From 2ebb1766f1df1055151dd069fba6ca5e8a16af31 Mon Sep 17 00:00:00 2001 From: EUcancER Date: Wed, 18 Apr 2012 23:14:55 +0200 Subject: Reaktor: add dnsmap-0.30 --- repos/dnsmap/CREDITS.txt | 10 + repos/dnsmap/Changelog.txt | 25 + repos/dnsmap/Makefile | 12 + repos/dnsmap/README.txt | 177 + repos/dnsmap/TODO.txt | 13 + repos/dnsmap/dnsmap-bulk.sh | 19 + repos/dnsmap/dnsmap.c | 795 ++ repos/dnsmap/dnsmap.h | 1047 +++ repos/dnsmap/gpl-2.0.txt | 339 + repos/dnsmap/use_cases.txt | 10 + repos/dnsmap/wordlist_TLAs.txt | 17576 +++++++++++++++++++++++++++++++++++++++ 11 files changed, 20023 insertions(+) create mode 100644 repos/dnsmap/CREDITS.txt create mode 100644 repos/dnsmap/Changelog.txt create mode 100644 repos/dnsmap/Makefile create mode 100644 repos/dnsmap/README.txt create mode 100644 repos/dnsmap/TODO.txt create mode 100755 repos/dnsmap/dnsmap-bulk.sh create mode 100644 repos/dnsmap/dnsmap.c create mode 100644 repos/dnsmap/dnsmap.h create mode 100644 repos/dnsmap/gpl-2.0.txt create mode 100644 repos/dnsmap/use_cases.txt create mode 100644 repos/dnsmap/wordlist_TLAs.txt (limited to 'repos') diff --git a/repos/dnsmap/CREDITS.txt b/repos/dnsmap/CREDITS.txt new file mode 100644 index 0000000..5f19715 --- /dev/null +++ b/repos/dnsmap/CREDITS.txt @@ -0,0 +1,10 @@ +Main author: +pagvac (gnucitizen.org) + +Patches, bug hunting and general feedback: +Borys Lacki (www.bothunters.pl) +Philipp Winter (7c0.org) +meathive (kinqpinz.info) +David Kierznowski (withdk.com) +GNa (gnanet.net) +srl (security.research.labs@gmail.com) diff --git a/repos/dnsmap/Changelog.txt b/repos/dnsmap/Changelog.txt new file mode 100644 index 0000000..ba1b097 --- /dev/null +++ b/repos/dnsmap/Changelog.txt @@ -0,0 +1,25 @@ +20/02/2010: dnsmap 0.30 released at www.gnucitizen.org +* IPv6 support +* Makefile included +* delay option (-d) added. This is useful in cases where dnsmap is killing your bandwidth +* ignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dnsmap to produce false positives +* changes made to make dnsmap compatible with OpenDNS +* disclosure of internal IP addresses (RFC 1918) are reported +* updated built-in wordlist +* included a standalone three-letter acronym (TLA) subdomains wordlist +* domains susceptible to "same site" scripting (http://snipurl.com/etbcv) are reported +* completion time is now displayed to the user +* mechanism to attempt to bruteforce wildcard-enabled domains +* unique filename containing timestamp is now created when no specific output filename is supplied by user +* various minor bugs fixed + +22/02/2009: dnsmap 0.22 released at www.gnucitizen.org +* saving the results in human-readable and CSV format for easy processing +* fixed bug that disallowed reading wordlists with DOS CRLF format +* improved built-in subdomains wordlist +* new bash script (dnsmap-bulk.sh) included which allows running dnsmap against a list of domains from a user-supplied file. i.e.: bruteforcing several domains in a bulk fashion +* bypassing of signature-based dnsmap detection by generating a proper pseudo-random subdomain when checking for wildcards + +17/08/2006: dnsmap 0.1 (first public version) released at foro.elhacker.net +* bruteforcing based on builtin list and user-supplied wordlist +* obtain all available A records for each bruteforced (sub)domain (rather than only one) diff --git a/repos/dnsmap/Makefile b/repos/dnsmap/Makefile new file mode 100644 index 0000000..2393d37 --- /dev/null +++ b/repos/dnsmap/Makefile @@ -0,0 +1,12 @@ +CC=gcc +CFLAGS=-I. +BINDIR=/usr/local/bin + +dnsmap: dnsmap.c dnsmap.h + $(CC) $(CFLAGS) -o dnsmap dnsmap.c + +install: dnsmap + mkdir -p $(DESTDIR)$(BINDIR) + install -m 0755 dnsmap $(DESTDIR)$(BINDIR) + install -m 0755 dnsmap-bulk.sh $(DESTDIR)$(BINDIR)/dnsmap-bulk + diff --git a/repos/dnsmap/README.txt b/repos/dnsmap/README.txt new file mode 100644 index 0000000..beab0f2 --- /dev/null +++ b/repos/dnsmap/README.txt @@ -0,0 +1,177 @@ +INTRODUCTION + +dnsmap was originally released back in 2006 and was inspired by the +fictional story "The Thief No One Saw" by Paul Craig, which can be found +in the book "Stealing the Network - How to 0wn the Box" + +dnsmap is mainly meant to be used by pentesters during the information +gathering/enumeration phase of infrastructure security assessments. During the +enumeration stage, the security consultant would typically discover the target +company's IP netblocks, domain names, phone numbers, etc ... + +Subdomain brute-forcing is another technique that should be used in the +enumeration stage, as it's especially useful when other domain enumeration +techniques such as zone transfers don't work (I rarely see zone transfers +being *publicly* allowed these days by the way). + +If you are interested in researching stealth computer intrusion techniques, +I suggest reading this excellent (and fun) chapter which you can find for +*free* on the web: + +http://www.ethicalhacker.net/content/view/45/2/ + +I'm happy to say that dnsmap was included in Backtrack 2, 3 and 4 and has +been reviewed by the community: + +http://backtrack.offensive-security.com/index.php?title=Tools +http://www.networkworld.com/community/node/57543 +http://www.linuxhaxor.net/2007/07/14/backtrack-2-information-gathering-all-dnsmap/ +http://www.darknet.org.uk/2009/03/dnsmap-022-released-subdomain-bruteforcing-tool/ +http://www.gnucitizen.org/blog/new-version-of-dnsmap-out/ + + +COMPILING + +Compiling should be straightforward: + +$ make + +Or: + +$ gcc -Wall dnsmap.c -o dnsmap + + +INSTALLATION + +Example of manual installation: + +# cp ./dnsmap /usr/local/bin/dnsmap + +If you wish to bruteforce several target domains in bulk fashion, you can use the +included dnsmap-bulk.sh script. Just copy the script to /usr/local/bin/ so you can +call it from any location. e.g.: + +# cp ./dnsmap-bulk.sh /usr/local/bin/ + +And set execute permissions. e.g.: + +# chmod ugo+x /usr/local/bin/dnsmap-bulk.sh + + +LIMITATIONS + +Lack of multi-threading. This speed issue will hopefully be resolved in future versions. + + +FUN THINGS THAT CAN HAPPEN + +1. Finding interesting remote access servers (e.g.: https://extranet.targetdomain.com) + +2. Finding badly configured and/or unpatched servers (e.g.: test.targetdomain.com) + +3. Finding new domain names which will allow you to map non-obvious/hard-to-find netblocks + of your target organization (registry lookups - aka whois is your friend) + +4. Sometimes you find that some bruteforced subdomains resolve to internal IP addresses + (RFC 1918). This is great as sometimes they are real up-to-date "A" records which means + that it *is* possible to enumerate internal servers of a target organization from the + Internet by only using standard DNS resolving (as oppossed to zone transfers for instance). + +5. Discover embedded devices configured using Dynamic DNS services (e.g.: linksys-cam.com). + This method is an alternative to finding devices via Google hacking techniques + +USAGE + +Bruteforcing can be done either with dnsmap's built-in wordlist or a user-supplied wordlist. +Results can be saved in CSV and human-readable format for further processing. dnsmap does +NOT require root privileges to be run, and should NOT be run with such privileges for +security reasons. + +The usage syntax can be obtained by simply running dnsmap without any parameters: + +$ ./dnsmap + +dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org) + +usage: dnsmap [options] +options: +-w +-r +-c +-d +-i (useful if you're obtaining false positives) + +Note: delay value is a maximum random value. e.g.: if you enter 1000, each DNS request +will be delayed a *maximum* of 1 second. By default, dnsmap uses a value of 10 milliseconds +of maximum delay between DNS lookups + + +EXAMPLES +Subdomain bruteforcing using dnsmap's built-in word-list: + +$ ./dnsmap targetdomain.foo + +Subdomain bruteforcing using a user-supplied wordlist: + +$ ./dnsmap targetdomain.foo -w wordlist.txt + +Subdomain bruteforcing using the built-in wordlist and saving the results to /tmp/ : + +$ ./dnsmap targetdomain.foo -r /tmp/ + +Since no filename was provided in the previous example, but rather only a path, dnsmap would +create an unique filename which includes the current timestamp. e.g.: +/tmp/dnsmap_targetdomain_foo_2009_12_15_234953.txt + +Example of subdomain bruteforcing using the built-in wordlist, saving the results to /tmp/, +and waiting a random maximum of 3 milliseconds between each request: + +$ ./dnsmap targetdomain.foo -r /tmp/ -d 300 + +It is recommended to use the -d (delay in milliseconds) option in cases where dnsmap is +interfering with your online experience. i.e.: killing your bandwidth + +Subdomain bruteforcing with 0.8 seconds delay, saving results in regular and CSV format, +filtering 2 user-provided IP and using a user-supplied wordlist: + +$ ./dnsmap targetdomain.foo -d 800 -r /tmp/ -c /tmp/ -i 10.55.206.154,10.55.24.100 -w ./wordlist_TLAs.txt + +For bruteforcing a list of target domains in a bulk fashion use the bash script provided. e.g.: + +$ ./dnsmap-bulk.sh domains.txt /tmp/results/ + + +WORDLISTS + +http://packetstormsecurity.org/Crackers/wordlists/dictionaries/ +http://www.cotse.com/tools/wordlists1.htm +http://wordlist.sourceforge.net/ + + +OTHER SIMILAR TOOLS - choice is freedom! + +WS-DNS-BFX +http://ws.hackaholic.org/tools/WS-DNS-BFX.tgz + +DNSDigger +http://www.ernw.de/download/dnsdigger.zip + +Fierce Domain Scan +http://ha.ckers.org/fierce/ + +Desperate +http://www.sensepost.com/research_misc.html + +DNSenum +http://dnsenum.googlecode.com/files/dnsenum1.2.tar.gz + +ReverseRaider +http://complemento.sourceforge.net/ + +Knock +http://knock.gianniamato.it/ + + +-- +pagvac | GNUCITIZEN.org +Feb 2010 diff --git a/repos/dnsmap/TODO.txt b/repos/dnsmap/TODO.txt new file mode 100644 index 0000000..0df1368 --- /dev/null +++ b/repos/dnsmap/TODO.txt @@ -0,0 +1,13 @@ +* multi-threading - use pthread.h? +* can't handle wildcarded domains that return more than one IP address on non-existing subdomains + test domain: proboards.com +* allow using a customized list of DNS server to share network load +* allow using DNS server supplied on the command line +* for openDNS users: document how to permanently change DNS server settings so they are not overwritten by DHCP settings +* convert hostent structs to addrinfo ? +* replace inet_ntoa(*((struct in_addr *)host->h_addr_list[j])) with ipstr +* obtain aliases for each domain (CNAME records)? +* clever numerical domain bruteforce for clusters. i.e.: www2, www3 +* pickup new subdomains via reverse lookups (PTR records) +* better input validation + * improve function that validates target domain diff --git a/repos/dnsmap/dnsmap-bulk.sh b/repos/dnsmap/dnsmap-bulk.sh new file mode 100755 index 0000000..574aba2 --- /dev/null +++ b/repos/dnsmap/dnsmap-bulk.sh @@ -0,0 +1,19 @@ +#!/bin/bash +if [[ $# -ne 1 && $# -ne 2 ]] +then + echo "usage: `basename $0` [results-path]"; + echo "e.g.:"; + echo "`basename $0` domains.txt"; + echo "`basename $0` domains.txt /tmp/"; + exit +fi +for i in `cat $1` +do + if [[ $# -eq 1 ]] + then + dnsmap $i + elif [[ $# -eq 2 ]] + then + dnsmap $i -r $2 + fi +done diff --git a/repos/dnsmap/dnsmap.c b/repos/dnsmap/dnsmap.c new file mode 100644 index 0000000..5276e30 --- /dev/null +++ b/repos/dnsmap/dnsmap.c @@ -0,0 +1,795 @@ +/* + * ** dnsmap - DNS Network Mapper by pagvac + * ** Copyright (C) 2010 gnucitizen.org + * ** + * ** This program is free software; you can redistribute it and/or modify + * ** it under the terms of the GNU General Public License as published by + * ** the Free Software Foundation; either version 2 of the License, or + * ** (at your option) any later version. + * ** + * ** This program is distributed in the hope that it will be useful, + * ** but WITHOUT ANY WARRANTY; without even the implied warranty of + * ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * ** GNU General Public License for more details. + * ** + * ** You should have received a copy of the GNU General Public License + * ** along with this program; if not, write to the Free Software + * ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "dnsmap.h" // built-in subdomains list and define macros + + +// function prototypes +unsigned short int wildcarDetect(char *, char *); +unsigned short int dodelay(unsigned short int); +unsigned short int isPrivateIP(char *); +unsigned short int isValidDomain(char *); +unsigned short int usesOpenDNS(char *); +unsigned short int isIPblacklisted(char *); + +int main(int argc, char *argv[]) { + + unsigned short int i=0, j=0, k=0, l=0, found=0, ipCount=0, filtIPcount=0, milliseconds=10, intIPcount=0, + wordlist=FALSE, txtResults=FALSE, csvResults=FALSE, + delay=TRUE, filter=FALSE; + unsigned long int start=0, end=0; + char dom[MAXSTRSIZE]={'\0'}, csvResultsFilename[MAXSTRSIZE]={'\0'}, + txtResultsFilename[MAXSTRSIZE]={'\0'}, wordlistFilename[MAXSTRSIZE]={'\0'}, + ipstr[INET_ADDRSTRLEN]={'\0'}, wildcardIpStr[INET_ADDRSTRLEN]={'\0'}, + filterIPs[5][INET_ADDRSTRLEN]={{'\0'}}, + invalidTldIpstr[INET_ADDRSTRLEN]={'\0'}; + void *addr; + char *ipver, *strP; + + struct hostent *h; + // start of IPv6 stuff + struct addrinfo hints, *res, *p; + int status; + char ipv6str[INET6_ADDRSTRLEN]; + memset(&hints, 0, sizeof hints); + hints.ai_family = AF_INET6; // AF_INET or AF_INET6 to force version + hints.ai_socktype = SOCK_STREAM; + // end of IPv6 stuff + + FILE *fpWords,*fpCsvLogs,*fpTxtLogs; + + time_t now; + struct tm *ts; + char timestampBuf[18]; + + printf("%s", BANNER); + + // get the current time + now = time(NULL); + + // timestamp format: yyyy_mm_dd_hhmmss + ts = localtime(&now); + strftime(timestampBuf, sizeof(timestampBuf), "%Y_%m_%d_%H%M%S", ts); + + + // start of *primitive* input validation + // ideally more work should be spent on this! + if(argc==1) { + printf("%s%s", USAGE, EXAMPLES); + exit(1); + } + else if(argc%2==1 && argc>2) { + printf("%s%s", USAGE, EXAMPLES); + exit(1); + } + for(i=0;argv[1][i];++i) // convert domain to lower case + argv[1][i]=(tolower(argv[1][i])); + #if