def analyze(self):
if self.domain:
domain = self.domain
res = DNSDumpsterAPI(True).search(domain)
if not res:
print("No info about domain")
return
print("####### Domain #######")
print(res['domain'])
print("\n\n\n####### DNS Servers #######")
for entry in res['dns_records']['dns']:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n\n\n####### MX Records #######")
for entry in res['dns_records']['mx']:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n\n\n####### Host Records (A) #######")
for entry in res['dns_records']['host']:
if entry['reverse_dns']:
print(("{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}".format(**entry)))
else:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n\n\n####### TXT Records #######")
for entry in res['dns_records']['txt']:
print(entry)
image_retrieved = res['image_data'] is not None
print("\n\n\nRetrieved Network mapping image? {} (accessible in 'image_data')".format(image_retrieved))
print(repr(base64.b64decode(res['image_data'])[:20]) + '...')
def dns_dumpster():
from dnsdumpster.DNSDumpsterAPI import DNSDumpsterAPI
print('Gathering subdomains using DNSDumpster...')
results = DNSDumpsterAPI().search('firebaseio.com')
return [domain['domain'] for domain in results['dns_records']['host']]
def dns_dumpster(domain):
try:
res = DNSDumpsterAPI({'verbose': True}).search(domain)
aks = ['DNS Dumpster results:', '\n', str(res), '\n']
atk_log(''.join(aks))
print("[ + ] Searching for {} [ + ]".format(domain))
print("\n[ + ] DNS Servers [ + ]")
for entry in res['dns_records']['dns']:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n[ + ] MX Records [ + ]")
for entry in res['dns_records']['mx']:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n[ + ] Host Records (A) [ + ]")
for entry in res['dns_records']['host']:
if entry['reverse_dns']:
print(("{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}".format(**entry)))
else:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n[ + ] TXT Records [ + ]")
for entry in res['dns_records']['txt']:
print("{}".format(entry))
image_retrieved = res['image_data'] is not None
print("\nRetrieved Network mapping image? {} (accessible in 'image_data')".format(image_retrieved))
print(repr(base64.b64decode(res['image_data'])[:20]) + '...')
xls_retrieved = res['xls_data'] is not None
print("\nRetrieved XLS hosts? {} (accessible in 'xls_data')".format(xls_retrieved))
print(repr(base64.b64decode(res['xls_data'])[:20]) + '...')
return domain
except Exception as e:
print("{}".format(e))
return e
def dnsdumpster(room, event):
try:
aiLog(event)
args = event.body.split()
domain = args[1]
final_result = ''
res = DNSDumpsterAPI(True).search(domain)
final_result += "####### Domain #######\n"
final_result += res['domain']
final_result += "\n####### DNS Servers #######\n"
for entry in res['dns_records']['dns']:
final_result += "{domain} ({ip}) {as} {provider} {country}\n".format(
**entry)
final_result += "\n####### MX Records #######\n"
for entry in res['dns_records']['mx']:
final_result += "{domain} ({ip}) {as} {provider} {country}\n".format(
**entry)
final_result += "\n####### Host Records (A) #######\n"
for entry in res['dns_records']['host']:
if entry['reverse_dns']:
final_result += "{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}\n".format(
**entry)
else:
final_result += "{domain} ({ip}) {as} {provider} {country}\n".format(
**entry)
final_result += "\n####### TXT Records #######\n"
for entry in res['dns_records']['txt']:
final_result += entry + "\n"
except:
final_result = "No results!"
return "<pre><code>" + final_result + "</code></pre>"
def parse(domains):
subdomains = []
for d in domains:
results = DNSDumpsterAPI().search(d)
subdomains += list(set(find('domain', results['dns_records'])))
subdomains += list(set(find('reverse_dns', results['dns_records'])))
return subdomains
def dynamic_main(self, queue_dict):
"""
Main entry point for process to call.
