API tools faq
paste
Advertisement
hassan064

DNS SCANNER

hassan064
Jul 16th, 2015
569
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 6.04 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python2
  2. #
  3. # ./find_dns.py -l IPs.txt -t 500 -o dnsservers.txt
  4. #
  5. # dns-server finder by dash
  6. #
  7. #
  8. #./find_dns.py -l rIP.txt -t 100
  9. #[*] Found 1001 entries
  10. #[*] Entries 1001 in queue
  11. #[*] Running with 100 threads
  12. #==================================================
  13. #IP          NAME
  14. #==================================================
  15. #91.x.x.x   (x.info)
  16. #191.x.x.x  (191.x.br)
  17. #67.x.x.x   (name.info)
  18. #==================================================
  19. #[*] Done
  20. #
  21.  
  22. import os
  23. import sys
  24. import time
  25. import Queue
  26. import struct
  27. import socket
  28. import random
  29. import argparse
  30. import threading
  31.  
  32. global rQ
  33. rQ = Queue.Queue()
  34.  
  35. def openFile(hostList):
  36.   fr = open(hostList,'r')
  37.   rBuf = fr.readlines()
  38.   return rBuf
  39.  
  40. def openWriteFile(outfile):
  41.   fw = open(outfile,'wb')
  42.   return fw
  43.  
  44. def parseDomain(domain):
  45.   do = domain.split('.')
  46.   if len(do) != 2:
  47.     print '[!] Sorry, unknown domain type: %s\nExample:google.com' % (domain)
  48.     return False
  49.   tld = do[1]
  50.   tld_len = struct.pack('>B', len(tld))
  51.   tld_sub = do[0]
  52.   tld_sub_len = struct.pack('>B', len(tld_sub))
  53.   dom_pay = '%c%s%c%s' % (tld_sub_len,tld_sub,tld_len,tld)
  54.   return dom_pay
  55.  
  56.  
  57.  
  58. def checkDNS(payload,host,resolv,debug,version):
  59.   # settimeout so recv is not block
  60.   rBuf_len = -1
  61.   try:
  62.     s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  63.     s.settimeout(5)
  64.     s.connect((host,53))
  65.     s.send(payload)
  66.     rBuf = s.recv(1024)
  67.     rBuf_len = len(rBuf)
  68.     name = ''
  69.     # default we resolve IPs as long as -n is not choosen
  70.     if resolv:
  71.       try:
  72.         name = socket.gethostbyaddr(host)[0]
  73.       except socket.herror,e:
  74.         pass
  75.  
  76.     if version:
  77.       # FEFE packet!
  78.       ver_req = '\xfe\xfe\x01 \x00\x01\x00\x00\x00\x00\x00\x01\x07version\x04bind\x00\x00\x10\x00\x03\x00\x00)\x10\x00\x00\x00\x00\x00\x00\x00'
  79.       try:
  80.         s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  81.         s.settimeout(3)
  82.         s.connect((host,53))
  83.         s.send(ver_req)
  84.         vBuf = s.recv(1024)
  85.       except socket.error,e:
  86.         vBuf = ''
  87.         pass
  88.        
  89.  
  90.     if name == '':
  91.       if debug:
  92.         print '%s\t%d\t%s\t%s' % (host,rBuf_len,repr(rBuf),repr(vBuf))
  93.         data = '%s\t%d\t%s\t%s\n' % (host,rBuf_len,repr(rBuf),repr(vBuf))
  94.       else:
  95.         print '%s\t%d' % (host,rBuf_len)
  96.         data = '%s\t%d\n' % (host,rBuf_len)
  97.     else:
  98.       if debug:
  99.         print '%s\t(%s) %d\t%s' % (host,name,rBuf_len,repr(rBuf))
  100.         data = '%s\t(%s) %d\t%s\n' % (host,name,rBuf_len,repr(rBuf))
  101.       else:
  102.         print '%s\t(%s) %d' % (host,name,rBuf_len)
  103.         data = '%s\t(%s) %d\n' % (host,name,rBuf_len)
  104.  
  105.     rQ.put(data)
  106.   except socket.error,e:
  107. #    print e
  108.     pass
  109.   return
  110.    
  111. def run(args):
  112.   """ mighty mighty function """
  113.  
  114.   if not args.thrCnt:
  115.     thrCnt=50
  116.   else:
  117.     thrCnt = int(args.thrCnt)
  118.  
