ronin-recon 0.1.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +4 -0
- data/.github/workflows/ruby.yml +46 -0
- data/.gitignore +20 -0
- data/.rspec +1 -0
- data/.rubocop.yml +44 -0
- data/.ruby-version +1 -0
- data/.yardopts +1 -0
- data/COPYING.txt +165 -0
- data/ChangeLog.md +36 -0
- data/Gemfile +62 -0
- data/README.md +391 -0
- data/Rakefile +74 -0
- data/bin/ronin-recon +16 -0
- data/data/completions/ronin-recon +95 -0
- data/data/templates/worker.rb.erb +67 -0
- data/data/wordlists/raft-small-directories.txt.gz +0 -0
- data/data/wordlists/subdomains-1000.txt.gz +0 -0
- data/examples/recon.rb +24 -0
- data/gemspec.yml +57 -0
- data/lib/ronin/recon/builtin/dns/lookup.rb +65 -0
- data/lib/ronin/recon/builtin/dns/mailservers.rb +64 -0
- data/lib/ronin/recon/builtin/dns/nameservers.rb +61 -0
- data/lib/ronin/recon/builtin/dns/reverse_lookup.rb +63 -0
- data/lib/ronin/recon/builtin/dns/srv_enum.rb +178 -0
- data/lib/ronin/recon/builtin/dns/subdomain_enum.rb +105 -0
- data/lib/ronin/recon/builtin/dns/suffix_enum.rb +168 -0
- data/lib/ronin/recon/builtin/net/ip_range_enum.rb +65 -0
- data/lib/ronin/recon/builtin/net/port_scan.rb +84 -0
- data/lib/ronin/recon/builtin/net/service_id.rb +75 -0
- data/lib/ronin/recon/builtin/ssl/cert_enum.rb +109 -0
- data/lib/ronin/recon/builtin/ssl/cert_grab.rb +76 -0
- data/lib/ronin/recon/builtin/ssl/cert_sh.rb +77 -0
- data/lib/ronin/recon/builtin/web/dir_enum.rb +121 -0
- data/lib/ronin/recon/builtin/web/email_addresses.rb +70 -0
- data/lib/ronin/recon/builtin/web/spider.rb +93 -0
- data/lib/ronin/recon/builtin.rb +34 -0
- data/lib/ronin/recon/cli/command.rb +40 -0
- data/lib/ronin/recon/cli/commands/completion.rb +61 -0
- data/lib/ronin/recon/cli/commands/irb.rb +57 -0
- data/lib/ronin/recon/cli/commands/new.rb +203 -0
- data/lib/ronin/recon/cli/commands/run.rb +420 -0
- data/lib/ronin/recon/cli/commands/test.rb +99 -0
- data/lib/ronin/recon/cli/commands/worker.rb +114 -0
- data/lib/ronin/recon/cli/commands/workers.rb +80 -0
- data/lib/ronin/recon/cli/debug_option.rb +45 -0
- data/lib/ronin/recon/cli/printing.rb +122 -0
- data/lib/ronin/recon/cli/ruby_shell.rb +51 -0
- data/lib/ronin/recon/cli/worker_command.rb +105 -0
- data/lib/ronin/recon/cli.rb +50 -0
- data/lib/ronin/recon/config.rb +371 -0
- data/lib/ronin/recon/dns_worker.rb +41 -0
- data/lib/ronin/recon/engine.rb +639 -0
- data/lib/ronin/recon/exceptions.rb +45 -0
- data/lib/ronin/recon/graph.rb +127 -0
- data/lib/ronin/recon/importer.rb +224 -0
- data/lib/ronin/recon/input_file.rb +81 -0
- data/lib/ronin/recon/message/job_completed.rb +60 -0
- data/lib/ronin/recon/message/job_failed.rb +69 -0
- data/lib/ronin/recon/message/job_started.rb +60 -0
- data/lib/ronin/recon/message/shutdown.rb +38 -0
- data/lib/ronin/recon/message/value.rb +76 -0
- data/lib/ronin/recon/message/worker_started.rb +51 -0
- data/lib/ronin/recon/message/worker_stopped.rb +51 -0
- data/lib/ronin/recon/mixins/dns.rb +639 -0
- data/lib/ronin/recon/mixins/http.rb +58 -0
