Commits

thrapt committed 88ae199 Merge

Merged LaNMaSteR53/recon-ng into master

  • Participants
  • Parent commits 7308a35, a15459b

Comments (0)

Files changed (5)

File core/framework.py

         '''Formats and presents important output.'''
         print '%s[*]%s %s' % (G, N, line)
 
-    def build_table(self, tdata, header=False):
+    def table(self, tdata, header=False):
         '''Accepts a list of rows and outputs a table.'''
         if len(set([len(x) for x in tdata])) > 1:
             self.error('Row lengths not consistent.')

File data/av_domains.lst

+www.es-latest-3.sophos.com/update
+www.es-web.sophos.com
+www.es-web.sophos.com.edgesuite.net
+www.es-web-2.sophos.com
+www.es-web-2.sophos.com.edgesuite.net
+www.dnl-01.geo.kaspersky.com
+www.downloads2.kaspersky-labs.com
+www.liveupdate.symantecliveupdate.com
+www.liveupdate.symantec.com
+www.update.symantec.com
+www.update.nai.com
+www.download797.avast.com
+www.guru.avg.com
+www.osce8-p.activeupdate.trendmicro.com
+www.forefrontdl.microsoft.com
+es-latest-3.sophos.com/update
+es-web.sophos.com
+es-web.sophos.com.edgesuite.net
+es-web-2.sophos.com
+es-web-2.sophos.com.edgesuite.net
+dnl-01.geo.kaspersky.com
+downloads2.kaspersky-labs.com
+liveupdate.symantecliveupdate.com
+liveupdate.symantec.com
+update.symantec.com
+update.nai.com
+download797.avast.com
+guru.avg.com
+osce8-p.activeupdate.trendmicro.com
+forefrontdl.microsoft.com

File modules/auxiliary/cache_snoop.py

+import framework
+# unique to module
+import os
+import dns
+import re
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('nameserver', '', 'yes', 'ip address of target\'s nameserver')
+        self.register_option('domains', './data/av_domains.lst', 'yes', 'domain or list of domains to snoop for')
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.info = {
+                     'Name': 'DNS Cache Snooper',
+                     'Author': 'thrapt (thrapt@gmail.com)',
+                     'Description': 'Uses the DNS cache snooping technique to check for visited domains',
+                     'Comments': [
+                                  'Nameserver must be in IP form.',
+                                  'Domains options: host.domain.com, <path/to/infile>',
+                                  'http://304geeks.blogspot.com/2013/01/dns-scraping-for-corporate-av-detection.html'
+                                 ]
+                     }
+
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.cachesnoop()
+
+    def cachesnoop(self):
+        verbose = self.options['verbose']['value']
+        domains = self.options['domains']['value']
+        nameserver = self.options['nameserver']['value']
+        
+        if os.path.exists(domains):
+            hosts = open(domains).read().split()
+        else:
+            hosts = [domains]
+        
+        self.output('Starting queries...')
+        
+        for host in hosts:
+            status = 'Not found'
+            # prepare our query
+            query = dns.message.make_query(host, dns.rdatatype.A, dns.rdataclass.IN)
+            # unset the Recurse flag 
+            query.flags ^= dns.flags.RD
+            try:
+                # try the query
+                response = dns.query.udp(query, nameserver)
+            except KeyboardInterrupt:
+                print ''
+                return
+            except dns.resolver.NXDOMAIN: status = 'Unknown'
+            except dns.resolver.NoAnswer: status = 'No answer'
+            except dns.exception.SyntaxError:
+                self.error('Nameserver must be in IP form.')
+                return
+            except: status = 'Error'
+
+            # searchs the response to find the answer
+            if len(response.answer) > 0:
+                status = 'Snooped!'
+                self.alert('%s => %s' % (host, status))
+            else:
+                if verbose: self.output('%s => %s' % (host, status))

File modules/auxiliary/netcraft_history.py

             if len(history) > 0:
                 header = ['OS', 'Server', 'Last Changed', 'IP Address', 'Owner']
                 history.insert(0, header)
-                self.build_table(history, True)
+                self.table(history, True)
             else:
                 self.output('No results found')

File modules/auxiliary/resolve.py

             except KeyboardInterrupt:
                 print ''
                 return
-            except dns.resolver.NXDOMAIN: address = 'unknown'
-            except dns.resolver.NoAnswer: address = 'no answer'
+            except dns.resolver.NXDOMAIN: address = 'Unknown'
+            except dns.resolver.NoAnswer: address = 'No answer'
             except dns.exception.SyntaxError:
                 self.error('Nameserver must be in IP form.')
                 return
-            except: address = 'error'
+            except: address = 'Error'
             self.output('%s => %s' % (host, address))
             self.query('UPDATE hosts SET address="%s" WHERE rowid="%s"' % (address, row))