1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
#!/usr/bin/python -u
import os
from subprocess import Popen
import csv
import sys
import tempfile
os.chdir (os.path.dirname (os.path.realpath (sys.argv[0])))
dnsrecon_enabled = False
DNSRECON = "../dnsrecon/dnsrecon.py"
dnsrecon_wordlist="namelist.txt"
silent=open("/dev/null","w")
gxfr_enabled = False
GXFR = "../gxfr/gxfr.py"
bxfr_enabled = False
BXFR = "../bxfr/bxfr.py"
domains = {}
try:
DOMAIN=sys.argv[1]
except:
print ("Usage: %s [hostname]")
sys.exit(1)
print("checking for back end")
if os.path.isfile(DNSRECON) :
dnsrecon_enabled=True
print (" dnsrecon enabled")
else:
print (" dnsrecon not available or not supported")
if os.path.isfile(GXFR):
gxfr_enabled=True
print (" gxfr.py enabled")
else:
print (" gxfr.py not available or not supported")
if os.path.isfile(BXFR):
bxfr_enabled=True
print (" bxfr.py enabled")
else:
print (" bxfr.py not available or not supported")
if dnsrecon_enabled:
dnsrecon_tmp = tempfile.NamedTemporaryFile(delete=False).name
print ("Starting dnsrecon, this may take some time")
p = Popen([DNSRECON,"-d",DOMAIN,"--csv",dnsrecon_tmp,'-D',dnsrecon_wordlist,"-t","brt,srv,axfr","--skip"],stdout=silent,stderr=silent)
p.wait()
reader = csv.reader(open(dnsrecon_tmp))
for row in reader:
if not row[1] in domains:
domains[row[1]] = []
domains[row[1]] += row[2:]
print ("...finished with [%d] domains" %reader.line_num)
os.unlink(dnsrecon_tmp)
if gxfr_enabled:
gxfr_tmp = tempfile.NamedTemporaryFile(delete=False).name
print ("Starting gxfr, this may take some time")
p = Popen(["/usr/bin/python",GXFR,DOMAIN,"-q","3","--csv",gxfr_tmp],stdout=silent,stderr=silent)
p.wait()
reader = csv.reader(open(gxfr_tmp))
for row in reader:
if not row[0] in domains:
domains[row[0]] = []
domains[row[0]] += row[1:]
print ("...finished with [%d] domains" %reader.line_num)
os.unlink(gxfr_tmp)
if bxfr_enabled:
bxfr_tmp = tempfile.NamedTemporaryFile(delete=False).name
print ("Starting bxfr, this may take some time")
p = Popen(["/usr/bin/python",BXFR,DOMAIN,"-q","3","--csv",bxfr_tmp],stdout=silent,stderr=silent)
p.wait()
reader = csv.reader(open(bxfr_tmp))
for row in reader:
if not row[0] in domains:
domains[row[0]] = []
domains[row[0]] += row[1:]
print ("...finished with [%d] domains" %reader.line_num)
os.unlink(bxfr_tmp)
print "found %d subdomain(s)" % len(domains)
num = 1
for dom in domains:
domains[dom] = set(domains[dom])
print "[%d/%d]" % (num,len(domains)),dom,":",", ".join(domains[dom])
num = num + 1
|