- data/lib/ronin/recon/mixins.rb +21 -0
- data/lib/ronin/recon/output_formats/dir.rb +94 -0
- data/lib/ronin/recon/output_formats/dot.rb +155 -0
- data/lib/ronin/recon/output_formats/graph_format.rb +48 -0
- data/lib/ronin/recon/output_formats/graphviz_format.rb +115 -0
- data/lib/ronin/recon/output_formats/pdf.rb +43 -0
- data/lib/ronin/recon/output_formats/png.rb +43 -0
- data/lib/ronin/recon/output_formats/svg.rb +43 -0
- data/lib/ronin/recon/output_formats.rb +48 -0
- data/lib/ronin/recon/registry.rb +35 -0
- data/lib/ronin/recon/root.rb +33 -0
- data/lib/ronin/recon/scope.rb +112 -0
- data/lib/ronin/recon/value/parser.rb +113 -0
- data/lib/ronin/recon/value.rb +110 -0
- data/lib/ronin/recon/value_status.rb +87 -0
- data/lib/ronin/recon/values/cert.rb +168 -0
- data/lib/ronin/recon/values/domain.rb +88 -0
- data/lib/ronin/recon/values/email_address.rb +114 -0
- data/lib/ronin/recon/values/host.rb +137 -0
- data/lib/ronin/recon/values/ip.rb +123 -0
- data/lib/ronin/recon/values/ip_range.rb +155 -0
- data/lib/ronin/recon/values/mailserver.rb +61 -0
- data/lib/ronin/recon/values/nameserver.rb +61 -0
- data/lib/ronin/recon/values/open_port.rb +190 -0
- data/lib/ronin/recon/values/url.rb +218 -0
- data/lib/ronin/recon/values/website.rb +200 -0
- data/lib/ronin/recon/values/wildcard.rb +140 -0
- data/lib/ronin/recon/values.rb +32 -0
- data/lib/ronin/recon/version.rb +26 -0
- data/lib/ronin/recon/web_worker.rb +35 -0
- data/lib/ronin/recon/worker.rb +433 -0
- data/lib/ronin/recon/worker_pool.rb +203 -0
- data/lib/ronin/recon/workers.rb +260 -0
- data/lib/ronin/recon.rb +22 -0
- data/man/ronin-recon-completion.1 +76 -0
- data/man/ronin-recon-completion.1.md +78 -0
- data/man/ronin-recon-irb.1 +27 -0
- data/man/ronin-recon-irb.1.md +26 -0
- data/man/ronin-recon-new.1 +58 -0
- data/man/ronin-recon-new.1.md +59 -0
- data/man/ronin-recon-run.1 +137 -0
- data/man/ronin-recon-run.1.md +115 -0
- data/man/ronin-recon-test.1 +53 -0
- data/man/ronin-recon-test.1.md +55 -0
- data/man/ronin-recon-worker.1 +32 -0
- data/man/ronin-recon-worker.1.md +34 -0
- data/man/ronin-recon-workers.1 +29 -0
- data/man/ronin-recon-workers.1.md +31 -0
- data/man/ronin-recon.1 +57 -0
- data/man/ronin-recon.1.md +57 -0
- data/ronin-recon.gemspec +62 -0
- data/scripts/setup +58 -0
- metadata +364 -0
@@ -0,0 +1,639 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#
|
3
|
+
# ronin-recon - A micro-framework and tool for performing reconnaissance.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
6
|
+
#
|
7
|
+
# ronin-recon is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# ronin-recon is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU Lesser General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
18
|
+
# along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'ronin/support/network/dns/idn'
|
22
|
+
require 'ronin/support/network/dns'
|
23
|
+
|
24
|
+
require 'async/io'
|
25
|
+
require 'async/dns/resolver'
|
26
|
+
require 'ipaddr'
