From 54bc9eb5354547736784aa9af9d02f71ce57c404 Mon Sep 17 00:00:00 2001 From: Marco Lux Date: Thu, 11 Jun 2015 10:14:35 +0200 Subject: [PATCH] added noresolv and domain option to find_dns,fixed a bug in the default payload --- find_dns.py | 37 ++++++++++++++++++++++++++++++------- readme.txt | 19 +++++++++++++++++++ 2 files changed, 49 insertions(+), 7 deletions(-) diff --git a/find_dns.py b/find_dns.py index aba0ece..7ffebce 100755 --- a/find_dns.py +++ b/find_dns.py @@ -21,6 +21,7 @@ import os import sys import Queue +import struct import socket import argparse import threading @@ -37,8 +38,21 @@ def openWriteFile(outfile): fw = open(outfile,'wb') return fw -def checkDNS(host): - payload = 'J\x8e\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03hotmail\x02de\x00\x00\x01\x00\x01' +def parseDomain(domain): + do = domain.split('.') + if len(do) != 2: + print '[!] Sorry, unknown domain type: %s\nExample:google.com' % (domain) + return False + tld = do[1] + tld_len = struct.pack('>B', len(tld)) + tld_sub = do[0] + tld_sub_len = struct.pack('>B', len(tld_sub)) + dom_pay = '%c%s%c%s' % (tld_sub_len,tld_sub,tld_len,tld) + return dom_pay + + + +def checkDNS(payload,host,resolv): # settimeout so recv is not block try: s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) @@ -47,16 +61,20 @@ def checkDNS(host): s.send(payload) rBuf = s.recv(1024) name = '' - try: - name = socket.gethostbyaddr(host)[0] - except socket.herror,e: - pass + # default we resolve IPs as long as -n is not choosen + if resolv: + try: + name = socket.gethostbyaddr(host)[0] + except socket.herror,e: + pass + if name == '': print '%s' % (host) data = '%s\n' % (host) else: print '%s\t(%s)' % (host,name) data = '%s\t(%s)\n' % (host,name) + rQ.put(data) except socket.error,e: # print e @@ -73,6 +91,9 @@ def run(args): if args.outfile: fw = openWriteFile(args.outfile) + + dom_pay = parseDomain(args.domain) + payload = 'J\x8e\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00%s\x00\x00\x01\x00\x01' % (dom_pay) hostList = args.hostList @@ -93,7 +114,7 @@ def run(args): while q.qsize()>0: if len(thrList) < thrCnt: - thrDns = threading.Thread(target = checkDNS, args = (q.get(),)) + thrDns = threading.Thread(target = checkDNS, args = (payload,q.get(),args.resolv)) thrDns.daemon = True thrDns.start() thrList.append(thrDns) @@ -126,6 +147,8 @@ def main(): parser.add_argument("-l",action='store',required=True,help='host list with ips',dest='hostList') parser.add_argument('-t',action='store',required=False,help='thread count', dest='thrCnt') parser.add_argument('-o',action='store',required=False,help='write found data to file', dest='outfile') + parser.add_argument('-n',action='store_false',default=True,required=False,help='do not resolve ips', dest='resolv') + parser.add_argument('-d',action='store',default='google.com',required=False,help='choose the domain for the dns request', dest='domain') args = parser.parse_args() run(args) diff --git a/readme.txt b/readme.txt index 050a8ba..a9f3328 100644 --- a/readme.txt +++ b/readme.txt @@ -64,6 +64,25 @@ IP NAME ================================================== [*] Done +Also it has some extra options now: +find_dns.py [-h] -l HOSTLIST [-t THRCNT] [-o OUTFILE] [-n] [-d DOMAIN] + +dns server finder, by dash + +optional arguments: + -h, --help show this help message and exit + -l HOSTLIST host list with ips + -t THRCNT thread count + -o OUTFILE write found data to file + -n do not resolve ips + -d DOMAIN choose the domain for the dns request + +If you do not like to resolve the ips via default 8.8.8.8 (google dns cluster) +choose -n. If you want to use a different domain being requested in the +payload use -d. Default domain is: google.com + +example: +./find_dns.py -l rIP.txt -t 100 -n -d microsoft.com Author ------