التواصل المباشر مع الادارة والاعضاء القدامى من خلال قناة التلغرام


قديم 07-03-2011, 04:09 AM   رقم المشاركة : 1 (permalink)
معلومات العضو
 
الصورة الرمزية bleu moon
 

 

 
إحصائية العضو








bleu moon غير متواجد حالياً

 

 

إحصائية الترشيح

عدد النقاط : 12
bleu moon is on a distinguished road

Angry DNS Spider Multithreaded Bruteforcer 0.1


اقتباس
#!/usr/bin/env python
#
# dnsspider.py - Multithreaded subdomain bruteforcer
#
# bruteforces subdomains via wordlist or character permutation
#
# NOTES: quick'n'dirty code
#
# by noptrix - http://www.noptrix.net/


import sys
import time
import string
import itertools
import socket
import threading
from optparse import OptionParser

try:
import dns.message
import dns.query
except ImportError:
print('[-] ERROR: you need "dnspython" package')
sys.exit()


BANNER = '--------------------------------------\n' \
'dnsspider.py - http://www.noptrix.net/\n' \
'--------------------------------------'
USAGE = '\n\n' \
' dnsspider.py -t <type> -a <domain> [options]'
VERSION = 'dnsspider.py v0.1'


defaults = {}
hostnames = []
prefix = ''
found = []
chars = string.ascii_lowercase
digits = string.digits
wordlist = ['admin', 'auth', 'backup', 'bm', 'central', 'control', 'cvs',
'data', 'db', 'dev', 'devel', 'dns', 'external', 'firewall',
'ftp', 'fw', 'gate', 'gateway', 'gw', 'hpc', 'info', 'internal',
'intranet', 'it', 'login', 'mail', 'main', 'manage', 'mobile',
'mx', 'mysql', 'noc', 'ns', 'office', 'op', 'phpmyadmin', 'plesk',
'private', 'router', 'secure', 'server', 'shop', 'smtp', 'ssh',
'support', 'svn', 'test', 'update', 'vpn', 'vz', 'web', 'webmail',
'webshop', 'workstation', 'www']


def usage():
print('\n' + USAGE)
sys.exit()


def check_usage():
if len(sys.argv) == 1:
print('[-] WARNING: use -h for help and usage')
sys.exit()


def get_default_nameserver():
print('[+] getting default nameserver')
lines = list(open('/etc/resolv.conf', 'r'))
for line in lines:
line = string.strip(line)
if not line or line[0] == ';' or line[0] == '#':
continue
fields = string.split(line)
if len(fields) < 2:
continue
if fields[0] == 'nameserver':
defaults['nameserver'] = fields[1]
return defaults


def get_default_source_ip():
print('[+] getting default ip address')
try:
defaults['ipaddr'] = socket.gethostbyaddr(socket.gethostname())[2][0]
except:
print('''
[-] ERROR: can\'t get your ip-address, use "-i" option and define
yourself
''')
return defaults


def parse_cmdline():
p = OptionParser(usage=USAGE, version=VERSION)
p.add_option('-t', dest='type',
help='attack type (0 for dictionary 1 for bruteforce)')
p.add_option('-a', dest='domain',
help='(sub)domain to bruteforce')
p.add_option('-l', dest='wordlist',
help='wordlist, one hostname per line (default predefined in code)')
p.add_option('-d', dest='dnshost',
help='choose another nameserver (default your system\'s)')
p.add_option('-i', dest='ipaddr',
help='source ip address to use (default your first)')
p.add_option('-p', dest='port', default=0,
help='source port to use (default %default)')
p.add_option('-u', dest='protocol', default='udp',
help='speak via udp or tcp (default %default)')
p.add_option('-c', dest='charset', default=0,
help='choose charset 0 [a-z0-9], 1 [a-z] or 2 [0-9] (default %default)')
p.add_option('-m', dest='max', default=2,
help='max chars to bruteforce (default %default)')
p.add_option('-s', dest='prefix',
help='give a prefix for bruteforce, e.g. "www" (default none)')
p.add_option('-o', dest='timeout', default=1,
help='when to timeout (default %default)')
p.add_option('-w', dest='wait', default=0,
help='seconds to wait for next request (default %default)')
p.add_option('-x', dest='threads', default=32,
help='number of threads to use (default %default) - choose more ')
p.add_option('-r', dest='logfile', default='stdout',
help='write found subdomains to file (default %default)')
(opts, args) = p.parse_args()
return opts


