3 @6^O @s@ddlZddlZddlZddlmZmZmZGdddeZdS)N) SpiderFootSpiderFootPluginSpiderFootEventc@seZdZdZddddddddZdddd d d d Zd Zd Zd Ze fddZ ddZ ddZ ddZ ddZddZddZd S) sfp_dnsbrutez|DNS Brute-force:Footprint,Investigate:DNS::Attempts to identify hostnames through brute-forcing common names and iterations.TFd)skipcommonwildcard domainonlycommonstop10000 numbersuffixnumbersuffixlimit _maxthreadsz8If wildcard DNS is detected, don't bother brute-forcing.zgOnly attempt to brute-force names on domain names, not hostnames (some hostnames are also sub-domains).z5Try a list of about 750 common hostnames/sub-domains.zRTry a further 10,000 common hostnames/sub-domains. Will make the scan much slower.zSFor any host found, try appending 1, 01, 001, -1, -01, -001, 2, 02, etc. (up to 10)zLimit using the number suffixes for hosts that have already been resolved? If disabled this will significantly extend the duration of scans.)rrr r r r Nc Cs||_|j|_|j|_d|_tj|_x"t|j D]}|||j |<q8Wt}|j drt |jj dd}|j }x|D]}|j}d|j|<qWt}|j drt |jj dd}|j }x|D]}|j}d|j|<qWdS)NDNSr z/dicts/subdomains.txtrTr z/dicts/subdomains-10000.txt)sf tempStoragesublistevents__dataSource__ threadingLocklocklistkeysoptsopenmyPath readlinesstrip) selfsfcuserOptsoptZcslinescssZttlinesttr&7/var/www/spiderfoot.crq.systems/modules/sfp_dnsbrute.pysetup0s*       zsfp_dnsbrute.setupcCs*dg}|jd s|jdr&|jd|S)N DOMAIN_NAMErr INTERNET_NAME)rappend)rretr&r&r' watchedEventsKs zsfp_dnsbrute.watchedEventscCsdgS)Nr*r&)rr&r&r'producedEventsTszsfp_dnsbrute.producedEventscCsty0|jj|}|r.|jd|j|<WdQRXWn>tk rn}z"|jd|j|<WdQRXWYdd}~XnXdS)NTF)r resolveHostr hostResults BaseException)rnameaddrser&r&r'tryHostWs zsfp_dnsbrute.tryHostc Cst|_d}d}g}|jjdt|xN|D]F}dttjdd}|jtj ||j |fd||j |d7}q.Wx@|rd}x tj D]} | j jdrd}qW|sd}tjd qzWx(|jD]} |jj| dr|j|| qWdS) NTrz!Spawning threads to check hosts: Zthread_sfp_dnsbrute_iɚ;)r2targetargsFg?)dictr0rinfostrrandomrandintr+rThreadr5start enumerater2 startswithtimesleepget sendEvent) rZhostList sourceEventrunningitr2tnfoundrtresr&r&r'tryHostWrapperas*     zsfp_dnsbrute.tryHostWrappercCs.|jjd|td||j|}|j|dS)NzFound a brute-forced host: r*)rr:r__name__notifyListeners)rsourceresultevtr&r&r'rEszsfp_dnsbrute.sendEventcCs|j}|j}|j}|jj|}|}|jjd|d||dkrFdS||jkrTdSd|j|<|dkox|jj|dd r|j dsdS|j rdS|j d d \}}|jj |} |j d r| r|jjd |d dSd |}t } xtdD]} d| |t| |<d| |dt| |<d| |dt| |<d| |dt| |<d| |dt| |<d| |dt| |<qW|jt| j|dS|jj|ddsdS|jjd|jj |} |j d r| r|jjddSt} x\|jD]R} |j rdS| d |}t| |j dkr:| j|n|j| |t} qWt| dkrl|j| ||j dr|j d rt } d |}x|jD]}|j rdSxtdD]} d| |t| |<d| |dt| |<d| |dt| |<d| |dt| |<d| |dt| |<d| |dt| |<qWtt| j|j dkr|jt| j|t } qWt| dkr|jt| j|dS)NzReceived event, z, from rTr*F)includeChildrenr .r8rzWildcard DNS detected on z so skipping host iteration. 0Z00-z-0z-00z'Iterating through possible sub-domains.zWildcard DNS detected.r rr ) eventTypemoduledatar hashstringdebugr getTargetmatchesr checkForStopsplitcheckDnsWildcardr9ranger;rNrrrlenr+)revent eventName srcModuleName eventData eventDataHash parentEventhdomZwildcardZnextsubsrH targetListsubr2r$r&r&r' handleEvents                  zsfp_dnsbrute.handleEvent)rO __module__ __qualname____doc__roptdescsrrrr9r(r-r.r5rNrEror&r&r&r'rs0  r)r<rrBsflibrrrrr&r&r&r's