/// <summary>
/// Devuelve todos los DNS que funcionen para un determinado dominio
/// </summary>
/// <param name="r"></param>
/// <param name="domain"></param>
/// <param name="NSServer"></param>
/// <returns></returns>
public static List <string> GetNSServer(Resolver r, string domain, string NSServer)
{
List <IPEndPoint> lastNSServers = new List <IPEndPoint>(r.DnsServers);
try
{
r.DnsServer = NSServer;
Response response = r.Query(domain, QType.NS);
if (response.RecordsNS.Length > 0)
{
List <string> lst = new List <string>();
//No es autoritativa, volver a preguntar
if (!response.header.AA)
{
if (response.RecordsNS.Length > 0)
{
foreach (RecordNS rNS in response.RecordsNS)
{
if (NSServer != rNS.NSDNAME)
{
foreach (string ns in GetNSServer(r, domain, rNS.NSDNAME))
{
if (!lst.Contains(ns, StringComparer.OrdinalIgnoreCase))
{
lst.Add(ns);
}
}
}
else
{
lst.Add(NSServer);
}
}
}
}
else
{
foreach (RecordNS rNS in response.RecordsNS)
{
lst.Add(RemoveLastPoint(rNS.NSDNAME));
}
}
//Resuleve los dominios de los DNS
List <string> ips = new List <string>();
foreach (string ns in lst)
{
foreach (IPAddress ip in DNSUtil.GetHostAddresses(ns))
{
if (!ips.Contains(ip.ToString()))
{
if (TestDNS(ip.ToString()))
{
ips.Add(ip.ToString());
}
}
}
}
return(ips);
}
//Hay servidores autoritativos para esta petición
else if (response.Authorities.Count > 0)
{
try
{
//Se devuelve el servidor DNS autoritativo
if (((RR)response.Authorities[0]).RECORD is RecordSOA)
{
string dns = RemoveLastPoint(((RecordSOA)((RR)response.Authorities[0]).RECORD).MNAME);
if (TestDNS(dns))
{
List <string> lst = new List <string>();
lst.Add(dns);
return(lst);
}
}
if (((RR)response.Authorities[0]).RECORD is RecordNS)
{
string dns = RemoveLastPoint(((RecordNS)((RR)response.Authorities[0]).RECORD).NSDNAME);
if (TestDNS(dns))
{
List <string> lst = new List <string>();
lst.Add(dns);
return(lst);
}
}
}
catch { }
}
}
catch { }
finally
{
r.DnsServers = lastNSServers.ToArray();
}
return(new List <string>());
}
/// <summary>
/// Search subdomains using wordlists
/// </summary>
private void SearchCommonNames()
{
var message = $"Searching subdomains of {strDomain} using common DNS names";
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames, message, Log.LogType.debug));
Program.ChangeStatus(message);
var names = new List <string>();
try
{
names.AddRange(File.ReadAllLines(CommonNamesFileName));
}
catch
{
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames,
$"Error opening file: {CommonNamesFileName}", Log.LogType.error));
return;
}
List <string> nsServerList = new List <string>();
foreach (var item in Resolve.DnsServers)
{
nsServerList.AddRange(DNSUtil.GetNSServer(Resolve, strDomain, item.Address.ToString()));
}
foreach (var nsServer in nsServerList)
{
if (DNSUtil.IsDNSAnyCast(Resolve, nsServer, strDomain))
{
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames,
$"DNS server is Anycast, not used: {nsServer}", Log.LogType.debug));
}
else
{
var op = Partitioner.Create(names);
var po = new ParallelOptions();
if (Program.cfgCurrent.ParallelDnsQueries != 0)
{
po.MaxDegreeOfParallelism = Program.cfgCurrent.ParallelDnsQueries;
}
try
{
Parallel.ForEach(op, po, delegate(string name)
{
CancelIfSkipRequested();
var subdomain = $"{name}.{strDomain}";
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames,
string.Format("[{0}] Trying resolve subdomain: {1} with NameServer {0}", nsServer, subdomain),
Log.LogType.debug));
foreach (var ip in DNSUtil.GetHostAddresses(Resolve, subdomain, nsServer))
{
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames,
$"[{nsServer}] Found subdomain {subdomain}", Log.LogType.medium));
CancelIfSkipRequested();
try
{
Program.data.AddResolution(subdomain, ip.ToString(),
$"Common Names [{subdomain}]", MaxRecursion, Program.cfgCurrent,
true);
}
catch (Exception)
{
}
}
});
}
catch (AggregateException)
{ }
catch (OperationCanceledException)
{
}
if (!bSearchWithAllDNS)
{
break;
}
}
}
}
/// <summary>
/// Search subdomains using wordlists
/// </summary>
private void SearchCommonNames()
{
string initialMessage = $"Searching subdomains of {strDomain} using common DNS names.";
