Commits

Tim Tomes committed b93e09e

fixed a bug in the cache_snoop module and made minor aesthetics changes to the resolve and brute_force modules.

  • Participants
  • Parent commits 0c8074e

Comments (0)

Files changed (3)

File modules/discovery/info_disclosure/dns/cache_snoop.py

                      'Description': 'Uses the DNS cache snooping technique to check for visited domains',
                      'Comments': [
                                   'Nameserver must be in IP form.',
-                                  'Domains options: host.domain.com, <path/to/infile>',
+                                  'Source options: [ <domain> | ./path/to/file | query <sql> ]',
                                   'http://304geeks.blogspot.com/2013/01/dns-scraping-for-corporate-av-detection.html'
                                  ]
                      }
 
     def module_run(self):
-        domains = self.options['domains']['value']
         nameserver = self.options['nameserver']['value']
         
-        if os.path.exists(domains):
-            hosts = open(domains).read().split()
-        else:
-            hosts = [domains]
-        
+        domains = self.get_source(self.options['domains']['value'])
+        if not domains: return
+
         self.output('Starting queries...')
         
-        for host in hosts:
-            status = 'Not found'
+        for domain in domains:
+            response = None
             # prepare our query
-            query = dns.message.make_query(host, dns.rdatatype.A, dns.rdataclass.IN)
+            query = dns.message.make_query(domain, dns.rdatatype.A, dns.rdataclass.IN)
             # unset the Recurse flag 
             query.flags ^= dns.flags.RD
             try:
                 # try the query
                 response = dns.query.udp(query, nameserver)
+                if len(response.answer) > 0:
+                    self.alert('%s => Snooped!' % (domain))
+                else:
+                    self.verbose('%s => Not Found.' % (domain))
+                continue
             except KeyboardInterrupt:
                 print ''
                 return
-            except dns.resolver.NXDOMAIN: status = 'Unknown'
-            except dns.resolver.NoAnswer: status = 'No answer'
-            except dns.exception.SyntaxError:
-                self.error('Nameserver must be in IP form.')
+            except Exception as e:
+                self.error(e.__str__())
                 return
-            except: status = 'Error'
-
-            # searchs the response to find the answer
-            if len(response.answer) > 0:
-                status = 'Snooped!'
-                self.alert('%s => %s' % (host, status))
-            else:
-                self.verbose('%s => %s' % (host, status))

File modules/recon/hosts/enum/dns/resolve.py

             except KeyboardInterrupt:
                 print ''
                 return
-            except dns.resolver.NXDOMAIN: address = 'Unknown'
-            except dns.resolver.NoAnswer: address = 'No answer'
             except dns.exception.SyntaxError:
                 self.error('Nameserver must be in IP form.')
                 return
-            except: address = 'Error'
+            except dns.resolver.NXDOMAIN:
+                address = 'Unknown'
+            except dns.resolver.NoAnswer:
+                address = 'No answer'
+            except:
+                address = 'Error'
             self.output('%s => %s' % (host, address))

File modules/recon/hosts/gather/dns/brute_force.py

             print ''
             return
         except dns.resolver.NoNameservers:
-            self.output('Invalid nameserver.')
+            self.error('Invalid nameserver.')
             return
         except dns.resolver.NXDOMAIN:
             self.verbose('No Wildcard DNS entry found. Attempting to brute force DNS records.')