diff --git a/dns/README.md b/dns/README.md index de36801..5c1a967 100644 --- a/dns/README.md +++ b/dns/README.md @@ -20,3 +20,6 @@ dnswalk is a DNS debugger. It performs zone transfers of specified domains, and # dnsdigger DNSDigger is a programm to gather as much as possible informations from DNS Servers. + +# digg +Zone Transfer Script diff --git a/dns/digg/digg.pl b/dns/digg/digg.pl new file mode 100755 index 0000000..e9686be --- /dev/null +++ b/dns/digg/digg.pl @@ -0,0 +1,322 @@ +#!/usr/bin/perl + +use Net::DNS; + +sub get_axfr{ +print "\nInitiating Zone Transfer ...\n"; +$res->usevc(1); +@zone = $res->axfr($domain); + if (@zone) { + foreach $rr (@zone) { + $rr->print; + } + print "\n----------------------------------------------------------------------\n\n"; + return 1; + } + else { + print ';;Zone transfer failed: ', $res->errorstring, "\n"; + print "\n----------------------------------------------------------------------\n\n"; + return 0; + } +} + +sub find_rootserver{ +$res->usevc(0); +if (open(ROOT,"root-servers.dat")){ + while (){ + chomp($_); + $res->nameservers($_); + print "Asking Root Server $_\n"; + $packet=$res->send($domain, 'NS'); + if ($packet){ + @additional_tld = $packet->additional; + if (@additional_tld) { + foreach $rr (@additional_tld) { + $tld=$rr->rdatastr; + if (find_ns()){close(ROOT); return 1;} + else {print "No Records found!\n";} + } + } + } + } + close(ROOT); + return 0; + die "Can't connect to the Root-Servers! \n"; + } + else {die "Can't open root-servers.dat!\n";} +close(ROOT); +} + +sub resolve_name{ +# Enter the IP of your favorite DNS Server in the next line +#$res->nameservers('217.5.115.7'); +if (open(DNS,"dns-server.dat")){ + while (){ + chomp($_); + $res->nameservers($_); + } + } +close(DNS); +print "Resolving $name\n"; +$packet_resolve=$res->send($name,'ANY'); +if ($packet_resolve){ + @nameserv = $packet_resolve->answer; + if (@nameserv) { + foreach $rr (@nameserv) { + $ns=$rr->rdatastr;} + } + } +} + +sub find_ns{ +$ok=0; +$res->usevc(0); +$res->recurse(1); +$res->nameservers($tld); +print "Asking TLD Server $tld\n"; +$packet=$res->send($domain, 'NS'); +if ($packet){ + @additional_ns = $packet->additional; + @answer_ns = $packet->answer; + if (@additional_ns) { + foreach $rr (@additional_ns) { + $ns=$rr->rdatastr; + if (get_dns()){$ok= 1;} + } + if ($ok){return 1;} + } + else { + if (@answer_ns) { + foreach $rr (@answer_ns) { + $name=$rr->rdatastr; + resolve_name(); + if (get_dns()){$ok= 1;} + } + if ($ok){return 1;} + } + else {return 0;} + } +} +return 0; +} + +sub get_dns(){ +$res->nameservers($ns); +$res->usevc(0); +print "Asking Name Server $ns\n"; +if ($version){get_ver();} +$packet=$res->send($domain, 'NS'); +if ($packet){ +if ( get_axfr()){ + print " Zone Transfer succesful!\n"; + } +else { + get_any(); + get_activedir(); + if ($dig){dig_dns();} + print "All possible information for $domain gathered!\n"; +} +return 1; +} +else {return 0;} +} + +sub get_ver{ +$res->usevc(0); +print "\nChecking for DNS Server Version ...\n"; +$packet=$res->query('version.bind', 'TXT','CH'); +if ($res->errorstring eq "NOTIMP"){print "Microsoft DNS Server detected!\n";} +if ($res->errorstring eq "FORMERR"){print "TinyDNS Server detected!\n";} +if ($res->errorstring eq "NOERROR") +{ + print "BIND DNS Server detected!\n"; + if ($packet) { + @dnsversion = $packet->answer; + if (@dnsversion) { + foreach $rr (@dnsversion) { + $ver=$rr->rdatastr; + print "BIND Version: $ver \n";} + } + } +} +} + +sub get_any{ +print "\nGetting ANY DNS Record ...