Using resolver directly - dnsrecon - DNS reconnaissance tool written in golang, kinda scuffed.
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit 15d8218bdb06895d1fee9b53b231207c810504df
(DIR) parent fe457c8b3d299ecae19afb352f8b01aa64feb087
(HTM) Author: Jay Scott <me@jay.scot>
Date: Thu, 22 Sep 2016 12:58:39 +0100
Using resolver directly
Diffstat:
A .gitignore | 1 +
A dnsutils.go | 52 +++++++++++++++++++++++++++++++
D lib/resolve/dnsclient.go | 252 -------------------------------
D lib/resolve/dnsmsg.go | 934 -------------------------------
D lib/resolve/dnsparse.go | 56 -------------------------------
D lib/resolve/resolve.go | 287 -------------------------------
M main.go | 21 ++++++++++++++-------
7 files changed, 67 insertions(+), 1536 deletions(-)
---
(DIR) diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+gin-bin
(DIR) diff --git a/dnsutils.go b/dnsutils.go
@@ -0,0 +1,52 @@
+package main
+
+import (
+ "net"
+
+ "github.com/miekg/dns"
+)
+
+// Query hi
+func Query(query string, queryType uint16) ([]string, string) {
+ config, _ := dns.ClientConfigFromFile("/etc/resolv.conf")
+ m := new(dns.Msg)
+ m.SetQuestion(dns.Fqdn(query), queryType)
+ m.RecursionDesired = true
+ r, err := dns.Exchange(m, net.JoinHostPort(config.Servers[0], config.Port))
+ if r == nil {
+ return []string{}, "DNS error: " + err.Error()
+ }
+
+ if r.Rcode != dns.RcodeSuccess {
+ return []string{}, "DNS error: didn't success to do query for '" + query + "'"
+ }
+
+ answer := make([]string, len(r.Answer))
+
+ for i, a := range r.Answer {
+ switch a.Header().Rrtype {
+ case dns.TypeMX:
+ answer[i] = a.(*dns.MX).Mx
+ break
+ case dns.TypeNS:
+ answer[i] = a.(*dns.NS).Ns
+ break
+ case dns.TypeTXT:
+ answer[i] = a.(*dns.TXT).Txt[0]
+ break
+ case dns.TypeSRV:
+ answer[i] = a.(*dns.SRV).Target
+ break
+ case dns.TypeA:
+ answer[i] = a.(*dns.A).A.String()
+ break
+ case dns.TypeAAAA:
+ answer[i] = a.(*dns.AAAA).AAAA.String()
+ break
+ default:
+ return []string{}, "Unhandled response type"
+ }
+ }
+
+ return answer, ""
+}
(DIR) diff --git a/lib/resolve/dnsclient.go b/lib/resolve/dnsclient.go
@@ -1,252 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package main
-
-import (
- "math/rand"
- "net"
- "sort"
-)
-
-// DNSError represents a DNS lookup error.
-type DNSError struct {
- Err string // description of the error
- Name string // name looked for
- Server string // server used
- IsTimeout bool
-}
-
-func (e *DNSError) Error() string {
- if e == nil {
- return "<nil>"
- }
- s := "lookup " + e.Name
- if e.Server != "" {
- s += " on " + e.Server
- }
- s += ": " + e.Err
- return s
-}
-
-func (e *DNSError) Timeout() bool { return e.IsTimeout }
-func (e *DNSError) Temporary() bool { return e.IsTimeout }
-
-const noSuchHost = "no such host"
-
-// reverseaddr returns the in-addr.arpa. or ip6.arpa. hostname of the IP
-// address addr suitable for rDNS (PTR) record lookup or an error if it fails
-// to parse the IP address.
-func reverseaddr(addr string) (arpa string, err error) {
- ip := net.ParseIP(addr)
- if ip == nil {
- return "", &DNSError{Err: "unrecognized address", Name: addr}
- }
- if ip.To4() != nil {
- return itoa(int(ip[15])) + "." + itoa(int(ip[14])) + "." + itoa(int(ip[13])) + "." +
- itoa(int(ip[12])) + ".in-addr.arpa.", nil
- }
- // Must be IPv6
- buf := make([]byte, 0, len(ip)*4+len("ip6.arpa."))
- // Add it, in reverse, to the buffer
- for i := len(ip) - 1; i >= 0; i-- {
- v := ip[i]
- buf = append(buf, hexDigit[v&0xF])
- buf = append(buf, '.')
- buf = append(buf, hexDigit[v>>4])
- buf = append(buf, '.')
- }
- // Append "ip6.arpa." and return (buf already has the final .)
- buf = append(buf, "ip6.arpa."...)
- return string(buf), nil
-}
-
-// Find answer for name in dns message.
-// On return, if err == nil, addrs != nil.
-func answer(name, server string, dns *dnsMsg, qtype uint16) (cname string, addrs []dnsRR, err error) {
- addrs = make([]dnsRR, 0, len(dns.answer))
-
- if dns.rcode == dnsRcodeNameError && dns.recursion_available {
- return "", nil, &DNSError{Err: noSuchHost, Name: name}
- }
- if dns.rcode != dnsRcodeSuccess {
- // None of the error codes make sense
- // for the query we sent. If we didn't get
- // a name error and we didn't get success,
- // the server is behaving incorrectly.
- return "", nil, &DNSError{Err: "server misbehaving", Name: name, Server: server}
- }
-
- // Look for the name.
- // Presotto says it's okay to assume that servers listed in
- // /etc/resolv.conf are recursive resolvers.
- // We asked for recursion, so it should have included
- // all the answers we need in this one packet.
-Cname:
- for cnameloop := 0; cnameloop < 10; cnameloop++ {
- addrs = addrs[0:0]
- for _, rr := range dns.answer {
- if _, justHeader := rr.(*dnsRR_Header); justHeader {
- // Corrupt record: we only have a
- // header. That header might say it's
- // of type qtype, but we don't
- // actually have it. Skip.