|
27
|
+
|
28
|
+
module Ronin
|
29
|
+
module Recon
|
30
|
+
module Mixins
|
31
|
+
#
|
32
|
+
# Mixin which adds methods for performing async DNS queries.
|
33
|
+
#
|
34
|
+
# @api public
|
35
|
+
#
|
36
|
+
module DNS
|
37
|
+
# Handles International Domain Names (IDN).
|
38
|
+
IDN = Support::Network::DNS::IDN
|
39
|
+
|
40
|
+
# @return [Async::DNS::Resolver]
|
41
|
+
attr_reader :dns_resolver
|
42
|
+
|
43
|
+
#
|
44
|
+
# Initializes the DNS resolver.
|
45
|
+
#
|
46
|
+
# @param [Array<String>] nameservers
|
47
|
+
# The DNS nameservers to query.
|
48
|
+
#
|
49
|
+
# @param [Hash{Symbol => Object}] kwargs
|
50
|
+
# Additional keyword arguments.
|
51
|
+
#
|
52
|
+
def initialize(nameservers: Support::Network::DNS.nameservers, **kwargs)
|
53
|
+
super(**kwargs)
|
54
|
+
|
55
|
+
@dns_resolver = Async::DNS::Resolver.new(
|
56
|
+
nameservers.map { |ip| [:udp, ip, 53] }
|
57
|
+
)
|
58
|
+
end
|
59
|
+
|
60
|
+
#
|
61
|
+
# Looks up all addresses of a hostname.
|
62
|
+
#
|
63
|
+
# @param [String] host
|
64
|
+
# The hostname to lookup.
|
65
|
+
#
|
66
|
+
# @return [Array<String>]
|
67
|
+
# The addresses of the hostname.
|
68
|
+
#
|
69
|
+
def dns_get_addresses(host)
|
70
|
+
host = IDN.to_ascii(host)
|
71
|
+
|
72
|
+
begin
|
73
|
+
@dns_resolver.addresses_for(host).map(&:to_s)
|
74
|
+
rescue Async::DNS::ResolutionFailure
|
75
|
+
return []
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
#
|
80
|
+
# Looks up the address of a hostname.
|
81
|
+
#
|
82
|
+
# @param [String] host
|
83
|
+
# The hostname to lookup.
|
84
|
+
#
|
85
|
+
# @return [String, nil]
|
86
|
+
# The address of the hostname.
|
87
|
+
#
|
88
|
+
def dns_get_address(host)
|
89
|
+
dns_get_addresses(host).first
|
90
|
+
end
|
91
|
+
|
92
|
+
#
|
93
|
+
# Looks up all hostnames associated with the address.
|
94
|
+
#
|
95
|
+
# @param [String] ip
|
96
|
+
# The IP address to lookup.
|
97
|
+
#
|
98
|
+
# @return [Array<String>]
|
99
|
+
# The hostnames of the address.
|
100
|
+
#
|
101
|
+
def dns_get_names(ip)
|
102
|
+
dns_get_ptr_names(ip)
|
103
|
+
end
|
104
|
+
|
105
|
+
#
|
106
|
+
# Looks up the hostname of the address.
|
107
|
+
#
|
108
|
+
# @param [String] ip
|
109
|
+
# The IP address to lookup.
|
110
|
+
#
|
111
|
+
# @return [String, nil]
|
112
|
+
# The hostname of the address.
|
113
|
+
#
|
114
|
+
def dns_get_name(ip)
