metasploit-framework/modules/post/multi/gather/dns_reverse_lookup.rb

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'rex'

class MetasploitModule < Msf::Post

  def initialize(info={})
    super( update_info( info,
        'Name'          => 'Multi Gather DNS Reverse Lookup Scan',
        'Description'   => %q{
          Performs DNS reverse lookup using the OS included DNS query command.
        },
        'License'       => MSF_LICENSE,
        'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
        'Platform'      => %w{ bsd linux osx solaris win },
        'SessionTypes'  => [ 'meterpreter', 'shell' ]
      ))
    register_options(
      [

        OptAddressRange.new('RHOSTS', [true, 'IP Range to perform reverse lookup against.'])

      ], self.class)
  end

  # Run Method for when run command is issued
  def run
    iprange = datastore['RHOSTS']
    print_status("Performing DNS Reverse Lookup for IP range #{iprange}")
    iplst = []

    a = []
    ipadd = Rex::Socket::RangeWalker.new(iprange)
    numip = ipadd.num_ips
    while (iplst.length < numip)
      ipa = ipadd.next_ip
      if (not ipa)
        break
      end
      iplst << ipa
    end

    case session.platform
    when 'windows'
      cmd = "nslookup"
    when 'solaris'
      cmd = "/usr/sbin/host"
    else
      cmd = "/usr/bin/host"
    end

    while !iplst.nil? && !iplst.empty?
      1.upto session.max_threads do
        a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
          next if ip_add.nil?
          r = cmd_exec(cmd, " #{ip_add}")
          case session.platform
          when 'windows'
            if r =~ /(Name)/
              r.scan(/Name:\s*\S*\s/) do |n|
                hostname = n.split(":    ")
                print_good "\t #{ip_add} is #{hostname[1].chomp("\n")}"
                report_host({
                  :host => ip_add,
                  :name => hostname[1].strip
                  })
              end
            else
              vprint_status("#{ip_add} does not have a Reverse Lookup Record")
            end
          else
            if r !~ /not found/i
              hostname = r.scan(/domain name pointer (\S*)\./).join
              print_good "\t #{ip_add} is #{hostname}"
              report_host({
                  :host => ip_add,
                  :name => hostname.strip
                })
            else
              vprint_status("#{ip_add} does not have a Reverse Lookup Record")
            end
          end
        end
        a.map {|x| x.join }
      end
    end
  end
end
Multi Platform post module for performing DNS Reverse Lookups using the tools installed on the host and the DNS server configured on the host. git-svn-id: file:///home/svn/framework3/trunk@13899 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-12 23:26:10 +00:00			`##`
Fix up comment splats with the correct URI See the complaint on #4039. This doesn't fix that particular issue (it's somewhat unrelated), but does solve around a file parsing problem reported by @void-in 2014-10-17 16:47:33 +00:00			`# This module requires Metasploit: http://metasploit.com/download`
Redo the boilerplate / splat [SeeRM #8496] 2013-10-15 18:50:46 +00:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Multi Platform post module for performing DNS Reverse Lookups using the tools installed on the host and the DNS server configured on the host. git-svn-id: file:///home/svn/framework3/trunk@13899 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-12 23:26:10 +00:00			`##`

