-
Notifications
You must be signed in to change notification settings - Fork 165
Expand file tree
/
Copy pathdga.py
More file actions
56 lines (49 loc) · 1.86 KB
/
dga.py
File metadata and controls
56 lines (49 loc) · 1.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import argparse
import base64
import hashlib
from datetime import datetime
def dga(date: datetime, version: str):
# this will actually be locale dependent, so be prepared for + or -
# on week shifts
week_of_year = date.isocalendar()[1]
year = date.year
if version in {"0.0", "1.63"}:
tlds = [".top", ".xyz", ".cc", ".info", ".com", ".ru", ".net"]
else:
tlds = [".xyz", ".live", ".com", ".store", ".info", ".top", ".net"]
for tld in tlds:
if version == "2.8":
s = f"{tld}{week_of_year}{year}"
h = hashlib.md5(s.encode("ascii")).hexdigest()
sld = h[:16]
elif version == "2.1":
s = f"{tld}{week_of_year}"
h = hashlib.md5(s.encode("ascii")).hexdigest()
t = f"{h}{year}"
sld = t[:16]
elif version == "1.63":
s = f"{week_of_year + year}pojBI9LHGFdfgegjjsJ99hvVGHVOjhksdf"
b = base64.b64encode(s.encode('ascii'))
sld = b[:19].decode('ascii').lower()
elif version == "0.0":
s = f"{week_of_year}pojBI9LHGFdfgegjjsJ99hvVGHVOjhksdf"
b = base64.b64encode(s.encode('ascii'))
sld = b[:19].decode('ascii').lower()
else:
raise ValueError(f"invalid version {version}")
yield f"{sld}{tld}"
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="DGA of MyDoom")
parser.add_argument(
"-d", "--date", help="date for which to generate domains, e.g., 2022-05-09"
)
parser.add_argument(
"-v", "--version", help="version of the dga", choices=["0.0", "1.63", "2.8", "2.1"], default="2.8"
)
args = parser.parse_args()
if args.date:
date = datetime.strptime(args.date, "%Y-%m-%d")
else:
date = datetime.now()
for domain in dga(date=date, version=args.version):
print(domain)