public int includeRollUpHelper(ParsedSPFRecord parsedSPFInclude)
{
int lookupCount = 0;
if (parsedSPFInclude != null)
{
lookupCount += parsedSPFInclude.aRecord.Count;
lookupCount += parsedSPFInclude.includeRecords.Count;
lookupCount += parsedSPFInclude.mxRecord.Count;
lookupCount += parsedSPFInclude.existsRecords.Count;
lookupCount += parsedSPFInclude.ptrRecords.Count;
}
return(lookupCount);
}
public List <IssueScanResult> IssueScan(SPFDMARCRecord spfDMARCRecord, ParsedSPFRecord extendedSPF)
{
List <IssueScanResult> issueResults = new List <IssueScanResult>();
issueResults.AddRange(SPFIssueScan(spfDMARCRecord.spfRecord, spfDMARCRecord.domainName, extendedSPF));
if (issueResults.Count >= 1)
{
if (!issueResults[0].code.Equals(0) && !issueResults[0].code.Equals(11))
{
issueResults = DMARCIssueScan(spfDMARCRecord.dmarcRecord, spfDMARCRecord.domainName, issueResults);
}
}
else
{
issueResults = DMARCIssueScan(spfDMARCRecord.dmarcRecord, spfDMARCRecord.domainName, issueResults);
}
return(issueResults);
}
public List <MapLocation> MapLocationRollUp(ParsedSPFRecord parsedSPF)
{
List <MapLocation> mapLocations = new List <MapLocation>();
mapLocations = parsedSPF.mapLocations;
foreach (ParsedIncludeRecord spf in parsedSPF.includeRecords)
{
mapLocations.AddRange(spf.subLookup.mapLocations);
foreach (ParsedIncludeRecord spfSub in spf.subLookup.includeRecords)
{
mapLocations.AddRange(spfSub.subLookup.mapLocations);
foreach (ParsedIncludeRecord spfSubTwo in spfSub.subLookup.includeRecords)
{
mapLocations.AddRange(spfSubTwo.subLookup.mapLocations);
foreach (ParsedIncludeRecord spfSubThree in spfSubTwo.subLookup.includeRecords)
{
mapLocations.AddRange(spfSubThree.subLookup.mapLocations);
}
}
}
}
return(mapLocations);
}
public int includeRollUp(ParsedSPFRecord parsedSPF)
{
int lookupCount = 0;
lookupCount += includeRollUpHelper(parsedSPF);
foreach (ParsedIncludeRecord spf in parsedSPF.includeRecords)
{
lookupCount += includeRollUpHelper(spf.subLookup);
rolledIncludeRecords.Add(spf.includeRecord);
foreach (ParsedIncludeRecord spfSub in spf.subLookup.includeRecords)
{
lookupCount += includeRollUpHelper(spfSub.subLookup);
rolledIncludeRecords.Add(spfSub.includeRecord);
foreach (ParsedIncludeRecord spfSubTwo in spfSub.subLookup.includeRecords)
{
lookupCount += includeRollUpHelper(spfSubTwo.subLookup);
rolledIncludeRecords.Add(spfSubTwo.includeRecord);
foreach (ParsedIncludeRecord spfSubThree in spfSubTwo.subLookup.includeRecords)
{
lookupCount += includeRollUpHelper(spfSubThree.subLookup);
rolledIncludeRecords.Add(spfSubThree.includeRecord);
foreach (ParsedIncludeRecord spfSubFour in spfSubThree.subLookup.includeRecords)
{
lookupCount += includeRollUpHelper(spfSubFour.subLookup);
rolledIncludeRecords.Add(spfSubFour.includeRecord);
}
}
}
}
}
return(lookupCount);
}
private async Task <ParsedSPFRecord> ParseSPFOutput(string[] spfOutput, string domainName, int lookupCount)
{
ParsedSPFRecord spfModel = new ParsedSPFRecord();
Parallel.ForEach(spfOutput, async spfSubstring =>
{
if (spfSubstring.Contains("ip4:"))
{
spfModel.ip4Records.Add(SPFIPWhoIsLookup(spfSubstring.Split(':')[1], domainName));
}
if (spfSubstring.Contains("ip6:"))
{
spfModel.ip6Records.Add(SPFIPWhoIsLookup(spfSubstring.Split(new string[] { "ip6:" }, StringSplitOptions.None)[1], domainName));
} //need to update
if (spfSubstring.Contains("ptr:"))
{
spfModel.ptrRecords.Add(spfSubstring.Split(':')[1]);
} //need to update
if (spfSubstring.Contains("include:") || spfSubstring.Contains("redirect="))
{
ParsedIncludeRecord includeRecords = new ParsedIncludeRecord();
SPFParse spfNew = new SPFParse();
if (spfSubstring.Contains("include:"))
{
includeRecords.includeRecord = spfSubstring.Split(':')[1];
}
else
{
includeRecords.includeRecord = spfSubstring.Split('=')[1];
}
includeRecords.subLookup = await spfNew.GetSPF(includeRecords.includeRecord, ++lookupCount);
if (includeRecords.subLookup == null)
{
includeRecords.subLookup = new ParsedSPFRecord();
}
spfModel.includeRecords.Add(includeRecords);
}
if (spfSubstring.Equals("a") || spfSubstring.Equals("+a"))
{
lookupCount++; spfModel.aRecord.AddRange(CustomDNSLookup(domainName, "a"));
}
if (spfSubstring.Contains("a:"))
{
lookupCount++; spfModel.aRecord.AddRange(CustomDNSLookup(spfSubstring.Split(':')[1], "a"));
}
if (spfSubstring.Equals("mx") || spfSubstring.Equals("+mx"))
