From 45804e008620847b91ac92ac1db9e76eecb19484 Mon Sep 17 00:00:00 2001 From: EUcancER Date: Wed, 18 Apr 2012 23:12:18 +0200 Subject: Reaktor:add modified version of gxfr with csv support --- Reaktor/repos/gxfr/gxfr.py | 235 ++++++++++++++++++++++++++++++++++++++++++++ Reaktor/repos/gxfr/here.csv | 5 + 2 files changed, 240 insertions(+) create mode 100644 Reaktor/repos/gxfr/gxfr.py create mode 100644 Reaktor/repos/gxfr/here.csv (limited to 'Reaktor/repos') diff --git a/Reaktor/repos/gxfr/gxfr.py b/Reaktor/repos/gxfr/gxfr.py new file mode 100644 index 00000000..819f0b11 --- /dev/null +++ b/Reaktor/repos/gxfr/gxfr.py @@ -0,0 +1,235 @@ +#!/usr/bin/python -tt + +# gxfr replicates dns zone transfers by enumerating subdomains using advanced search engine queries and conducting dns lookups. +# By Tim Tomes (LaNMaSteR53) +# Available for download at http://LaNMaSteR53.com or http://code.google.com/p/gxfr/ + +import sys, os.path, urllib, urllib2, re, time, socket, random, socket + + +def help(): + print """ Syntax: ./gxfr.py domain [options] + + -h, --help this screen + -v enable verbose mode + -t [num of seconds] set number of seconds to wait between queries (default=15) + -q [max num of queries] restrict to maximum number of queries (default=0, indefinite) + --dns-lookup enable dns lookups of all subdomains + --proxy [file|ip:port|-] use a proxy or list of open proxies to send queries (@random w/list) + - [file] must consist of 1 or more ip:port pairs + - replace filename with '-' (dash) to accept stdin + --user-agent ['string'] set custom user-agent string + --timeout [seconds] set socket timeout (default=system default) + --csv [file] + + Examples: + $ ./gxfr.py foxnews.com --dns-lookup -v + $ ./gxfr.py foxnews.com --dns-lookup --proxy open_proxies.txt --timeout 10 + $ ./gxfr.py foxnews.com --dns-lookup -t 5 -q 5 -v --proxy 127.0.0.1:8080 + $ curl http://rmccurdy.com/scripts/proxy/good.txt | ./gxfr.py website.com -v -t 3 --proxy - + """ + sys.exit(2) + +if len(sys.argv) < 2: + help() + +if '-h' in sys.argv or '--help' in sys.argv: + help() + +# declare vars and process arguments +query_cnt = 0 +csvname = False +domain = sys.argv[1] +sys.argv = sys.argv[2:] +lookup = False +encrypt = True +base_url = 'https://www.google.com' +base_uri = '/m/search?' +base_query = 'site:' + domain +pattern = '>([\.\w-]*)\.%s.+?<' % (domain) +proxy = False +user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)' +verbose = False +secs = 15 +max_queries = 10 # default = 10 queries +# process command line arguments +if len(sys.argv) > 0: + if '--dns-lookup' in sys.argv: + lookup = True + if '--csv' in sys.argv: + csvname = sys.argv[sys.argv.index('--csv') + 1] + if '--proxy' in sys.argv: + proxy = True + filename = sys.argv[sys.argv.index('--proxy') + 1] + if filename == '-': + proxies = sys.stdin.read().split() + elif os.path.exists(filename): + content = open(filename).read() + proxies = re.findall('\d+\.\d+\.\d+\.\d+:\d+', content) + elif re.match(r'^\d+\.\d+\.\d+\.\d+:\d+$', filename): + proxies = [filename] + else: + help() + if '--timeout' in sys.argv: + timeout = int(sys.argv[sys.argv.index('--timeout') + 1]) + socket.setdefaulttimeout(timeout) + if '--user-agent' in sys.argv: + user_agent = sys.argv[sys.argv.index('--user-agent') + 1] + if '-v' in sys.argv: + verbose = True + if '-t' in sys.argv: + secs = int(sys.argv[sys.argv.index('-t') + 1]) + if '-q' in sys.argv: + max_queries = int(sys.argv[sys.argv.index('-q') + 1]) +subs = [] +new = True +page = 0 + +# --begin-- +print '[-] domain:', domain +print '[-] user-agent:', user_agent +# execute search engine queries and scrape results storing subdomains in a list +print '[-] querying search engine, please wait...' +# loop until no new subdomains are found +while new == True: + try: + query = '' + # build query based on results of previous results + for sub in subs: + query += ' -site:%s.