ryo 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 629de22168d1f622da5000de5afff03d261aae34f0813939b67671c3af6d200f
-  data.tar.gz: dd04dc76ddd036a2c8de555c21393652f16c0c4629cce743b0ce61b2a1ea7699
+  metadata.gz: 4023db8a1481146ed0517b06ca7192b6785c31db7512f04613c7d6ef0e9f183f
+  data.tar.gz: 8d0309f005ab9642926ffffe00b6d7b953de252988107aae5fd2d4a55dca8c7b
 SHA512:
-  metadata.gz: a423eb6a99f0d17c928f78c99b4f28cef152e194f4de3a0706e6a323769ef75949caf2175f3cde0f6fa1dca5bde52a24a29e3db6aee1a602c01cc3fe5654ed90
-  data.tar.gz: 3d738fc25ed18646203e497dcb6005af100d2d35e15d01e3df504c982f052b89437a969a04b4ee853b122d07ee7c8ae338a247c311c604c4594a488a8f82c492
+  metadata.gz: 5902dc32f735913b4b982c3837fff1d65b1a4005e47a339060e7c4fa12888d29a9a4743faa79d0a3c9450b5ac36fe3567c11f360bc09889f3c75c426264175dd
+  data.tar.gz: bf3fec78c637bed9c6a06e05f830c7b9936435a4b8ce3e0ca4446c03e0159779f60da20a2f69717f6f0d87588c6381ffe6fe497a2e21e8040371e13d1374c2a3

data/README.md

@@ -16,6 +16,9 @@ Ryo is a yet another website recon tool powered by Ruby.
 ## Features & ToDo list
 