  119.   if args.outfile:
  120.     fw = openWriteFile(args.outfile)
  121.  
  122.   dom_pay = parseDomain(args.domain)
  123.   payload = 'J\x8e\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00%s\x00\x00\x01\x00\x01' % (dom_pay)
  124.  
  125.   hostList = args.hostList
  126.  
  127.   q = Queue.Queue()
  128.   rBuf = openFile(hostList)
  129.   print '[*] Found %d entries' % len(rBuf)
  130.   for r in rBuf:
  131.     r = r.rstrip('\n')
  132.     r = r.rstrip('\r')
  133.     q.put(r)
  134.  
  135.   print '[*] Entries %d in queue' % q.qsize()
  136.   print '[*] Running with %d threads' % thrCnt
  137.   print '='*50
  138.   if args.resolv:
  139.     print 'IP\t\tNAME\tPAYLEN'
  140.   else:
  141.     print 'IP\t\tPAYLEN'
  142.  
  143.   print '='*50
  144.   thrList = []
  145.   org_qlen = float(q.qsize())
  146.   while True:
  147.    
  148.     #TODO percents calc
  149.     #qlen = q.qsize()
  150.     #cur_cnt = (qlen / org_qlen) * 100
  151.     #cur_cnt = int(100 - cur_cnt)
  152.     #if cur_cnt % 5 == 0 and cur_cnt != 0:
  153.       #print '='*20+' %d ' % (cur_cnt)+'='*20
  154.  
  155.     if len(thrList) < thrCnt and q.qsize()>0:
  156.  
  157.       # enable random transaction ids
  158.       if args.randTrans:
  159.         rd = random.randint(0,65535)
  160.         rd_pack = struct.pack('>H',rd)
  161.         payload = '%s%s' % (rd_pack,payload[2:])
  162.  
  163.       thrDns = threading.Thread(target = checkDNS, args = (payload,q.get(),args.resolv,args.debug,args.version))
  164.       thrDns.daemon = True
  165.       thrDns.start()
  166.       thrList.append(thrDns)
  167.    
  168.     for entry in thrList:
  169.       if entry.isAlive()==False:
  170.         entry.join()
  171.         thrList.remove(entry)
  172.  
  173.     if args.outfile and rQ.qsize()>0:
  174.       i = rQ.get()
  175.       data = "%s" % (i)
  176.       fw.write(data)
  177.       fw.flush()
  178.     else:
  179.       if rQ.qsize()>0:
  180.         rQ.get()
  181.  
  182.     if q.qsize()==0 and len(thrList) == 0:
  183.       break
  184.  
  185.   if args.outfile:
  186.     fw.close()
  187.   print '='*50
  188.   print '[*] Done'
  189.   print '='*50
  190.  
  191.  
  192. def main():
  193.   parser_desc = 'dns server finder, by dash'
  194.   prog_desc = 'find_dns.py'
  195.   parser = argparse.ArgumentParser(  prog = prog_desc, description = parser_desc)
  196.   parser.add_argument("-l",action='store',required=True,help='host list with ips',dest='hostList')
  197.   parser.add_argument('-t',action='store',required=False,help='thread count', dest='thrCnt')
  198.   parser.add_argument('-o',action='store',required=False,help='write found data to file', dest='outfile')
  199.   parser.add_argument('-n',action='store_false',default=True,required=False,help='do not resolve ips', dest='resolv')
  200.   parser.add_argument('-d',action='store',default='google.com',required=False,help='choose the domain for the dns request', dest='domain')
  201.   parser.add_argument('-r',action='store_false',default=True,required=False,help='deactivate random transaction ids', dest='randTrans')
  202.   parser.add_argument('-v',action='store_true',default=False,required=False,help='grab version from dns server enable debug mode for it! (experimental!)', dest='version')
  203.   parser.add_argument('-V',action='store_true',default=False,required=False,help='print version information', dest='versinfo')
  204.   parser.add_argument('--debug',action='store_true',default=False,required=False,help='debug output', dest='debug')
  205.  
  206.   args = parser.parse_args()
  207.   # add some more info here sometime
  208.   if args.versinfo:
  209.     print desc
  210.     sys.exit(23)
  211.  
  212.   run(args)
  213.  
  214. if __name__ == "__main__":
  215.   main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!