|
115
|
+
dns_get_names(ip).first
|
116
|
+
end
|
117
|
+
|
118
|
+
alias dns_reverse_lookup dns_get_name
|
119
|
+
|
120
|
+
# Mapping of record types to `Resolv::DNS::Resource::IN` classes.
|
121
|
+
#
|
122
|
+
# @api private
|
123
|
+
RECORD_TYPES = {
|
124
|
+
a: Resolv::DNS::Resource::IN::A,
|
125
|
+
aaaa: Resolv::DNS::Resource::IN::AAAA,
|
126
|
+
any: Resolv::DNS::Resource::IN::ANY,
|
127
|
+
cname: Resolv::DNS::Resource::IN::CNAME,
|
128
|
+
hinfo: Resolv::DNS::Resource::IN::HINFO,
|
129
|
+
loc: Resolv::DNS::Resource::IN::LOC,
|
130
|
+
minfo: Resolv::DNS::Resource::IN::MINFO,
|
131
|
+
mx: Resolv::DNS::Resource::IN::MX,
|
132
|
+
ns: Resolv::DNS::Resource::IN::NS,
|
133
|
+
ptr: Resolv::DNS::Resource::IN::PTR,
|
134
|
+
soa: Resolv::DNS::Resource::IN::SOA,
|
135
|
+
srv: Resolv::DNS::Resource::IN::SRV,
|
136
|
+
txt: Resolv::DNS::Resource::IN::TXT,
|
137
|
+
wks: Resolv::DNS::Resource::IN::WKS
|
138
|
+
}
|
139
|
+
|
140
|
+
#
|
141
|
+
# Queries all matching DNS records for the host name.
|
142
|
+
#
|
143
|
+
# @param [String] name
|
144
|
+
# The host name to query.
|
145
|
+
#
|
146
|
+
# @param [:a, :aaaa, :any, :cname, :hinfo, :loc, :minfo, :mx, :ns, :ptr, :soa, :srv, :txt, :wks] record_type
|
147
|
+
# The record type.
|
148
|
+
#
|
149
|
+
# @return [Array<Resolv::DNS::Resource>]
|
150
|
+
# All matching DNS records.
|
151
|
+
#
|
152
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource
|
153
|
+
#
|
154
|
+
def dns_get_records(name,record_type)
|
155
|
+
name = IDN.to_ascii(name)
|
156
|
+
|
157
|
+
record_class = RECORD_TYPES.fetch(record_type) do
|
158
|
+
raise(ArgumentError,"invalid record type: #{record_type.inspect}")
|
159
|
+
end
|
160
|
+
|
161
|
+
if (message = @dns_resolver.query(name,record_class))
|
162
|
+
message.answer.map { |answer| answer[2] }
|
163
|
+
else
|
164
|
+
[]
|
165
|
+
end
|
166
|
+
end
|
167
|
+
|
168
|
+
#
|
169
|
+
# Queries a single matching DNS record for the host name.
|
170
|
+
#
|
171
|
+
# @param [String] name
|
172
|
+
# The host name to query.
|
173
|
+
#
|
174
|
+
# @param [:a, :aaaa, :any, :cname, :hinfo, :loc, :minfo, :mx, :ns, :ptr, :soa, :srv, :txt, :wks] record_type
|
175
|
+
# The record type.
|
176
|
+
#
|
177
|
+
# @return [Resolv::DNS::Resource, nil]
|
178
|
+
# The matching DNS records or `nil` if no matching DNS records
|
179
|
+
# could be found.
|
180
|
+
#
|
181
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource
|
182
|
+
#
|
183
|
+
def dns_get_record(name,record_type)
|
184
|
+
dns_get_records(name,record_type).first
|
185
|
+
end
|
186
|
+
|
187
|
+
#
|
188
|
+
# Queries all records of the host name using the `ANY` DNS query.
|
189
|
+
#
|
190
|
+
# @param [String] name
|
191
|
+
# The host name to query.
|
192
|
+
#
|
193
|
+
# @return [Array<Resolv::DNS::Resource>]
|
194
|
+
# All of the DNS records belonging to the host name.
|
195
|
+
#
|
196
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/ANY
|
197
|
+
#
|
198
|
+
def dns_get_any_records(name)
|
199
|
+
dns_get_records(name,:any)
|
200
|
+
end
|
201
|
+
|
202
|
+
#
|
203
|
+
# Queries the `CNAME` record for the host name.
|
204
|
+
#
|
205
|
+
# @param [String] name
|
206
|
+
# The host name to query.
|
207
|
+
#
|
208
|
+
# @return [Resolv::DNS::Resource::IN::CNAME, nil]
|
209
|
+
# The `CNAME` record or `nil` if the host name has no `CNAME`
|
210
|
+
# record.
|
211
|
+
#
|
212
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/CNAME
|
213
|
+
#
|
214
|
+
def dns_get_cname_record(name)
|
215
|
+
dns_get_record(name,:cname)
|
216
|
+
end
|
217
|
+
|
218
|
+
#
|
219
|
+
# Queries the canonical name for the host name.
|
220
|
+
#
|
221
|
+
# @param [String] name
|
222
|
+
# The host name to query.
|
223
|
+
#
|
224
|
+
# @return [String, nil]
|
225
|
+
# The canonical name for the host or `nil` if the host has no
|
226
|
+
# `CNAME` record.
|
227
|
+
#
|
228
|
+
def dns_get_cname(name)
|
229
|
+
if (record = dns_get_cname_record(name))
|
230
|
+
record.name.to_s
|
231
|
+
end
|
232
|
+
end
|
233
|
+
|
234
|
+
#
|
235
|
+
# Queries the `HINFO` record for the host name.
|
236
|
+
#
|
237
|
+
# @param [String] name
|
238
|
+
# The host name to query.
|
239
|
+
#
|
240
|
+
# @return [Resolv::DNS::Resource::IN::HINFO, nil]
|
241
|
+
# The `HINFO` DNS record or `nil` if the host name has no `HINFO`
|
242
|
+
# record.
|
243
|
+
#
|
244
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/HINFO
|
245
|
+
#
|
246
|
+
def dns_get_hinfo_record(name)
|
247
|
+
dns_get_record(name,:hinfo)