\n"; +$res->usevc(0); +$packet=$res->query($domain, 'ANY'); +if ($packet) { + $packet->print; + print "\n----------------------------------------------------------------------\n\n"; + } +@dnstypes=( +"A", +"AAAA", +"AFSDB", +"CERT", +"CNAME", +"DNAME", +"EID", +"HINFO", +"ISDN", +"LOC", +"MB", +"MG", +"MINFO", +"MR", +"MX", +"NAPTR", +"NIMLOC", +"NS", +"NSAP", +"NULL", +"OPT", +"PTR", +"PX", +"RP", +"RT", +"SOA", +"TKEY", +"TSIG", +"TXT", +"WKS", +"X25" +); +foreach $i (@dnstypes) { +print "\nTrying $i Record Type ...\n"; +$packet=$res->query($domain, $i); +if ($packet) { + $packet->print; + print "\n----------------------------------------------------------------------\n\n"; + } +} +} + +sub get_activedir{ +print "\nLooking for Active Directory SRV Records ...\n"; +$res->usevc(0); +@srvtype=( +"_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.", +"_kerberos._tcp.Default-First-Site-Name._sites.", +"_kerberos._tcp.dc._msdcs.", +"_kerberos._tcp.", +"_kerberos._udp.", +"_kpasswd._tcp.", +"_kpasswd._udp.", +"_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.", +"_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.", +"_ldap._tcp.Default-First-Site-Name._sites.", +"_ldap._tcp.dc._msdcs.", +"_ldap._tcp.gc._msdcs.", +"_ldap._tcp.pdc._msdcs.", +"_ldap._tcp.", +"_gc._tcp.Default-First-Site-Name._sites.", +"_gc._tcp." +); +foreach $i (@srvtype) { +$service = $i.$domain; +print "\nTrying $service ...\n"; +$packet=$res->query($service, 'SRV'); +if ($packet) { + $packet->print; + print "\n----------------------------------------------------------------------\n\n"; + } +} +} + +sub dig_dns{ +print "\nStarting the DNS Digger ...\n"; +@hybridlst1=("0","1","2","3","4","5","6","7","8","9"); +@hybridlst2=("0","1","2","3","4","5","6","7","8","9"); +$res->usevc(0); +if (open(NAMES,"names.txt")){ + while (){ + chomp($_); + $host = $_.".".$domain; + $packet=$res->query($host, 'ANY'); + if ($packet){ + $packet->print; + print "\n----------------------------------------------------------------------\n\n"; + } + if ($hybrid){ + foreach $h1 (@hybridlst1) { + foreach $h2 (@hybridlst2) { + $hybrid_host=$_.$h1.$h2.".".$domain; + $packet=$res->query($hybrid_host, 'ANY'); + if ($packet){ + $packet->print; + print "\n----------------------------------------------------------------------\n\n"; + } + } + } + } + if ($silent){sleep 1}; + } + } + else {print "Can't open names.txt!\n";} +close(NAMES); +} + +sub usage(){ +print "\nUsage: perl digg.pl [OPTIONS]\n"; +print "-----------------------------------------------------------\n"; +print "OPTIONS:\n"; +print "silent : Activates a time loop of 1 second in the DNS Digger function\n"; +print "debug : Starts a debug output\n"; +print "nodig : Disable the Digger\n"; +print "port53 : Use Port 53 as Source Port\n"; +print "host : Use a specific DNS Server and must be followed by the IP Address\n"; +print "hybrid : Appends 01 to 99 to the names while digging\n"; +print "version: Try to get the DNS Server Version\n"; +print "\nEXAMPLES:\n"; +print "perl digg.pl example.com\n"; +print "perl digg.pl example.com silent\n"; +print "perl digg.pl example.com debug\n"; +print "perl digg.pl example.com host 10.1.1.1\n"; +exit; +} + +# Main Programm +if (@ARGV==0){usage();} +$dig=1; +$root=1; +$version=0; +print "\n"; +print "digg 0.3beta (c) 2003 by Michael Thumann (mthumann\@ernw.de)\n"; +print "----------------------------------------------------------------------\n\n"; +$res = Net::DNS::Resolver->new; +$res->tcp_timeout(5); +$res->udp_timeout(5); +$res->retry(2); +$res->retrans(3); +if (@ARGV==1){ + $domain=$ARGV[0]; + if (find_rootserver()){print "Done.