Merge 13a5fdc into e900e4b

README.md

@@ -16,6 +16,8 @@ Ryo is a yet another website recon tool powered by Ruby.
 ## Features & ToDo list
 
 - [x] Directory & File brute force
+- [x] DNS dig
+  -  By using [Google Public DNS](https://developers.google.com/speed/public-dns/)
 - [x] Subdomain discovery
   - By using [DNSDumpster](https://dnsdumpster.com/) and [FindSubdomains](https://findsubdomains.com/)
 - [x] Website's technology detection
@@ -38,50 +40,217 @@ $ ryo
 Commands:
   ryo all URL         # Run all discovery plugins against a given URL
   ryo dir URL         # Discover directories and files belong to a given URL
+  ryo discover URL    # Run discovery plugin(s) against a given URL
+  ryo dns URL         # Discover DNS records of a given URL
   ryo help [COMMAND]  # Describe available commands or one specific command
   ryo subdomain URL   # Discover subdomains of a given URL
   ryo tech URL        # Discover used technolgies of a given URL
   ryo whois URL       # Discover whois information of a given URL
 ```
 
+**Example:**
+
 ```sh
 # start Webrick HTTP server
 # $ ruby -rwebrick -e 'WEBrick::HTTPServer.new(:DocumentRoot => "./", :Port => 8000).start'
 $ ryo all http://localhost:8000 | jq .
+```
+
+**Output:**
+
+```json
 {
   "dir": [
-    "http://localhost:8000/.git/",
-    "http://localhost:8000/.git/branches/",
     "http://localhost:8000/.git/COMMIT_EDITMSG",
     "http://localhost:8000/.git/config",
+    "http://localhost:8000/.git/branches/",
+    "http://localhost:8000/.git/HEAD",
     "http://localhost:8000/.git/description",
     "http://localhost:8000/.git/FETCH_HEAD",
-    "http://localhost:8000/.git/HEAD",
-    "http://localhost:8000/.git/hooks/",
     "http://localhost:8000/.git/index",
-    "http://localhost:8000/.git/info/",
     "http://localhost:8000/.git/info/exclude",
+    "http://localhost:8000/.git/",
     "http://localhost:8000/.git/logs/",
+    "http://localhost:8000/.git/info/",
     "http://localhost:8000/.git/logs/HEAD",
+    "http://localhost:8000/.git/hooks/",
     "http://localhost:8000/.git/logs/refs/heads/master",
     "http://localhost:8000/.git/logs/refs/remotes/origin/HEAD",
-    "http://localhost:8000/.git/objects/",
+    "http://localhost:8000/.git/logs/refs/remotes/origin/master",
     "http://localhost:8000/.git/packed-refs",
     "http://localhost:8000/.git/refs/",
     "http://localhost:8000/.git/refs/heads/master",
     "http://localhost:8000/.git/refs/remotes/origin/HEAD",
+    "http://localhost:8000/.git/refs/remotes/origin/master",
     "http://localhost:8000/.gitignore",
     "http://localhost:8000/.gitignore/",
+    "http://localhost:8000/.git/objects/",
     "http://localhost:8000/.travis.yml",
-    "http://localhost:8000/Bin/",
     "http://localhost:8000/bin/",
+    "http://localhost:8000/Bin/",
     "http://localhost:8000/Gemfile",
     "http://localhost:8000/Gemfile.lock",
     "http://localhost:8000/LICENSE",
     "http://localhost:8000/Rakefile",
-    "http://localhost:8000/README.md",
-    "http://localhost:8000/readme.md"
+    "http://localhost:8000/readme.md",
+    "http://localhost:8000/README.md"
   ],
+  "dns": {
+    "A": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 1
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 34709,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090700 1800 900 604800 86400"
+        }
+      ]
+    },
+    "AAAA": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 28
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 27096,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090700 1800 900 604800 86400"
+        }
+      ]
+    },
+    "CNAME": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 5
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 44332,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090700 1800 900 604800 86400"
+        }
+      ]
+    },
+    "MX": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 15
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 86026,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090702 1800 900 604800 86400"
+        }
+      ]
+    },
+    "NS": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 2
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 12268,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090601 1800 900 604800 86400"
+        }
+      ]
+    },
+    "SOA": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 6
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 7174,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090601 1800 900 604800 86400"
+        }
+      ]
+    },
+    "TXT": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 16
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 36307,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090601 1800 900 604800 86400"
+        }
+      ]
+    }
+  },
   "subdomain": [],
   "tech": {
     "HTTPServer": [

lib/ryo.rb

@@ -19,6 +19,7 @@ def self.discover(uri, options)
 
     h = {}
     h[:dir] = Plugin::Dir.discover(target.uri) if options[:dir] || options[:all]
+    h[:dns] = Plugin::DNS.discover(target.domain) if options[:dns] || options[:all]
     h[:subdomain] = Plugin::Subdomain.discover(target.fld) if options[:subdomain] || options[:all]
     h[:tech] = Plugin::Tech.discover(target.uri) if options[:tech] || options[:all]
     h[:whois] = Plugin::Whois.discover(target.domain) if options[:whois] || options[:all]

lib/ryo/cli.rb

@@ -8,6 +8,12 @@ def dir(url)
       puts hash.to_json
     end
 
+    desc "dns URL", "Discover DNS records of a given URL"
+    def dns(url)
+      hash = run_discovery(url, dns: true)
+      puts hash.to_json
+    end
+
     desc "subdomain URL", "Discover subdomains of a given URL"
     def subdomain(url)
       hash = run_discovery(url, subdomain: true)

lib/ryo/plugin.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative "./plugin/dir"
+require_relative "./plugin/dns"
 require_relative "./plugin/subdomain"
 require_relative "./plugin/tech"
 require_relative "./plugin/whois"

lib/ryo/plugin/dns.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Ryo
+  module Plugin
+    class DNS
+      TYPES = %w(A AAAA CNAME MX NS SOA TXT).freeze
+
+      attr_reader :domain
+      def initialize(domain)
+        @domain = domain
+      end
+
+      def endpoint
+        "https://dns.google.com/resolve"
+      end
+
+      def fetch_body(params)
+        res = Client.http.get(endpoint, params: params)
+        res.body.to_s
+      end
+
+      def dig(type)
+        params = { name: domain, type: type }
+        body = fetch_body(params)
+        JSON.parse(body)
+      end
+
+      def discover
+        h = {}
+        TYPES.each do |type|
+          h[type] = dig(type)
+        end
+        h
+      end
+
+      def self.discover(domain)
+        new(domain).discover
+      end
+    end
+  end
+end

spec/cli_spec.rb

@@ -64,6 +64,7 @@
   describe "#all" do
     before {
       allow(Ryo::Plugin::Dir).to receive(:discover).and_return({})
+      allow(Ryo::Plugin::DNS).to receive(:discover).and_return({})
       allow(Ryo::Plugin::Subdomain).to receive(:discover).and_return({})
       allow(Ryo::Plugin::Tech).to receive(:discover).and_return({})
       allow(Ryo::Plugin::Whois).to receive(:discover).and_return({})