in zone.items()})
return
random_subdomain = str(random.randint(
1e10, 1e11)) # noqa DUO102, non-cryptographic random use
random_domain = concatenate_subdomains(domain, [random_subdomain])
wildcard = query(resolver,
random_domain,
record_type='A',
tcp=kwargs["tcp"])
wildcard_ips = set(rr.address
for rr in wildcard.rrset) if wildcard else set()
print("Wildcard: {}".format(
', '.join(wildcard_ips) if wildcard_ips else "failure"))
subdomains = get_subdomains(kwargs["subdomains"], kwargs["subdomain_file"])
filter_func = None
if kwargs.get("search"):
filter_func = functools.partial(search_filter, kwargs["search"])
expander_func = default_expander
if kwargs.get("wide"):
expander_func = wide_expander
elif kwargs.get("traverse"):
expander_func = functools.partial(traverse_expander,
n=kwargs["traverse"])
unvisited = unvisited_closure()
for subdomain in subdomains:
try:
url = concatenate_subdomains(domain, [subdomain])
except dns.exception.DNSException:
print("Error occured for subdomain: " + str(subdomain) +
". Skipping.")
continue
record = query(resolver, url, record_type='A', tcp=kwargs["tcp"])
if record is None or record.rrset is None:
continue
ips = [rr.address for rr in record.rrset]
if wildcard_ips == set(ips):
continue
ip = ipaddress.IPv4Address(ips[0])
http_connection_headers = None
if kwargs.get('connect') and not ip.is_private:
http_connection_headers = head_request(str(ip))
ips = expander_func(ip)
unvisited_ips = unvisited(ips)
nearby = find_nearby(resolver, unvisited_ips, filter_func=filter_func)
print_subdomain_result(url,
ip,
http_connection_headers=http_connection_headers,
nearby=nearby)
if kwargs.get("delay"):
time.sleep(kwargs["delay"])
def fierce(**kwargs):
resolver = dns.resolver.Resolver()
nameservers = None
if kwargs.get('dns_servers'):
nameservers = kwargs['dns_servers']
elif kwargs.get('dns_file'):
nameservers = [ns.strip() for ns in open(kwargs["dns_file"]).readlines()]
if nameservers:
resolver.nameservers = nameservers
if kwargs.get("range"):
internal_range = ipaddress.IPv4Network(kwargs.get("range"))
find_nearby(resolver, list(internal_range))
if not kwargs.get("domain"):
return
domain = dns.name.from_text(kwargs['domain'])
if not domain.is_absolute():
domain = domain.concatenate(dns.name.root)
ns = query(resolver, domain, record_type='NS')
domain_name_servers = [n.to_text() for n in ns]
print("NS: {}".format(" ".join(domain_name_servers)))
soa = query(resolver, domain, record_type='SOA')
soa_mname = soa[0].mname
master = query(resolver, soa_mname, record_type='A')
master_address = master[0].address
print("SOA: {} ({})".format(soa_mname, master_address))
zone = zone_transfer(master_address, domain)
print("Zone: {}".format("success" if zone else "failure"))
if zone:
pprint.pprint({k: v.to_text(k) for k, v in zone.items()})
return
random_subdomain = str(random.randint(1e10, 1e11))
random_domain = concatenate_subdomains(domain, [random_subdomain])
wildcard = query(resolver, random_domain, record_type='A')
print("Wildcard: {}".format("success" if wildcard else "failure"))
if kwargs.get('subdomains'):
subdomains = kwargs["subdomains"]
else:
subdomains = [sd.strip() for sd in open(kwargs["subdomain_file"]).readlines()]
visited = set()
for subdomain in subdomains:
url = concatenate_subdomains(domain, [subdomain])
record = query(resolver, url, record_type='A')
if record is None:
continue
ip = ipaddress.IPv4Address(record[0].address)
print("Found: {} ({})".format(url, ip))
if kwargs.get('connect') and not ip.is_private:
headers = head_request(str(ip))
if headers:
print("HTTP connected:")
pprint.pprint(headers)
if kwargs.get("wide"):
ips = wide_expander(ip)
elif kwargs.get("traverse"):
ips = traverse_expander(ip, kwargs["traverse"])
else:
continue
filter_func = None
if kwargs.get("search"):
filter_func = functools.partial(search_filter, kwargs["search"])
ips = set(ips) - set(visited)
visited |= ips
find_nearby(resolver, ips, filter_func=filter_func)