DEBUG + printf("domain: %s\n", argv[1]); + #endif + if(!isValidDomain(argv[1])) { + printf("%s", DOMAINERR); + exit(1); + } + + for(i=0;iMAXSTRSIZE) { + printf("%s",INPUTERR); + exit(1); + } + } + // end of simple input validation + + /* + else if ((h=gethostbyname(argv[1])) == NULL) { // get the host info + herror("gethostbyname"); + exit(1); + } + */ + + start=(int)time(NULL); + + #if DEBUG + printf("start time: %d\n", (int)start); + #endif + + // parse options + for(i=0;i300000) { // delay must be between 1 ms and 5 minutes + printf("%s", DELAYINPUTERR); + exit(1); + } + delay=TRUE; + milliseconds=atoi(argv[(i+1)]); + } + // filter out user-provided IP(s) + if(!strcmp(argv[i],"-i")) { + for(filtIPcount=1,j=0;argv[i+1][j]!='\0';++j) + if(argv[i+1][j]==',') + ++filtIPcount; + #if DEBUG + printf("%d IP(s) to filter found\nParsing ...\n", filtIPcount); + #endif + if(filtIPcount<=5) { + printf(FILTERMSG); + strP=strtok(argv[i+1],","); + for(j=0;strP;) { + if(strlen(strP)=1) + printf(DELAYMSG); + + printf("%s", "\n"); + for(i=0;i<(sizeof(sub)/MAXSUBSIZE);++i) { + //skipResolve=FALSE; + strncpy(dom,sub[i],MAXSTRSIZE-strlen(dom)-1); + strncat(dom,".",MAXSTRSIZE-strlen(dom)-1);//TEST + strncat(dom,argv[1],MAXSTRSIZE-strlen(dom)-1); + #if DEBUG + printf("brute-forced domain: %s\n",dom); + #endif + + // ipv6 code modded from www.kame.net + status = getaddrinfo(dom, NULL, &hints, &res); + if ((status=getaddrinfo(dom, NULL, &hints, &res))==0) { + printf("%s\n", dom); + ++found; + if(txtResults) + fprintf(fpTxtLogs, "%s\n", dom); + if(csvResults) + fprintf(fpCsvLogs, "%s", dom); + for(p=res,k=0;p;p=p->ai_next,++k) { + if (p->ai_family==AF_INET6) { // IPv6 + struct sockaddr_in6 *ipv6=(struct sockaddr_in6 *)p->ai_addr; + addr = &(ipv6->sin6_addr); + ipver = "IPv6"; + } + // convert the IP to a string and print it: + inet_ntop(p->ai_family, addr, ipv6str, sizeof ipv6str); + printf("%s address #%d: %s\n",ipver,k+1,ipv6str); + ++ipCount; + if(txtResults) + fprintf(fpTxtLogs,"%s address #%d: %s\n",ipver,k+1,ipv6str); + if(csvResults) + fprintf(fpCsvLogs,",%s", ipv6str); + } + printf("%s", "\n"); + if(txtResults) + fprintf(fpTxtLogs,"\n"); + if(csvResults) + fprintf(fpCsvLogs,"\n"); + freeaddrinfo(res); // free the linked list + } // end of if conditional + h=gethostbyname(dom); + //sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[0])),"%s"); + //for(j=0;h->h_addr_list[j];++j) { + // sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[j])),"%s"); + // if(isIPblacklisted(ipstr)) { + // skipResolve=TRUE; + // break; + // } + //} + //if(h && !skipResolve) { + //if(h && !isIPblacklisted(ipstr)) { + if(h && !isIPblacklisted(inet_ntoa(*((struct in_addr *)h->h_addr_list[0])))) { + for(j=0;h->h_addr_list[j];++j) { + sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[j])),"%s"); + for(k=0;kh_addr_list[j+1]) + ++j; + else + break; + } + } + // END OF TEST + //if(strcmp(wildcardIpStr,ipstr) && strcmp(filterIpStr,ipstr)) { + if(strcmp(wildcardIpStr,ipstr) && filter==FALSE) { + if(j==0) { + ++found; + printf("%s\n", dom); + + if(txtResults) + fprintf(fpTxtLogs, "%s\n", dom); + if(csvResults) + fprintf(fpCsvLogs, "%s", dom); + } + printf("[%d] %s : %s\n", j+1,dom,ipstr); + ++ipCount; + + if(isPrivateIP(ipstr)) { + //if(isPrivateIP(inet_ntoa(*((struct in_addr *)h->h_addr_list[j])))) { + printf("%s",INTIPWARN); + ++intIPcount; + } + if(!strcmp(ipstr,"127.0.0.1") && strcmp(wildcardIpStr,ipstr)) { + //if(!strcmp(inet_ntoa(*((struct in_addr *)h->h_addr_list[j])), + //"127.0.0.1")) + printf("%s",SAMESITEXSSWARN); + } + if(txtResults) { + //fprintf(fpCsvLogs,",%s", + // inet_ntoa(*((struct in_addr *)h->h_addr_list[j]))); + fprintf(fpTxtLogs,"IP address #%d: %s\n", j+1, ipstr); + if(isPrivateIP(ipstr) && strcmp(wildcardIpStr,ipstr)) + fprintf(fpTxtLogs,"%s",INTIPWARN); + if(!strcmp(ipstr,"127.0.0.1") && strcmp(wildcardIpStr,ipstr)) + fprintf(fpTxtLogs,"%s",SAMESITEXSSWARN); + } + if(csvResults && strcmp(wildcardIpStr,ipstr)) + fprintf(fpCsvLogs,",%s",ipstr); + } + } + //if(strcmp(wildcardIpStr,ipstr) && strcmp(filterIpStr,ipstr)) { + if(strcmp(wildcardIpStr,ipstr) && filter==FALSE) { + printf("%s", "\n"); + if(txtResults) + fprintf(fpTxtLogs,"%s","\n"); + if(csvResults) + fprintf(fpCsvLogs,"%s","\n"); + } + filter=FALSE; + } + // user wants delay between DNS requests? + if(delay) + dodelay(milliseconds); + } + if(txtResults) + fclose(fpTxtLogs); + if(csvResults) + fclose(fpCsvLogs); + } + + // read subdomains from wordlist file + else if(wordlist) { + // openDNS detection + if(usesOpenDNS(invalidTldIpstr)) + printf("%s",OPENDNSMSG); + + // wildcard detection + wildcarDetect(argv[1],wildcardIpStr); + if(strcmp(invalidTldIpstr,wildcardIpStr)) + printf(WILDCARDWARN); + + fpWords=fopen(wordlistFilename, "r"); + if(fpWords) { + printf(EXTERNALMSG); + if(milliseconds>=1) + printf(DELAYMSG); + printf("%s","\n"); + + while(!feof(fpWords)) { + //strncpy(dom,"",MAXSTRSIZE-strlen(dom)-1); + for(i=0;iai_next,++k) { + void *addr; + char *ipver; + if (p->ai_family==AF_INET6) { // IPv6 + struct sockaddr_in6 *ipv6=(struct sockaddr_in6 *)p->ai_addr; + addr = &(ipv6->sin6_addr); + ipver = "IPv6"; + } + // convert the IP to a string and print it: + inet_ntop(p->ai_family, addr, ipv6str, sizeof ipv6str); + printf("%s address #%d: %s\n",ipver,k+1,ipv6str); + ++ipCount; + if(txtResults) + fprintf(fpTxtLogs,"%s address #%d: %s\n",ipver,k+1,ipv6str); + if(csvResults) + fprintf(fpCsvLogs,",%s", ipv6str); + } + printf("%s", "\n"); + if(txtResults) + fprintf(fpTxtLogs,"\n"); + if(csvResults) + fprintf(fpCsvLogs,"\n"); + + freeaddrinfo(res); // free the linked list + // ipv6 code modded from www.kame.net + } // end of if conditional + + h=gethostbyname(dom); + + if(h && !isIPblacklisted(inet_ntoa(*((struct in_addr *)h->h_addr_list[0])))) { + for(j=0;h->h_addr_list[j];++j) { + sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[j])),"%s"); + //TEST + for(k=0;kh_addr_list[j+1]) + ++j; + else + break; + } + } + // END OF TEST + + //if(strcmp(wildcardIpStr,ipstr) && strcmp(filterIpStr,ipstr)) { + if(strcmp(wildcardIpStr,ipstr) && filter==FALSE) { + if(j==0) { + ++found; + printf("%s\n",dom); + + if(txtResults) { + //fprintf(fpCsvLogs,"%s",dom); + fprintf(fpTxtLogs,"%s\n",dom); + } + if(csvResults) { + //fprintf(fpCsvLogs,"%s",dom); + fprintf(fpCsvLogs,"%s",dom); + } + } + printf("IP address #%d: %s\n",j+1,ipstr); + ++ipCount; + + if(isPrivateIP(ipstr) && strcmp(wildcardIpStr,ipstr)) { + printf("%s",INTIPWARN); + ++intIPcount; + } + if(!strcmp(ipstr,"127.0.0.1") && strcmp(wildcardIpStr,ipstr)) + printf("%s",SAMESITEXSSWARN); + if(txtResults && strcmp(wildcardIpStr,ipstr)) { + fprintf(fpTxtLogs,"IP address #%d: %s\n",j+1,ipstr); + if(isPrivateIP(ipstr)) + fprintf(fpTxtLogs,"%s",INTIPWARN); + if(!strcmp(ipstr,"127.0.0.1")) + fprintf(fpTxtLogs,"%s",SAMESITEXSSWARN); + } + if(csvResults && strcmp(wildcardIpStr,ipstr)) + fprintf(fpCsvLogs,",%s",ipstr); + } + } + //if(strcmp(wildcardIpStr,ipstr) && strcmp(filterIpStr,ipstr)) { + if(strcmp(wildcardIpStr,ipstr) && filter==FALSE) { + printf("%s", "\n"); + if(txtResults) + fprintf(fpTxtLogs,"%s","\n"); + if(csvResults) + fprintf(fpCsvLogs,"%s","\n"); + } + filter=FALSE; + } + // user wants delay between DNS requests? + if(delay) + dodelay(milliseconds); + } // end while() loop + fclose(fpWords); + } + else { + printf(OPENFILEERR); + exit(1); + } + if(txtResults) + fclose(fpTxtLogs); + if(csvResults) + fclose(fpCsvLogs); + } + + printf(RESULTSMSG4); + if(intIPcount>=1) + printf(RESULTSMSG1); + + if(txtResults) + printf(RESULTSMSG2); + if(csvResults) + printf(RESULTSMSG5); + + end=(int)time(NULL); + printf(RESULTSMSG3); + + return 0; +} + +// return true if domain wildcards are enabled +unsigned short int wildcarDetect(char *dom, char *ipstr) { + char strTmp[30]={'\0'},s[MAXSTRSIZE]={'\0'}; + unsigned short int i=0,n=0,max=0; + struct hostent *h; + + srand(time(NULL)); + max=rand()%20; + // max should be between 10 and 20 + if(max<10) + max=max+(10-max); + + // generate up to random 20 digits-long subdomain + // e.g. 06312580442146732554 + + for(i=0;ih_addr_list[i];++i) { + */ + //sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[i])),"%s"); + sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[0])),"%s"); + #if DEBUG + printf("wildcard domain\'s IP address: %s\n",ipstr); + #endif + return TRUE; + } + else + return FALSE; +} + +// return number of milliseconds delayed +unsigned short int dodelay(unsigned short int maxmillisecs) { + unsigned short int n=0; + + srand(time(NULL)); + n=rand()%maxmillisecs; + ++n; + maxmillisecs=n; + #if DEBUG + printf("sleeping %d milliseconds ...\n",maxmillisecs); + #endif + usleep(maxmillisecs*1000); + + return maxmillisecs; +} + +// return true if IP addr is internal (RFC1918) +unsigned short int isPrivateIP(char *ip) { + + char classB[][8]={"172.16.","172.17.","172.18.","172.19.", + "172.20.","172.21.","172.22.","172.23.","172.24.", + "172.25.","172.26.","172.27.","172.28.","172.29.", + "172.30.","172.31."}; + + unsigned short int i=0,j=0; + size_t len = strlen(ip); + + // shortest: 0.0.0.0 - 8 chars inc \0 + // longest: 255.255.255.255 - 16 chars inc \0 + if(len<8 || len>16) + return 0; + // ip addr must have three period signs + for(i=0,j=0;i6)) // tld must be between 2-6 char. e.g. .museum, .uk + return FALSE; + + // valid domain can only contain digits, letters, dot (.) and dash symbol (-) + len = strlen(d); + for(i=0;i= '0' && d[i] <= '9') && + !