3 @6^:@sDddlZddlZddlmZddlmZmZmZGdddeZdS)N) IPNetwork) SpiderFootSpiderFootPluginSpiderFootEventc@szeZdZdZdddddZddddd Zd Zd Zd Ze fd d Z d dZ ddZ ddZ ddZdddZdddZd S)sfp_dnsresolvez|DNS Resolver:Footprint,Investigate,Passive:DNS::Resolves Hosts and IP Addresses identified, also extracted from raw content.T)validatereverseskipcommononwildcardnetblocklookup maxnetblockzqIf wildcard DNS is detected, only attempt to look up the first common sub-domain from the common sub-domain list.zyValidate that reverse-resolved hostnames still resolve back to that IP before considering them as aliases of your target.zvLook up all IPs on netblocks deemed to be owned by your target for possible hosts on the same target subdomain/domain?z\Maximum owned netblock size to look up all IPs within (CIDR value, 24 = /24, 16 = /16, etc.))r rr r NcCsR||_|j|_|j|_|j|_d|_x"t|jD]}|||j|<q8WdS)NDNS) sf tempStorageevents domresults hostresults__dataSource__listkeysopts)selfsfcuserOptsoptr9/var/www/spiderfoot.crq.systems/modules/sfp_dnsresolve.pysetup+s   zsfp_dnsresolve.setupcCst}|jjd|jj||jd}|s.|Sxz|D]r}|jjd||jj|rb|j|dq4|jj|r||j|dq4|j|d|j d}||kr4|j|dq4W|jjdt |j |S) Nz+Identifying aliases for specified target(s)rzFound an alias: IP_ADDRESS IPV6_ADDRESS INTERNET_NAMEidnazAliases identified: ) rr inforesolveTargetsrdebugvalidIPsetAliasvalidIP6encodestr getAliases)rtargetrethostZidnahostrrr enrichTarget5s"       zsfp_dnsresolve.enrichTargetcCs4ddddddddd d d d d dddddddddddgS)NCO_HOSTED_SITEAFFILIATE_INTERNET_NAMENETBLOCK_OWNERrrrAFFILIATE_IPADDRTARGET_WEB_CONTENT BASE64_DATAAFFILIATE_DOMAIN_WHOISCO_HOSTED_SITE_DOMAIN_WHOIS DOMAN_WHOISNETBLOCK_WHOISLEAKSITE_CONTENTRAW_DNS_RECORDSRAW_FILE_META_DATA RAW_RIR_DATASEARCH_ENGINE_WEB_CONTENTSIMILARDOMAIN_WHOISSSL_CERTIFICATE_RAWSSL_CERTIFICATE_ISSUEDTCP_PORT_OPEN_BANNERWEBSERVER_BANNERWEBSERVER_HTTPHEADERSr)rrrr watchedEventsUszsfp_dnsresolve.watchedEventsc Csddddddddd d g S) Nrrr/r1 DOMAIN_NAMErDOMAIN_NAME_PARENTCO_HOSTED_SITE_DOMAINAFFILIATE_DOMAIN_NAMEINTERNET_NAME_UNRESOLVEDr)rrrrproducedEventsfszsfp_dnsresolve.producedEventscCs~|j}|j}|j}|jj|}d}|}|d&kr:d|kr:dS|jjd|d|||jkrl|jjddSd|j|<|d'krd |krd }nd }|jj||jd rt |||j |} |j | |jj ||jd } | |krdSt || |j |} |j | dS|d(krt jj|j} xj|jjD]X} |jrtk rl}z |jjdt|ddWYdd}~XnX| t| 7} qWq(WdS|d kr|jdsdSt |j!|jdkr|jjdtt |j!dt|jddSd|krdS|jjd |xt |D]}t|}d|kr,q|j"dd!d)krDqd"|j"dkrXq|jrfdS|jj#|}|r|jjd$|d%t|dx*|D]"}|jrdS|j||dqWqWdS|d*krzd|kr|jj$|}n |jj#|}|sdSxr|D]j}|jrdS|jj%|r>|j||dn6|jj&|rfd |krf|j||dn|j||dq WdS)+NrZ_NAMEzReceived event, z, from zSkipping duplicate event.Tr.r/ AFFILIATE_rGrF _internettldsr0rrrr1rz![^a-z0-9\-\.\%]([a-z0-9\-\.\%]*\.).%FzError applying regex to data (r r z$Network size bigger than permitted: z > z::z"Looking up IPs in owned netblock: 2550zFound a reversed hostname from z ()r)r.r/)r.r/r0rrrr1)rRrS)rrrr1r/)' eventTypemoduledatar hashstringr#risDomainrr__name__notifyListeners hostDomainurllibparseunquotelower getTargetgetNames checkForStopfindlenrecompileDOTALL MULTILINEfindall startswith processHost Exceptionerrorr(r prefixlensplit resolveIP resolveHostmatchesr$)revent eventName srcModuleName eventData eventDataHashaddrs parentEventevevtdomrVnameoffsetpatZ chunkhostrrmatchmeipipaddraddrrrr handleEventns                    ,            zsfp_dnsresolve.handleEventcCsj|jj|j}||jkr&|g|j|<nF||j|ks>|j|krV|jjd|ddS|j||g|j|<|jjd||dkrd}|jj|rd}|jj|s|jj|}|rx$|D]}|jj|rd}qWn|}|r|jj|rd}nd}n,|jj|r d}n|jj |r d }nd }|j d rv|jj|} |d krl| rlt d ||j |} |j | dS| svdS||jkr||jkrt |||j |} |j | n|} |d kr|jj||jd } |j| | |jj|} | rx(| D] } t d | |j | }|j |qW|dkrf|jj||jd } | |krX|jj| |jd  rX| S|j| | d| S) NzSkipping host, z, already processed.z Found host: TFr1r/rrrrHrK)r rWrVrr#r`rrr$rqr&endswithrrYrZrTr[r processDomain resolveHost6rX)rr,ry affiliate parentHashaffilhostipshostiphtyperesolvedr{r|Zip6sip6Zevt6rrrrk sn                "zsfp_dnsresolve.processHostFcCs||jkrd|j|<n|jjd|ddS|rPtd||j|}|j|dS|jj|rztd||j|}|j|ntd||j|}|j|dSdS)NTzSkipping domain, z, already processed.rGrDrE)rr r#rrYrZr`rr)rZ domainNameryrZdomevtrrrr[s"        zsfp_dnsresolve.processDomain)N)F)rY __module__ __qualname____doc__roptdescsrrrdictrr-rCrIrrkrrrrrrs(   Pr) rer\netaddrrsflibrrrrrrrrs