325 lines
8.6 KiB
Perl
325 lines
8.6 KiB
Perl
#!/usr/local/bin/perl
|
|
# (c) 2003 Michael Thumann
|
|
# Distribute freely
|
|
# DNS Module from Michael Fuhr, Thankx Michael ;-).
|
|
|
|
use Net::DNS;
|
|
|
|
sub get_axfr{
|
|
print "\nInitiating Zone Transfer ...\n";
|
|
$res->usevc(1);
|
|
@zone = $res->axfr($domain);
|
|
if (@zone) {
|
|
foreach $rr (@zone) {
|
|
$rr->print;
|
|
}
|
|
print "\n----------------------------------------------------------------------\n\n";
|
|
return 1;
|
|
}
|
|
else {
|
|
print ';;Zone transfer failed: ', $res->errorstring, "\n";
|
|
print "\n----------------------------------------------------------------------\n\n";
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
sub find_rootserver{
|
|
$res->usevc(0);
|
|
if (open(ROOT,"root-servers.dat")){
|
|
while (<ROOT>){
|
|
chomp($_);
|
|
$res->nameservers($_);
|
|
print "Asking Root Server $_\n";
|
|
$packet=$res->send($domain, 'NS');
|
|
if ($packet){
|
|
@additional_tld = $packet->additional;
|
|
if (@additional_tld) {
|
|
foreach $rr (@additional_tld) {
|
|
$tld=$rr->rdatastr;
|
|
if (find_ns()){close(ROOT); return 1;}
|
|
else {print "No Records found!\n";}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
close(ROOT);
|
|
return 0;
|
|
die "Can't connect to the Root-Servers! \n";
|
|
}
|
|
else {die "Can't open root-servers.dat!\n";}
|
|
close(ROOT);
|
|
}
|
|
|
|
sub resolve_name{
|
|
# Enter the IP of your favorite DNS Server in the next line
|
|
#$res->nameservers('217.5.115.7');
|
|
if (open(DNS,"dns-server.dat")){
|
|
while (<DNS>){
|
|
chomp($_);
|
|
$res->nameservers($_);
|
|
}
|
|
}
|
|
close(DNS);
|
|
print "Resolving $name\n";
|
|
$packet_resolve=$res->send($name,'ANY');
|
|
if ($packet_resolve){
|
|
@nameserv = $packet_resolve->answer;
|
|
if (@nameserv) {
|
|
foreach $rr (@nameserv) {
|
|
$ns=$rr->rdatastr;}
|
|
}
|
|
}
|
|
}
|
|
|
|
sub find_ns{
|
|
$ok=0;
|
|
$res->usevc(0);
|
|
$res->recurse(1);
|
|
$res->nameservers($tld);
|
|
print "Asking TLD Server $tld\n";
|
|
$packet=$res->send($domain, 'NS');
|
|
if ($packet){
|
|
@additional_ns = $packet->additional;
|
|
@answer_ns = $packet->answer;
|
|
if (@additional_ns) {
|
|
foreach $rr (@additional_ns) {
|
|
$ns=$rr->rdatastr;
|
|
if (get_dns()){$ok= 1;}
|
|
}
|
|
if ($ok){return 1;}
|
|
}
|
|
else {
|
|
if (@answer_ns) {
|
|
foreach $rr (@answer_ns) {
|
|
$name=$rr->rdatastr;
|
|
resolve_name();
|
|
if (get_dns()){$ok= 1;}
|
|
}
|
|
if ($ok){return 1;}
|
|
}
|
|
else {return 0;}
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
sub get_dns(){
|
|
$res->nameservers($ns);
|
|
$res->usevc(0);