string progressMessageFormat = initialMessage + " ({0} of {1}) queries";
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames, initialMessage, Log.LogType.debug));
Program.ChangeStatus(initialMessage);
List <string> names = new List <string>();
try
{
names.AddRange(File.ReadAllLines(CommonNamesFileName));
}
catch
{
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames,
$"Error opening file: {CommonNamesFileName}", Log.LogType.error));
return;
}
if (names.Count > 0)
{
List <string> nsServerList = new List <string>();
foreach (IPEndPoint item in Resolve.DnsServers)
{
nsServerList.AddRange(DNSUtil.GetNSServer(Resolve, strDomain, item.Address.ToString()));
}
int totalPossibilities = nsServerList.Count * names.Count;
int queriedCount = 0;
foreach (string nsServer in nsServerList)
{
if (DNSUtil.IsDNSAnyCast(Resolve, nsServer, strDomain))
{
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames,
$"DNS server is Anycast, not used: {nsServer}", Log.LogType.debug));
}
else
{
var op = Partitioner.Create(names);
var po = new ParallelOptions();
if (Program.cfgCurrent.ParallelDnsQueries != 0)
{
po.MaxDegreeOfParallelism = Program.cfgCurrent.ParallelDnsQueries;
}
try
{
Parallel.ForEach(op, po, delegate(string name)
{
CancelIfSkipRequested();
var subdomain = $"{name}.{strDomain}";
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames,
string.Format("[{0}] Trying resolve subdomain: {1} with NameServer {0}", nsServer, subdomain),
Log.LogType.debug));
foreach (var ip in DNSUtil.GetHostAddresses(Resolve, subdomain, nsServer))
{
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames,
$"[{nsServer}] Found subdomain {subdomain}", Log.LogType.medium));
CancelIfSkipRequested();
try
{
Program.data.AddResolution(subdomain, ip.ToString(),
$"Common Names [{subdomain}]", MaxRecursion, Program.cfgCurrent,
true);
}
catch (Exception)
{
}
}
Interlocked.Increment(ref queriedCount);
Invoke(new MethodInvoker(delegate
{
Program.FormMainInstance.toolStripProgressBarDownload.Value = queriedCount * 100 / totalPossibilities;
Program.FormMainInstance.toolStripStatusLabelLeft.Text = String.Format(progressMessageFormat, queriedCount, totalPossibilities);
Program.FormMainInstance.ReportProgress(queriedCount, totalPossibilities);
}));
});
}
catch (AggregateException)
{ }
catch (OperationCanceledException)
{
}
if (!bSearchWithAllDNS)
{
break;
}
}
}
Invoke(new MethodInvoker(delegate
{
Program.FormMainInstance.toolStripProgressBarDownload.Value = 0;
Program.FormMainInstance.toolStripStatusLabelLeft.Text = String.Empty;
Program.FormMainInstance.ReportProgress(0, 0);
}));
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames, $"DNS dictionary search finished with {queriedCount} queries!", Log.LogType.medium));
}
else
{
Program.LogThis(new Log(Log.ModuleType.DNSCommonNames, "The domain names file is empty.", Log.LogType.error));
}
}
/// <summary>
/// Add domain if this not exist in the list.
/// </summary>
/// <param name="domain"></param>
/// <param name="source"></param>
/// <param name="maxRecursion"></param>
/// <param name="cfgCurrent"></param>
public void AddDomain(string domain, string source, int maxRecursion, Configuration cfgCurrent)
{
domain = domain.Trim();
if (domains.Items.Any(S => S.Domain.ToLower() == domain.ToLower()))
{
return;
}
var dItem = new DomainsItem(domain, source);
domains.Items.Add(dItem);
#if PLUGINS
Thread tPluginOnDomain = new Thread(new ParameterizedThreadStart(Program.data.plugins.OnNewDomain));
tPluginOnDomain.IsBackground = true;
object[] oDomain = new object[] { new object[] { domain } };
tPluginOnDomain.Start(oDomain);
#endif
var domainParts = domain.Split('.');
var currentdomain = domainParts[domainParts.Length - 1];
for (var i = 2; i < domainParts.Length; i++)
{
currentdomain = domainParts[domainParts.Length - i] + "." + currentdomain;
AddDomain(currentdomain, string.Format("{0} > Inferred by {2} [{1}]", GetDomainSource(domain), currentdomain, domain), maxRecursion - 1, cfgCurrent);
}
if (maxRecursion <= 0)
{
OnChangeEvent(null);
return;
}
//OnLog(null, new EventsThreads.ThreadStringEventArgs(string.Format("Resolving domain: {0}", domain)));
