security-scripts/dns-projects/dnsdigger/dnsdigger.pl

#!/usr/local/bin/perl
# (c) 2003 Michael Thumann
# Distribute freely
# DNS Module from Michael Fuhr, Thankx Michael ;-).

use Net::DNS;

sub get_axfr{
print "\nInitiating Zone Transfer ...\n";
$res->usevc(1);
@zone = $res->axfr($domain);
    if (@zone) {
        foreach $rr (@zone) {
            $rr->print;
        }
        print "\n----------------------------------------------------------------------\n\n";
        return 1;
    }
    else {
        print ';;Zone transfer failed: ', $res->errorstring, "\n";
        print "\n----------------------------------------------------------------------\n\n";
        return 0;
    }
}

sub find_rootserver{
$res->usevc(0);
 if (open(ROOT,"root-servers.dat")){
  while (<ROOT>){
         chomp($_);
         $res->nameservers($_);
         print "Asking Root Server $_\n";
         $packet=$res->send($domain, 'NS');
         if ($packet){
         @additional_tld = $packet->additional;
         if (@additional_tld) {
             foreach $rr (@additional_tld) {
             $tld=$rr->rdatastr;
             if (find_ns()){close(ROOT); return 1;}
             else {print "No Records found!\n";}
             }
             }
             }
         }
         close(ROOT);             
         return 0;
         die "Can't connect to the Root-Servers! \n";
     }
   else {die "Can't open root-servers.dat!\n";}
close(ROOT);
}

sub resolve_name{
# Enter the IP of your favorite DNS Server in the next line
#$res->nameservers('217.5.115.7');
if (open(DNS,"dns-server.dat")){
  while (<DNS>){
         chomp($_);
         $res->nameservers($_);
         }
    }
close(DNS);
print "Resolving $name\n";
$packet_resolve=$res->send($name,'ANY');
if ($packet_resolve){
     @nameserv = $packet_resolve->answer;
     if (@nameserv) {
         foreach $rr (@nameserv) {
         $ns=$rr->rdatastr;}
     }
    }
}

sub find_ns{
$ok=0;
$res->usevc(0);
$res->recurse(1);
$res->nameservers($tld);
print "Asking TLD Server $tld\n";
$packet=$res->send($domain, 'NS');
if ($packet){
     @additional_ns = $packet->additional;
     @answer_ns = $packet->answer;
     if (@additional_ns) {
         foreach $rr (@additional_ns) {
         $ns=$rr->rdatastr;
         if (get_dns()){$ok= 1;}
         }
         if ($ok){return 1;}
     }
     else {
     if (@answer_ns) {
         foreach $rr (@answer_ns) {
         $name=$rr->rdatastr;
         resolve_name();
         if (get_dns()){$ok= 1;}
         }
         if ($ok){return 1;}
     }
     else {return 0;}
     }
}
return 0;
}

sub get_dns(){
$res->nameservers($ns);
$res->usevc(0);
print "Asking Name Server $ns\n";
if ($version){get_ver();}
$packet=$res->send($domain, 'NS');
if ($packet){
if ( get_axfr()){
    print " Zone Transfer succesful!\n";
    }
else {
     get_any();
     get_activedir();
     if ($dig){dig_dns();}
     print "All possible information for $domain gathered!\n";
}
return 1;
}
else {return 0;}
}

sub get_ver{
$res->usevc(0);
print "\nChecking for DNS Server Version ...\n";
$packet=$res->query('version.bind', 'TXT','CH');
if ($res->errorstring eq "NOTIMP"){print "Microsoft DNS Server detected!\n";}
if ($res->errorstring eq "FORMERR"){print "TinyDNS Server detected!\n";}
if ($res->errorstring eq "NOERROR")
{
    print "BIND DNS Server detected!\n";
    if ($packet) { 
     @dnsversion = $packet->answer;
     if (@dnsversion) {
         foreach $rr (@dnsversion) {
         $ver=$rr->rdatastr;
         print "BIND Version: $ver \n";}
     }
    }
}
}

sub get_any{
print "\nGetting ANY DNS Record ...\n";
$res->usevc(0);
$packet=$res->query($domain, 'ANY');
if ($packet) { 
     $packet->print;
     print "\n----------------------------------------------------------------------\n\n";
    }
@dnstypes=(
"A",
"AAAA",
"AFSDB",
"CERT",
"CNAME",
"DNAME",
"EID",
"HINFO",
"ISDN",
"LOC",
"MB",
"MG",
"MINFO",
"MR",
"MX",
"NAPTR",
"NIMLOC",
"NS",
"NSAP",
"NULL",
"OPT",
"PTR",
"PX",
"RP",
"RT",
"SOA",
"TKEY",
"TSIG",
"TXT",
"WKS",
"X25"
);
foreach $i (@dnstypes) {
 print "\nTrying $i Record Type ...\n";
 $packet=$res->query($domain, $i);
 if ($packet) { 
     $packet->print;
     print "\n----------------------------------------------------------------------\n\n";
     }
}
}