\n";} + else{print "Error: Can't connect to the DNS Server!\n";} + } +if (@ARGV>=2){ + $domain=$ARGV[0]; + for ($o=1;$o<=@ARGV;$o++){ + $option=$ARGV[$o]; + if ($option eq "silent") {$silent=1;print "Time Loop enabled!\n"} + if ($option eq "debug") {$res->debug(1);print "Debug enabled!\n";} + if ($option eq "port53") {$res->srcport(53);print "Switching to Source Port 53!\n";} + if ($option eq "nodig") {$dig=0;print "Digger disabled!\n";} + if ($option eq "version") {$version=1;print "Query DNS Server Version enabled!\n";} + if ($option eq "hybrid") {$hybrid=1;print "Hybrid Mode for Digger enabled!\n";} + if ($option eq "host") { + $root=0; + print "Use specific DNS Server!\n"; + $ns=$ARGV[$o+1]; + } + } + if ($root){ + if (find_rootserver()){print "Done.\n";} + else{print "Error: Can't connect to the DNS Server!\n";} + } + else{ + if (get_dns()){print "Done.\n";} + else{print "Error: Can't connect to the DNS Server!\n";} + } + } +# end diff --git a/dns/digg/names.txt b/dns/digg/names.txt new file mode 100755 index 0000000..24f0238 --- /dev/null +++ b/dns/digg/names.txt @@ -0,0 +1,319 @@ +CODE + +ILMI +academico +acceso +access +acid +admin +admins +administracion +administrador +afiliados +agenda +agent +aix +alerts +antivirus +app +apps +appserver +archie +as400 +auto +ayuda +backup +banking +bbs +bbdd +bea +beta +bolsa +buscador +ca +canal +catalog +certify +cgi +channel +channels +chat +chats +cisco +clientes +club +cluster +clusters +code +commerce +community +compaq +compras +consola +console +consumer +contact +contracts +corporate +correo +correoweb +cortafuegos +cso +data +datos +db +db2 +default +demo +desarrollo +descargas +design +dev +develop +developer +device +dial +digital +dilbert +directory +disc +discovery +disk +disney +dns +dns1 +dns2 +dns3 +dns-2 +docs +documentos +documentacion +domain +domains +dominio +domino +dominoweb +download +earth +ecommerce +e-commerce +edi +education +ejemplo +email +empresa +empresas +enable +engine +engineer +enterprise +estadisticas +events +example +exchange +extern +external +extranet +fax +field +firewall +formacion +foro +foros +forum +forums +foto +fotos +fsp +ftp +ftp2 +fw +fw1 +fw-1 +galeria +galerias +galleries +games +gateway +gopher +guest +gw +hello +help +helpdesk +helponline +hp +ibm +ibmdb +ids +images +imap +imap4 +img +info +intern +internal +intranet +invalid +ipsec +ipsec-gw +irc +ircserver +jobs +juegos +ldap +link +linux +lista +lists +listserver +localhost +log +login +lotus +mail +mailhost +management +manager +map +maps +mapas +marketing +media +members +messenger +mngt +mobile +monitor +mrtg +multimedia +music +names +netdata +netstats +network +news +nms +nntp +nombres +noticias +ns +ns1 +ns2 +ntp +online +openview +outlook +oracle +page +pages +paginas +partner +partners +pda +personal +ph +pictures +pix +pop +pop3 +portal +postales +prensa +press +private +proxy +prueba +pruebas +project +projects +public +ra +radio +raptor +ras +read +register +registro +remote +reports +resumenes +root +router +rwhois +sac +schedules +scotty +search +secret +secure +security +seri +serv +serv2 +server +service +services +servicio +servidor +shop +shopping +site +sms +smtp +smtphost +snmp +snmpd +snort +solaris +solutions +soporte +source +sql +ssl +stats +store +streaming +sun +support +switch +sysback +system +tech +terminal +test +tienda +time +tivoli +transfers +training +uddi +update +video +vpn +wais +wap +web +webdocs +weblib +weblogic +webmail +webserver +webservices +websphere +whois +wireless +work +world +write +w1 +w2 +w3 +ws +ws1 +ws2 +ws3 +www +www1 +www2 +www3