added noresolv and domain option to find_dns,fixed a bug in the default payload
This commit is contained in:
Marco Lux
37
find_dns.py
37
find_dns.py
@@ -21,6 +21,7 @@
|
|||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import Queue
|
import Queue
|
||||||
|
import struct
|
||||||
import socket
|
import socket
|
||||||
import argparse
|
import argparse
|
||||||
import threading
|
import threading
|
||||||
@@ -37,8 +38,21 @@ def openWriteFile(outfile):
|
|||||||
fw = open(outfile,'wb')
|
fw = open(outfile,'wb')
|
||||||
return fw
|
return fw
|
||||||
|
|
||||||
def checkDNS(host):
|
def parseDomain(domain):
|
||||||
payload = 'J\x8e\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03hotmail\x02de\x00\x00\x01\x00\x01'
|
do = domain.split('.')
|
||||||
|
if len(do) != 2:
|
||||||
|
print '[!] Sorry, unknown domain type: %s\nExample:google.com' % (domain)
|
||||||
|
return False
|
||||||
|
tld = do[1]
|
||||||
|
tld_len = struct.pack('>B', len(tld))
|
||||||
|
tld_sub = do[0]
|
||||||
|
tld_sub_len = struct.pack('>B', len(tld_sub))
|
||||||
|
dom_pay = '%c%s%c%s' % (tld_sub_len,tld_sub,tld_len,tld)
|
||||||
|
return dom_pay
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
def checkDNS(payload,host,resolv):
|
||||||
# settimeout so recv is not block
|
# settimeout so recv is not block
|
||||||
try:
|
try:
|
||||||
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||||
@@ -47,16 +61,20 @@ def checkDNS(host):
|
|||||||
s.send(payload)
|
s.send(payload)
|
||||||
rBuf = s.recv(1024)
|
rBuf = s.recv(1024)
|
||||||
name = ''
|
name = ''
|
||||||
try:
|
# default we resolve IPs as long as -n is not choosen
|
||||||
name = socket.gethostbyaddr(host)[0]
|
if resolv:
|
||||||
except socket.herror,e:
|
try:
|
||||||
pass
|
name = socket.gethostbyaddr(host)[0]
|
||||||
|
except socket.herror,e:
|
||||||
|
pass
|
||||||
|
|
||||||
if name == '':
|
if name == '':
|
||||||
print '%s' % (host)
|
print '%s' % (host)
|
||||||
data = '%s\n' % (host)
|
data = '%s\n' % (host)
|
||||||
else:
|
else:
|
||||||
print '%s\t(%s)' % (host,name)
|
print '%s\t(%s)' % (host,name)
|
||||||
data = '%s\t(%s)\n' % (host,name)
|
data = '%s\t(%s)\n' % (host,name)
|
||||||
|
|
||||||
rQ.put(data)
|
rQ.put(data)
|
||||||
except socket.error,e:
|
except socket.error,e:
|
||||||
# print e
|
# print e
|
||||||
@@ -73,6 +91,9 @@ def run(args):
|
|||||||
|
|
||||||
if args.outfile:
|
if args.outfile:
|
||||||
fw = openWriteFile(args.outfile)
|
fw = openWriteFile(args.outfile)
|
||||||
|
|
||||||
|
dom_pay = parseDomain(args.domain)
|
||||||
|
payload = 'J\x8e\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00%s\x00\x00\x01\x00\x01' % (dom_pay)
|
||||||
|
|
||||||
hostList = args.hostList
|
hostList = args.hostList
|
||||||
|
|
||||||
@@ -93,7 +114,7 @@ def run(args):
|
|||||||
while q.qsize()>0:
|
while q.qsize()>0:
|
||||||
|
|
||||||
if len(thrList) < thrCnt:
|
if len(thrList) < thrCnt:
|
||||||
thrDns = threading.Thread(target = checkDNS, args = (q.get(),))
|
thrDns = threading.Thread(target = checkDNS, args = (payload,q.get(),args.resolv))
|
||||||
thrDns.daemon = True
|
thrDns.daemon = True
|
||||||
thrDns.start()
|
thrDns.start()
|
||||||
thrList.append(thrDns)
|
thrList.append(thrDns)
|
||||||
@@ -126,6 +147,8 @@ def main():
|
|||||||
parser.add_argument("-l",action='store',required=True,help='host list with ips',dest='hostList')
|
parser.add_argument("-l",action='store',required=True,help='host list with ips',dest='hostList')
|
||||||
parser.add_argument('-t',action='store',required=False,help='thread count', dest='thrCnt')
|
parser.add_argument('-t',action='store',required=False,help='thread count', dest='thrCnt')
|
||||||
parser.add_argument('-o',action='store',required=False,help='write found data to file', dest='outfile')
|
parser.add_argument('-o',action='store',required=False,help='write found data to file', dest='outfile')
|
||||||
|
parser.add_argument('-n',action='store_false',default=True,required=False,help='do not resolve ips', dest='resolv')
|
||||||
|
parser.add_argument('-d',action='store',default='google.com',required=False,help='choose the domain for the dns request', dest='domain')
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
run(args)
|
run(args)
|
||||||
|
|
||||||
|
|||||||
19
readme.txt
19
readme.txt
@@ -64,6 +64,25 @@ IP NAME
|
|||||||
==================================================
|
==================================================
|
||||||
[*] Done
|
[*] Done
|
||||||
|
|
||||||
|
Also it has some extra options now:
|
||||||
|
find_dns.py [-h] -l HOSTLIST [-t THRCNT] [-o OUTFILE] [-n] [-d DOMAIN]
|
||||||
|
|
||||||
|
dns server finder, by dash
|
||||||
|
|
||||||
|
optional arguments:
|
||||||
|
-h, --help show this help message and exit
|
||||||
|
-l HOSTLIST host list with ips
|
||||||
|
-t THRCNT thread count
|
||||||
|
-o OUTFILE write found data to file
|
||||||
|
-n do not resolve ips
|
||||||
|
-d DOMAIN choose the domain for the dns request
|
||||||
|
|
||||||
|
If you do not like to resolve the ips via default 8.8.8.8 (google dns cluster)
|
||||||
|
choose -n. If you want to use a different domain being requested in the
|
||||||
|
payload use -d. Default domain is: google.com
|
||||||
|
|
||||||
|
example:
|
||||||
|
./find_dns.py -l rIP.txt -t 100 -n -d microsoft.com
|
||||||
|
|
||||||
Author
|
Author
|
||||||
------
|
------
|
||||||
|
|||||||
Reference in New Issue
Block a user