- continue
- }
- h := rr.Header()
- if h.Class == dnsClassINET && h.Name == name {
- switch h.Rrtype {
- case qtype:
- addrs = append(addrs, rr)
- case dnsTypeCNAME:
- // redirect to cname
- name = rr.(*dnsRR_CNAME).Cname
- continue Cname
- }
- }
- }
- if len(addrs) == 0 {
- return "", nil, &DNSError{Err: noSuchHost, Name: name, Server: server}
- }
- return name, addrs, nil
- }
-
- return "", nil, &DNSError{Err: "too many redirects", Name: name, Server: server}
-}
-
-func isDomainName(s string) bool {
- // See RFC 1035, RFC 3696.
- if len(s) == 0 {
- return false
- }
- if len(s) > 255 {
- return false
- }
-
- last := byte('.')
- ok := false // Ok once we've seen a letter.
- partlen := 0
- for i := 0; i < len(s); i++ {
- c := s[i]
- switch {
- default:
- return false
- case 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' || c == '_':
- ok = true
- partlen++
- case '0' <= c && c <= '9':
- // fine
- partlen++
- case c == '-':
- // Byte before dash cannot be dot.
- if last == '.' {
- return false
- }
- partlen++
- case c == '.':
- // Byte before dot cannot be dot, dash.
- if last == '.' || last == '-' {
- return false
- }
- if partlen > 63 || partlen == 0 {
- return false
- }
- partlen = 0
- }
- last = c
- }
- if last == '-' || partlen > 63 {
- return false
- }
-
- return ok
-}
-
-// An SRV represents a single DNS SRV record.
-type SRV struct {
- Target string
- Port uint16
- Priority uint16
- Weight uint16
-}
-
-// byPriorityWeight sorts SRV records by ascending priority and weight.
-type byPriorityWeight []*SRV
-
-func (s byPriorityWeight) Len() int { return len(s) }
-
-func (s byPriorityWeight) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-
-func (s byPriorityWeight) Less(i, j int) bool {
- return s[i].Priority < s[j].Priority ||
- (s[i].Priority == s[j].Priority && s[i].Weight < s[j].Weight)
-}
-
-// shuffleByWeight shuffles SRV records by weight using the algorithm
-// described in RFC 2782.
-func (addrs byPriorityWeight) shuffleByWeight() {
- sum := 0
- for _, addr := range addrs {
- sum += int(addr.Weight)
- }
- for sum > 0 && len(addrs) > 1 {
- s := 0
- n := rand.Intn(sum + 1)
- for i := range addrs {
- s += int(addrs[i].Weight)
- if s >= n {
- if i > 0 {
- t := addrs[i]
- copy(addrs[1:i+1], addrs[0:i])
- addrs[0] = t
- }
- break
- }
- }
- sum -= int(addrs[0].Weight)
- addrs = addrs[1:]
- }
-}
-
-// sort reorders SRV records as specified in RFC 2782.
-func (addrs byPriorityWeight) sort() {
- sort.Sort(addrs)
- i := 0
- for j := 1; j < len(addrs); j++ {
- if addrs[i].Priority != addrs[j].Priority {
- addrs[i:j].shuffleByWeight()
- i = j
- }
- }
- addrs[i:].shuffleByWeight()
-}
-
-// An MX represents a single DNS MX record.
-type MX struct {
- Host string
- Pref uint16
-}
-
-// byPref implements sort.Interface to sort MX records by preference
-type byPref []*MX
-
-func (s byPref) Len() int { return len(s) }
-
-func (s byPref) Less(i, j int) bool { return s[i].Pref < s[j].Pref }
-
-func (s byPref) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-
-// sort reorders MX records as specified in RFC 5321.
-func (s byPref) sort() {
- for i := range s {
- j := rand.Intn(i + 1)
- s[i], s[j] = s[j], s[i]
- }
- sort.Sort(s)
-}
-
-// An NS represents a single DNS NS record.
-type NS struct {
- Host string
-}
(DIR) diff --git a/lib/resolve/dnsmsg.go b/lib/resolve/dnsmsg.go
@@ -1,934 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// DNS packet assembly. See RFC 1035.
-//
-// This is intended to support name resolution during Dial.
-// It doesn't have to be blazing fast.
-//
-// Each message structure has a Walk method that is used by
-// a generic pack/unpack routine. Thus, if in the future we need
-// to define new message structs, no new pack/unpack/printing code
-// needs to be written.
-//
-// The first half of this file defines the DNS message formats.
-// The second half implements the conversion to and from wire format.
-// A few of the structure elements have string tags to aid the
-// generic pack/unpack routines.
-//
-// TODO(rsc): There are enough names defined in this file that they're all
-// prefixed with dns. Perhaps put this in its own package later.
-
-package main
-
-import (
- "net"
-)
-
-// Integer to decimal.
-func itoa(i int) string {
- var buf [30]byte
- n := len(buf)
- neg := false
- if i < 0 {
- i = -i
- neg = true
- }
- ui := uint(i)
- for ui > 0 || n == len(buf) {
- n--
- buf[n] = byte('0' + ui%10)
- ui /= 10
- }
- if neg {
- n--
- buf[n] = '-'
- }
- return string(buf[n:])
-}
-
-const hexDigit = "0123456789abcdef"
-
-// Packet formats
-
-// Wire constants.
