forked from rapid7/metasploit-framework
/
dns_enum.rc
81 lines (72 loc) · 2.26 KB
/
dns_enum.rc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# dns_enum.rc
# Author: RageLtMan
# This resource file can be used to enumerate workspace target DNS resources.
<ruby>
if (framework.datastore['VERBOSE'] == "true") #we look in the global datastore for a global VERBOSE option and use it
verbose = 1 #true
else
verbose = 0
end
# Test and see if we have a database connected
begin
framework.db.hosts
rescue ::ActiveRecord::ConnectionNotEstablished
print_error("Database connection isn't established")
return
end
# Set max threadcount
threadcount = 16
# Configure current workspace
ws = framework.db.workspace
# Get DNS names
if framework.datastore['DNS_ENUM_DOMAIN']
# pull from global datastore if set
names = framework.datastore['DNS_ENUM_DOMAIN'].split(/,|\s/).map(&:strip).delete_if(&:empty?)
else
# Find all top primary domains and enumerate each
names = ws.hosts.map(&:name).compact.uniq.delete_if {
|i| Rex::Socket.is_ipv4?(i) or i.chomp('.') !~ /\w+\.\w+$/
}.map {
|n| n.scan(/\w+\.\w+$/).first
}.compact.map {|n| n.chomp('.')}.uniq
end
if names.empty?
print_error("No domain names defined or found, set DNS_ENUM_DOMAIN")
return
else
print_good("Enumerating #{names.join(', ')}")
end
# Sort by IP
addrs = ws.hosts.map(&:address).sort {|a| IPAddr.new(a)}
# Create module and merge with framework datastore
mod = framework.auxiliary.create('gather/enum_dns')
mod.datastore.merge(framework.datastore)
mod.datastore['ENUM_RVL'] = true
# Do reverse lookups for existing hosts only
mod.datastore['RVL_EXISTING_ONLY'] = true
# The following should work but fails for some reason
#self.output.print_raw("#{addrs.first}-#{addrs.last}")
#mod.datastore['IPRANGE'] = "#{addrs.first}-#{addrs.last}"
# Workaround for above
mod.datastore['IPRANGE'] = '0.0.0.0/0'
# Pull settings from datastore or set to true
mod.datastore['ENUM_BRT'] ||= true
mod.datastore['REPORT_A_RECORDS'] ||= true
names.each do |name|
mod.datastore['DOMAIN'] = name
# Assign reasonable fraction of max threads to module
mod.datastore['THREADS'] = framework.datastore['DNS_ENUM_THREADS'] || threadcount/names.length
# DEBUG: self.output.print_raw("using #{name}\n")
if verbose
mod.run_simple(
'LocalOutput' => self.output,
'RunAsJob' => true
)
else
mod.run_simple(
'LocalOutput' => nil,
'RunAsJob' => true
)
end
end
</ruby>