|
|
print "Asking Name Server $ns\n";
|
|
if ($version){get_ver();}
|
|
$packet=$res->send($domain, 'NS');
|
|
if ($packet){
|
|
if ( get_axfr()){
|
|
print " Zone Transfer succesful!\n";
|
|
}
|
|
else {
|
|
get_any();
|
|
get_activedir();
|
|
if ($dig){dig_dns();}
|
|
print "All possible information for $domain gathered!\n";
|
|
}
|
|
return 1;
|
|
}
|
|
else {return 0;}
|
|
}
|
|
|
|
sub get_ver{
|
|
$res->usevc(0);
|
|
print "\nChecking for DNS Server Version ...\n";
|
|
$packet=$res->query('version.bind', 'TXT','CH');
|
|
if ($res->errorstring eq "NOTIMP"){print "Microsoft DNS Server detected!\n";}
|
|
if ($res->errorstring eq "FORMERR"){print "TinyDNS Server detected!\n";}
|
|
if ($res->errorstring eq "NOERROR")
|
|
{
|
|
print "BIND DNS Server detected!\n";
|
|
if ($packet) {
|
|
@dnsversion = $packet->answer;
|
|
if (@dnsversion) {
|
|
foreach $rr (@dnsversion) {
|
|
$ver=$rr->rdatastr;
|
|
print "BIND Version: $ver \n";}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
sub get_any{
|
|
print "\nGetting ANY DNS Record ...\n";
|
|
$res->usevc(0);
|
|
$packet=$res->query($domain, 'ANY');
|
|
if ($packet) {
|
|
$packet->print;
|
|
print "\n----------------------------------------------------------------------\n\n";
|
|
}
|
|
@dnstypes=(
|
|
"A",
|
|
"AAAA",
|
|
"AFSDB",
|
|
"CERT",
|
|
"CNAME",
|
|
"DNAME",
|
|
"EID",
|
|
"HINFO",
|
|
"ISDN",
|
|
"LOC",
|
|
"MB",
|
|
"MG",
|
|
"MINFO",
|
|
"MR",
|
|
"MX",
|
|
"NAPTR",
|
|
"NIMLOC",
|
|
"NS",
|
|
"NSAP",
|
|
"NULL",
|
|
"OPT",
|
|
"PTR",
|
|
"PX",
|
|
"RP",
|
|
"RT",
|
|
"SOA",
|
|
"TKEY",
|
|
"TSIG",
|
|
"TXT",
|
|
"WKS",
|
|
"X25"
|
|
);
|
|
foreach $i (@dnstypes) {
|
|
print "\nTrying $i Record Type ...\n";
|
|
$packet=$res->query($domain, $i);
|
|
if ($packet) {
|
|
$packet->print;
|
|
print "\n----------------------------------------------------------------------\n\n";
|
|
}
|
|
}
|
|
}
|
|
|
|
sub get_activedir{
|
|
print "\nLooking for Active Directory SRV Records ...\n";
|
|
$res->usevc(0);
|
|
@srvtype=(
|
|
"_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.",
|
|
"_kerberos._tcp.Default-First-Site-Name._sites.",
|
|
"_kerberos._tcp.dc._msdcs.",
|
|
"_kerberos._tcp.",
|
|
"_kerberos._udp.",
|
|
"_kpasswd._tcp.",
|
|
"_kpasswd._udp.",
|
|
"_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.",
|
|
"_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.",
|
|
"_ldap._tcp.Default-First-Site-Name._sites.",
|
|
"_ldap._tcp.dc._msdcs.",
|
|
"_ldap._tcp.gc._msdcs.",
|
|
"_ldap._tcp.pdc._msdcs.",
|
|
"_ldap._tcp.",
|
|
"_gc._tcp.Default-First-Site-Name._sites.",
|
|
"_gc._tcp."