-const (
- // valid dnsRR_Header.Rrtype and dnsQuestion.qtype
- dnsTypeA = 1
- dnsTypeNS = 2
- dnsTypeMD = 3
- dnsTypeMF = 4
- dnsTypeCNAME = 5
- dnsTypeSOA = 6
- dnsTypeMB = 7
- dnsTypeMG = 8
- dnsTypeMR = 9
- dnsTypeNULL = 10
- dnsTypeWKS = 11
- dnsTypePTR = 12
- dnsTypeHINFO = 13
- dnsTypeMINFO = 14
- dnsTypeMX = 15
- dnsTypeTXT = 16
- dnsTypeAAAA = 28
- dnsTypeSRV = 33
-
- // valid dnsQuestion.qtype only
- dnsTypeAXFR = 252
- dnsTypeMAILB = 253
- dnsTypeMAILA = 254
- dnsTypeALL = 255
-
- // valid dnsQuestion.qclass
- dnsClassINET = 1
- dnsClassCSNET = 2
- dnsClassCHAOS = 3
- dnsClassHESIOD = 4
- dnsClassANY = 255
-
- // dnsMsg.rcode
- dnsRcodeSuccess = 0
- dnsRcodeFormatError = 1
- dnsRcodeServerFailure = 2
- dnsRcodeNameError = 3
- dnsRcodeNotImplemented = 4
- dnsRcodeRefused = 5
-)
-
-// A dnsStruct describes how to iterate over its fields to emulate
-// reflective marshalling.
-type dnsStruct interface {
- // Walk iterates over fields of a structure and calls f
- // with a reference to that field, the name of the field
- // and a tag ("", "domain", "ipv4", "ipv6") specifying
- // particular encodings. Possible concrete types
- // for v are *uint16, *uint32, *string, or []byte, and
- // *int, *bool in the case of dnsMsgHdr.
- // Whenever f returns false, Walk must stop and return
- // false, and otherwise return true.
- Walk(f func(v interface{}, name, tag string) (ok bool)) (ok bool)
-}
-
-// The wire format for the DNS packet header.
-type dnsHeader struct {
- Id uint16
- Bits uint16
- Qdcount, Ancount, Nscount, Arcount uint16
-}
-
-func (h *dnsHeader) Walk(f func(v interface{}, name, tag string) bool) bool {
- return f(&h.Id, "Id", "") &&
- f(&h.Bits, "Bits", "") &&
- f(&h.Qdcount, "Qdcount", "") &&
- f(&h.Ancount, "Ancount", "") &&
- f(&h.Nscount, "Nscount", "") &&
- f(&h.Arcount, "Arcount", "")
-}
-
-const (
- // dnsHeader.Bits
- _QR = 1 << 15 // query/response (response=1)
- _AA = 1 << 10 // authoritative
- _TC = 1 << 9 // truncated
- _RD = 1 << 8 // recursion desired
- _RA = 1 << 7 // recursion available
-)
-
-// DNS queries.
-type dnsQuestion struct {
- Name string `net:"domain-name"` // `net:"domain-name"` specifies encoding; see packers below
- Qtype uint16
- Qclass uint16
-}
-
-func (q *dnsQuestion) Walk(f func(v interface{}, name, tag string) bool) bool {
- return f(&q.Name, "Name", "domain") &&
- f(&q.Qtype, "Qtype", "") &&
- f(&q.Qclass, "Qclass", "")
-}
-
-// DNS responses (resource records).
-// There are many types of messages,
-// but they all share the same header.
-type dnsRR_Header struct {
- Name string `net:"domain-name"`
- Rrtype uint16
- Class uint16
- Ttl uint32
- Rdlength uint16 // length of data after header
-}
-
-func (h *dnsRR_Header) Header() *dnsRR_Header {
- return h
-}
-
-func (h *dnsRR_Header) Walk(f func(v interface{}, name, tag string) bool) bool {
- return f(&h.Name, "Name", "domain") &&
- f(&h.Rrtype, "Rrtype", "") &&
- f(&h.Class, "Class", "") &&
- f(&h.Ttl, "Ttl", "") &&
- f(&h.Rdlength, "Rdlength", "")
-}
-
-type dnsRR interface {
- dnsStruct
- Header() *dnsRR_Header
-}
-
-// Specific DNS RR formats for each query type.
-
-type dnsRR_CNAME struct {
- Hdr dnsRR_Header
- Cname string `net:"domain-name"`
-}
-
-func (rr *dnsRR_CNAME) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_CNAME) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.Cname, "Cname", "domain")
-}
-
-type dnsRR_HINFO struct {
- Hdr dnsRR_Header
- Cpu string
- Os string
-}
-
-func (rr *dnsRR_HINFO) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_HINFO) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.Cpu, "Cpu", "") && f(&rr.Os, "Os", "")
-}
-
-type dnsRR_MB struct {
- Hdr dnsRR_Header
- Mb string `net:"domain-name"`
-}
-
-func (rr *dnsRR_MB) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_MB) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.Mb, "Mb", "domain")
-}
-
-type dnsRR_MG struct {
- Hdr dnsRR_Header
- Mg string `net:"domain-name"`
-}
-
-func (rr *dnsRR_MG) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_MG) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.Mg, "Mg", "domain")
-}
-
-type dnsRR_MINFO struct {
- Hdr dnsRR_Header
- Rmail string `net:"domain-name"`
- Email string `net:"domain-name"`
-}
-
-func (rr *dnsRR_MINFO) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_MINFO) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.Rmail, "Rmail", "domain") && f(&rr.Email, "Email", "domain")
-}
-
-type dnsRR_MR struct {
- Hdr dnsRR_Header
- Mr string `net:"domain-name"`
-}
-
-func (rr *dnsRR_MR) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_MR) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.Mr, "Mr", "domain")
-}
-
-type dnsRR_MX struct {
- Hdr dnsRR_Header
- Pref uint16
- Mx string `net:"domain-name"`
-}
-
-func (rr *dnsRR_MX) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_MX) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.Pref, "Pref", "") && f(&rr.Mx, "Mx", "domain")
-}
-
-type dnsRR_NS struct {
- Hdr dnsRR_Header
- Ns string `net:"domain-name"`
-}
-
-func (rr *dnsRR_NS) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_NS) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.Ns, "Ns", "domain")
-}
-
-type dnsRR_PTR struct {
- Hdr dnsRR_Header
- Ptr string `net:"domain-name"`
-}
-
-func (rr *dnsRR_PTR) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_PTR) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.Ptr, "Ptr", "domain")
-}
-
-type dnsRR_SOA struct {
- Hdr dnsRR_Header
- Ns string `net:"domain-name"`
- Mbox string `net:"domain-name"`
- Serial uint32
- Refresh uint32
- Retry uint32
- Expire uint32
- Minttl uint32
-}
-
-func (rr *dnsRR_SOA) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_SOA) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) &&
- f(&rr.Ns, "Ns", "domain") &&
- f(&rr.Mbox, "Mbox", "domain") &&
- f(&rr.Serial, "Serial", "") &&
- f(&rr.Refresh, "Refresh", "") &&
- f(&rr.Retry, "Retry", "") &&
- f(&rr.Expire, "Expire", "") &&
- f(&rr.Minttl, "Minttl", "")
-}
-
-type dnsRR_TXT struct {
- Hdr dnsRR_Header
- Txt string // not domain name
-}
-
-func (rr *dnsRR_TXT) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_TXT) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.Txt, "Txt", "")
-}
-
-type dnsRR_SRV struct {
- Hdr dnsRR_Header
- Priority uint16
- Weight uint16
- Port uint16
- Target string `net:"domain-name"`
-}
-
-func (rr *dnsRR_SRV) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_SRV) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) &&
- f(&rr.Priority, "Priority", "") &&
- f(&rr.Weight, "Weight", "") &&
- f(&rr.Port, "Port", "") &&
- f(&rr.Target, "Target", "domain")
-}
-
-type dnsRR_A struct {
- Hdr dnsRR_Header
- A uint32 `net:"ipv4"`
-}
-
-func (rr *dnsRR_A) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_A) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(&rr.A, "A", "ipv4")
-}
-
-type dnsRR_AAAA struct {
- Hdr dnsRR_Header
- AAAA [16]byte `net:"ipv6"`
-}
-
-func (rr *dnsRR_AAAA) Header() *dnsRR_Header {
- return &rr.Hdr
-}
-
-func (rr *dnsRR_AAAA) Walk(f func(v interface{}, name, tag string) bool) bool {
- return rr.Hdr.Walk(f) && f(rr.AAAA[:], "AAAA", "ipv6")
-}
-
-// Packing and unpacking.
-//
-// All the packers and unpackers take a (msg []byte, off int)
-// and return (off1 int, ok bool). If they return ok==false, they
-// also return off1==len(msg), so that the next unpacker will
-// also fail. This lets us avoid checks of ok until the end of a
-// packing sequence.
-
-// Map of constructors for each RR wire type.
-var rr_mk = map[int]func() dnsRR{
- dnsTypeCNAME: func() dnsRR { return new(dnsRR_CNAME) },
- dnsTypeHINFO: func() dnsRR { return new(dnsRR_HINFO) },
- dnsTypeMB: func() dnsRR { return new(dnsRR_MB) },
- dnsTypeMG: func() dnsRR { return new(dnsRR_MG) },
- dnsTypeMINFO: func() dnsRR { return new(dnsRR_MINFO) },
- dnsTypeMR: func() dnsRR { return new(dnsRR_MR) },
- dnsTypeMX: func() dnsRR { return new(dnsRR_MX) },
- dnsTypeNS: func() dnsRR { return new(dnsRR_NS) },
- dnsTypePTR: func() dnsRR { return new(dnsRR_PTR) },
- dnsTypeSOA: func() dnsRR { return new(dnsRR_SOA) },
- dnsTypeTXT: func() dnsRR { return new(dnsRR_TXT) },
- dnsTypeSRV: func() dnsRR { return new(dnsRR_SRV) },
- dnsTypeA: func() dnsRR { return new(dnsRR_A) },
- dnsTypeAAAA: func() dnsRR { return new(dnsRR_AAAA) },
-}
-
-// Pack a domain name s into msg[off:].
-// Domain names are a sequence of counted strings
-// split at the dots. They end with a zero-length string.
-func packDomainName(s string, msg []byte, off int) (off1 int, ok bool) {
- // Add trailing dot to canonicalize name.
- if n := len(s); n == 0 || s[n-1] != '.' {
- s += "."
- }
-
- // Each dot ends a segment of the name.
- // We trade each dot byte for a length byte.
- // There is also a trailing zero.
- // Check that we have all the space we need.
- tot := len(s) + 1
- if off+tot > len(msg) {
- return len(msg), false
- }
-
- // Emit sequence of counted strings, chopping at dots.
- begin := 0
- for i := 0; i < len(s); i++ {
- if s[i] == '.' {
- if i-begin >= 1<<6 { // top two bits of length must be clear
- return len(msg), false
- }
- msg[off] = byte(i - begin)
- off++
- for j := begin; j < i; j++ {
- msg[off] = s[j]
- off++
- }
- begin = i + 1
- }
- }
- msg[off] = 0
- off++
- return off, true
-}
-
-// Unpack a domain name.
-// In addition to the simple sequences of counted strings above,
-// domain names are allowed to refer to strings elsewhere in the
-// packet, to avoid repeating common suffixes when returning
-// many entries in a single domain. The pointers are marked
-// by a length byte with the top two bits set. Ignoring those
-// two bits, that byte and the next give a 14 bit offset from msg[0]
-// where we should pick up the trail.
-// Note that if we jump elsewhere in the packet,
-// we return off1 == the offset after the first pointer we found,
-// which is where the next record will start.
-// In theory, the pointers are only allowed to jump backward.
-// We let them jump anywhere and stop jumping after a while.
-func unpackDomainName(msg []byte, off int) (s string, off1 int, ok bool) {
- s = ""
- ptr := 0 // number of pointers followed
-Loop:
- for {
- if off >= len(msg) {
- return "", len(msg), false
- }
- c := int(msg[off])
- off++
- switch c & 0xC0 {
- case 0x00:
- if c == 0x00 {
- // end of name
- break Loop
- }
- // literal string
- if off+c > len(msg) {
- return "", len(msg), false
- }
- s += string(msg[off:off+c]) + "."
