def whois(domain, server=False, depth=0):
if depth > 2:
return False
query = domain.lower()
tld = query.split('.')[-1]
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1)
# Use WHOIS_SERVERS for identified tld's, magic whois-servers.net other
if not server:
if tld in WHOIS_SERVERS:
server = WHOIS_SERVERS[tld]
else:
server = tld + ".whois-servers.net"
try:
sock.connect((server, 43))
except:
return False
# Modifiers
if tld in WHOIS_MODIFIERS_PRE and depth == 0:
query = WHOIS_MODIFIERS_PRE[tld] + query
if tld in WHOIS_MODIFIERS_POST and depth == 0:
query = query + WHOIS_MODIFIERS_POST[tld]
try:
sock.send(query + "\r\n")
response = ""
while True:
d = sock.recv(4096)
response += d
if d == '':
break
sock.close()
except:
return False
# Cleanup
output = ""
response = response.decode('utf8')
response = response.replace("\r", "")
for line in response.split("\n"):
output += line.rstrip() + "\n"
# Apply defluffing regular expressions
for fluff in WHOIS_DEFLUFF:
output = re.sub(fluff, "", output, re.DOTALL)
while output.find("\n\n\n") != -1:
output = output.replace("\n\n\n", "\n\n")
output = output.strip()
output = ("[ QUERY: %s ]\n[ WHOIS SERVER: %s ]\n\n" % (query, server)) + output
match = re.search("Whois Server: (.*)", output)
if match:
extended = whois(domain, server=match.groups()[0], depth=(depth + 1))
if extended:
output = output + "\n\n" + extended
return output
import sys
domain = str(sys.argv[1])
nslist = []
works = False
nameserver = dns.resolver.query(domain, 'NS')
print "Nameservers for %s:" % (domain)
for data in nameserver:
print data
nslist.append(str(data))
print "\nSubdomains for %s:" % (domain)
try:
for dom in nslist:
while works is not True:
zone = dns.zone.from_xfr(dns.query.xfr(dom, domain))
names = zone.nodes.keys()
names.sort()
for n in names:
query = zone[n].to_text(n)
query1 = query.split()
if query1[0] != '@': print("".join(query1[:1]) + "." + domain)
works = True
except:
print "Zone transfer failed. Requests blocked from nameservers."