(d[i] >= 'a' && d[i] <= 'z') && + !(d[i] >= 'A' && d[i] <= 'Z') && + !(d[i] >= '-' && d[i] <= '.')) + return 0; + } + + srand(time(NULL)); + max=rand()%20; + // max should be between 10 and 20 + if(max<10) + max=max+(10-max); + + // generate up to random 20 digits-long subdomain + // e.g. 06312580442146732554 + + for(i=0;ih_addr_list[j];++j) + inet_ntoa(*((struct in_addr *)h->h_addr_list[j])); + if(j>1) { + #if DEBUG + + printf("wildcard domain\'s number of IP address(es): %d" + " (this causes dnsmap to produce false positives)\n",j); + #endif + return FALSE; + } + } + + return TRUE; + +} + +// return true if IP is blacklisted, false otherwise +unsigned short int isIPblacklisted(char *ip) { + int i; + // add you own blacklisted IP addresses here if dnsmap is producing false positives. + // this could be caused by your ISP returning a captive portal search page when + // when requesting invalid domains on your browser + char ips[][INET_ADDRSTRLEN]={ + "81.200.64.50", + "67.215.66.132", + "1.2.3.4", + "0.0.0.0" // add your false positive IPs here + }; + + //for(i=0;ips[i];++i) { + for(i=0;i<(sizeof(ips)/INET_ADDRSTRLEN);++i) { + if(!strcmp(ips[i],ip)) + return TRUE; + } + + return FALSE; +} + + +// return true if usage of public DNS server is detected +// Note: right now this function only detects openDNS, but might be +// updated in the future to detect other common public DNS servers +unsigned short int usesOpenDNS(char *ipstr) { + char strTmp[30]={'\0'}, s[MAXSTRSIZE]={'\0'}, dummyLTD[4]={"xyz"}/*, ipstr[INET_ADDRSTRLEN]={'\0'}*/; + char ips[][INET_ADDRSTRLEN]={"67.215.65.132"}; + unsigned short int i=0,j=0,n=0,max=0; + struct hostent *h; + + srand(time(NULL)); + max=rand()%20; + // max should be between 10 and 20 + if(max<10) + max=max+(10-max); + + // generate up to random 20 digits-long subdomain + // e.g. 06312580442146732554 + + for(i=0;ih_addr_list[i];++i) { + sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[i])),"%s"); + #if DEBUG + printf("public DNS server\'s default IP address #%d: %s\n",i+1,ipstr); + #endif + for(j=0;i<(sizeof(ips)/INET_ADDRSTRLEN);++j) { + if(!strcmp(ips[i],ipstr)) + return TRUE; + } + } + return TRUE; + } + else + return FALSE; +} diff --git a/repos/dnsmap/dnsmap.h b/repos/dnsmap/dnsmap.h new file mode 100644 index 0000000..7dde6bd --- /dev/null +++ b/repos/dnsmap/dnsmap.h @@ -0,0 +1,1047 @@ +/* + * ** dnsmap - DNS Network Mapper by pagvac + * ** Copyright (C) 2010 gnucitizen.org + * ** + * ** This program is free software; you can redistribute it and/or modify + * ** it under the terms of the GNU General Public License as published by + * ** the Free Software Foundation; either version 2 of the License, or + * ** (at your option) any later version. + * ** + * ** This program is distributed in the hope that it will be useful, + * ** but WITHOUT ANY WARRANTY; without even the implied warranty of + * ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * ** GNU General Public License for more details. + * ** + * ** You should have received a copy of the GNU General Public License + * ** along with this program; if not, write to the Free Software + * ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * */ + +#define MAXSUBSIZE 100 +#define MAXSTRSIZE 200 +#define BANNER "dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)\n\n" +#define USAGE "usage: dnsmap [options]\noptions:\n"\ + "-w \n-r \n-c \n"\ + "-d \n-i (useful if you're obtaining false positives)\n\n" +#define EXAMPLES "e.g.:\ndnsmap target-domain.foo\n"\ + "dnsmap target-domain.foo -w yourwordlist.txt -r /tmp/domainbf_results.txt\n"\ + "dnsmap target-fomain.foo -r /tmp/ -d 3000\n"\ + "dnsmap target-fomain.foo -r ./domainbf_results.txt\n\n" +#define INTIPWARN "[+] warning: internal IP address disclosed\n" +#define SAMESITEXSSWARN "[+] warning: domain might be vulnerable to \"same site\" scripting (http://snipurl.com/etbcv)\n" +#define WILDCARDWARN "[+] warning: domain might use wildcards. "\ + "%s will be ignored from results\n", wildcardIpStr +#define INPUTERR "[+] error: entered parameter(s) is/are too long!\n" +#define DELAYINPUTERR "[+] error: delay must be between 1 and 300000 milliseconds (5 minutes)!\n" +#define FILTIPINPUTERR "[+] error: the maxium number of IPs to filter is 5!\n" +#define DOMAINERR "[+] error: entered domain is not valid!\n" +#define CREATEFILEERR "%s\"%s\"!\n\n", "[+] error creating results file on ", argv[(i+1)] +#define OPENFILEERR "%s\"%s\"!