if kwargs.get("delay"):
time.sleep(kwargs["delay"])
def fierce(**kwargs):
resolver = dns.resolver.Resolver()
resolver = update_resolver_nameservers(resolver, kwargs['dns_servers'],
kwargs['dns_file'])
if kwargs.get("range"):
internal_range = ipaddress.IPv4Network(kwargs.get("range"))
find_nearby(resolver, list(internal_range))
if not kwargs.get("domain"):
return
domain = dns.name.from_text(kwargs['domain'])
if not domain.is_absolute():
domain = domain.concatenate(dns.name.root)
ns = recursive_query(resolver, domain, 'NS')
if ns:
domain_name_servers = [n.to_text() for n in ns]
else:
domain_name_servers = []
print("NS: {}".format(" ".join(domain_name_servers) if ns else "failure"))
soa = recursive_query(resolver, domain, record_type='SOA')
if soa:
soa_mname = soa[0].mname
master = query(resolver, soa_mname, record_type='A')
master_address = master[0].address
print("SOA: {} ({})".format(soa_mname, master_address))
else:
print("SOA: failure")
print("Failed to lookup NS/SOA, Domain does not exist")
exit(-1)
zone = zone_transfer(master_address, domain)
print("Zone: {}".format("success" if zone else "failure"))
if zone:
pprint.pprint({k: v.to_text(k) for k, v in zone.items()})
return
random_subdomain = str(random.randint(1e10, 1e11))
random_domain = concatenate_subdomains(domain, [random_subdomain])
wildcard = query(resolver, random_domain, record_type='A')
print(
"Wildcard: {}".format(wildcard[0].address if wildcard else "failure"))
subdomains = get_subdomains(kwargs["subdomains"], kwargs["subdomain_file"])
visited = set()
for subdomain in subdomains:
url = concatenate_subdomains(domain, [subdomain])
record = query(resolver, url, record_type='A')
if record is None or record.rrset is None:
continue
ip = ipaddress.IPv4Address(record[0].address)
print("Found: {} ({})".format(url, ip))
if kwargs.get('connect') and not ip.is_private:
headers = head_request(str(ip))
if headers:
print("HTTP connected:")
pprint.pprint(headers)
if kwargs.get("wide"):
ips = wide_expander(ip)
elif kwargs.get("traverse"):
ips = traverse_expander(ip, kwargs["traverse"])
else:
continue
filter_func = None
if kwargs.get("search"):
filter_func = functools.partial(search_filter, kwargs["search"])
ips = set(ips) - set(visited)
visited |= ips
find_nearby(resolver, ips, filter_func=filter_func)
if kwargs.get("delay"):
time.sleep(kwargs["delay"])
def fierce(**kwargs):
resolver = dns.resolver.Resolver()
nameservers = None
if kwargs.get('dns_servers'):
nameservers = kwargs['dns_servers']
elif kwargs.get('dns_file'):
nameservers = [ns.strip() for ns in open(kwargs["dns_file"]).readlines()]
if nameservers:
resolver.nameservers = nameservers
if kwargs.get("range"):
internal_range = ipaddress.IPv4Network(kwargs.get("range"))
find_nearby(resolver, list(internal_range))
if not kwargs.get("domain"):
return
if not kwargs.get("concurrency"):
numWorkers = 1
else:
numWorkers = kwargs.get("concurrency")
domain = dns.name.from_text(kwargs['domain'])
if not domain.is_absolute():
domain = domain.concatenate(dns.name.root)
ns = query(resolver, domain, record_type='NS')
domain_name_servers = [n.to_text() for n in ns]
print("NS: {}".format(" ".join(domain_name_servers)))
soa = query(resolver, domain, record_type='SOA')
soa_mname = soa[0].mname
master = query(resolver, soa_mname, record_type='A')
master_address = master[0].address
print("SOA: {} ({})".format(soa_mname, master_address))
zone = zone_transfer(master_address, domain)
print("Zone: {}".format("success" if zone else "failure"))
if zone:
pprint.pprint({k: v.to_text(k) for k, v in zone.items()})
return
random_subdomain = str(random.randint(1e10, 1e11))
random_domain = concatenate_subdomains(domain, [random_subdomain])
wildcard = query(resolver, random_domain, record_type='A')
print("Wildcard: {}".format("success" if wildcard else "failure"))
if kwargs.get('subdomains'):
subdomains = kwargs["subdomains"]
else:
