infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Style fixes for enum_dns.rb 

* Use a dotted.notation for note types
  * Changed title to something more descriptive
  * Expanded description
  * Other trivial changes
unstable
Tod Beardsley 2012-03-26 16:08:39 -05:00
parent ef0ce1c10d
commit dc6f76eb20
1 changed files with 32 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
modules/auxiliary/gather/enum_dns.rb
View File

@ -17,10 +17,13 @@ class Metasploit3 < Msf::Auxiliary
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'DNS Enumeration Module', 'Name' => 'DNS Record Scanner and Enumerator ',
'Description' => %q{ 'Description' => %q{
This module can be used to enumerate various types of information This module can be used to enumerate various types of information
about a domain from a specific DNS server. about a domain from a specific DNS server by performing various
DNS queries such as zone transfers, reverse lookups, SRV record
bruteforcing, and other techniques.
}, },
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>' ], 'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>' ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
@ -35,17 +38,17 @@ class Metasploit3 < Msf::Auxiliary
register_options( register_options(
[ [
OptString.new('DOMAIN', [ true, "The target domain name"]), OptString.new('DOMAIN', [ true, "The target domain name"]),
OptBool.new('ENUM_AXFR', [ true, 'Initiate a zone Transfer against each NS record', true]), OptBool.new('ENUM_AXFR', [ true, 'Initiate a zone transfer against each NS record', true]),
OptBool.new('ENUM_TLD', [ true, 'Perform a top-level domain expansion by replacing TLD and testing against IANA TLD list', false]), OptBool.new('ENUM_TLD', [ true, 'Perform a top-level domain expansion by replacing the TLD and testing against IANA TLD list', false]),
OptBool.new('ENUM_STD', [ true, 'Enumerate standard record types (A,MX,NS,TXT and SOA)', true]), OptBool.new('ENUM_STD', [ true, 'Enumerate standard record types (A,MX,NS,TXT and SOA)', true]),
OptBool.new('ENUM_BRT', [ true, 'Brute force subdomains and hostnames via wordlist', false]), OptBool.new('ENUM_BRT', [ true, 'Brute force subdomains and hostnames via the supplied wordlist', false]),
OptBool.new('ENUM_IP6', [ true, 'Brute force hosts with IPv6 AAAA records',false]), OptBool.new('ENUM_IP6', [ true, 'Brute force hosts with IPv6 AAAA records',false]),
OptBool.new('ENUM_RVL', [ true, 'Reverse lookup a range of IP addresses', false]), OptBool.new('ENUM_RVL', [ true, 'Reverse lookup a range of IP addresses', false]),
OptBool.new('ENUM_SRV', [ true, 'Enumerate the most common SRV records', true]), OptBool.new('ENUM_SRV', [ true, 'Enumerate the most common SRV records', true]),
OptPath.new('WORDLIST', [ false, "Wordlist file for domain name brute force.", File.join(Msf::Config.install_root, "data", "wordlists", "namelist.txt")]), OptPath.new('WORDLIST', [ false, "Wordlist for domain name bruteforcing", ::File.join(Msf::Config.install_root, "data", "wordlists", "namelist.txt")]),
OptAddress.new('NS', [ false, "Specify the nameserver to use for queries, otherwise use the system DNS" ]), OptAddress.new('NS', [ false, "Specify the nameserver to use for queries (default is system DNS)" ]),
OptAddressRange.new('IPRANGE', [false, "The target address range or CIDR identifier"]), OptAddressRange.new('IPRANGE', [false, "The target address range or CIDR identifier"]),
OptBool.new('STOP_WLDCRD', [ true, 'Stops Brute Force Enumeration if wildcard resolution is detected', false]) OptBool.new('STOP_WLDCRD', [ true, 'Stops bruteforce enumeration if wildcard resolution is detected', false])
], self.class) ], self.class)
register_advanced_options( register_advanced_options(
@ -101,7 +104,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.address.to_s},#{target},A") :data => "#{rr.address.to_s},#{target},A")
end end
end end
@ -116,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{ip.address.to_s},#{rr.mname},SOA") :data => "#{ip.address.to_s},#{rr.mname},SOA")
end end
end end
@ -134,7 +137,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{ip.address.to_s},#{rr.nsdname},NS") :data => "#{ip.address.to_s},#{rr.nsdname},NS")
end end
end end
@ -148,7 +151,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.exchange},MX") :data => "#{rr.exchange},MX")
end end
end end
@ -160,7 +163,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.txt},TXT") :data => "#{rr.txt},TXT")
end end
end end
@ -172,7 +175,6 @@ class Metasploit3 < Msf::Auxiliary
if not nssrv.nil? if not nssrv.nil?