\n\n", "[+] error opening wordlist file ", wordlistFilename +#define OPENDNSMSG "[+] openDNS detected. good! this might help with performance\n" +#define BUILTINMSG "%s%s%s\n", "[+] searching (sub)domains for ", argv[1], " using built-in wordlist" +#define EXTERNALMSG "%s%s%s%s\n", "[+] searching (sub)domains for ", argv[1], " using ", wordlistFilename +#define DELAYMSG "%s%d%s\n", "[+] using maximum random delay of ", milliseconds, " millisecond(s) between requests" +#define FILTERMSG "[+] %d provided IP address(es) will be ignored from results: %s\n", filtIPcount, argv[i+1] +#define RESULTSMSG1 "[+] %d internal IP address(es) disclosed\n", intIPcount +#define RESULTSMSG2 "[+] regular-format results can be found on %s\n", txtResultsFilename +#define RESULTSMSG3 "[+] completion time: %lu second(s)\n", end-start +#define RESULTSMSG4 "[+] %d%s%d%s\n", found, " (sub)domains and ",ipCount, " IP address(es) found" +#define RESULTSMSG5 "[+] csv-format results can be found on %s\n", csvResultsFilename +#define FALSE 0 +#define TRUE 1 +#define DEBUG 0 + +// buil-in list of subdomains +// mainly targeting English and Spanish keywords +char sub[][MAXSUBSIZE]= +{ +"a", +"aa", +"ab", +"ac", +"access", +"accounting", +"accounts", +"ad", +"admin", +"administrator", +"ae", +"af", +"ag", +"ah", +"ai", +"aix", +"aj", +"ak", +"al", +"am", +"an", +"ao", +"ap", +"apollo", +"aq", +"ar", +"archivos", +"as", +"at", +"au", +"aula", +"aulas", +"av", +"aw", +"ax", +"ay", +"ayuda", +"az", +"b", +"ba", +"backup", +"backups", +"bart", +"bb", +"bc", +"bd", +"be", +"beta", +"bf", +"bg", +"bh", +"bi", +"biblioteca", +"billing", +"bj", +"bk", +"bl", +"blackboard", +"blog", +"blogs", +"bm", +"bn", +"bo", +"bp", +"bq", +"br", +"bs", +"bsd", +"bt", +"bu", +"bv", +"bw", +"bx", +"by", +"bz", +"c", +"ca", +"carro", +"cart", +"cas", +"catalog", +"catalogo", +"catalogue", +"cb", +"cc", +"cd", +"ce", +"cf", +"cg", +"ch", +"chat", +"chimera", +"chronos", // time server? +"ci", +"citrix", +"cj", +"ck", +"cl", +"classroom", +"clientes", +"clients", +"cm", +"cn", +"co", +"connect", +"controller", +"correoweb", +"cp", +"cpanel", +"cq", +"cr", +"cs", +"csg", +"ct", +"cu", +"customers", +"cv", +"cw", +"cx", +"cy", +"cz", +"d", +"da", +"data", +"db", +"dbs", +"dc", // domain controller? +"dd", +"de", +"demo", +"demon", +"demostration", +"descargas", +"developers", +"development", +"df", +"dg", +"dh", +"di", +"diana", +"directory", +"dj", +"dk", +"dl", +"dm", +"dmz", +"dn", +"do", +"domain", +"domaincontroller", +"domain-controller", +"download", +"downloads", +"dp", +"dq", +"dr", +"ds", +"dt", +"du", +"dv", +"dw", +"dx", +"dy", +"dz", +"e", +"ea", +"eaccess", +"eb", +"ec", +"ed", +"ee", +"ef", +"eg", +"eh", +"ei", +"ej", +"ejemplo", +"ejemplos", +"ek", +"el", +"em", +"email", +"en", +"enrutador", +"eo", +"ep", +"eq", +"er", +"es", +"et", +"eu", +"ev", +"eventos", +"events", +"ew", +"ex", +"example", +"examples", +"exchange", +"extranet", +"ey", +"ez", +"f", +"fa", +"fb", +"fc", +"fd", +"fe", +"ff", +"fg", +"fh", +"fi", +"files", +"finance", +"firewall", +"fj", +"fk", +"fl", +"fm", +"fn", +"fo", +"foro", +"foros", +"forum", +"forums", +"fp", +"fq", +"fr", +"freebsd", +"fs", +"ft", +"ftp", +"ftpd", +"fu", +"fv", +"fw", +"fx", +"fy", +"fz", +"g", +"ga", +"galeria", +"gallery", +"gateway", +"gb", +"gc", +"gd", +"ge", +"gf", +"gg", +"gh", +"gi", +"gilford", +"gj", +"gk", +"gl", +"gm", +"gn", +"go", +"gp", +"gq", +"gr", +"groups", +"groupwise", +"gs", +"gt", +"gu", +"guest", +"guia", +"guide", +"gv", +"gw", +"gx", +"gy", +"gz", +"h", +"ha", +"hb", +"hc", +"hd", +"he", +"help", +"helpdesk", +"hera", +"heracles", +"hercules", +"hf", +"hg", +"hh", +"hi", +"hj", +"hk", +"hl", +"hm", +"hn", +"ho", +"home", +"homer", +"hotspot", +"hp", +"hq", +"hr", +"hs", +"ht", +"hu", +"hv", +"hw", +"hx", +"hy", +"hypernova", +"hz", +"i", +"ia", +"ib", +"ic", +"id", +"ie", +"if", +"ig", +"ih", +"ii", +"ij", +"ik", +"il", +"im", +"images", +"imail", +"imap", +"imap3", +"imap3d", +"imapd", +"imaps", +"imgs", +"imogen", +"in", +"inmuebles", +"internal", +"interno", +"intranet", +"io", +"ip", +"ip6", +"ipsec", +"ipv6", +"iq", +"ir", +"irc", +"ircd", +"is", +"isa", //ISA proxy? +"it", +"iu", +"iv", +"iw", +"ix", +"iy", +"iz", +"j", +"ja", +"jabber", +"jb", +"jc", +"jd", +"je", +"jf", +"jg", +"jh", +"ji", +"jj", +"jk", +"jl", +"jm", +"jn", +"jo", +"jp", +"jq", +"jr", +"js", +"jt", +"ju", +"jupiter", +"jv", +"jw", +"jx", +"jy", +"jz", +"k", +"ka", +"kb", +"kc", +"kd", +"ke", +"kf", +"kg", +"kh", +"ki", +"kj", +"kk", +"kl", +"km", +"kn", +"ko", +"kp", +"kq", +"kr", +"ks", +"kt", +"ku", +"kv", +"kw", +"kx", +"ky", +"kz", +"l", +"la", +"lab", +"laboratories", +"laboratorio", +"laboratory", +"labs", +"lb", +"lc", +"ld", +"le", +"lf", +"lg", +"lh", +"li", +"library", +"linux", +"lisa", +"lj", +"lk", +"ll", +"lm", +"ln", +"lo", +"localhost", +"log", +"login", +"logon", +"logs", +"lp", +"lq", +"lr", +"ls", +"lt", +"lu", +"lv", +"lw", +"lx", +"ly", +"lz", +"m", +"ma", +"mail", +"mailgate", +"manager", +"marketing", +"mb", +"mc", +"md", +"me", +"media", +"member", +"members", +"mercury", // MX