core_serialization.SubDomain Attributes:
name: long name of method
module_name: name of the module that performed collection
source: source of the subdomain or resource of collection
module_version: version from meta
source: source of the collection
time: time the result obj was built
subdomain: subdomain to use
valid: is domain valid
:return: NONE
"""
core_args = self.json_entry['args']
task_output_queue = queue_dict['task_output_queue']
cs = core_scrub.Scrub()
data = DNSDumpsterAPI().search(str(core_args.DOMAIN))
for d in data['dns_records']['host']:
cs.subdomain = d['domain']
# check if domain name is valid
valid = cs.validate_domain()
# build the SubDomain Object to pass
sub_obj = core_serialization.SubDomain(self.info["Name"],
self.info["Module"],
self.options['url'],
self.info["Version"],
time.time(), d['domain'],
valid)
# populate queue with return data object
task_output_queue.put(sub_obj)
def dnsdumpster_query(self, host):
res = DNSDumpsterAPI().search(host)
for i in res['host']:
sub = URL("http://" + i['domain'] + "/")
if not self._callbacks.isInScope(sub):
print "Adding %s to Burp Scope" % sub
self._callbacks.includeInScope(sub)
return
def main():
args = get_args()
results_file = args.output_file
res_file = open(results_file, "a")
domains = open(args.domains_file).read().splitlines()
for d in domains:
res = DNSDumpsterAPI(True).search(d)
if len(res) > 1:
for entry in res['dns_records']['host']:
val = entry['domain']
print("%s" % val)
res_file.write(val+"\n")
def dns_lookup(domain):
print("\n[*] Performing DNS lookup\n")
result = DNSDumpsterAPI().search(domain)
for record in result['dns_records']:
print("\n" + str(record).upper())
for r in result['dns_records'][record]:
if 'domain' in r and type(r) is dict:
print("[+] %s : %s" % (r['domain'], r['ip']))
# Account for txt records
else:
print(r)
return result
async def dnsDumpster(self, ctx, domain=None):
if domain is None:
print('\n[LOGS] Must enter a domain to scan')
await ctx.send('Must enter a domain to scan')
else:
print(f'\n[LOGS] Using dnsDumpster on {domain}')
res = DNSDumpsterAPI(True).search(domain)
print("\nDNS Servers ")
await ctx.send("DNS Servers")
for entry in res['dns_records']['dns']:
print(("{domain} ({ip}) {as} {provider} {country}".format(
**entry)))
await ctx.send(
("{domain} ({ip}) {as} {provider} {country}".format(
**entry)))
print("\nMX Records")
await ctx.send("\nMX Records")
for entry in res['dns_records']['mx']:
print(("{domain} ({ip}) {as} {provider} {country}".format(
**entry)))
await ctx.send(
("{domain} ({ip}) {as} {provider} {country}".format(
**entry)))
print("\nHost Records (A)")
await ctx.send("\n Host Records (A)")
for entry in res['dns_records']['host']:
if entry['reverse_dns']:
print((
"{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}"
.format(**entry)))
await ctx.send((
"{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}"
.format(**entry)))
else:
print(("{domain} ({ip}) {as} {provider} {country}".format(
**entry)))
await ctx.send(
("{domain} ({ip}) {as} {provider} {country}".format(
**entry)))
lookup.get_image(domain)
full_result_path = os.path.join(output_directory, 'result.png')
file = discord.File(full_result_path, filename=full_result_path)
await ctx.send("", file=file)
os.remove(full_result_path)
def dumpster(target):
try:
domain = target
print("\n\n\n[+] DNS Dumpster Enumeration Started ")
print("[+] This takes some time but its worth it.")
res = DNSDumpsterAPI(True).search(domain)
for entry in res['dns_records']['host']:
if entry['reverse_dns']:
print((
"{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}"
.format(**entry)))
else:
print(("{domain} ({ip}) {as} {provider} {country}".format(
**entry)))
print " [+] Dns-Dumpster Enumeration Completed \n"
except:
print "Some Error Occured :("
def parse(domains):
"""
This function performs a request to dnsdumpster and after having
parsed its output returns a cleaned list of unique domains
Args:
domains -- the list of input domain to query
Returns:
a cleaned list of unique subdomains obtained after querying dnsdumpster
"""
subdomains = []
for domain in domains:
results = DNSDumpsterAPI().search(domain)
subdomains += list(set(find('domain', results['dns_records'])))
subdomains += list(set(find('reverse_dns', results['dns_records'])))
return subdomains