|
248
|
+
end
|
249
|
+
|
250
|
+
#
|
251
|
+
# Queries the first `A` record belonging to the host name.
|
252
|
+
#
|
253
|
+
# @param [String] name
|
254
|
+
# The host name to query.
|
255
|
+
#
|
256
|
+
# @return [Resolv::DNS::Resource::IN::A, nil]
|
257
|
+
# The first `A` DNS record or `nil` if the host name has no `A`
|
258
|
+
# records.
|
259
|
+
#
|
260
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/IN/A
|
261
|
+
#
|
262
|
+
def dns_get_a_record(name)
|
263
|
+
dns_get_record(name,:a)
|
264
|
+
end
|
265
|
+
|
266
|
+
#
|
267
|
+
# Queries the first IPv4 address belonging to the host name.
|
268
|
+
#
|
269
|
+
# @param [String] name
|
270
|
+
# The host name to query.
|
271
|
+
#
|
272
|
+
# @return [String, nil]
|
273
|
+
# The first IPv4 address belonging to the host name.
|
274
|
+
#
|
275
|
+
def dns_get_a_address(name)
|
276
|
+
if (record = dns_get_a_record(name))
|
277
|
+
record.address.to_s
|
278
|
+
end
|
279
|
+
end
|
280
|
+
|
281
|
+
#
|
282
|
+
# Queries all `A` records belonging to the host name.
|
283
|
+
#
|
284
|
+
# @param [String] name
|
285
|
+
# The host name to query.
|
286
|
+
#
|
287
|
+
# @return [Array<Resolv::DNS::Resource::IN::A>]
|
288
|
+
# All of the `A` DNS records belonging to the host name.
|
289
|
+
#
|
290
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/IN/A
|
291
|
+
#
|
292
|
+
def dns_get_a_records(name)
|
293
|
+
dns_get_records(name,:a)
|
294
|
+
end
|
295
|
+
|
296
|
+
#
|
297
|
+
# Queries all IPv4 addresses belonging to the host name.
|
298
|
+
#
|
299
|
+
# @param [String] name
|
300
|
+
# The host name to query.
|
301
|
+
#
|
302
|
+
# @return [Array<String>]
|
303
|
+
# All of the IPv4 addresses belonging to the host name.
|
304
|
+
#
|
305
|
+
def dns_get_a_addresses(name)
|
306
|
+
dns_get_a_records(name).map do |record|
|
307
|
+
record.address.to_s
|
308
|
+
end
|
309
|
+
end
|
310
|
+
|
311
|
+
#
|
312
|
+
# Queries the first `AAAA` DNS records belonging to the host name.
|
313
|
+
#
|
314
|
+
# @param [String] name
|
315
|
+
# The host name to query.
|
316
|
+
#
|
317
|
+
# @return [Resolv::DNS::Resource::IN::AAAA, nil]
|
318
|
+
# The first `AAAA` DNS record or `nil` if the host name has no
|
319
|
+
# `AAAA` records.
|
320
|
+
#
|
321
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/IN/AAAA
|
322
|
+
#
|
323
|
+
def dns_get_aaaa_record(name)
|
324
|
+
dns_get_record(name,:aaaa)
|
325
|
+
end
|
326
|
+
|
327
|
+
#
|
328
|
+
# Queries the first IPv6 address belonging to the host name.
|
329
|
+
#
|
330
|
+
# @param [String] name
|
331
|
+
# The host name to query.
|
332
|
+
#
|
333
|
+
# @return [String, nil]
|
334
|
+
# The first IPv6 address or `nil` if the host name has no IPv6
|
335
|
+
# addresses.
|
336
|
+
#
|
337
|
+
def dns_get_aaaa_address(name)
|
338
|
+
if (record = dns_get_aaaa_record(name))
|
339
|
+
record.address.to_s
|
340
|
+
end
|
341
|
+
end
|
342
|
+
|
343
|
+
#
|
344
|
+
# Queries all `AAAA` DNS records belonging to the host name.
|
345
|
+
#
|
346
|
+
# @param [String] name
|
347
|
+
# The host name to query.
|
348
|
+
#
|
349
|
+
# @return [Array<Resolv::DNS::Resource::IN::AAAA>]
|
350
|
+
# All of the `AAAA` DNS records belonging to the host name.
|
351
|
+
#
|
352
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/IN/AAAA
|
353
|
+
#
|
354
|
+
def dns_get_aaaa_records(name)
|
355
|
+
dns_get_records(name,:aaaa)
