Skip to content

Commit 374faf9

Browse files
author
jvazquez-r7
committed
cleanup for dns_srv
1 parent 9d4bd76 commit 374faf9

File tree

1 file changed

+55
-55
lines changed

1 file changed

+55
-55
lines changed

modules/auxiliary/gather/dns_srv.rb

Lines changed: 55 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,12 @@ def initialize(info = {})
1616
super(update_info(info,
1717
'Name' => 'DNS Common Service Record Enumeration',
1818
'Description' => %q{
19-
This module enumerates common DNS service records.
19+
This module enumerates common DNS service records in a given domain. By setting
20+
the ALL_DNS to true, all the name servers of a given domain are used for
21+
enumeration. Otherwise only the system dns is used for enumration. in order to get
22+
all the available name servers for the given domain the SOA and NS records are
23+
queried. In order to convert from domain names to IP addresses queries for A and
24+
AAAA (IPv6) records are used.
2025
},
2126
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>' ],
2227
'License' => BSD_LICENSE
@@ -25,13 +30,13 @@ def initialize(info = {})
2530
register_options(
2631
[
2732
OptString.new('DOMAIN', [ true, "The target domain name."]),
28-
OptBool.new( 'ALL_NS', [ false, "Run against all name servers for the given domain.",false]),
33+
OptBool.new( 'ALL_NS', [ false, "Run against all name servers for the given domain.",false])
2934
], self.class)
3035

3136
register_advanced_options(
3237
[
33-
OptInt.new('RETRY', [ false, "Number of times to try to resolve a record if no response is received.", 3]),
34-
OptInt.new('RETRY_INTERVAL', [ false, "Number of seconds to wait before doing a retry.", 4]),
38+
OptInt.new('RETRY', [ false, "Number of times to try to resolve a record if no response is received.", 2]),
39+
OptInt.new('RETRY_INTERVAL', [ false, "Number of seconds to wait before doing a retry.", 2])
3540
], self.class)
3641
end
3742

@@ -61,46 +66,45 @@ def run
6166
records.uniq!
6267
records.each do |r|
6368
print_good("Host: #{r[:host]} IP: #{r[:address].to_s} Service: #{r[:service]} Protocol: #{r[:proto]} Port: #{r[:port]}")
69+
report_host(
70+
:host => r[:address].to_s,
71+
:name => r[:host]
72+
)
6473
report_service(
6574
:host=> r[:address].to_s,
6675
:port => r[:port].to_i,
6776
:proto => r[:proto],
6877
:name => r[:service],
6978
:host_name => r[:host]
7079
)
71-
report_host(
72-
:host => r[:address].to_s,
73-
:name => r[:host]
74-
)
7580
end
7681

7782
end
78-
#---------------------------------------------------------------------------------
83+
7984
def get_soa(target)
8085
results = []
8186
query = @res.query(target, "SOA")
82-
if (query)
83-
(query.answer.select { |i| i.class == Net::DNS::RR::SOA}).each do |rr|
84-
if Rex::Socket.dotted_ip?(rr.mname)
87+
return results if not query
88+
(query.answer.select { |i| i.class == Net::DNS::RR::SOA}).each do |rr|
89+
if Rex::Socket.dotted_ip?(rr.mname)
90+
record = {}
91+
record[:host] = rr.mname
92+
record[:type] = "SOA"
93+
record[:address] = rr.mname
94+
results << record
95+
else
96+
get_ip(rr.mname).each do |ip|
8597
record = {}
86-
record[:host] = rr.mname
98+
record[:host] = rr.mname.gsub(/\.$/,'')
8799
record[:type] = "SOA"
88-
record[:address] = rr.mname
100+
record[:address] = ip[:address].to_s
89101
results << record
90-
else
91-
get_ip(rr.mname).each do |ip|
92-
record = {}
93-
record[:host] = rr.mname.gsub(/\.$/,'')
94-
record[:type] = "SOA"
95-
record[:address] = ip[:address].to_s
96-
results << record
97-
end
98102
end
99103
end
100104
end
101105
return results
102106
end
103-
#-------------------------------------------------------------------------------
107+
104108
def srvqry(dom)
105109
results = []
106110
#Most common SRV Records
@@ -127,36 +131,35 @@ def srvqry(dom)
127131
begin
128132