def subdomain_tracking(domain):
print(Fore.YELLOW + Style.BRIGHT +
"Tracking subdomains and MX records...\n")
ip_takes = []
res = DNSDumpsterAPI(False).search(domain)
if res['dns_records']['host']:
print(Fore.BLUE + "[*] " + Fore.RESET + "Subdomains:")
for entry in res['dns_records']['host']:
print(Fore.GREEN + " [+] " + Fore.RESET +
"{ip}".format(**entry) + " from: " +
"{domain}".format(**entry))
if res['dns_records']['mx']:
print(Fore.BLUE + "[*] " + Fore.RESET + "MX Records:")
for entry in res['dns_records']['mx']:
print(Fore.GREEN + " [+] " + Fore.RESET +
"{ip}".format(**entry) + " from: " +
"{domain}".format(**entry))
print(Fore.BLUE + "\n[*]" + Fore.RESET +
"Enumerating misconfigured DNS subdomains:")
try:
for entry in res['dns_records']['host']:
provider = str(entry['provider'])
ip = str(entry['ip'])
if "Cloudflare" not in provider and ip not in ip:
ip_takes.append('{ip}'.format(**entry))
print(Fore.GREEN + " [+] " + Fore.RESET +
"{ip}".format(**entry) + " from: " +
"{domain}".format(**entry))
for entry in res['dns_records']['mx']:
provider = str(entry['provider'])
ip = str(entry['ip'])
if "Cloudflare" not in provider and ip not in ip_takes:
ip_takes.append('{ip}'.format(**entry))
print(Fore.GREEN + " [+] " + Fore.RESET +
"{ip}".format(**entry) + " from: " +
"{domain}".format(**entry))
except:
print(Fore.RED + " [-]" + Fore.RESET +
" All IPs belong to the Cloudflare Network")
exit(1)
if ip_takes != None:
with open('vulnsubdomain.txt', 'w') as file:
ip_takes = map(str, ip_takes)
line = "\n".join(ip_takes)
file.write(line)
def dnsDumpster(self, domain, parentDomain):
result = []
try:
dnsDumpster = DNSDumpsterAPI().search(domain)
# Get domains from all types of records
for subdomain in dnsDumpster["dns_records"]["host"]:
if domain in subdomain["domain"]:
result.append(
Domain(None, subdomain["domain"], parentDomain,
subdomain.get("ip", None)))
except Exception as e:
# Log exceptions
self.callback.exception(e)
# Send results to RedOps
if len(result) > 0:
self.callback.update(result)
def GetSubdomains(basedomain):
VirusTotalURL = 'https://www.virustotal.com/vtapi/v2/domain/report'
list_unique = []
subdomains = []
#DNSDumpster
try:
res = DNSDumpsterAPI().search(basedomain)
for host in res['dns_records']['host']:
subdomains.append(host['domain'])
except:
pass
#VT
try:
params = {'apikey': virustotalApi, 'domain': basedomain}
response = requests.get(VirusTotalURL, params=params)
data = response.json()
for subdom in data['subdomains']:
subdomains.append(subdom)
except:
pass
#crt.sh
try:
crtshbase = "https://crt.sh/?q=%."
url = crtshbase + basedomain
response = requests.get(crtshbase + basedomain)
data = response.content
for cert, domain in re.findall(
'<tr>(?:\s|\S)*?href="\?id=([0-9]+?)"(?:\s|\S)*?<td>([*_a-zA-Z0-9.-]+?\.'
+ re.escape(basedomain) + ')</td>(?:\s|\S)*?</tr>', str(data),
re.IGNORECASE):
domain = domain.split('@')[-1]
subdomains.append(domain)
except:
pass
list_unique = set(subdomains)
print("\033[1;33m [!] " + str(len(list_unique)) + " Subdomains found")
return list_unique
def run(target):
global existed_subdomain
existed_subdomain = []
print("\n\n\033[0;37;41m *Find Subdomain :\033[0m", target)
json_data = {'dns': [], 'mx': [], 'host': []}
scheme = 'http'
if 'http' in target:
parser = urlparse(target)
target = parser.netloc
scheme = parser.scheme
filename = target
target = '.'.join(target.split('.')[1:])
print(target)
try:
results = DNSDumpsterAPI().search(target)
if not type(results) == list:
json_data = results['dns_records']
else:
print("\033[1;31;40m\t+Notfound\033[0m")
if len(json_data['host']) < 2:
bruteforce(scheme, target)
for domain in existed_subdomain:
netloc = urlparse(domain).netloc
exist = False
for domain in json_data['host']:
if netloc == domain['domain']:
exist = True
if not exist:
tmp = {}
tmp['domain'] = netloc
tmp['ip'] = socket.gethostbyname(netloc)
tmp['country'] = ''
tmp['provider'] = ''
tmp['reverse_dns'] = ''
tmp['as'] = ''
json_data['host'].append(tmp)
json_data = findomain(filename, json_data)
print(json_data)
print("\033[0;37;42m+Find Subdomain completed\033[0m")
return json_data
except Exception as error:
print("\033[1;31;40m\t\t+Error: ", error, "\033[0m")
return json_data
def dnsdumpster(target):
print(Fore.CYAN + "Testing for misconfigured DNS using dnsdumpster...")