- off += c
- case 0xC0:
- // pointer to somewhere else in msg.
- // remember location after first ptr,
- // since that's how many bytes we consumed.
- // also, don't follow too many pointers --
- // maybe there's a loop.
- if off >= len(msg) {
- return "", len(msg), false
- }
- c1 := msg[off]
- off++
- if ptr == 0 {
- off1 = off
- }
- if ptr++; ptr > 10 {
- return "", len(msg), false
- }
- off = (c^0xC0)<<8 | int(c1)
- default:
- // 0x80 and 0x40 are reserved
- return "", len(msg), false
- }
- }
- if ptr == 0 {
- off1 = off
- }
- return s, off1, true
-}
-
-// packStruct packs a structure into msg at specified offset off, and
-// returns off1 such that msg[off:off1] is the encoded data.
-func packStruct(any dnsStruct, msg []byte, off int) (off1 int, ok bool) {
- ok = any.Walk(func(field interface{}, name, tag string) bool {
- switch fv := field.(type) {
- default:
- println("net: dns: unknown packing type")
- return false
- case *uint16:
- i := *fv
- if off+2 > len(msg) {
- return false
- }
- msg[off] = byte(i >> 8)
- msg[off+1] = byte(i)
- off += 2
- case *uint32:
- i := *fv
- msg[off] = byte(i >> 24)
- msg[off+1] = byte(i >> 16)
- msg[off+2] = byte(i >> 8)
- msg[off+3] = byte(i)
- off += 4
- case []byte:
- n := len(fv)
- if off+n > len(msg) {
- return false
- }
- copy(msg[off:off+n], fv)
- off += n
- case *string:
- s := *fv
- switch tag {
- default:
- println("net: dns: unknown string tag", tag)
- return false
- case "domain":
- off, ok = packDomainName(s, msg, off)
- if !ok {
- return false
- }
- case "":
- // Counted string: 1 byte length.
- if len(s) > 255 || off+1+len(s) > len(msg) {
- return false
- }
- msg[off] = byte(len(s))
- off++
- off += copy(msg[off:], s)
- }
- }
- return true
- })
- if !ok {
- return len(msg), false
- }
- return off, true
-}
-
-// unpackStruct decodes msg[off:] into the given structure, and
-// returns off1 such that msg[off:off1] is the encoded data.
-func unpackStruct(any dnsStruct, msg []byte, off int) (off1 int, ok bool) {
- ok = any.Walk(func(field interface{}, name, tag string) bool {
- switch fv := field.(type) {
- default:
- println("net: dns: unknown packing type")
- return false
- case *uint16:
- if off+2 > len(msg) {
- return false
- }
- *fv = uint16(msg[off])<<8 | uint16(msg[off+1])
- off += 2
- case *uint32:
- if off+4 > len(msg) {
- return false
- }
- *fv = uint32(msg[off])<<24 | uint32(msg[off+1])<<16 |
- uint32(msg[off+2])<<8 | uint32(msg[off+3])
- off += 4
- case []byte:
- n := len(fv)
- if off+n > len(msg) {
- return false
- }
- copy(fv, msg[off:off+n])
- off += n
- case *string:
- var s string
- switch tag {
- default:
- println("net: dns: unknown string tag", tag)
- return false
- case "domain":
- s, off, ok = unpackDomainName(msg, off)
- if !ok {
- return false
- }
- case "":
- if off >= len(msg) || off+1+int(msg[off]) > len(msg) {
- return false
- }
- n := int(msg[off])
- off++
- b := make([]byte, n)
- for i := 0; i < n; i++ {
- b[i] = msg[off+i]
- }
- off += n
- s = string(b)
- }
- *fv = s
- }
- return true
- })
- if !ok {
- return len(msg), false
- }
- return off, true
-}
-
-// Generic struct printer. Prints fields with tag "ipv4" or "ipv6"
-// as IP addresses.
-func printStruct(any dnsStruct) string {
- s := "{"
- i := 0
- any.Walk(func(val interface{}, name, tag string) bool {
- i++
- if i > 1 {
- s += ", "
- }
- s += name + "="
- switch tag {
- case "ipv4":
- i := *val.(*uint32)
- s += net.IPv4(byte(i>>24), byte(i>>16), byte(i>>8), byte(i)).String()
- case "ipv6":
- i := val.([]byte)
- s += net.IP(i).String()
- default:
- var i int64
- switch v := val.(type) {
- default:
- // can't really happen.
- s += "<unknown type>"
- return true
- case *string:
- s += *v
- return true
- case []byte:
- s += string(v)
- return true
- case *bool:
- if *v {
- s += "true"
- } else {
- s += "false"
- }
- return true
- case *int:
- i = int64(*v)
- case *uint:
- i = int64(*v)
- case *uint8:
- i = int64(*v)
- case *uint16:
- i = int64(*v)
- case *uint32:
- i = int64(*v)
- case *uint64:
- i = int64(*v)
- case *uintptr:
- i = int64(*v)
- }
- s += itoa(int(i))
- }
- return true
- })
- s += "}"
- return s
-}
-
-// Resource record packer.
-func packRR(rr dnsRR, msg []byte, off int) (off2 int, ok bool) {
- var off1 int
- // pack twice, once to find end of header
- // and again to find end of packet.
- // a bit inefficient but this doesn't need to be fast.
- // off1 is end of header
- // off2 is end of rr
- off1, ok = packStruct(rr.Header(), msg, off)
- off2, ok = packStruct(rr, msg, off)
- if !ok {
- return len(msg), false
- }
- // pack a third time; redo header with correct data length
- rr.Header().Rdlength = uint16(off2 - off1)
- packStruct(rr.Header(), msg, off)
- return off2, true
-}
-
-// Resource record unpacker.