129133
query = @res.query(trg , Net::DNS::SRV)
130-
if query
131-
query.answer.each do |srv|
132-
if Rex::Socket.dotted_ip?(srv.host)
134+
next unless query
135+
query.answer.each do |srv|
136+
if Rex::Socket.dotted_ip?(srv.host)
137+
record = {}
138+
srv_info = srvt.scan(/^_(\S*)\._(tcp|udp)\./)[0]
139+
record[:host] = srv.host.gsub(/\.$/,'')
140+
record[:type] = "SRV"
141+
record[:address] = srv.host
142+
record[:srv] = srvt
143+
record[:service] = srv_info[0]
144+
record[:proto] = srv_info[1]
145+
record[:port] = srv.port
146+
record[:priority] = srv.priority
147+
results << record
148+
vprint_status("SRV Record: #{trg} Host: #{srv.host.gsub(/\.$/,'')} IP: #{srv.host} Port: #{srv.port} Priority: #{srv.priority}")
149+
else
150+
get_ip(srv.host.gsub(/\.$/,'')).each do |ip|
133151
record = {}
134152
srv_info = srvt.scan(/^_(\S*)\._(tcp|udp)\./)[0]
135153
record[:host] = srv.host.gsub(/\.$/,'')
136154
record[:type] = "SRV"
137-
record[:address] = srv.host
155+
record[:address] = ip[:address]
138156
record[:srv] = srvt
139157
record[:service] = srv_info[0]
140158
record[:proto] = srv_info[1]
141159
record[:port] = srv.port
142160
record[:priority] = srv.priority
143161
results << record
144-
vprint_status("SRV Record: #{trg} Host: #{srv.host.gsub(/\.$/,'')} IP: #{srv.host} Port: #{srv.port} Priority: #{srv.priority}")
145-
else
146-
get_ip(srv.host.gsub(/\.$/,'')).each do |ip|
147-
record = {}
148-
srv_info = srvt.scan(/^_(\S*)\._(tcp|udp)\./)[0]
149-
record[:host] = srv.host.gsub(/\.$/,'')
150-
record[:type] = "SRV"
151-
record[:address] = ip[:address]
152-
record[:srv] = srvt
153-
record[:service] = srv_info[0]
154-
record[:proto] = srv_info[1]
155-
record[:port] = srv.port
156-
record[:priority] = srv.priority
157-
results << record
158-
vprint_status("SRV Record: #{trg} Host: #{srv.host} IP: #{ip[:address]} Port: #{srv.port} Priority: #{srv.priority}")
159-
end
162+
vprint_status("SRV Record: #{trg} Host: #{srv.host} IP: #{ip[:address]} Port: #{srv.port} Priority: #{srv.priority}")
160163
end
161164
end
162165
end
@@ -166,7 +169,6 @@ def srvqry(dom)
166169
return results
167170
end
168171

169-
#---------------------------------------------------------------------------------
170172
def get_ip(host)
171173
results = []
172174
query = @res.search(host, "A")
@@ -199,26 +201,24 @@ def get_ip(host)
199201
end
200202
return results
201203
end
202-
#---------------------------------------------------------------------------------
204+
203205
def switchdns(ns)
204206
vprint_status("Enumerating SRV Records on: #{ns}")
205207
@res.nameserver=(ns)
206208
@nsinuse = ns
207209
end
208210

209-
#---------------------------------------------------------------------------------
210211
def get_ns(target)
211212
results = []
212213
query = @res.query(target, "NS")
213-
if (query)
214-
(query.answer.select { |i| i.class == Net::DNS::RR::NS}).each do |rr|
215-
get_ip(rr.nsdname).each do |r|
216-
record = {}
217-
record[:host] = rr.nsdname.gsub(/\.$/,'')
218-
record[:type] = "NS"
219-
record[:address] = r[:address].to_s
220-
results << record
221-
end
214+
return results if not query
215+
(query.answer.select { |i| i.class == Net::DNS::RR::NS}).each do |rr|
216+
get_ip(rr.nsdname).each do |r|
217+
record = {}
218+
record[:host] = rr.nsdname.gsub(/\.$/,'')
219+
record[:type] = "NS"
220+
record[:address] = r[:address].to_s
221+
results << record
222222
end
223223
end
224224
return results

0 commit comments

Comments
 (0)