server? +"meta", +"meta01", +"meta02", +"meta03", +"meta1", +"meta2", +"meta3", +"mf", +"mg", +"mh", +"mi", +"miembros", +"minerva", +"mj", +"mk", +"ml", +"mm", +"mn", +"mo", +"mob", +"mobile", +"moodle", +"movil", +"mp", +"mq", +"mr", +"ms", +"mssql", +"mt", +"mu", +"mv", +"mw", +"mx", +"mx0", +"mx01", +"mx02", +"mx03", +"mx1", +"mx2", +"mx3", +"my", +"mysql", +"mz", +"n", +"na", +"nb", +"nc", +"nd", +"ne", +"nelson", +"neon", +"net", +"netmail", +"news", +"nf", +"ng", +"nh", +"ni", +"nj", +"nk", +"nl", +"nm", +"nn", +"no", +"novell", +"np", +"nq", +"nr", +"ns", +"ns0", +"ns01", +"ns02", +"ns03", +"ns1", +"ns2", +"ns3", +"nt", +"ntp", +"nu", +"nv", +"nw", +"nx", +"ny", +"nz", +"o", +"oa", +"ob", +"oc", +"od", +"oe", +"of", +"og", +"oh", +"oi", +"oj", +"ok", +"ol", +"om", +"on", +"online", +"oo", +"op", +"oq", +"or", +"ora", +"oracle", +"os", +"osx", +"ot", +"ou", +"ov", +"ow", +"owa", +"ox", +"oy", +"oz", +"p", +"pa", +"partners", +"pb", +"pc", +"pcanywhere", +"pd", +"pe", +"pegasus", +"pendrell", +"personal", +"pf", +"pg", +"ph", +"photo", +"photos", +"pi", +"pj", +"pk", +"pl", +"pm", +"pn", +"po", +"pop", +"pop3", +"portal", +"postgresql", +"postman", +"postmaster", +"pp", // preprod? +"ppp", +"pq", +"pr", +"preprod", +"pre-prod", +"private", +"prod", +"proxy", +"prueba", +"pruebas", +"ps", +"pt", +"pu", +"pub", +"public", +"pv", +"pw", +"px", +"py", +"pz", +"q", +"qa", +"qb", +"qc", +"qd", +"qe", +"qf", +"qg", +"qh", +"qi", +"qj", +"qk", +"ql", +"qm", +"qn", +"qo", +"qp", +"qq", +"qr", +"qs", +"qt", +"qu", +"qv", +"qw", +"qx", +"qy", +"qz", +"r", +"ra", +"ras", +"rb", +"rc", +"rd", +"re", +"remote", +"reports", +"research", +"restricted", +"rf", +"rg", +"rh", +"ri", +"rj", +"rk", +"rl", +"rm", +"rn", +"ro", +"robinhood", +"router", +"rp", +"rq", +"rr", +"rs", +"rt", +"rtr", +"ru", +"rv", +"rw", +"rx", +"ry", +"rz", +"s", +"sa", +"sales", +"sample", +"samples", +"sandbox", +"sb", +"sc", +"sd", +"se", +"search", +"secure", +"seguro", +"server", +"services", +"servicios", +"servidor", +"sf", +"sg", +"sh", +"sharepoint", +"shop", +"shopping", +"si", +"sj", +"sk", +"sl", +"sm", +"sms", +"smtp", +"sn", +"so", +"socios", +"solaris", +"soporte", +"sp", // sharepoint? +"sq", +"sql", +"squirrel", +"squirrelmail", +"sr", +"ss", +"ssh", +"st", +"staff", +"staging", +"stats", +"su", +"sun", +"support", +"sv", +"sw", +"sx", +"sy", +"sz", +"t", +"ta", +"tb", +"tc", +"td", +"te", +"test", +"tf", +"tftp", +"tg", +"th", +"ti", +"tienda", +"tj", +"tk", +"tl", +"tm", +"tn", +"to", +"tp", +"tq", +"tr", +"ts", +"tt", +"tu", +"tunnel", +"tv", +"tw", +"tx", +"ty", +"tz", +"u", +"ua", +"uat", +"ub", +"uc", +"ud", +"ue", +"uf", +"ug", +"uh", +"ui", +"uj", +"uk", +"ul", +"um", +"un", +"unix", +"uo", +"up", +"upload", +"uploads", +"uq", +"ur", +"us", +"ut", +"uu", +"uv", +"uw", +"ux", +"uy", +"uz", +"v", +"va", +"vb", +"vc", +"vd", +"ve", +"ventas", +"vf", +"vg", +"vh", +"vi", +"virtual", +"vista", +"vj", +"vk", +"vl", +"vm", +"vn", +"vnc", +"vo", +"vp", +"vpn", +"vpn1", +"vpn2", +"vpn3", +"vq", +"vr", +"vs", +"vt", +"vu", +"vv", +"vw", +"vx", +"vy", +"vz", +"w", +"wa", +"wap", +"wb", +"wc", +"wd", +"we", +"web", +"web0", +"web01", +"web02", +"web03", +"web1", +"web2", +"web3", +"webadmin", +"webct", +"weblog", +"webmail", +"webmaster", +"webmin", +"wf", +"wg", +"wh", +"wi", +"win", +"windows", +"wj", +"wk", +"wl", +"wm", +"wn", +"wo", +"wp", +"wq", +"wr", +"ws", +"wt", +"wu", +"wv", +"ww", +"ww0", +"ww01", +"ww02", +"ww03", +"ww1", +"ww2", +"ww3", +"www", +"www0", +"www01", +"www02", +"www03", +"www1", +"www2", +"www3", +"wx", +"wy", +"wz", +"x", +"xa", +"xanthus", +"xb", +"xc", +"xd", +"xe", +"xf", +"xg", +"xh", +"xi", +"xj", +"xk", +"xl", +"xm", +"xn", +"xo", +"xp", +"xq", +"xr", +"xs", +"xt", +"xu", +"xv", +"xw", +"xx", +"xy", +"xz", +"y", +"ya", +"yb", +"yc", +"yd", +"ye", +"yf", +"yg", +"yh", +"yi", +"yj", +"yk", +"yl", +"ym", +"yn", +"yo", +"yp", +"yq", +"yr", +"ys", +"yt", +"yu", +"yv", +"yw", +"yx", +"yy", +"yz", +"z", +"za", +"zb", +"zc", +"zd", +"ze", +"zeus", +"zf", +"zg", +"zh", +"zi", +"zj", +"zk", +"zl", +"zm", +"zn", +"zo", +"zp", +"zq", +"zr", +"zs", +"zt", +"zu", +"zv", +"zw", +"zx", +"zy", +"zz" +}; diff --git a/repos/dnsmap/gpl-2.0.txt b/repos/dnsmap/gpl-2.0.txt new file mode 100644 index 0000000..d511905 --- /dev/null +++ b/repos/dnsmap/gpl-2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +