API tools faq
paste
Advertisement
nexonsupport

DNS Amp Scanner

nexonsupport
Nov 17th, 2016
154
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.78 KB | None | 0 0
raw download clone embed print report
  1. //Made by: @BDKJermaine | @LulzSecRB | @AnarchismSquad
  2.  
  3. #include <pthread.h>
  4. #include <unistd.h>
  5. #include <stdio.h>
  6. #include <stdlib.h>
  7. #include <string.h>
  8. #include <sys/socket.h>
  9. #include <netinet/in.h>
  10. #include <signal.h>
  11. #include <sys/time.h>
  12. #include <sys/types.h>
  13. #include <math.h>
  14. #include <stropts.h>
  15. #include <ctype.h>
  16. #include <errno.h>
  17. #include <arpa/inet.h>
  18. #include <netinet/ip.h>
  19. #include <netinet/udp.h>
  20.  
  21. struct DNS_HEADER
  22. {
  23. unsigned short id; // identification number
  24.  
  25. unsigned char rd :1; // recursion desired
  26. unsigned char tc :1; // truncated message
  27. unsigned char aa :1; // authoritive answer
  28. unsigned char opcode :4; // purpose of message
  29. unsigned char qr :1; // query/response flag
  30.  
  31. unsigned char rcode :4; // response code
  32. unsigned char cd :1; // checking disabled
  33. unsigned char ad :1; // authenticated data
  34. unsigned char z :1; // its z! reserved
  35. unsigned char ra :1; // recursion available
  36.  
  37. unsigned short q_count; // number of question entries
  38. unsigned short ans_count; // number of answer entries
  39. unsigned short auth_count; // number of authority entries
  40. unsigned short add_count; // number of resource entries
  41. };
  42.  
  43. struct QUESTION
  44. {
  45. unsigned short qtype;
  46. unsigned short qclass;
  47. };
  48.  
  49. #pragma pack(push, 1)
  50. struct R_DATA
  51. {
  52. unsigned short type;
  53. unsigned short _class;
  54. unsigned int ttl;
  55. unsigned short data_len;
  56. };
  57. #pragma pack(pop)
  58.  
  59. struct RES_RECORD
  60. {
  61. unsigned char *name;
  62. struct R_DATA *resource;
  63. unsigned char *rdata;
  64. };
  65.  
  66. typedef struct
  67. {
  68. unsigned char *name;
  69. struct QUESTION *ques;
  70. } QUERY;
  71.  
  72. volatile int running_threads = 0;
  73. volatile int found_srvs = 0;
  74. volatile unsigned long per_thread = 0;
  75. volatile unsigned long start = 0;
  76. volatile unsigned long scanned = 0;
  77. volatile int sleep_between = 0;
  78. unsigned char *domain;
  79. int answersize;
  80. volatile int bytes_sent = 0;
  81. volatile unsigned long hosts_done = 0;
  82. FILE *fd;
  83.  
  84. void ChangetoDnsNameFormat(unsigned char* dns,unsigned char* host)
  85. {
  86. int lock = 0 , i;
  87. strcat((char*)host,".");
  88.  
  89. for(i = 0 ; i < strlen((char*)host) ; i++)
  90. {
  91. if(host[i]=='.')
  92. {
  93. *dns++ = i-lock;
  94. for(;lock<i;lock++)
  95. {
  96. *dns++=host[lock];
  97. }
  98. lock++;
  99. }
  100. }
  101. *dns++='\0';
  102. }
  103.  
  104. void *flood(void *par1)
  105. {
  106. running_threads++;
  107. int thread_id = (int)par1;
  108. unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id));
  109. unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1)));
  110. unsigned long w;
  111. int y;
  112. unsigned char *host = (unsigned char *)malloc(50);
  113. strcpy((char *)host, ".");
  114. unsigned char buf[65536],*qname;
  115. char strDomain[512];
  116. struct DNS_HEADER *dns = NULL;
  117. struct QUESTION *qinfo = NULL;
  118. dns = (struct DNS_HEADER *)&buf;
  119.  
  120. dns->id = (unsigned short) htons(rand());
  121. dns->qr = 0;
  122. dns->opcode = 0;
  123. dns->aa = 0;
  124. dns->tc = 0;
  125. dns->rd = 1;
  126. dns->ra = 0;
  127. dns->z = 0;
  128. dns->ad = 0;
  129. dns->cd = 0;
  130. dns->rcode = 0;
  131. dns->q_count = htons(1);
  132. dns->ans_count = 0;
  133. dns->auth_count = 0;
  134. dns->add_count = htons(1);
  135. qname =(unsigned char*)&buf[sizeof(struct DNS_HEADER)];
  136.  
  137. strcpy(strDomain, domain);
  138. ChangetoDnsNameFormat(qname, strDomain);
  139. qinfo =(struct QUESTION*)&buf[sizeof(struct DNS_HEADER) + (strlen((const char*)qname) + 1)];
  140.  
  141. qinfo->qtype = htons( 255 );
  142. qinfo->qclass = htons(1);
  143.  
  144. void *edns = (void *)qinfo + sizeof(struct QUESTION)+1;
  145. memset(edns, 0x00, 1);
  146. memset(edns+1, 0x29, 1);
  147. memset(edns+2, 0x23, 2);
  148. memset(edns+3, 0x28, 3);
  149. memset(edns+4, 0x00, 7);
  150.  
  151. int sizeofpayload = sizeof(struct DNS_HEADER) + (strlen((const char *)qname)+1) + sizeof(struct QUESTION) + 11;
  152. int sock;
  153. if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) {
  154. perror("cant open socket");
  155. exit(-1);
  156. }
  157. for(w=ntohl(start_ip);w<htonl(end);w++)
  158. {
  159. struct sockaddr_in servaddr;
  160. bzero(&servaddr, sizeof(servaddr));
  161. servaddr.sin_family = AF_INET;
  162. servaddr.sin_addr.s_addr=htonl(w);
  163. servaddr.sin_port=htons(53);
  164. sendto(sock,(char *)buf,sizeofpayload,0, (struct sockaddr *)&servaddr,sizeof(servaddr));
  165. bytes_sent+=24;
  166. scanned++;
  167. hosts_done++;
  168. usleep(sleep_between*1000);
  169. }
  170. close(sock);
  171. running_threads--;
  172. return;
  173. }
  174.  
  175. void sighandler(int sig)
  176. {
  177. fclose(fd);
  178. printf("\n");
  179. exit(0);
  180. }
  181.  
  182. void recievethread()
  183. {
  184. printf("Starting @AnarchismSquad DNS AMP Scanner\n");
  185. printf("Starting Listening Threads\n");
  186. int saddr_size, data_size, sock_raw;
  187. struct sockaddr_in sin;
  188.  
  189. unsigned char *buffer = (unsigned char *)malloc(65536);
  190. sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_UDP);
  191. if(sock_raw < 0)
  192. {
  193. printf("Socket Error\n");
  194. exit(1);
  195. }
  196. while(1)
  197. {
  198. saddr_size = sizeof(sin);
  199. data_size = recvfrom(sock_raw , buffer , 65536 , 0 , (struct sockaddr *)&sin, &saddr_size);
  200. if(data_size <0 )
  201. {
  202. printf("Recvfrom error , failed to get packets\n");
  203. exit(1);
  204. }
  205. struct iphdr *iph = (struct iphdr*)buffer;
  206. if(iph->protocol = IPPROTO_UDP)
  207. {
  208. unsigned short iphdrlen = iph->ihl*4;
  209. struct udphdr *udph = (struct udphdr*)(buffer + iphdrlen);
  210. unsigned char* payload = buffer + iphdrlen + 8;
  211. if(udph->source = 53)
  212. {
  213. struct DNS_HEADER *dns = (struct DNS_HEADER*) payload;
  214. if(dns->ra = 1)
  215. {
  216. int body_length = data_size - iphdrlen - 8;
  217. if(answersize < body_length)
  218. {
  219. found_srvs++;
  220. fprintf(fd,"%s %d\n",inet_ntoa(sin.sin_addr), body_length);
  221. fflush(fd);
  222. }
  223. }
  224. }
  225. }
  226.  