 - [x] Directory & File brute force
+- [x] DNS dig
+  -  By using [Google Public DNS](https://developers.google.com/speed/public-dns/)
+- [x] Shodan search
 - [x] Subdomain discovery
   - By using [DNSDumpster](https://dnsdumpster.com/) and [FindSubdomains](https://findsubdomains.com/)
 - [x] Website's technology detection
@@ -38,50 +41,220 @@ $ ryo
 Commands:
   ryo all URL         # Run all discovery plugins against a given URL
   ryo dir URL         # Discover directories and files belong to a given URL
+  ryo discover URL    # Run discovery plugin(s) against a given URL
+  ryo dns URL         # Discover DNS records of a given URL
   ryo help [COMMAND]  # Describe available commands or one specific command
+  ryo shodan URL      # Discover Shodan information of a given URL
   ryo subdomain URL   # Discover subdomains of a given URL
   ryo tech URL        # Discover used technolgies of a given URL
   ryo whois URL       # Discover whois information of a given URL
 ```
 
+In order to use Shodan search, please set your Shodan API key as `SHODAN_API_KEY` environment variable.
+
+**Example:**
+
 ```sh
 # start Webrick HTTP server
 # $ ruby -rwebrick -e 'WEBrick::HTTPServer.new(:DocumentRoot => "./", :Port => 8000).start'
 $ ryo all http://localhost:8000 | jq .
+```
+
+**Output:**
+
+```json
 {
   "dir": [
-    "http://localhost:8000/.git/",
-    "http://localhost:8000/.git/branches/",
     "http://localhost:8000/.git/COMMIT_EDITMSG",
     "http://localhost:8000/.git/config",
+    "http://localhost:8000/.git/branches/",
+    "http://localhost:8000/.git/HEAD",
     "http://localhost:8000/.git/description",
     "http://localhost:8000/.git/FETCH_HEAD",
-    "http://localhost:8000/.git/HEAD",
-    "http://localhost:8000/.git/hooks/",
     "http://localhost:8000/.git/index",
-    "http://localhost:8000/.git/info/",
     "http://localhost:8000/.git/info/exclude",
+    "http://localhost:8000/.git/",
     "http://localhost:8000/.git/logs/",
+    "http://localhost:8000/.git/info/",
     "http://localhost:8000/.git/logs/HEAD",
+    "http://localhost:8000/.git/hooks/",
     "http://localhost:8000/.git/logs/refs/heads/master",
     "http://localhost:8000/.git/logs/refs/remotes/origin/HEAD",
-    "http://localhost:8000/.git/objects/",
+    "http://localhost:8000/.git/logs/refs/remotes/origin/master",
     "http://localhost:8000/.git/packed-refs",
     "http://localhost:8000/.git/refs/",
     "http://localhost:8000/.git/refs/heads/master",
     "http://localhost:8000/.git/refs/remotes/origin/HEAD",
+    "http://localhost:8000/.git/refs/remotes/origin/master",
     "http://localhost:8000/.gitignore",
     "http://localhost:8000/.gitignore/",
+    "http://localhost:8000/.git/objects/",
     "http://localhost:8000/.travis.yml",
-    "http://localhost:8000/Bin/",
     "http://localhost:8000/bin/",
+    "http://localhost:8000/Bin/",
     "http://localhost:8000/Gemfile",
     "http://localhost:8000/Gemfile.lock",
     "http://localhost:8000/LICENSE",
     "http://localhost:8000/Rakefile",
-    "http://localhost:8000/README.md",
-    "http://localhost:8000/readme.md"
+    "http://localhost:8000/readme.md",
+    "http://localhost:8000/README.md"
   ],
+  "dns": {
+    "A": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 1
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 34709,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090700 1800 900 604800 86400"
+        }
+      ]
+    },
+    "AAAA": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 28
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 27096,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090700 1800 900 604800 86400"
+        }
+      ]
+    },
+    "CNAME": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 5
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 44332,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090700 1800 900 604800 86400"
+        }
+      ]
+    },
+    "MX": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 15
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 86026,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090702 1800 900 604800 86400"
+        }
+      ]
+    },
+    "NS": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 2
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 12268,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090601 1800 900 604800 86400"
+        }
+      ]
+    },
+    "SOA": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 6
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 7174,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090601 1800 900 604800 86400"
+        }
+      ]
+    },
+    "TXT": {
+      "Status": 3,
+      "TC": false,
+      "RD": true,
+      "RA": true,
+      "AD": true,
+      "CD": false,
+      "Question": [
+        {
+          "name": "localhost.",
+          "type": 16
+        }
+      ],
+      "Authority": [
+        {
+          "name": ".",
+          "type": 6,
+          "TTL": 36307,
+          "data": "a.root-servers.net. nstld.verisign-grs.com. 2018090601 1800 900 604800 86400"
+        }
+      ]
+    }
+  },
   "subdomain": [],
   "tech": {
     "HTTPServer": [

data/lib/ryo.rb

@@ -19,6 +19,8 @@ module Ryo
 
     h = {}
     h[:dir] = Plugin::Dir.discover(target.uri) if options[:dir] || options[:all]
+    h[:dns] = Plugin::DNS.discover(target.domain) if options[:dns] || options[:all]
+    h[:shodan] = Plugin::Shodan.discover(target.ip) if options[:shodan] || options[:all]
     h[:subdomain] = Plugin::Subdomain.discover(target.fld) if options[:subdomain] || options[:all]
     h[:tech] = Plugin::Tech.discover(target.uri) if options[:tech] || options[:all]
     h[:whois] = Plugin::Whois.discover(target.domain) if options[:whois] || options[:all]

data/lib/ryo/cli.rb

@@ -8,6 +8,18 @@ module Ryo
       puts hash.to_json
     end
 
+    desc "dns URL", "Discover DNS records of a given URL"
+    def dns(url)
+      hash = run_discovery(url, dns: true)
+      puts hash.to_json
+    end
+
+    desc "shodan URL", "Discover Shodan information of a given URL"
+    def shodan(url)
+      hash = run_discovery(url, shodan: true)
+      puts hash.to_json
+    end
+
     desc "subdomain URL", "Discover subdomains of a given URL"
     def subdomain(url)
       hash = run_discovery(url, subdomain: true)
@@ -28,6 +40,7 @@ module Ryo
 
