private async void Process_OutputDataReceived(object sender, DataReceivedEventArgs e) { if (!e.Data.IsNullOrWhiteSpace()) { if (e.Data.Contains(": ") && !e.Data.Contains("[!] Error") && !e.Data.Contains("[-] Total Unique") && !e.Data.Contains("DeprecationWarning:")) { SubDomainOutput subdomain = new SubDomainOutput(); subdomain.SubDomain = e.Data.Split(':')[1].Trim(); Console.WriteLine(e.Data); SPFParse getSPFDMARC = new SPFParse(); SPFDMARCRecord spfDMARC = getSPFDMARC.GetSPFDMARCRecord(subdomain.SubDomain); Console.WriteLine("-------------------------"); ParsedSPFRecord spfParse = await new SPFParseScheduler().GetSPF(subdomain.SubDomain, 1); List <IssueScanResult> issues = new IssueEngine().IssueScan(spfDMARC, spfParse); string issueSeverity = ""; foreach (IssueScanResult issue in issues) { if (issue.severity == "Very High") { issueSeverity = issue.severity; } if (issueSeverity != "Very High") { if (issue.severity == "High") { issueSeverity = issue.severity; } if (issueSeverity != "High") { if (issue.severity == "Medium") { issueSeverity = issue.severity; } if (issueSeverity != "Medium") { if (issue.severity == "Low") { issueSeverity = issue.severity; } } } } } subdomain.Spoofable = issueSeverity; if (spfDMARC.spfRecord.IsNullOrWhiteSpace()) { subdomain.SPFRecord = "-"; } else { subdomain.SPFRecord = spfDMARC.spfRecord; } if (spfDMARC.dmarcRecord.IsNullOrWhiteSpace()) { subdomain.DMARCRecord = "-"; } else { if (spfDMARC.dmarcRecord.Contains("; p=none") || spfDMARC.dmarcRecord.Contains(";p=none")) { subdomain.DMARCRecord = "Audit"; } else if (spfDMARC.dmarcRecord.Contains("; p=quarantine") || spfDMARC.dmarcRecord.Contains(";p=quarantine")) { subdomain.DMARCRecord = "Quarantine"; } else if (spfDMARC.dmarcRecord.Contains("; p=reject") || spfDMARC.dmarcRecord.Contains(";p=reject")) { subdomain.DMARCRecord = "Reject"; } else { subdomain.DMARCRecord = "-"; } } subdomain.searchEngine = engine; subDomains.Add(subdomain); Console.WriteLine(subdomain.Spoofable); Console.WriteLine(subdomain.SubDomain); } } }
private async Task <ParsedSPFRecord> ParseSPFOutput(string[] spfOutput, string domainName, int lookupCount) { ParsedSPFRecord spfModel = new ParsedSPFRecord(); Parallel.ForEach(spfOutput, async spfSubstring => { if (spfSubstring.Contains("ip4:")) { spfModel.ip4Records.Add(SPFIPWhoIsLookup(spfSubstring.Split(':')[1], domainName)); } if (spfSubstring.Contains("ip6:")) { spfModel.ip6Records.Add(SPFIPWhoIsLookup(spfSubstring.Split(new string[] { "ip6:" }, StringSplitOptions.None)[1], domainName)); } //need to update if (spfSubstring.Contains("ptr:")) { spfModel.ptrRecords.Add(spfSubstring.Split(':')[1]); } //need to update if (spfSubstring.Contains("include:") || spfSubstring.Contains("redirect=")) { ParsedIncludeRecord includeRecords = new ParsedIncludeRecord(); SPFParse spfNew = new SPFParse(); if (spfSubstring.Contains("include:")) { includeRecords.includeRecord = spfSubstring.Split(':')[1]; } else { includeRecords.includeRecord = spfSubstring.Split('=')[1]; } includeRecords.subLookup = await spfNew.GetSPF(includeRecords.includeRecord, ++lookupCount); if (includeRecords.subLookup == null) { includeRecords.subLookup = new ParsedSPFRecord(); } spfModel.includeRecords.Add(includeRecords); } if (spfSubstring.Equals("a") || spfSubstring.Equals("+a")) { lookupCount++; spfModel.aRecord.AddRange(CustomDNSLookup(domainName, "a")); } if (spfSubstring.Contains("a:")) { lookupCount++; spfModel.aRecord.AddRange(CustomDNSLookup(spfSubstring.Split(':')[1], "a")); } if (spfSubstring.Equals("mx") || spfSubstring.Equals("+mx")) { lookupCount++; spfModel.mxRecord.AddRange(CustomDNSLookup(domainName, "mx")); } if (spfSubstring.Contains("mx:")) { lookupCount++; spfModel.mxRecord.AddRange(CustomDNSLookup(spfSubstring.Split(':')[1], "mx")); } if (spfSubstring.Contains("exists:")) { lookupCount++; spfModel.existsRecords.Add(spfSubstring.Split(':')[1]); } //need to update }); spfModel.mapLocations = MapLocations; spfModel.lookupCount = lookupCount; return(spfModel); }
private List <IssueScanResult> SPFIssueScan(string spfRecord, string domainName, ParsedSPFRecord parsedSPF) { List <IssueScanResult> spfIssues = new List <IssueScanResult>(); if (new SPFParse().SubDomainSPFNotExists(domainName)) { spfIssues.Add(issueDescriptors(6, domainName)); } if (spfRecord.IsNullOrWhiteSpace()) { try { LookupClient lookupClient = new LookupClient(new LookupClientOptions() { ThrowDnsErrors = true }); var resultClient = lookupClient.Query(domainName, QueryType.A); spfIssues.Add(issueDescriptors(1, domainName)); } catch (DnsResponseException e) { if (e.Code.ToString().Equals((@"NotExistentDomain"))) { try { LookupClient lookupClient = new LookupClient(new LookupClientOptions() { ThrowDnsErrors = true }); var resultClient = lookupClient.Query(domainName, QueryType.CNAME); spfIssues.Add(issueDescriptors(1, domainName)); } catch { spfIssues.Add(issueDescriptors(0, domainName)); } } else { spfIssues.Add(issueDescriptors(11, domainName)); } } } else { if (spfRecord.Contains("redirect=")) { string[] splitSPF = spfRecord.Split(' '); int index = Array.FindIndex(splitSPF, x => x.Contains("redirect=")); spfRecord = new SPFParse().GetSPFDMARCRecord(splitSPF[index].Split('=')[1]).spfRecord; } if (spfRecord.Contains("+all")) { spfIssues.Add(issueDescriptors(3, domainName)); } else if (spfRecord.Contains("~all")) { spfIssues.Add(issueDescriptors(4, domainName)); } else if (!spfRecord.Contains("-all") || spfRecord.Contains("?all")) { spfIssues.Add(issueDescriptors(2, domainName)); } if (includeRollUp(parsedSPF) > 10) { spfIssues.Add(issueDescriptors(5, domainName)); } var hashset = new HashSet <string>(); foreach (string include in rolledIncludeRecords) { if (!hashset.Add(include)) { spfIssues.Add(issueDescriptors(12, domainName)); } } } return(spfIssues); }