|
356
|
+
end
|
357
|
+
|
358
|
+
#
|
359
|
+
# Queries all IPv6 addresses belonging to the host name.
|
360
|
+
#
|
361
|
+
# @param [String] name
|
362
|
+
# The host name to query.
|
363
|
+
#
|
364
|
+
# @return [Array<String>]
|
365
|
+
# All IPv6 addresses belonging to the host name.
|
366
|
+
#
|
367
|
+
def dns_get_aaaa_addresses(name)
|
368
|
+
dns_get_aaaa_records(name).map do |record|
|
369
|
+
record.address.to_s
|
370
|
+
end
|
371
|
+
end
|
372
|
+
|
373
|
+
#
|
374
|
+
# Queries all `SRV` DNS records belonging to the host name.
|
375
|
+
#
|
376
|
+
# @param [String] name
|
377
|
+
# The host name to query.
|
378
|
+
#
|
379
|
+
# @return [Array<Resolv::DNS::Resource::IN::SRV>]
|
380
|
+
# All `SRV` DNS records belonging to the host name.
|
381
|
+
#
|
382
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/IN/SRV
|
383
|
+
#
|
384
|
+
def dns_get_srv_records(name)
|
385
|
+
dns_get_records(name,:srv)
|
386
|
+
end
|
387
|
+
|
388
|
+
#
|
389
|
+
# Queries all `WKS` (Well-Known-Service) DNS records belonging to the
|
390
|
+
# host name.
|
391
|
+
#
|
392
|
+
# @param [String] name
|
393
|
+
# The host name to query.
|
394
|
+
#
|
395
|
+
# @return [Array<Resolv::DNS::Resource::IN::WKS>]
|
396
|
+
# All `WKS` DNS records belonging to the host name.
|
397
|
+
#
|
398
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/IN/WKS
|
399
|
+
#
|
400
|
+
def dns_get_wks_records(name)
|
401
|
+
dns_get_records(name,:wks)
|
402
|
+
end
|
403
|
+
|
404
|
+
#
|
405
|
+
# Queries the `LOC` (Location) DNS record of the host name.
|
406
|
+
#
|
407
|
+
# @param [String] name
|
408
|
+
# The host name to query.
|
409
|
+
#
|
410
|
+
# @return [Resolv::DNS::Resource::LOC, nil]
|
411
|
+
# The `LOC` DNS record of the host name or `nil` if the host name
|
412
|
+
# has no `LOC` record.
|
413
|
+
#
|
414
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/LOC
|
415
|
+
#
|
416
|
+
def dns_get_loc_record(name)
|
417
|
+
dns_get_record(name,:loc)
|
418
|
+
end
|
419
|
+
|
420
|
+
#
|
421
|
+
# Queries the `MINFO` (Machine-Info) DNS record of the host name.
|
422
|
+
#
|
423
|
+
# @param [String] name
|
424
|
+
# The host name to query.
|
425
|
+
#
|
426
|
+
# @return [Resolv::DNS::Resource::MINFO, nil]
|
427
|
+
# The `MINFO` DNS record of the host name or `nil` if the host name
|
428
|
+
# has no `MINFO` record.
|
429
|
+
#
|
430
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/MINFO
|
431
|
+
#
|
432
|
+
def dns_get_minfo_record(name)
|
433
|
+
dns_get_record(name,:minfo)
|
434
|
+
end
|
435
|
+
|
436
|
+
#
|
437
|
+
# Queries all `MX` DNS records belonging to the host name.
|
438
|
+
#
|
439
|
+
# @param [String] name
|
440
|
+
# The host name to query.
|
441
|
+
#
|
442
|
+
# @return [Array<Resolv::DNS::Resource::MX>]
|
443
|
+
# All `MX` DNS records belonging to the host name.
|
444
|
+
#
|
445
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/MX
|
446
|
+
#
|
447
|
+
def dns_get_mx_records(name)
|
448
|
+
dns_get_records(name,:mx)
|
449
|
+
end
|
450
|
+
|
451
|
+
#
|
452
|
+
# Queries the mailservers for the host name.
|
453
|
+
#
|
454
|
+
# @param [String] name
|
455
|
+
# The host name to query.
|
456
|
+
#
|
457
|
+
# @return [Array<String>]
|
458
|
+
# The host names of the mailservers serving the given host name.
|
459
|
+
#
|
460
|
+
def dns_get_mailservers(name)