res = DNSDumpsterAPI(False).search(target)
if res['dns_records']['host']:
for entry in res['dns_records']['host']:
provider = str(entry['provider'])
if "Cloudflare" not in provider:
print(Style.BRIGHT + Fore.WHITE + "[FOUND:HOST] " + Fore.GREEN + "{domain} {ip} {as} {provider} {country}".format(**entry))
if res['dns_records']['dns']:
for entry in res['dns_records']['dns']:
provider = str(entry['provider'])
if "Cloudflare" not in provider:
print(Style.BRIGHT + Fore.WHITE + "[FOUND:DNS] " + Fore.GREEN + "{domain} {ip} {as} {provider} {country}".format(**entry))
if res['dns_records']['mx']:
for entry in res['dns_records']['mx']:
provider = str(entry['provider'])
if "Cloudflare" not in provider:
print(Style.BRIGHT + Fore.WHITE + "[FOUND:MX] " + Fore.GREEN + "{ip} {as} {provider} {domain}".format(**entry))
def do_dump(domain):
print('Testing... : {}'.format(domain))
res = DNSDumpsterAPI(False).search(domain)
print("\n---- Domain ----\n")
print(res['domain'])
print("\n---- DNS Servers ----\n")
for entry in res['dns_records']['dns']:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n---- MX Records ----\n")
for entry in res['dns_records']['mx']:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n---- Host Records (A) ----\n")
for entry in res['dns_records']['host']:
if entry['reverse_dns']:
print(("{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}".
format(**entry)))
else:
print(("{domain} ({ip}) {as} {provider} {country}".format(
**entry)))
print("\n---- TXT Records ----\n")
for entry in res['dns_records']['txt']:
print(entry)
map_out = "output/" + domain + "_dnsdump.png"
open(map_out, 'wb').write(res['image_data'].decode('base64'))
print "\nMap wurde gespeichert in: \n\n - %s" % map_out
print "\n"
import pprint
from dnsdumpster.DNSDumpsterAPI import DNSDumpsterAPI
#pip install dnsdumpster --user
pp = pprint.PrettyPrinter(indent=4)
results = DNSDumpsterAPI().search('microsoft.com')
pp.pprint(results)
domain = arg
elif opt in('-h', '--help'):
print("\nVersion 0.1 made by Maxence Z & Naïm G\n")
print("Idea of this Script is to be run in a company environment")
print("goals is to scan for subs and perform a vulnscan throught Nikto\n")
print("Exemple of Usage :")
print("\tpython " + filename + " -u example.com")
sys.exit(0)
else:
sys.exit(0)
print("\n[*] Running DNS-Dumpster API (PaulSec)..\n")
results_json = DNSDumpsterAPI().search(domain)
print("\n[=] Subdomains found :\n")
subs = []
for result in results_json['dns_records']:
print(result)
for result in results_json['dns_records']['host']:
subs.append(result['domain'])
print(result['domain'])
print("\n\n[*] Running WAScan (m4ll0k)..\n")
if not os.path.exists(dir_out):
os.makedirs(dir_out)
response = response.content
response = json.loads(response)
for id in response["matches"]:
host = (id["http"]["host"])
# print ("host\t: "+host)
port = (id["port"])
# print ("port\t: "+str(port))
try:
chiper = (id["ssl"]["cipher"]["version"])
# print ("ssl chiper\t: "+chiper)
except:
pass
#DNS DUMPSTER
results = DNSDumpsterAPI().search(target)
domain = results["domain"]
results = results["dns_records"]
data =[]
for id in results["host"]:
item ={"subdomain":id["domain"],
"ip address" :id["ip"]}
data.append(item)
jsonData=data
#SecurityTrails
url = "https://api.securitytrails.com/v1/domain/"+target
url_sub = "https://api.securitytrails.com/v1/domain/"+target+"/subdomains"
querystring = {"apikey":"589MZT3zFGjUUuAyR4ZkvbwqcxUgTXKl"}
def test_answer():
domain = 'uber.com'
res = DNSDumpsterAPI(True).search(domain)
assert len(res['dns_records']['host']) > 0
#!env python
# -*- coding: utf-8 -*-
from dnsdumpster.DNSDumpsterAPI import DNSDumpsterAPI
import base64
res = DNSDumpsterAPI(False).search('tsebo.com')
print("####### Domain #######")
print(res['domain'])
print("\n\n\n####### DNS Servers #######")
for entry in res['dns_records']['dns']:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n\n\n####### MX Records #######")
for entry in res['dns_records']['mx']:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n\n\n####### Host Records (A) #######")
for entry in res['dns_records']['host']:
if entry['reverse_dns']:
print((
"{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}".format(
**entry)))
else:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n\n\n####### TXT Records #######")
for entry in res['dns_records']['txt']:
print(entry)
def dnsdumpster():
results = DNSDumpsterAPI().search('firebaseio.com')