     desc "discover URL", "Run discovery plugin(s) against a given URL"
     method_option :dir, type: :boolean, default: false
+    method_option :shodan, type: :boolean, default: false
     method_option :subdomain, type: :boolean, default: false
     method_option :tech, type: :boolean, default: false
     method_option :whois, type: :boolean, default: false

data/lib/ryo/plugin.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 require_relative "./plugin/dir"
+require_relative "./plugin/dns"
+require_relative "./plugin/shodan"
 require_relative "./plugin/subdomain"
 require_relative "./plugin/tech"
 require_relative "./plugin/whois"

data/lib/ryo/plugin/dns.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Ryo
+  module Plugin
+    class DNS
+      TYPES = %w(A AAAA CNAME MX NS SOA TXT).freeze
+
+      attr_reader :domain
+      def initialize(domain)
+        @domain = domain
+      end
+
+      def endpoint
+        "https://dns.google.com/resolve"
+      end
+
+      def fetch_body(params)
+        res = Client.http.get(endpoint, params: params)
+        res.body.to_s
+      end
+
+      def dig(type)
+        params = { name: domain, type: type }
+        body = fetch_body(params)
+        JSON.parse(body)
+      end
+
+      def discover
+        h = {}
+        TYPES.each do |type|
+          h[type] = dig(type)
+        end
+        h
+      end
+
+      def self.discover(domain)
+        new(domain).discover
+      end
+    end
+  end
+end

data/lib/ryo/plugin/shodan.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require "shodanz"
+
+module Ryo
+  module Plugin
+    class Shodan
+      attr_reader :client
+      def initialize
+        raise ArgumentError, "Please set your Shodan API key via ENV['SHODAN_API_KEY']" unless ENV["SHODAN_API_KEY"]
+        @client = Shodanz.client.new
+      end
+
+      def discover(ip)
+        ip == "N/A" ? { error: "Invalid IP" } : client.rest_api.host(ip)
+      end
+
+      def self.discover(ip)
+        begin
+          new.discover(ip)
+        rescue ArgumentError => e
+          { error: e.to_s }
+        end
+      end
+    end
+  end
+end

data/lib/ryo/target.rb

@@ -25,6 +25,13 @@ module Ryo
       end
     end
 
+    def ip
+      @ip ||= String.new.tap do |out|
+        h = Plugin::DNS.new(domain).dig("A")
+        out << (h.dig("Answer")&.first&.dig("data") || "N/A")
+      end
+    end
+
     private
 
     def tlds

data/lib/ryo/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Ryo
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/ryo.gemspec

@@ -26,6 +26,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "coveralls", "~> 0.8"
+  spec.add_development_dependency "dotenv", "~> 2.5"
   spec.add_development_dependency "glint", "~> 0.1"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"
@@ -34,6 +35,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "http", "~> 3.3"
   spec.add_dependency "oga", "~> 2.15"
+  spec.add_dependency "shodanz", "~> 1.0"
   spec.add_dependency "simple_whatweb", "~> 0.2"
   spec.add_dependency "thor", "~> 0.19"
   spec.add_dependency "thread", "~> 0.2.2"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ryo
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-09-07 00:00:00.000000000 Z
+date: 2018-09-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
 - !ruby/object:Gem::Dependency
   name: glint
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +150,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.15'
+- !ruby/object:Gem::Dependency
+  name: shodanz
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: simple_whatweb
   requirement: !ruby/object:Gem::Requirement
@@ -204,6 +232,8 @@ files:
 - lib/ryo/plugin.rb
 - lib/ryo/plugin/aux/paths.txt
 - lib/ryo/plugin/dir.rb
+- lib/ryo/plugin/dns.rb
+- lib/ryo/plugin/shodan.rb
 - lib/ryo/plugin/subdomain.rb
 - lib/ryo/plugin/subdomain/base.rb
 - lib/ryo/plugin/subdomain/dnsdumpster.rb