-func unpackRR(msg []byte, off int) (rr dnsRR, off1 int, ok bool) {
- // unpack just the header, to find the rr type and length
- var h dnsRR_Header
- off0 := off
- if off, ok = unpackStruct(&h, msg, off); !ok {
- return nil, len(msg), false
- }
- end := off + int(h.Rdlength)
-
- // make an rr of that type and re-unpack.
- // again inefficient but doesn't need to be fast.
- mk, known := rr_mk[int(h.Rrtype)]
- if !known {
- return &h, end, true
- }
- rr = mk()
- off, ok = unpackStruct(rr, msg, off0)
- if off != end {
- return &h, end, true
- }
- return rr, off, ok
-}
-
-// Usable representation of a DNS packet.
-
-// A manually-unpacked version of (id, bits).
-// This is in its own struct for easy printing.
-type dnsMsgHdr struct {
- id uint16
- response bool
- opcode int
- authoritative bool
- truncated bool
- recursion_desired bool
- recursion_available bool
- rcode int
-}
-
-func (h *dnsMsgHdr) Walk(f func(v interface{}, name, tag string) bool) bool {
- return f(&h.id, "id", "") &&
- f(&h.response, "response", "") &&
- f(&h.opcode, "opcode", "") &&
- f(&h.authoritative, "authoritative", "") &&
- f(&h.truncated, "truncated", "") &&
- f(&h.recursion_desired, "recursion_desired", "") &&
- f(&h.recursion_available, "recursion_available", "") &&
- f(&h.rcode, "rcode", "")
-}
-
-type dnsMsg struct {
- dnsMsgHdr
- question []dnsQuestion
- answer []dnsRR
- ns []dnsRR
- extra []dnsRR
-}
-
-func (dns *dnsMsg) Pack() (msg []byte, ok bool) {
- var dh dnsHeader
-
- // Convert convenient dnsMsg into wire-like dnsHeader.
- dh.Id = dns.id
- dh.Bits = uint16(dns.opcode)<<11 | uint16(dns.rcode)
- if dns.recursion_available {
- dh.Bits |= _RA
- }
- if dns.recursion_desired {
- dh.Bits |= _RD
- }
- if dns.truncated {
- dh.Bits |= _TC
- }
- if dns.authoritative {
- dh.Bits |= _AA
- }
- if dns.response {
- dh.Bits |= _QR
- }
-
- // Prepare variable sized arrays.
- question := dns.question
- answer := dns.answer
- ns := dns.ns
- extra := dns.extra
-
- dh.Qdcount = uint16(len(question))
- dh.Ancount = uint16(len(answer))
- dh.Nscount = uint16(len(ns))
- dh.Arcount = uint16(len(extra))
-
- // Could work harder to calculate message size,
- // but this is far more than we need and not
- // big enough to hurt the allocator.
- msg = make([]byte, 2000)
-
- // Pack it in: header and then the pieces.
- off := 0
- off, ok = packStruct(&dh, msg, off)
- for i := 0; i < len(question); i++ {
- off, ok = packStruct(&question[i], msg, off)
- }
- for i := 0; i < len(answer); i++ {
- off, ok = packRR(answer[i], msg, off)
- }
- for i := 0; i < len(ns); i++ {
- off, ok = packRR(ns[i], msg, off)
- }
- for i := 0; i < len(extra); i++ {
- off, ok = packRR(extra[i], msg, off)
- }
- if !ok {
- return nil, false
- }
- return msg[0:off], true
-}
-
-func (dns *dnsMsg) Unpack(msg []byte) bool {
- // Header.
- var dh dnsHeader
- off := 0
- var ok bool
- if off, ok = unpackStruct(&dh, msg, off); !ok {
- return false
- }
- dns.id = dh.Id
- dns.response = (dh.Bits & _QR) != 0
- dns.opcode = int(dh.Bits>>11) & 0xF
- dns.authoritative = (dh.Bits & _AA) != 0
- dns.truncated = (dh.Bits & _TC) != 0
- dns.recursion_desired = (dh.Bits & _RD) != 0
- dns.recursion_available = (dh.Bits & _RA) != 0
- dns.rcode = int(dh.Bits & 0xF)
-
- // Arrays.