subdomains = [sd.strip() for sd in open(kwargs["subdomain_file"]).readlines()]
visited = set()
def subdomainWorker(visited):
while True:
subdomain = subdomainQueue.get()
if type(subdomain) is int:
return
url = concatenate_subdomains(domain, [subdomain])
record = query(resolver, url, record_type='A')
if record is None:
continue
ip = ipaddress.IPv4Address(record[0].address)
print("Found: {} ({})".format(url, ip))
if kwargs.get('connect') and not ip.is_private:
headers = head_request(str(ip))
if headers:
print("HTTP connected:")
pprint.pprint(headers)
if kwargs.get("wide"):
ips = wide_expander(ip)
elif kwargs.get("traverse"):
ips = traverse_expander(ip, kwargs["traverse"])
else:
continue
filter_func = None
if kwargs.get("search"):
filter_func = functools.partial(search_filter, kwargs["search"])
ips = set(ips) - set(visited)
visited |= ips
find_nearby(resolver, ips, filter_func=filter_func)
if kwargs.get("delay"):
time.sleep(kwargs["delay"])
workers = []
subdomainQueue = Queue()
for i in range(numWorkers):
p = Process(target=subdomainWorker, args=(visited,))
workers.append(p)
p.start()
for subdomain in subdomains:
subdomainQueue.put(subdomain)
while True:
if subdomainQueue.empty():
for i in range(numWorkers):
subdomainQueue.put(50)
for worker in workers:
worker.join()
sys.exit()
def fierce(**kwargs):
resolver = dns.resolver.Resolver()
resolver = update_resolver_nameservers(
resolver,
kwargs['dns_servers'],
kwargs['dns_file']
)
if kwargs.get("range"):
range_ips = range_expander(kwargs.get("range"))
nearby = find_nearby(
resolver,
range_ips,
)
if nearby:
print("Nearby:")
pprint.pprint(nearby)
if not kwargs.get("domain"):
return
domain = dns.name.from_text(kwargs['domain'])
if not domain.is_absolute():
domain = domain.concatenate(dns.name.root)
ns = recursive_query(resolver, domain, 'NS')
if ns:
domain_name_servers = [n.to_text() for n in ns]
else:
domain_name_servers = []
print("NS: {}".format(" ".join(domain_name_servers) if ns else "failure"))
soa = recursive_query(resolver, domain, record_type='SOA')
if soa:
soa_mname = soa[0].mname
master = query(resolver, soa_mname, record_type='A')
master_address = master[0].address
print("SOA: {} ({})".format(soa_mname, master_address))
else:
print("SOA: failure")
fatal("Failed to lookup NS/SOA, Domain does not exist")
zone = zone_transfer(master_address, domain)
print("Zone: {}".format("success" if zone else "failure"))
if zone:
pprint.pprint({k: v.to_text(k) for k, v in zone.items()})
return
random_subdomain = str(random.randint(1e10, 1e11))
random_domain = concatenate_subdomains(domain, [random_subdomain])
wildcard = query(resolver, random_domain, record_type='A')
wildcard_ips = set(rr.address for rr in wildcard.rrset) if wildcard else set()
print("Wildcard: {}".format(', '.join(wildcard_ips) if wildcard_ips else "failure"))
subdomains = get_subdomains(
kwargs["subdomains"],
kwargs["subdomain_file"]
)
filter_func = None
if kwargs.get("search"):
filter_func = functools.partial(search_filter, kwargs["search"])
expander_func = default_expander
if kwargs.get("wide"):
expander_func = wide_expander
elif kwargs.get("traverse"):
expander_func = functools.partial(traverse_expander, n=kwargs["traverse"])
unvisited = unvisited_closure()
for subdomain in subdomains:
url = concatenate_subdomains(domain, [subdomain])
record = query(resolver, url, record_type='A')
if record is None or record.rrset is None:
continue
ips = [rr.address for rr in record.rrset]
if wildcard_ips == set(ips):
continue
ip = ipaddress.IPv4Address(ips[0])
http_connection_headers = None
if kwargs.get('connect') and not ip.is_private:
http_connection_headers = head_request(str(ip))
ips = expander_func(ip)
unvisited_ips = unvisited(ips)
nearby = find_nearby(
resolver,
unvisited_ips,
filter_func=filter_func
)
print_subdomain_result(
url,
ip,
http_connection_headers=http_connection_headers,
nearby=nearby
)
if kwargs.get("delay"):
time.sleep(kwargs["delay"])