|
461
|
+
dns_get_mx_records(name).map do |record|
|
462
|
+
record.exchange.to_s
|
463
|
+
end
|
464
|
+
end
|
465
|
+
|
466
|
+
#
|
467
|
+
# Queries all `NS` DNS records belonging to the host name.
|
468
|
+
#
|
469
|
+
# @param [String] name
|
470
|
+
# The host name to query.
|
471
|
+
#
|
472
|
+
# @return [Array<Resolv::DNS::Resource::NS>]
|
473
|
+
# All `NS` DNS records belonging to the host name.
|
474
|
+
#
|
475
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/NS
|
476
|
+
#
|
477
|
+
def dns_get_ns_records(name)
|
478
|
+
dns_get_records(name,:ns)
|
479
|
+
end
|
480
|
+
|
481
|
+
#
|
482
|
+
# Queries the nameservers for the host name.
|
483
|
+
#
|
484
|
+
# @param [String] name
|
485
|
+
# The host name to query.
|
486
|
+
#
|
487
|
+
# @return [Array<String>]
|
488
|
+
# The host names of the nameservers serving the given host name.
|
489
|
+
#
|
490
|
+
def dns_get_nameservers(name)
|
491
|
+
dns_get_ns_records(name).map do |record|
|
492
|
+
record.name.to_s
|
493
|
+
end
|
494
|
+
end
|
495
|
+
|
496
|
+
#
|
497
|
+
# Queries the first `PTR` DNS record for the IP address.
|
498
|
+
#
|
499
|
+
# @param [String] ip
|
500
|
+
# The IP address to query.
|
501
|
+
#
|
502
|
+
# @return [Resolv::DNS::Resource::PTR, nil]
|
503
|
+
# The first `PTR` DNS record of the host name or `nil` if the host
|
504
|
+
# name has no `PTR` records.
|
505
|
+
#
|
506
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/PTR
|
507
|
+
#
|
508
|
+
def dns_get_ptr_record(ip)
|
509
|
+
dns_get_record(ip,:ptr)
|
510
|
+
end
|
511
|
+
|
512
|
+
#
|
513
|
+
# Queries the `PTR` host name for the IP address.
|
514
|
+
#
|
515
|
+
# @param [String] ip
|
516
|
+
# The IP address to query.
|
517
|
+
#
|
518
|
+
# @return [String, nil]
|
519
|
+
# The host name that points to the given IP.
|
520
|
+
#
|
521
|
+
def dns_get_ptr_name(ip)
|
522
|
+
if (record = dns_get_ptr_record(ip))
|
523
|
+
record.name.to_s
|
524
|
+
end
|
525
|
+
end
|
526
|
+
|
527
|
+
#
|
528
|
+
# Queries all `PTR` DNS records for the IP address.
|
529
|
+
#
|
530
|
+
# @param [String] ip
|
531
|
+
# The IP address to query.
|
532
|
+
#
|
533
|
+
# @return [Array<Resolv::DNS::Resource::PTR>]
|
534
|
+
# All `PTR` DNS records for the given IP.
|
535
|
+
#
|
536
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/PTR
|
537
|
+
#
|
538
|
+
def dns_get_ptr_records(ip)
|
539
|
+
in_addr = IPAddr.new(ip).reverse
|
540
|
+
|
541
|
+
dns_get_records(in_addr,:ptr)
|
542
|
+
end
|
543
|
+
|
544
|
+
#
|
545
|
+
# Queries all `PTR` names for the IP address.
|
546
|
+
#
|
547
|
+
# @param [String] ip
|
548
|
+
# The IP address to query.
|
549
|
+
#
|
550
|
+
# @return [Array<String>]
|
551
|
+
# The `PTR` names for the given IP.
|
552
|
+
#
|
553
|
+
def dns_get_ptr_names(ip)
|
554
|
+
dns_get_ptr_records(ip).map do |record|
|
555
|
+
record.name.to_s
|
556
|
+
end
|
557
|
+
end
|
558
|
+
|
559
|
+
#
|
560
|
+
# Queries the first `SOA` DNS record belonging to the host name.
|
561
|
+
#
|
562
|
+
# @param [String] name
|
563
|
+
# The host name to query.
|
564
|
+
#
|
565
|
+
# @return [Resolv::DNS::Resource::SOA, nil]
|
566
|
+
# The first `SOA` DNS record for the host name or `nil` if the host
|
567
|
+
# name has no `SOA` records.
|
568
|
+
#
|
569
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/SOA
|
570
|
+
#
|
571
|
+
def dns_get_soa_record(name)
|
572
|
+
dns_get_record(name,:soa)