  227. }
  228. close(sock_raw);
  229.  
  230. }
  231.  
  232. int main(int argc, char *argv[ ])
  233. {
  234.  
  235. if(argc < 7){
  236. fprintf(stderr, "https://twitter.com/AnarchismSquad\n");
  237. fprintf(stderr, "Made by: @BDKJermaine\n");
  238. fprintf(stdout, "Usage: %s <class a start> <class a end> <outfile> <threads> <answersize> <domain> <scan delay in ms>\n", argv[0]);
  239. exit(-1);
  240. }
  241. fd = fopen(argv[3], "a");
  242. sleep_between = atoi(argv[7]);
  243.  
  244. signal(SIGINT, &sighandler);
  245.  
  246. int threads = atoi(argv[4]);
  247. answersize = atoi(argv[5]);
  248. domain = argv[6];
  249. pthread_t thread;
  250.  
  251. pthread_t listenthread;
  252. pthread_create( &listenthread, NULL, &recievethread, NULL);
  253.  
  254.  
  255. char *str_start = malloc(17);
  256. memset(str_start, 0, 17);
  257. str_start = strcat(str_start,argv[1]);
  258. str_start = strcat(str_start,".0.0.0");
  259. char *str_end = malloc(17);
  260. memset(str_end, 0, 17);
  261. str_end = strcat(str_end,argv[2]);
  262. str_end = strcat(str_end,".255.255.255");
  263. start = inet_addr(str_start);
  264. per_thread = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start))) / threads;
  265. unsigned long toscan = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start)));
  266. int i;
  267. for(i = 0;i<threads;i++){
  268. pthread_create( &thread, NULL, &flood, (void *) i);
  269. }
  270. sleep(1);
  271. printf("Starting Scan...\n");
  272. char *temp = (char *)malloc(17);
  273. memset(temp, 0, 17);
  274. sprintf(temp, "Found");
  275. printf("%-16s", temp);
  276. memset(temp, 0, 17);
  277. sprintf(temp, "Host/s");
  278. printf("%-16s", temp);
  279. memset(temp, 0, 17);
  280. sprintf(temp, "B/s");
  281. printf("%-16s", temp);
  282. memset(temp, 0, 17);
  283. sprintf(temp, "Running Thrds");
  284. printf("%-16s", temp);
  285. memset(temp, 0, 17);
  286. sprintf(temp, "Done");
  287. printf("%s", temp);
  288. printf("\n");
  289.  
  290. char *new;
  291. new = (char *)malloc(16*6);
  292. while (running_threads > 0)
  293. {
  294. printf("\r");
  295. memset(new, '\0', 16*6);
  296. sprintf(new, "%s|%-15lu", new, found_srvs);
  297. sprintf(new, "%s|%-15d", new, scanned);
  298. sprintf(new, "%s|%-15d", new, bytes_sent);
  299. sprintf(new, "%s|%-15d", new, running_threads);
  300. memset(temp, 0, 17);
  301. int percent_done=((double)(hosts_done)/(double)(toscan))*100;
  302. sprintf(temp, "%d%%", percent_done);
  303. sprintf(new, "%s|%s", new, temp);
  304. printf("%s", new);
  305. fflush(stdout);
  306. bytes_sent=0;
  307. scanned = 0;
  308. sleep(1);
  309. }
  310. printf("\n");
  311. fclose(fd);
  312. return 0;
  313. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!