def check_cmdline(opts):
if not opts.type or not opts.domain:
print('[-] ERROR: see usage, mount /dev/brain!')
sys.exit()


def set_opts(defaults, opts):
if not opts.dnshost:
opts.dnshost = defaults['nameserver']
if not opts.ipaddr:
opts.ipaddr = defaults['ipaddr']
if int(opts.charset) == 0:
opts.charset = chars + digits
elif int(opts.charset) == 1:
opts.charset = chars
else:
opts.charset = digits
if not opts.prefix:
opts.prefix = prefix
return opts


def read_hostnames(opts):
print('[+] reading hostnames')
hostnames = []
if opts.wordlist:
hostnames = list(open(opts.wordlist, 'r'))
return hostnames
else:
return wordlist


def attack(opts, hostname, attack_pool):
sys.stdout.write('--- trying %s \n' % hostname)
sys.stdout.flush()
try:
x = dns.message.make_query(hostname, 1)
if opts.protocol == 'udp':
a = dns.query.udp(x, opts.dnshost, float(opts.timeout), 53, None,
opts.ipaddr, int(opts.port), True, False)
else:
a = dns.query.tcp(x, opts.dnshost, float(opts.timeout), 53, None,
opts.ipaddr, int(opts.port), False)
attack_pool.release()
except dns.exception.Timeout:
sys.exit()
except (socket.error,e):
sys.exit()
if a.answer:
found.append(hostname)
else:
pass


def str_gen(opts, hostnames):
print('[+] generating list of strings')
tmp_hostnames = itertools.product(opts.charset, repeat=int(opts.max))
hostnames = list(tmp_hostnames)
hostnames = map(''.join, hostnames)
return hostnames


def run_threads(opts, hostname, attack_pool, threads):
t = threading.Thread(target=attack, args=(opts, hostname, attack_pool))
attack_pool.acquire()
t.start()
threads.append(t)
return threads


def prepare_attack(opts, hostnames):
sys.stdout.write('[+] attacking \'%s\' via ' % opts.domain)
threads = list()
attack_pool = threading.BoundedSemaphore(value=int(opts.threads) )
if opts.type == '0':
sys.stdout.write('dictionary\n')
for hostname in hostnames:
hostname = hostname.rstrip() + '.' + opts.domain
time.sleep(float(opts.wait))
threads = run_threads(opts, hostname, attack_pool, threads)
for t in threads:
t.join()
elif opts.type == '1':
sys.stdout.write('bruteforce\n')
hostnames = str_gen(opts, hostnames)
for hostname in hostnames:
hostname = opts.prefix + hostname + '.' + opts.domain
time.sleep(float(opts.wait))
threads = run_threads(opts, hostname, attack_pool, threads)
for t in threads:
t.join()
else:
print('[-] ERROR: unknown attack type')
sys.exit()


def log_results(opts, found):
print('[+] game over')
if opts.logfile == 'stdout':
print('---')
if not found:
print('no hosts found :(')
else:
for f in found:
print(f)
else:
print('[+] logged results to %s') % opts.logfile
with open(opts.logfile, 'w') as f:
if found:
for x in found:
f.write(x + '\n')
f.close()


def main():
check_usage()
opts = parse_cmdline()
check_cmdline(opts)
if not opts.dnshost:
defaults = get_default_nameserver()
defaults = get_default_source_ip()
opts = set_opts(defaults, opts)
hostnames = read_hostnames(opts)
prepare_attack(opts, hostnames)
log_results(opts, found)


if __name__ == '__main__':
try:
print(BANNER)
main()
except KeyboardInterrupt:
print('\n[-] WARNING: aborted by user')
raise SystemExit

# EOF

بلغة الفايتون :oops:


DNS Spider Multithreaded Bruteforcer 0>1

   

رد مع اقتباس
إضافة رد

مواقع النشر (المفضلة)


تعليمات المشاركة
لا تستطيع إضافة مواضيع جديدة
لا تستطيع الرد على المواضيع
لا تستطيع إرفاق ملفات
لا تستطيع تعديل مشاركاتك

BB code is متاحة
كود [IMG] متاحة
كود HTML معطلة
Trackbacks are متاحة
Pingbacks are متاحة
Refbacks are متاحة

الانتقال السريع


الساعة الآن 09:38 AM


[ vBspiders.Com Network ]

SEO by vBSEO 3.6.0