{
lookupCount++; spfModel.mxRecord.AddRange(CustomDNSLookup(domainName, "mx"));
}
if (spfSubstring.Contains("mx:"))
{
lookupCount++; spfModel.mxRecord.AddRange(CustomDNSLookup(spfSubstring.Split(':')[1], "mx"));
}
if (spfSubstring.Contains("exists:"))
{
lookupCount++; spfModel.existsRecords.Add(spfSubstring.Split(':')[1]);
} //need to update
});
spfModel.mapLocations = MapLocations;
spfModel.lookupCount = lookupCount;
return(spfModel);
}
private async void Process_OutputDataReceived(object sender, DataReceivedEventArgs e)
{
if (!e.Data.IsNullOrWhiteSpace())
{
if (e.Data.Contains(": ") && !e.Data.Contains("[!] Error") && !e.Data.Contains("[-] Total Unique") && !e.Data.Contains("DeprecationWarning:"))
{
SubDomainOutput subdomain = new SubDomainOutput();
subdomain.SubDomain = e.Data.Split(':')[1].Trim();
Console.WriteLine(e.Data);
SPFParse getSPFDMARC = new SPFParse();
SPFDMARCRecord spfDMARC = getSPFDMARC.GetSPFDMARCRecord(subdomain.SubDomain);
Console.WriteLine("-------------------------");
ParsedSPFRecord spfParse = await new SPFParseScheduler().GetSPF(subdomain.SubDomain, 1);
List <IssueScanResult> issues = new IssueEngine().IssueScan(spfDMARC, spfParse);
string issueSeverity = "";
foreach (IssueScanResult issue in issues)
{
if (issue.severity == "Very High")
{
issueSeverity = issue.severity;
}
if (issueSeverity != "Very High")
{
if (issue.severity == "High")
{
issueSeverity = issue.severity;
}
if (issueSeverity != "High")
{
if (issue.severity == "Medium")
{
issueSeverity = issue.severity;
}
if (issueSeverity != "Medium")
{
if (issue.severity == "Low")
{
issueSeverity = issue.severity;
}
}
}
}
}
subdomain.Spoofable = issueSeverity;
if (spfDMARC.spfRecord.IsNullOrWhiteSpace())
{
subdomain.SPFRecord = "-";
}
else
{
subdomain.SPFRecord = spfDMARC.spfRecord;
}
if (spfDMARC.dmarcRecord.IsNullOrWhiteSpace())
{
subdomain.DMARCRecord = "-";
}
else
{
if (spfDMARC.dmarcRecord.Contains("; p=none") || spfDMARC.dmarcRecord.Contains(";p=none"))
{
subdomain.DMARCRecord = "Audit";
}
else if (spfDMARC.dmarcRecord.Contains("; p=quarantine") || spfDMARC.dmarcRecord.Contains(";p=quarantine"))
{
subdomain.DMARCRecord = "Quarantine";
}
else if (spfDMARC.dmarcRecord.Contains("; p=reject") || spfDMARC.dmarcRecord.Contains(";p=reject"))
{
subdomain.DMARCRecord = "Reject";
}
else
{
subdomain.DMARCRecord = "-";
}
}
subdomain.searchEngine = engine;
subDomains.Add(subdomain);
Console.WriteLine(subdomain.Spoofable);
Console.WriteLine(subdomain.SubDomain);
}
}
}
private List <IssueScanResult> SPFIssueScan(string spfRecord, string domainName, ParsedSPFRecord parsedSPF)
{
List <IssueScanResult> spfIssues = new List <IssueScanResult>();
if (new SPFParse().SubDomainSPFNotExists(domainName))
{
spfIssues.Add(issueDescriptors(6, domainName));
}
if (spfRecord.IsNullOrWhiteSpace())
{
try
{
LookupClient lookupClient = new LookupClient(new LookupClientOptions()
{
ThrowDnsErrors = true
});
var resultClient = lookupClient.Query(domainName, QueryType.A);
spfIssues.Add(issueDescriptors(1, domainName));
}
catch (DnsResponseException e)
{
if (e.Code.ToString().Equals((@"NotExistentDomain")))
{
try
{
LookupClient lookupClient = new LookupClient(new LookupClientOptions()
{
ThrowDnsErrors = true
});
var resultClient = lookupClient.Query(domainName, QueryType.CNAME);
spfIssues.Add(issueDescriptors(1, domainName));
}
catch
{
spfIssues.Add(issueDescriptors(0, domainName));
}
}
else
{
spfIssues.Add(issueDescriptors(11, domainName));
}
}
}
else
{
if (spfRecord.Contains("redirect="))
{
string[] splitSPF = spfRecord.Split(' ');
int index = Array.FindIndex(splitSPF, x => x.Contains("redirect="));
spfRecord = new SPFParse().GetSPFDMARCRecord(splitSPF[index].Split('=')[1]).spfRecord;
}
if (spfRecord.Contains("+all"))
{
spfIssues.Add(issueDescriptors(3, domainName));
}
else if (spfRecord.Contains("~all"))
{
spfIssues.Add(issueDescriptors(4, domainName));
}
else if (!spfRecord.Contains("-all") || spfRecord.Contains("?all"))
{
spfIssues.Add(issueDescriptors(2, domainName));
}
if (includeRollUp(parsedSPF) > 10)
{
spfIssues.Add(issueDescriptors(5, domainName));
}
var hashset = new HashSet <string>();
foreach (string include in rolledIncludeRecords)
{
if (!hashset.Add(include))
{
spfIssues.Add(issueDescriptors(12, domainName));
}
}
}
return(spfIssues);
}