- dns.question = make([]dnsQuestion, dh.Qdcount)
- dns.answer = make([]dnsRR, 0, dh.Ancount)
- dns.ns = make([]dnsRR, 0, dh.Nscount)
- dns.extra = make([]dnsRR, 0, dh.Arcount)
-
- var rec dnsRR
-
- for i := 0; i < len(dns.question); i++ {
- off, ok = unpackStruct(&dns.question[i], msg, off)
- }
- for i := 0; i < int(dh.Ancount); i++ {
- rec, off, ok = unpackRR(msg, off)
- if !ok {
- return false
- }
- dns.answer = append(dns.answer, rec)
- }
- for i := 0; i < int(dh.Nscount); i++ {
- rec, off, ok = unpackRR(msg, off)
- if !ok {
- return false
- }
- dns.ns = append(dns.ns, rec)
- }
- for i := 0; i < int(dh.Arcount); i++ {
- rec, off, ok = unpackRR(msg, off)
- if !ok {
- return false
- }
- dns.extra = append(dns.extra, rec)
- }
- // if off != len(msg) {
- // println("extra bytes in dns packet", off, "<", len(msg));
- // }
- return true
-}
-
-func (dns *dnsMsg) String() string {
- s := "DNS: " + printStruct(&dns.dnsMsgHdr) + "\n"
- if len(dns.question) > 0 {
- s += "-- Questions"
- for i := 0; i < len(dns.question); i++ {
- s += printStruct(&dns.question[i]) + "\n"
- }
- }
- if len(dns.answer) > 0 {
- s += "-- Answers\n"
- for i := 0; i < len(dns.answer); i++ {
- s += printStruct(dns.answer[i]) + "\n"
- }
- }
- if len(dns.ns) > 0 {
- s += "-- Name servers\n"
- for i := 0; i < len(dns.ns); i++ {
- s += printStruct(dns.ns[i]) + "\n"
- }
- }
- if len(dns.extra) > 0 {
- s += "-- Extra\n"
- for i := 0; i < len(dns.extra); i++ {
- s += printStruct(dns.extra[i]) + "\n"
- }
- }
- return s
-}
-
-func convertRR_A(records []dnsRR) []net.IP {
- addrs := make([]net.IP, len(records))
- for i, rr := range records {
- a := rr.(*dnsRR_A).A
- addrs[i] = net.IPv4(byte(a>>24), byte(a>>16), byte(a>>8), byte(a))
- }
- return addrs
-}
-
-func convertRR_AAAA(records []dnsRR) []net.IP {
- addrs := make([]net.IP, len(records))
- for i, rr := range records {
- a := make(net.IP, net.IPv6len)
- copy(a, rr.(*dnsRR_AAAA).AAAA[:])
- addrs[i] = a
- }
- return addrs
-}
(DIR) diff --git a/lib/resolve/dnsparse.go b/lib/resolve/dnsparse.go
@@ -1,56 +0,0 @@
-package main
-
-import (
- "fmt"
- "net"
- "os"
-)
-
-func unpackDns(msg []byte, dnsType uint16) (domain string, id uint16, ips []net.IP) {
- d := new(dnsMsg)
- if !d.Unpack(msg) {
- // fmt.Fprintf(os.Stderr, "dns error (unpacking)\n")
- return
- }
-
- id = d.id
-
- if len(d.question) < 1 {
- // fmt.Fprintf(os.Stderr, "dns error (wrong question section)\n")
- return
- }
-
- domain = d.question[0].Name
- if len(domain) < 1 {
- // fmt.Fprintf(os.Stderr, "dns error (wrong domain in question)\n")
- return
- }
-
- _, addrs, err := answer(domain, "server", d, dnsType)
- if err == nil {
- switch (dnsType) {
- case dnsTypeA:
- ips = convertRR_A(addrs)
- case dnsTypeAAAA:
- ips = convertRR_AAAA(addrs)
- }
- }
- return
-}
-
-func packDns(domain string, id uint16, dnsType uint16) []byte {
-
- out := new(dnsMsg)
- out.id = id
- out.recursion_desired = true
- out.question = []dnsQuestion{
- {domain, dnsType, dnsClassINET},
- }
-
- msg, ok := out.Pack()
- if !ok {
- fmt.Fprintf(os.Stderr, "can't pack domain %s\n", domain)
- os.Exit(1)
- }
- return msg
-}
(DIR) diff --git a/lib/resolve/resolve.go b/lib/resolve/resolve.go
@@ -1,287 +0,0 @@
-package main
-
-import (
- "bufio"
- "flag"
- "fmt"
- "io"
- "math/rand"
- "net"
- "os"
- "sort"
- "strings"
- "time"
-)
-
-func do_read_domains(domains chan<- string, domainSlotAvailable <-chan bool) {
- in := bufio.NewReader(os.Stdin)
-
- for _ = range domainSlotAvailable {
-
- input, err := in.ReadString('\n')
- if err == io.EOF {
- break
- }
- if err != nil {
- fmt.Fprintf(os.Stderr, "read(stdin): %s\n", err)
- os.Exit(1)
- }
-
- input = strings.TrimSpace(input)
- if input == "" {
- continue
- }
-
- domain := input + "."
-
- domains <- domain
- }
- close(domains)
-}
-
-var sendingDelay time.Duration
-var retryDelay time.Duration
-
-var concurrency int
-var dnsServer string
-var packetsPerSecond int
-var retryTime string
-var verbose bool
-var ipv6 bool
-
-func init() {
- flag.StringVar(&dnsServer, "server", "8.8.8.8:53",
- "DNS server address (ip:port)")
- flag.IntVar(&concurrency, "concurrency", 5000,
- "Internal buffer")
- flag.IntVar(&packetsPerSecond, "pps", 120,
- "Send up to PPS DNS queries per second")
- flag.StringVar(&retryTime, "retry", "1s",
- "Resend unanswered query after RETRY")
- flag.BoolVar(&verbose, "v", false,
- "Verbose logging")
- flag.BoolVar(&ipv6, "6", false,
- "Ipv6 - ask for AAAA, not A")
-}
-
-func main() {
- flag.Usage = func() {
- fmt.Fprintf(os.Stderr, strings.Join([]string{
- "\"resolve\" mass resolve DNS A records for domains names read from stdin.",
- "",
- "Usage: resolve [option ...]",
- "",
- }, "\n"))
- flag.PrintDefaults()
- }
-
- flag.Parse()
-
- if flag.NArg() != 0 {
- flag.Usage()
- os.Exit(1)
- }
-
- sendingDelay = time.Duration(1000000000/packetsPerSecond) * time.Nanosecond
- var err error
- retryDelay, err = time.ParseDuration(retryTime)
- if err != nil {
- fmt.Fprintf(os.Stderr, "Can't parse duration %s\n", retryTime)
- os.Exit(1)
- }
-
- fmt.Fprintf(os.Stderr, "Server: %s, sending delay: %s (%d pps), retry delay: %s\n",
- dnsServer, sendingDelay, packetsPerSecond, retryDelay)
-
- domains := make(chan string, concurrency)
- domainSlotAvailable := make(chan bool, concurrency)
-
- for i := 0; i < concurrency; i++ {
- domainSlotAvailable <- true
- }
-
- go do_read_domains(domains, domainSlotAvailable)
-
- c, err := net.Dial("udp", dnsServer)
- if err != nil {
- fmt.Fprintf(os.Stderr, "bind(udp, %s): %s\n", dnsServer, err)
- os.Exit(1)
- }
-
- // Used as a queue. Make sure it has plenty of storage available.