return [domain['domain'] for domain in results['dns_records']['host']]
def find_subdomains(domain):
results = DNSDumpsterAPI({'verbose': True}).search(domain)
subdomains = [domain_details(domain)]
if len(results) > 0:
subdomains.extend(results['dns_records']['host'])
return subdomains
def scan_dnsdumpster(self, domain_name):
results = DNSDumpsterAPI().search(domain_name)
return results
#!/usr/bin/python2
from dnsdumpster.DNSDumpsterAPI import DNSDumpsterAPI
# User enters the domain to query for and stores results in respective variable
results = DNSDumpsterAPI({'verbose': True}).search(raw_input('DNSdumpster > '))
# Iterator
num = 0
# Little print function here
print "\n" + "= " * 17
print "\t sub domains"
print "= " * 17 + '\n'
# lists all of the returned hosts for dns records
subs = results['dns_records']['host']
# Number how DNS records returned
x = len(subs)
print "[+] Sub-domains Found: " + str(x)
# For each result inside the dns_records, print the domain
for e in subs:
print "[" + str(num + 1) + "]" + " Returned Domain "
print "- " * 10 + "\n"
print "[+] Domain: " + results['dns_records']['host'][num]['domain']
print "[+] IP Address: " + results['dns_records']['host'][num]['ip']
print "[+] Header: " + results['dns_records']['host'][num]['header']
print "[+] Country: " + results['dns_records']['host'][num]['country']
#!env python
# -*- coding: utf-8 -*-
from dnsdumpster.DNSDumpsterAPI import DNSDumpsterAPI
import base64
domain = 'uber.com'
print('Testing... : {}'.format(domain))
res = DNSDumpsterAPI(True).search(domain)
print("####### Domain #######")
print(res['domain'])
print("\n\n\n####### DNS Servers #######")
for entry in res['dns_records']['dns']:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n\n\n####### MX Records #######")
for entry in res['dns_records']['mx']:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
print("\n\n\n####### Host Records (A) #######")
for entry in res['dns_records']['host']:
if entry['reverse_dns']:
print((
"{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}".format(
**entry)))
else:
print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
async def root(hostUrl: str):
dnsRecords = []
mxRecords = []
hostRecords = []
technologyFound = []
txtRecords = []
allRecords = []
if hostUrl == None:
raise HTTPException(
status_code=404,
detail=
"Please pass a host url in the query string. 'hostUrl url parameter missing."
)
res = DNSDumpsterAPI().search(hostUrl)
### Build return object
for entry in res['dns_records']['dns']:
dns = {
"dns": "{domain} ({ip}) {as} {provider} {country}".format(**entry)
}
dnsRecords.append(dns)
for entry in res['dns_records']['mx']:
mx = {
"mx": "{domain} ({ip}) {as} {provider} {country}".format(**entry)
}
mxRecords.append(mx)
for entry in res['dns_records']['host']:
if entry['reverse_dns']:
host = {
"host":
"{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}".
format(**entry)
}
hostRecords.append(host)
else:
host = {
"host":
"{domain} ({ip}) {as} {provider} {country}".format(**entry)
}
hostRecords.append(host)
for entry in res['dns_records']['host']:
if entry['header']:
tech = {"tech": "{domain} {header}".format(**entry)}
technologyFound.append(tech)
for entry in res['dns_records']['txt']:
txt = {"txt": entry}
txtRecords.append(txt)
returnObj = {
'dnsRecords': dnsRecords,
'mxRecords': mxRecords,
'hostRecords': hostRecords,
'techFound': technologyFound,
'txtRecords': txtRecords
}
return str(returnObj)
input_location = sys.argv[2]
parser = argparse.ArgumentParser()
parser.add_argument("-d", required=True)
print(
bcolors.BITALIC +
"**********************************************************Testing for DNS records**************************************************"
)
if (os.path.exists(input_location) == True):
file = open(input_location, "r")
lines = file.readlines()
for te in lines:
domain = te.strip()
print("Domain that you want to searched", domain)
Domain_Search = DNSDumpsterAPI(True).search(domain)
print('\nDomain Name:', Domain_Search['domain'])
print('\n***********DNS Records******************')
for detail in Domain_Search['dns_records']['dns']:
print(detail)
print('\n**********MX Records********************')
for detail in Domain_Search['dns_records']['mx']:
print(detail)
print('\n*********HOST Records*******************')
for detail in Domain_Search['dns_records']['host']:
print(detail)
print('\n*********TXT Records********************')