|
|
);
|
|
foreach $i (@srvtype) {
|
|
$service = $i.$domain;
|
|
print "\nTrying $service ...\n";
|
|
$packet=$res->query($service, 'SRV');
|
|
if ($packet) {
|
|
$packet->print;
|
|
print "\n----------------------------------------------------------------------\n\n";
|
|
}
|
|
}
|
|
}
|
|
|
|
sub dig_dns{
|
|
print "\nStarting the DNS Digger ...\n";
|
|
@hybridlst1=("0","1","2","3","4","5","6","7","8","9");
|
|
@hybridlst2=("0","1","2","3","4","5","6","7","8","9");
|
|
$res->usevc(0);
|
|
if (open(NAMES,"names.txt")){
|
|
while (<NAMES>){
|
|
chomp($_);
|
|
$host = $_.".".$domain;
|
|
$packet=$res->query($host, 'ANY');
|
|
if ($packet){
|
|
$packet->print;
|
|
print "\n----------------------------------------------------------------------\n\n";
|
|
}
|
|
if ($hybrid){
|
|
foreach $h1 (@hybridlst1) {
|
|
foreach $h2 (@hybridlst2) {
|
|
$hybrid_host=$_.$h1.$h2.".".$domain;
|
|
$packet=$res->query($hybrid_host, 'ANY');
|
|
if ($packet){
|
|
$packet->print;
|
|
print "\n----------------------------------------------------------------------\n\n";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if ($silent){sleep 1};
|
|
}
|
|
}
|
|
else {print "Can't open names.txt!\n";}
|
|
close(NAMES);
|
|
}
|
|
|
|
sub usage(){
|
|
print "\nUsage: perl dnsdigger.pl <domain name> [OPTIONS]\n";
|
|
print "-----------------------------------------------------------\n";
|
|
print "OPTIONS:\n";
|
|
print "silent : Activates a time loop of 1 second in the DNS Digger function\n";
|
|
print "debug : Starts a debug output\n";
|
|
print "nodig : Disable the Digger\n";
|
|
print "port53 : Use Port 53 as Source Port\n";
|
|
print "host : Use a specific DNS Server and must be followed by the IP Address\n";
|
|
print "hybrid : Appends 01 to 99 to the names while digging\n";
|
|
print "version: Try to get the DNS Server Version\n";
|
|
print "\nEXAMPLES:\n";
|
|
print "perl dnsdigger.pl example.com\n";
|
|
print "perl dnsdigger.pl example.com silent\n";
|
|
print "perl dnsdigger.pl example.com debug\n";
|
|
print "perl dnsdigger.pl example.com host 10.1.1.1\n";
|
|
exit;
|
|
}
|
|
|
|
# Main Programm
|
|
if (@ARGV==0){usage();}
|
|
$dig=1;
|
|
$root=1;
|
|
$version=0;
|
|
print "\n";
|
|
print "DNSDigger 0.3beta (c) 2003 by Michael Thumann (mthumann\@ernw.de)\n";
|
|
print "----------------------------------------------------------------------\n\n";
|
|
$res = Net::DNS::Resolver->new;
|
|
$res->tcp_timeout(5);
|
|
$res->udp_timeout(5);
|
|
$res->retry(2);
|
|
$res->retrans(3);
|
|
if (@ARGV==1){
|
|
$domain=$ARGV[0];
|
|
if (find_rootserver()){print "Done.\n";}
|
|
else{print "Error: Can't connect to the DNS Server!\n";}
|
|
}
|
|
if (@ARGV>=2){
|
|
$domain=$ARGV[0];
|
|
for ($o=1;$o<=@ARGV;$o++){
|
|
$option=$ARGV[$o];
|
|
if ($option eq "silent") {$silent=1;print "Time Loop enabled!\n"}
|
|
if ($option eq "debug") {$res->debug(1);print "Debug enabled!\n";}
|
|
if ($option eq "port53") {$res->srcport(53);print "Switching to Source Port 53!\n";}
|
|
if ($option eq "nodig") {$dig=0;print "Digger disabled!\n";}
|
|
if ($option eq "version") {$version=1;print "Query DNS Server Version enabled!\n";}
|
|
if ($option eq "hybrid") {$hybrid=1;print "Hybrid Mode for Digger enabled!\n";}
|
|
if ($option eq "host") {
|
|
$root=0;
|
|
print "Use specific DNS Server!\n";
|
|
$ns=$ARGV[$o+1];
|
|
}
|
|
}
|
|
if ($root){
|
|
if (find_rootserver()){print "Done.\n";}
|
|
else{print "Error: Can't connect to the DNS Server!\n";}
|
|
}
|
|
else{
|
|
if (get_dns()){print "Done.\n";}
|
|
else{print "Error: Can't connect to the DNS Server!\n";}
|
|
}
|
|
}
|
|
# end
|