sub get_activedir{
print "\nLooking for Active Directory SRV Records ...\n";
$res->usevc(0);
@srvtype=(
"_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.",
"_kerberos._tcp.Default-First-Site-Name._sites.",
"_kerberos._tcp.dc._msdcs.",
"_kerberos._tcp.",
"_kerberos._udp.",
"_kpasswd._tcp.",
"_kpasswd._udp.",
"_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.",
"_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.",
"_ldap._tcp.Default-First-Site-Name._sites.",
"_ldap._tcp.dc._msdcs.",
"_ldap._tcp.gc._msdcs.",
"_ldap._tcp.pdc._msdcs.",
"_ldap._tcp.",
"_gc._tcp.Default-First-Site-Name._sites.",
"_gc._tcp."
);
foreach $i (@srvtype) {
 $service = $i.$domain;
 print "\nTrying $service ...\n";
 $packet=$res->query($service, 'SRV');
 if ($packet) { 
     $packet->print;
     print "\n----------------------------------------------------------------------\n\n";
    }
}
}

sub dig_dns{
print "\nStarting the DNS Digger ...\n";
@hybridlst1=("0","1","2","3","4","5","6","7","8","9");
@hybridlst2=("0","1","2","3","4","5","6","7","8","9");
$res->usevc(0);
 if (open(NAMES,"names.txt")){
  while (<NAMES>){
         chomp($_);
         $host = $_.".".$domain;
         $packet=$res->query($host, 'ANY');
         if ($packet){
             $packet->print;
             print "\n----------------------------------------------------------------------\n\n";
         }
         if ($hybrid){
             foreach $h1 (@hybridlst1) {
             foreach $h2 (@hybridlst2) {
               $hybrid_host=$_.$h1.$h2.".".$domain;
               $packet=$res->query($hybrid_host, 'ANY');
               if ($packet){
                  $packet->print;
                  print "\n----------------------------------------------------------------------\n\n";
                  }
              }
             }
         }
         if ($silent){sleep 1};         
         }
      }
   else {print "Can't open names.txt!\n";}
close(NAMES);
}

sub usage(){
print "\nUsage: perl dnsdigger.pl <domain name> [OPTIONS]\n";
print "-----------------------------------------------------------\n";
print "OPTIONS:\n";
print "silent : Activates a time loop of 1 second in the DNS Digger function\n";
print "debug  : Starts a debug output\n";
print "nodig  : Disable the Digger\n";
print "port53 : Use Port 53 as Source Port\n";
print "host   : Use a specific DNS Server and must be followed by the IP Address\n";
print "hybrid : Appends 01 to 99 to the names while digging\n";
print "version: Try to get the DNS Server Version\n";
print "\nEXAMPLES:\n";
print "perl dnsdigger.pl example.com\n";
print "perl dnsdigger.pl example.com silent\n";
print "perl dnsdigger.pl example.com debug\n";
print "perl dnsdigger.pl example.com host 10.1.1.1\n";
exit;
}

# Main Programm
if (@ARGV==0){usage();}
$dig=1;
$root=1;
$version=0;
print "\n";
print "DNSDigger 0.3beta (c) 2003 by Michael Thumann (mthumann\@ernw.de)\n";
print "----------------------------------------------------------------------\n\n";
$res = Net::DNS::Resolver->new;
$res->tcp_timeout(5);
$res->udp_timeout(5);
$res->retry(2);
$res->retrans(3);
if (@ARGV==1){
    $domain=$ARGV[0];
    if (find_rootserver()){print "Done.\n";}
    else{print "Error: Can't connect to the DNS Server!\n";}
    }
if (@ARGV>=2){
    $domain=$ARGV[0];
    for ($o=1;$o<=@ARGV;$o++){    
        $option=$ARGV[$o];
        if ($option eq "silent") {$silent=1;print "Time Loop enabled!\n"}
        if ($option eq "debug") {$res->debug(1);print "Debug enabled!\n";}
        if ($option eq "port53") {$res->srcport(53);print "Switching to Source Port 53!\n";}
        if ($option eq "nodig") {$dig=0;print "Digger disabled!\n";}
        if ($option eq "version") {$version=1;print "Query DNS Server Version enabled!\n";}
        if ($option eq "hybrid") {$hybrid=1;print "Hybrid Mode for Digger enabled!\n";}
        if ($option eq "host") {
            $root=0;
            print "Use specific DNS Server!\n";
            $ns=$ARGV[$o+1];
        }
    }
    if ($root){    
       if (find_rootserver()){print "Done.\n";}
       else{print "Error: Can't connect to the DNS Server!\n";}
    }
    else{
       if (get_dns()){print "Done.\n";}
       else{print "Error: Can't connect to the DNS Server!\n";}
    }
    }
# end