|
573
|
+
end
|
574
|
+
|
575
|
+
#
|
576
|
+
# Queiries the first `TXT` DNS record belonging to the host name.
|
577
|
+
#
|
578
|
+
# @param [String] name
|
579
|
+
# The host name to query.
|
580
|
+
#
|
581
|
+
# @return [Resolv::DNS::Resource::TXT, nil]
|
582
|
+
# The first `TXT` DNS record for the host name or `nil` if the host
|
583
|
+
# name has no `TXT` records.
|
584
|
+
#
|
585
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/TXT
|
586
|
+
#
|
587
|
+
def dns_get_txt_record(name)
|
588
|
+
dns_get_record(name,:txt)
|
589
|
+
end
|
590
|
+
|
591
|
+
#
|
592
|
+
# Queries the first `TXT` string belonging to the host name.
|
593
|
+
#
|
594
|
+
# @param [String] name
|
595
|
+
# The host name to query.
|
596
|
+
#
|
597
|
+
# @return [String, nil]
|
598
|
+
# The first `TXT` string belonging to the host name or `nil` if the
|
599
|
+
# host name has no `TXT` records.
|
600
|
+
#
|
601
|
+
def dns_get_txt_string(name)
|
602
|
+
if (record = dns_get_txt_record(name))
|
603
|
+
record.strings.join
|
604
|
+
end
|
605
|
+
end
|
606
|
+
|
607
|
+
#
|
608
|
+
# Queries all `TXT` DNS records belonging to the host name.
|
609
|
+
#
|
610
|
+
# @param [String] name
|
611
|
+
# The host name to query.
|
612
|
+
#
|
613
|
+
# @return [Array<Resolv::DNS::Resource::TXT>]
|
614
|
+
# All of the `TXT` DNS records belonging to the host name.
|
615
|
+
#
|
616
|
+
# @see https://rubydoc.info/stdlib/resolv/Resolv/DNS/Resource/TXT
|
617
|
+
#
|
618
|
+
def dns_get_txt_records(name)
|
619
|
+
dns_get_records(name,:txt)
|
620
|
+
end
|
621
|
+
|
622
|
+
#
|
623
|
+
# Queries all of the `TXT` string values of the host name.
|
624
|
+
#
|
625
|
+
# @param [String] name
|
626
|
+
# The host name to query.
|
627
|
+
#
|
628
|
+
# @return [Array<String>]
|
629
|
+
# All `TXT` string values belonging of the host name.
|
630
|
+
#
|
631
|
+
def dns_get_txt_strings(name)
|
632
|
+
dns_get_txt_records(name).map do |record|
|
633
|
+
record.strings.join
|
634
|
+
end
|
635
|
+
end
|
636
|
+
end
|
637
|
+
end
|
638
|
+
end
|
639
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#
|
3
|
+
# ronin-recon - A micro-framework and tool for performing reconnaissance.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
6
|
+
#
|
7
|
+
# ronin-recon is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# ronin-recon is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU Lesser General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
18
|
+
# along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'async/http'
|
22
|
+
require 'set'
|
23
|
+
|
24
|
+
module Ronin
|
25
|
+
module Recon
|
26
|
+
module Mixins
|
27
|
+
#
|
28
|
+
# Mixin which adds methods for performing async HTTP requests.
|
29
|
+
#
|
30
|
+
# @api public
|
31
|
+
#
|
32
|
+
module HTTP
|
33
|
+
# HTTP status codes that indicate a valid route.
|
34
|
+
VALID_STATUS_CODES = Set[
|
35
|
+
200, # OK
|
36
|
+
201, # Created
|
37
|
+
202, # Accepted
|
38
|
+
203, # Non-Authoritative Information
|
39
|
+
204, # No Content
|
40
|
+
205, # Reset Content
|
41
|
+
206, # Partial Content
|
42
|
+
207, # Multi-Status
|
43
|
+
208, # Already Reported
|
44
|
+
226, # IM Used
|
45
|
+
405, # Method Not Allowed
|
46
|
+
406, # Not Acceptable
|
47
|
+
409, # Conflict
|
48
|
+
415, # Unsupported Media Type
|
49
|
+
422, # Unprocessable Content
|
50
|
+
423, # Locked
|
51
|
+
424, # Failed Dependency
|
52
|
+
451, # Unavailable For Legal Reasons
|
53
|
+
500 # Internal Server Error
|
54
|
+
]
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#
|
3
|
+
# ronin-recon - A micro-framework and tool for performing reconnaissance.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
6
|
+
#
|
7
|
+
# ronin-recon is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# ronin-recon is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU Lesser General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
18
|
+
# along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'ronin/recon/mixins/dns'
|