Hola gente! Hace unos días estaba leyendo un poco del protocolo DNS y los ataques que existen para el mismo, y hoy me puse a codear este programita que nos permite realizar un ataque de diccionario para hacer un mapeo DNS.
Aquí el código.
# -*- coding: cp1252 -*-
from time import sleep
from urllib2 import urlopen, HTTPError
from sys import argv
class DNSMap(object):
def __init__(self, dns, wordlist, delay, verbose):
self._dns = dns
self._wordlist = wordlist
self._delay = delay
self._verbose = verbose
print "\nStarting Dictionary Attack"
self._urlMaker()
def _urlMaker(self):
f = open(self._wordlist, "r")
if self._verbose == False:
print "\nWorking now! Please wait...\n"
while True:
try:
line = f.readline().replace("\n", "")
if len(line) == 0:
break
url = "http://" + line + "." + self._dns
self._urlTester(url)
sleep(self._delay)
except Exception as e:
print e
break
f.close()
def _urlTester(self, url):
if self._verbose == True:
print "\n[*] Checking for: " + url
try:
result = urlopen(url)
if result.code == 200:
print "[+] " + url
except HTTPError as e:
print "[+] %s [%s]" % (url, e.getcode())
except Exception as e:
if self._verbose == True:
print "[-] ERROR: " + str(e)
logo = """
/$$$$$$$ /$$ /$$ /$$$$$$ /$$ /$$
| $$__ $$| $$$ | $$ /$$__ $$| $$$ /$$$
| $$ \ $$| $$$$| $$| $$ \__/| $$$$ /$$$$ /$$$$$$ /$$$$$$
| $$ | $$| $$ $$ $$| $$$$$$ | $$ $$/$$ $$ |____ $$ /$$__ $$
| $$ | $$| $$ $$$$ \____ $$| $$ $$$| $$ /$$$$$$$| $$ \ $$
| $$ | $$| $$\ $$$ /$$ \ $$| $$\ $ | $$ /$$__ $$| $$ | $$
| $$$$$$$/| $$ \ $$| $$$$$$/| $$ \/ | $$| $$$$$$$| $$$$$$$/
|_______/ |__/ \__/ \______/ |__/ |__/ \_______/| $$____/
| $$
| $$
|__/
"""
usage = """Usage: python DNSMap.py <target-domain> [options]
Options:
-w <wordlist-file>
-d <delay-millisecs>
-v <verbose mode>"""
about = """DNSMap v1.0.13.24.12 - DNS Network Mapper by WhiZ (underc0de.org)
"""
def parser():
if len(argv) < 4:
print about
print usage
exit()
# dns
if argv[1] == "-w" or argv[1] == "-d" or argv[1] == "-v":
print about
print usage
exit()
else:
dns = argv[1]
try:
dns = dns.replace("http://", "")
dns = dns.replace("www.", "")
except:
try:
dns = dns.replace("www.", "")
except:
pass
# wordlist
if not "-w" in argv:
print about
print usage
exit()
else:
index = argv.index("-w")
wordlist = argv[index+1]
# delay
if not "-d" in argv:
delay = 0
else:
index = argv.index("-d")
delay = argv[index+1]
# verbose
if not "-v" in argv:
verbose = False
else:
verbose = True
return (dns, wordlist, delay, verbose)
def argvTester(dns, wordlist, delay, verbose):
print "Checking information. Please wait..."
# Cheking DNS
print "\n[*] Testing DNS: " + dns
try:
result = urlopen("http://www."+dns)
if result.code == 200:
print "[+] OK"
else:
print "[+] OK [%s]" % result.code
except HTTPError as e:
print "[+] OK [%s]" % e.getcode()
except Exception as e:
print "[-] FAIL:", e
exit()
# Checking Wordlist
print "\n[*] Testing Wordlist: " + wordlist
try:
f = open(wordlist, "r")
f.close()
print "[+] OK"
except Exception as e:
print "[-] No such file or directory: " + wordlist
exit()
# Checking Delay
print "\n[*] Testing Delay"
try:
delay = int(delay)
print "[+] Delay: " + str(delay) + " millisecs"
delay = float(delay)/1000
except:
print "[-] FAIL: An integer is required"
exit()
# Checking verbose
if verbose == True:
print "\n[+] Verbose Mode"
return dns, delay
def main():
dns, wordlist, delay, verbose = parser()
print logo
print about
dns, delay = argvTester(dns, wordlist, delay, verbose)
dnsmap = DNSMap(dns, wordlist, delay, verbose)
if __name__ == "__main__":
main()
Espero que les guste!
Saludos!
WhiZ
Excelente WhiZ!!
Habra que probarlo!
Saludos!
ANTRAX