var listIpsOfDomain = DNSUtil.GetHostAddresses(domain);
if (listIpsOfDomain.Count == 0)
{
var computer = new ComputersItem();
computer.type = ComputersItem.Tipo.Server;
computer.name = domain;
computer.NotOS = true;
computer.os = OperatingSystem.OS.Unknown;
if (!computers.Items.Any(S => S.name == domain))
{
computers.Items.Add(computer);
}
}
foreach (var IP in listIpsOfDomain)
{
if (Program.data.IsMainDomainOrAlternative(domain))
{
var limit = Program.data.GetLimitFromIp(IP.ToString());
if (limit == null)
{
Program.data.AddLimit(new Limits(IP.ToString()));
}
else
{
var lastOct = int.Parse(IP.ToString().Split(new char[] { '.' })[3]);
if (lastOct < limit.Lower)
{
limit.Lower = lastOct;
}
else if (lastOct > limit.Higher)
{
limit.Higher = lastOct;
}
}
}
AddResolution(domain, IP.ToString(), string.Format("{0} > DNS resolution [{1}]", GetDomainSource(domain), IP.ToString()), maxRecursion - 1, Program.cfgCurrent, false);
}
// Fingerprinting HTTP
if (cfgCurrent.PassiveFingerPrintingHttp && cfgCurrent.FingerPrintingAllHttp)
{
if (NewDomainByHTTPServer != null)
{
NewDomainByHTTPServer(dItem, null);
}
}
else if ((cfgCurrent.PassiveFingerPrintingHttp) && (source.ToLower() == "documents search" || source.ToLower().Contains("websearch") || source.ToLower().Contains("bing ip search") || source.ToLower().Contains("technologyrecognition") || source.ToLower().Contains("fingerprinting") || source.ToLower().Contains("certificate fingerprinting")))
{
if (NewDomainByHTTPServer != null)
{
NewDomainByHTTPServer(dItem, null);
}
}
// Fingerprinting SMTP
if (cfgCurrent.PasiveFingerPrintingSmtp && cfgCurrent.FingerPrintingAllSmtp)
{
if (NewDomainByMXServer != null)
{
NewDomainByMXServer(dItem, null);
}
}
else if ((cfgCurrent.PasiveFingerPrintingSmtp) && (source.ToLower().Contains("mx server")))
{
if (NewDomainByMXServer != null)
{
NewDomainByMXServer(dItem, null);
}
}
// Fingerprinting FTP
if (cfgCurrent.FingerPrintingAllFtp)
{
if (NewDomainByFTPServer != null)
{
NewDomainByFTPServer(dItem, null);
}
}
OnChangeEvent(null);
}
/// <summary>
/// Devuelve todos los DNS que funcionen para un determinado dominio
/// </summary>
/// <param name="r"></param>
/// <param name="domain"></param>
/// <param name="NSServer"></param>
/// <param name="previosNSrecords"></param>
/// <returns></returns>
public static ICollection <string> GetNSServer(Resolver r, string domain, string NSServer, ICollection <string> previosNSrecords = null)
{
try
{
Resolver currentResolver = r.Clone();
HashSet <string> ips = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
if (previosNSrecords == null)
{
previosNSrecords = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
}
previosNSrecords.Add(NSServer);
currentResolver.DnsServer = NSServer;
Response response = currentResolver.Query(domain, QType.NS);
if (response.RecordsNS.Length > 0)
{
HashSet <string> nameservers = new HashSet <string>();
//No es autoritativa, volver a preguntar
if (!response.header.AA)
{
nameservers.UnionWith(response.RecordsNS.Where(p => !previosNSrecords.Contains(p.NSDNAME)).Select(p => p.NSDNAME));
foreach (string rNS in nameservers)
{
ips.UnionWith(GetNSServer(currentResolver, domain, rNS, previosNSrecords));
}
}
else
{
foreach (RecordNS rNS in response.RecordsNS)
{
nameservers.Add(RemoveLastPoint(rNS.NSDNAME));
}
}
//Resuelve los dominios de los DNS
foreach (string ns in nameservers)
{
foreach (IPAddress ip in DNSUtil.GetHostAddresses(ns))
{
if (!ips.Contains(ip.ToString()))
{
if (TestDNS(ip.ToString()))
{
ips.Add(ip.ToString());
}
}
}
}
return(ips);
}
//Hay servidores autoritativos para esta petición
else if (response.Authorities.Count > 0)
{
try
{
//Se devuelve el servidor DNS autoritativo
if (response.Authorities[0].RECORD is RecordSOA recordSOA)
{
string dns = RemoveLastPoint(recordSOA.MNAME);
if (TestDNS(dns))
{
return(new List <string>()
{
dns
});
}
}
if (response.Authorities[0].RECORD is RecordNS recordNS)
{
string dns = RemoveLastPoint(recordNS.NSDNAME);
if (TestDNS(dns))
{
return(new List <string>()
{
dns
});
}
}
}
catch { }
}
}
catch { }
return(new List <string>());
}