- timeoutRegister := make(chan *domainRecord, concurrency*1000)
- timeoutExpired := make(chan *domainRecord)
-
- resolved := make(chan *domainAnswer, concurrency)
- tryResolving := make(chan *domainRecord, concurrency)
-
- go do_timeouter(timeoutRegister, timeoutExpired)
-
- go do_send(c, tryResolving)
- go do_receive(c, resolved)
-
- t0 := time.Now()
- domainsCount, avgTries := do_map_guard(domains, domainSlotAvailable,
- timeoutRegister, timeoutExpired,
- tryResolving, resolved)
- td := time.Now().Sub(t0)
- fmt.Fprintf(os.Stderr, "Resolved %d domains in %.3fs. Average retries %.3f. Domains per second: %.3f\n",
- domainsCount,
- td.Seconds(),
- avgTries,
- float64(domainsCount)/td.Seconds())
-}
-
-type domainRecord struct {
- id uint16
- domain string
- timeout time.Time
- resend int
-}
-
-type domainAnswer struct {
- id uint16
- domain string
- ips []net.IP
-}
-
-func do_map_guard(domains <-chan string,
- domainSlotAvailable chan<- bool,
- timeoutRegister chan<- *domainRecord,
- timeoutExpired <-chan *domainRecord,
- tryResolving chan<- *domainRecord,
- resolved <-chan *domainAnswer) (int, float64) {
-
- m := make(map[uint16]*domainRecord)
-
- done := false
-
- sumTries := 0
- domainCount := 0
-
- for done == false || len(m) > 0 {
- select {
- case domain := <-domains:
- if domain == "" {
- domains = make(chan string)
- done = true
- break
- }
- var id uint16
- for {
- id = uint16(rand.Int())
- if id != 0 && m[id] == nil {
- break
- }
- }
- dr := &domainRecord{id, domain, time.Now(), 1}
- m[id] = dr
- if verbose {
- fmt.Fprintf(os.Stderr, "0x%04x resolving %s\n", id, domain)
- }
- timeoutRegister <- dr
- tryResolving <- dr
-
- case dr := <-timeoutExpired:
- if m[dr.id] == dr {
- dr.resend += 1
- dr.timeout = time.Now()
- if verbose {
- fmt.Fprintf(os.Stderr, "0x%04x resend (try:%d) %s\n", dr.id,
- dr.resend, dr.domain)
- }
- timeoutRegister <- dr
- tryResolving <- dr
- }
-
- case da := <-resolved:
- if m[da.id] != nil {
- dr := m[da.id]
- if dr.domain != da.domain {
- if verbose {
- fmt.Fprintf(os.Stderr, "0x%04x error, unrecognized domain: %s != %s\n",
- da.id, dr.domain, da.domain)
- }
- break
- }
-
- if verbose {
- fmt.Fprintf(os.Stderr, "0x%04x resolved %s\n",
- dr.id, dr.domain)
- }
-
- s := make([]string, 0, 16)
- for _, ip := range da.ips {
- s = append(s, ip.String())
- }
- sort.Sort(sort.StringSlice(s))
-
- // without trailing dot
- domain := dr.domain[:len(dr.domain)-1]
- fmt.Printf("%s, %s\n", domain, strings.Join(s, " "))
-
- sumTries += dr.resend
- domainCount += 1
-
- delete(m, dr.id)
- domainSlotAvailable <- true
- }
- }
- }
- return domainCount, float64(sumTries) / float64(domainCount)
-}
-
-func do_timeouter(timeoutRegister <-chan *domainRecord,
- timeoutExpired chan<- *domainRecord) {
- for {
- dr := <-timeoutRegister
- t := dr.timeout.Add(retryDelay)
- now := time.Now()
- if t.Sub(now) > 0 {
- delta := t.Sub(now)
- time.Sleep(delta)
- }
- timeoutExpired <- dr
- }
-}
-
-func do_send(c net.Conn, tryResolving <-chan *domainRecord) {
- for {
- dr := <-tryResolving
-
- var t uint16
- if !ipv6 {
- t = dnsTypeA
- } else {
- t = dnsTypeAAAA
- }
- msg := packDns(dr.domain, dr.id, t)
-
- _, err := c.Write(msg)
- if err != nil {
- fmt.Fprintf(os.Stderr, "write(udp): %s\n", err)
- os.Exit(1)
- }
- time.Sleep(sendingDelay)
- }
-}
-
-func do_receive(c net.Conn, resolved chan<- *domainAnswer) {
- buf := make([]byte, 4096)
- for {
- n, err := c.Read(buf)
- if err != nil {
- fmt.Fprintf(os.Stderr, "%s\n", err)
- os.Exit(1)
- }
-
- var t uint16
- if !ipv6 {
- t = dnsTypeA
- } else {
- t = dnsTypeAAAA
- }
- domain, id, ips := unpackDns(buf[:n], t)
- resolved <- &domainAnswer{id, domain, ips}
- }
-}
(DIR) diff --git a/main.go b/main.go
@@ -1,7 +1,8 @@
-package main
+package dnsrecon
import (
"fmt"
+ "log"
"github.com/kataras/go-template/html"
"github.com/kataras/iris"
@@ -38,14 +39,20 @@ func main() {
ctx.RedirectTo("/")
})
- iris.OnError(iris.StatusNotFound, func(ctx *iris.Context) {
- iris.Logger.Printf("http status: 404 happened!")
- ctx.RedirectTo("/")
- })
-
- // display results of scan
+ /* Types:
+ *
+ * A Record = 1
+ * NS Records = 2
+ * MX Records = 15
+ */
iris.Get("/results/:id", func(ctx *iris.Context) {
id := ctx.Param("id")
+
+ forwardAddress, err := Query(id, 2)
+
+ log.Println(err)
+ log.Println(forwardAddress)
+
ctx.Render("scan.html", data{"Results", id})
})