			`require 'msf/core'`
			`require 'rex'`

use MetasploitModule as a class name 2016-03-08 13:02:44 +00:00			`class MetasploitModule < Msf::Post`
Multi Platform post module for performing DNS Reverse Lookups using the tools installed on the host and the DNS server configured on the host. git-svn-id: file:///home/svn/framework3/trunk@13899 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-12 23:26:10 +00:00
Retab changes for PR #2304 2013-09-05 18:41:25 +00:00			`def initialize(info={})`
			`super( update_info( info,`
			`'Name' => 'Multi Gather DNS Reverse Lookup Scan',`
			`'Description' => %q{`
			`Performs DNS reverse lookup using the OS included DNS query command.`
			`},`
			`'License' => MSF_LICENSE,`
			`'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],`
Prefer Ruby style for single word collections According to the Ruby style guide, %w{} collections for arrays of single words are preferred. They're easier to type, and if you want a quick grep, they're easier to search. This change converts all Payloads to this format if there is more than one payload to choose from. It also alphabetizes the payloads, so the order can be more predictable, and for long sets, easier to scan with eyeballs. See: https://github.com/bbatsov/ruby-style-guide#collections 2013-09-24 17:33:31 +00:00			`'Platform' => %w{ bsd linux osx solaris win },`
Retab changes for PR #2304 2013-09-05 18:41:25 +00:00			`'SessionTypes' => [ 'meterpreter', 'shell' ]`
			`))`
			`register_options(`
			`[`
Multi Platform post module for performing DNS Reverse Lookups using the tools installed on the host and the DNS server configured on the host. git-svn-id: file:///home/svn/framework3/trunk@13899 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-12 23:26:10 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`OptAddressRange.new('RHOSTS', [true, 'IP Range to perform reverse lookup against.'])`
Multi Platform post module for performing DNS Reverse Lookups using the tools installed on the host and the DNS server configured on the host. git-svn-id: file:///home/svn/framework3/trunk@13899 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-12 23:26:10 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`], self.class)`
			`end`
Multi Platform post module for performing DNS Reverse Lookups using the tools installed on the host and the DNS server configured on the host. git-svn-id: file:///home/svn/framework3/trunk@13899 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-12 23:26:10 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`# Run Method for when run command is issued`
			`def run`
			`iprange = datastore['RHOSTS']`
			`print_status("Performing DNS Reverse Lookup for IP range #{iprange}")`
			`iplst = []`
Multi Platform post module for performing DNS Reverse Lookups using the tools installed on the host and the DNS server configured on the host. git-svn-id: file:///home/svn/framework3/trunk@13899 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-12 23:26:10 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`a = []`
			`ipadd = Rex::Socket::RangeWalker.new(iprange)`
			`numip = ipadd.num_ips`
			`while (iplst.length < numip)`
			`ipa = ipadd.next_ip`
			`if (not ipa)`
			`break`
			`end`
			`iplst << ipa`
			`end`
Multi Platform post module for performing DNS Reverse Lookups using the tools installed on the host and the DNS server configured on the host. git-svn-id: file:///home/svn/framework3/trunk@13899 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-12 23:26:10 +00:00
remove various session manipulation hacks since session.platform should always contain an os identifier 2016-03-18 04:26:12 +00:00			`case session.platform`
Final pass of regex -> string checks 2016-10-29 04:59:05 +00:00			`when 'windows'`
Retab modules 2013-08-30 21:28:54 +00:00			`cmd = "nslookup"`
Final pass of regex -> string checks 2016-10-29 04:59:05 +00:00			`when 'solaris'`
Retab modules 2013-08-30 21:28:54 +00:00			`cmd = "/usr/sbin/host"`
			`else`
			`cmd = "/usr/bin/host"`
			`end`
remove various session manipulation hacks since session.platform should always contain an os identifier 2016-03-18 04:26:12 +00:00
			`while !iplst.nil? && !iplst.empty?`
			`1.upto session.max_threads do`
Retab modules 2013-08-30 21:28:54 +00:00			`a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do \|ip_add\|`
			`next if ip_add.nil?`
			`r = cmd_exec(cmd, " #{ip_add}")`
remove various session manipulation hacks since session.platform should always contain an os identifier 2016-03-18 04:26:12 +00:00			`case session.platform`
Final pass of regex -> string checks 2016-10-29 04:59:05 +00:00			`when 'windows'`
Retab modules 2013-08-30 21:28:54 +00:00			`if r =~ /(Name)/`
			`r.scan(/Name:\s\S\s/) do \|n\|`
			`hostname = n.split(": ")`
			`print_good "\t #{ip_add} is #{hostname[1].chomp("\n")}"`
			`report_host({`
			`:host => ip_add,`
			`:name => hostname[1].strip`
			`})`
			`end`
			`else`
			`vprint_status("#{ip_add} does not have a Reverse Lookup Record")`
			`end`
			`else`
			`if r !~ /not found/i`
			`hostname = r.scan(/domain name pointer (\S*)\./).join`
			`print_good "\t #{ip_add} is #{hostname}"`
			`report_host({`
			`:host => ip_add,`
			`:name => hostname.strip`
			`})`
			`else`
			`vprint_status("#{ip_add} does not have a Reverse Lookup Record")`
			`end`
			`end`
			`end`
			`a.map {\|x\| x.join }`
			`end`
			`end`
			`end`
Msftidy: knocking out all those trailing spaces. Screw those guys. git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-17 03:49:49 +00:00			`end`