%s' % (sub, domain) + full_query = base_query + query + start_param = '&start=%s' % (str(page*10)) + query_param = 'q=%s' % (urllib.quote_plus(full_query)) + if len(base_uri) + len(query_param) + len(start_param) < 2048: + last_query_param = query_param + params = query_param + start_param + else: + params = last_query_param[:2047-len(start_param)-len(base_uri)] + start_param + full_url = base_url + base_uri + params + # note: query character limit is passive in mobile, but seems to be ~794 + # note: query character limit seems to be 852 for desktop queries + # note: typical URI max length is 2048 (starts after top level domain) + if verbose: print '[+] using query: %s...' % (full_url) + # build web request and submit query + request = urllib2.Request(full_url) + # spoof user-agent string + request.add_header('User-Agent', user_agent) + # if proxy is enabled, use the correct handler + if proxy == True: + # validate proxies at runtime + while True: + try: + # select a proxy from list at random + num = random.randint(0,len(proxies)-1) + host = proxies[num] + opener = urllib2.build_opener(urllib2.ProxyHandler({'http': host})) + if verbose: print '[+] sending query to', host + # send query to proxy server + result = opener.open(request).read() + # exit while loop if successful + break + except Exception as inst: + print '[!] %s failed: %s' % (host, inst) + if len(proxies) == 1: + # exit of no proxy servers from list are valid + print '[-] valid proxy server not found' + sys.exit(2) + else: + # remove host from list of proxies and try again + del proxies[num] + else: + opener = urllib2.build_opener(urllib2.HTTPHandler(), urllib2.HTTPSHandler()) + # send query to search engine + try: + result = opener.open(request).read() + except Exception as inst: + print '[!] {0}'.format(inst) + if str(inst).index('503') != -1: print '[!] possible shun: use --proxy or find something else to do for 24 hours :)' + sys.exit(2) + if not verbose: sys.stdout.write('.'); sys.stdout.flush() + #if not verbose: sys.stdout.write('\n'); sys.stdout.flush() + # iterate query count + query_cnt += 1 + sites = re.findall(pattern, result) + # create a uniq list + sites = list(set(sites)) + new = False + # add subdomain to list if not already exists + for site in sites: + if site not in subs: + if verbose: print '[!] subdomain found:', site + subs.append(site) + new = True + # exit if maximum number of queries has been made + if query_cnt == max_queries: + print '[-] maximum number of queries made...' + break + # start going through all pages if querysize is maxed out + if new == False: + # exit if all subdomains have been found + if not 'Next page' in result: + #import pdb; pdb.set_trace() # curl to stdin breaks pdb + print '[-] all available subdomains found...' + break + else: + page += 1 + new = True + if verbose: print '[+] no new subdomains found on page. jumping to result %d.' % (page*10) + # sleep script to avoid lock-out + if verbose: print '[+] sleeping to avoid lock-out...' + time.sleep(secs) + except KeyboardInterrupt: + # catch keyboard interrupt and gracefull complete script + break + +# print list of subdomains +print '[-] successful queries made:', str(query_cnt) +if verbose: + # rebuild and display final query if in verbose mode + #final_query = '' + #for sub in subs: + # final_query += '+-site:%s.