@res.nameserver=(nssrv) @res.nameserver=(nssrv)
end end
print_status("Performing Top Level Domain Expansion")
i, a = 0, [] i, a = 0, []
tlds = [ tlds = [
"com", "org", "net", "edu", "mil", "gov", "uk", "af", "al", "dz", "com", "org", "net", "edu", "mil", "gov", "uk", "af", "al", "dz",
@ -199,6 +201,7 @@ class Metasploit3 < Msf::Auxiliary
"ug", "ua", "ae", "gb", "us", "um", "uy", "uz", "vu", "ve", "vn", "ug", "ua", "ae", "gb", "us", "um", "uy", "uz", "vu", "ve", "vn",
"vg", "vi", "wf", "eh", "ye", "yu", "za", "zr", "zm", "zw", "int", "vg", "vi", "wf", "eh", "ye", "yu", "za", "zr", "zm", "zw", "int",
"gs", "info", "biz", "su", "name", "coop", "aero" ] "gs", "info", "biz", "su", "name", "coop", "aero" ]
print_status("Performing Top Level Domain expansion using #{tlds.size} TLDs")
tlds.each do |tld| tlds.each do |tld|
query1 = @res.search("#{target}.#{tld}") query1 = @res.search("#{target}.#{tld}")
@ -209,7 +212,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53, :port => 53,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.address.to_s},#{target}.#{tld},A") if rr.class == Net::DNS::RR::A :data => "#{rr.address.to_s},#{target}.#{tld},A") if rr.class == Net::DNS::RR::A
end end
end end
@ -235,7 +238,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.address.to_s},#{line.chomp}.#{target},A") :data => "#{rr.address.to_s},#{line.chomp}.#{target},A")
next unless rr.class == Net::DNS::RR::CNAME next unless rr.class == Net::DNS::RR::CNAME
end end
@ -263,7 +266,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.address.to_s},#{line.chomp}.#{target},AAAA") :data => "#{rr.address.to_s},#{line.chomp}.#{target},AAAA")
next unless rr.class == Net::DNS::RR::CNAME next unless rr.class == Net::DNS::RR::CNAME
end end
@ -297,7 +300,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{addresstp},#{tip},A") :data => "#{addresstp},#{tip},A")
end end
rescue ::Interrupt rescue ::Interrupt
@ -370,7 +373,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "Zone Transfer Successful") :data => "Zone Transfer Successful")
#Prints each record according to its type #Prints each record according to its type
zone.answer.each do |rr| zone.answer.each do |rr|
@ -381,7 +384,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.address.to_s},#{rr.name},A") :data => "#{rr.address.to_s},#{rr.name},A")
when "SOA" when "SOA"
print_status("Name: #{rr.mname} Record: SOA") print_status("Name: #{rr.mname} Record: SOA")
@ -389,7 +392,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.name},SOA") :data => "#{rr.name},SOA")
when "MX" when "MX"
print_status("Name: #{rr.exchange} Preference: #{rr.preference} Record: MX") print_status("Name: #{rr.exchange} Preference: #{rr.preference} Record: MX")
@ -397,7 +400,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.exchange},MX") :data => "#{rr.exchange},MX")
when "CNAME" when "CNAME"
print_status("Name: #{rr.cname} Record: CNAME") print_status("Name: #{rr.cname} Record: CNAME")
@ -405,7 +408,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.cname},CNAME") :data => "#{rr.cname},CNAME")
when "HINFO" when "HINFO"
print_status("CPU: #{rr.cpu} OS: #{rr.os} Record: HINFO") print_status("CPU: #{rr.cpu} OS: #{rr.os} Record: HINFO")
@ -413,7 +416,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "CPU:#{rr.cpu},OS:#{rr.os},HINFO") :data => "CPU:#{rr.cpu},OS:#{rr.os},HINFO")
when "AAAA" when "AAAA"
print_status("IPv6 Address: #{rr.address} Record: AAAA") print_status("IPv6 Address: #{rr.address} Record: AAAA")
@ -421,7 +424,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.address.to_s}, AAAA") :data => "#{rr.address.to_s}, AAAA")
when "NS" when "NS"
print_status("Name: #{rr.nsdname} Record: NS") print_status("Name: #{rr.nsdname} Record: NS")
@ -429,7 +432,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.nsdname},NS") :data => "#{rr.nsdname},NS")
when "TXT" when "TXT"
print_status("Text: #{rr.txt} Record: TXT") print_status("Text: #{rr.txt} Record: TXT")
@ -437,7 +440,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.txt},TXT") :data => "#{rr.txt},TXT")
when "SRV" when "SRV"
print_status("Host: #{rr.host} Port: #{rr.port} Priority: #{rr.priority} Record: SRV") print_status("Host: #{rr.host} Port: #{rr.port} Priority: #{rr.priority} Record: SRV")
@ -445,7 +448,7 @@ class Metasploit3 < Msf::Auxiliary
:proto => 'udp', :proto => 'udp',
:sname => 'dns', :sname => 'dns',
:port => 53 , :port => 53 ,
:type => 'DNS_ENUM', :type => 'dns.enum',
:data => "#{rr.host},#{rr.port},#{rr.priority},SRV") :data => "#{rr.host},#{rr.port},#{rr.priority},SRV")
end end
end end