%s' % (sub, domain) + #print '[+] final query string: %sstart=%s&%s%s' % (base_url, str(page*10), base_query, query) + print '[+] final query string: %s' % (full_url) +print ' ' +print '[subdomains] -', str(len(subs)) +csvwriter = False +try: + if csvname: + import csv + csvwriter = csv.writer(open(csvname,'wb')) +except: + print "[!] Cannot open CSV" +for sub in subs: + dom = '%s.%s' % (sub, domain ) + hostname,aliases,ips = socket.gethostbyname_ex(dom) + #print hostname,aliases,ip + print dom,",".join(ips) + try: + line = [dom] + ips + csvwriter.writerow([dom] + ips) + except: pass + + +# conduct dns lookup if argument is present +if lookup == True: + print ' ' + print '[-] querying dns, please wait...' + dict = {} + # create a dictionary where the subdomain is the key and a list of all associated ips is the value + for sub in subs: + sub = '%s.%s' % (sub, domain) + if verbose: print '[+] querying dns for %s...' % (sub) + # dns query and dictionary assignment + try: + dict[sub] = list(set([item[4][0] for item in socket.getaddrinfo(sub, 80)])) + except socket.gaierror: + # dns lookup failure + dict[sub] = list(set(['no entry'])) + # print table of subdomains and ips + print ' ' + print '[ip]'.ljust(16, ' ') + '[subdomain]' + for key in dict.keys(): + for ip in dict[key]: + print ip.ljust(16, ' ') + key +# --end-- diff --git a/Reaktor/repos/gxfr/here.csv b/Reaktor/repos/gxfr/here.csv new file mode 100644 index 00000000..95faaa9c --- /dev/null +++ b/Reaktor/repos/gxfr/here.csv @@ -0,0 +1,5 @@ +mobile.foxnews.com,72.5.158.94 +video.foxnews.com,2.20.180.43,2.20.180.96 +www.foxnews.com,2.20.180.96,2.20.180.34 +latino.foxnews.com,2.20.180.72,2.20.180.26 +ureport.foxnews.com,69.90.218.153 -- cgit v1.2.3 From 9917d1d3974cb156a434e6f3a518de3ac643163e Mon Sep 17 00:00:00 2001 From: EUcancER Date: Wed, 18 Apr 2012 23:12:52 +0200 Subject: Reaktor: pull revip into seperate folder --- Reaktor/repos/revip/revip | 48 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100755 Reaktor/repos/revip/revip (limited to 'Reaktor/repos') diff --git a/Reaktor/repos/revip/revip b/Reaktor/repos/revip/revip new file mode 100755 index 00000000..d6acd669 --- /dev/null +++ b/Reaktor/repos/revip/revip @@ -0,0 +1,48 @@ +#!/usr/bin/python +# fork from darkb0t v0.4 +# modularized and extended +import sys +import os +import json +import socket +import httplib +from urlparse import urlparse +try: + target = sys.argv[1] +except: + print "Usage: %s [target]" % sys.argv[0] + exit(0) + +print "Reverse IP Search" +print "Target: ",target +try: + hostname,aliases,ip = socket.gethostbyname_ex(target) + ip = socket.gethostbyname(target) +except: + print "Cannot resolve `%s`!" % target + exit (1) +print "IP: ",ip +sites = {target : "", hostname : ""} # make entries unique +for a in aliases: + sites[a] = "" +offset = 0 +appid = os.environ.get("BING_APPID",'7A0B8DA3E913BE5ECB4AF11C7BC398B43000DC1C') +while offset < 300: + url ="/json.aspx?AppId=%s&Query=ip:%s&Sources=Web+RelatedSearch+News+Image+Video&Version=2.2&Market=en-us&Web.Count=50&Web.Offset=%s&Web.Options=DisableQueryAlterations" % (appid, ip, offset) + conn = httplib.HTTPConnection("api.bing.net") + conn.request("GET", url) + res = conn.getresponse() + doc = json.load(res) + try: + results = doc["SearchResponse"]["Web"]["Results"] + conn.close() + for res in results: + sites[urlparse(res['Url'])[1]] = "" + offset += 50 + except: + break +print "Total: ", len(sites), " dns name(s)\n" +num = 1 +for s in sites: + print "["+str(num)+"/"+str(len(sites))+"] : "+s + num += 1 -- cgit v1.2.3 From 3c52c7895c28e7f63e27680bd7ef533b93ec37ba Mon Sep 17 00:00:00 2001 From: EUcancER Date: Wed, 18 Apr 2012 23:14:55 +0200 Subject: Reaktor: add dnsmap-0.30 --- Reaktor/repos/dnsmap/CREDITS.txt | 10 + Reaktor/repos/dnsmap/Changelog.txt | 25 + Reaktor/repos/dnsmap/Makefile | 12 + Reaktor/repos/dnsmap/README.txt | 177 + Reaktor/repos/dnsmap/TODO.txt | 13 + Reaktor/repos/dnsmap/dnsmap-bulk.sh | 19 + Reaktor/repos/dnsmap/dnsmap.c | 795 ++ Reaktor/repos/dnsmap/dnsmap.h | 1047 ++ Reaktor/repos/dnsmap/gpl-2.0.txt | 339 + Reaktor/repos/dnsmap/use_cases.txt | 10 + Reaktor/repos/dnsmap/wordlist_TLAs.txt | 17576 +++++++++++++++++++++++++++++++ 11 files changed, 20023 insertions(+) create mode 100644 Reaktor/repos/dnsmap/CREDITS.txt create mode 100644 Reaktor/repos/dnsmap/Changelog.txt create mode 100644 Reaktor/repos/dnsmap/Makefile create mode 100644 Reaktor/repos/dnsmap/README.txt create mode 100644 Reaktor/repos/dnsmap/TODO.txt create mode 100755 Reaktor/repos/dnsmap/dnsmap-bulk.sh create mode 100644 Reaktor/repos/dnsmap/dnsmap.c create mode 100644 Reaktor/repos/dnsmap/dnsmap.h create mode 100644 Reaktor/repos/dnsmap/gpl-2.0.txt create mode 100644 Reaktor/repos/dnsmap/use_cases.txt create mode 100644 Reaktor/repos/dnsmap/wordlist_TLAs.txt (limited to 'Reaktor/repos') diff --git a/Reaktor/repos/dnsmap/CREDITS.txt b/Reaktor/repos/dnsmap/CREDITS.txt new file mode 100644 index 00000000..5f197151 --- /dev/null +++ b/Reaktor/repos/dnsmap/CREDITS.txt @@ -0,0 +1,10 @@ +Main author: +pagvac (gnucitizen.org) + +Patches, bug hunting and general feedback: +Borys Lacki (www.bothunters.pl) +Philipp Winter (7c0.org) +meathive (kinqpinz.info) +David Kierznowski (withdk.com) +GNa (gnanet.net) +srl (security.research.labs@gmail.com) diff --git a/Reaktor/repos/dnsmap/Changelog.txt b/Reaktor/repos/dnsmap/Changelog.txt new file mode 100644 index 00000000..ba1b0976 --- /dev/null +++ b/Reaktor/repos/dnsmap/Changelog.txt @@ -0,0 +1,25 @@ +20/02/2010: dnsmap 0.30 released at www.gnucitizen.org +* IPv6 support +* Makefile included +* delay option (-d) added. This is useful in cases where dnsmap is killing your bandwidth +* ignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dnsmap to produce false positives +* changes made to make dnsmap compatible with OpenDNS +* disclosure of internal IP addresses (RFC 1918) are reported +* updated built-in wordlist +* included a standalone three-letter acronym (TLA) subdomains wordlist +* domains susceptible to "same site" scripting (http://snipurl.com/etbcv) are reported +* completion time is now displayed to the user +* mechanism to attempt to bruteforce wildcard-enabled domains +* unique filename containing timestamp is now created when no specific output filename is supplied by user +* various minor bugs fixed + +22/02/2009: dnsmap 0.22 released at www.gnucitizen.org +* saving the results in human-readable and CSV format for easy processing +* fixed bug that disallowed reading wordlists with DOS CRLF format +* improved built-in subdomains wordlist +* new bash script (dnsmap-bulk.sh) included which allows running dnsmap against a list of domains from a user-supplied file. i.e.: bruteforcing several domains in a bulk fashion +* bypassing of signature-based dnsmap detection by generating a proper pseudo-random subdomain when checking for wildcards + +17/08/2006: dnsmap 0.1 (first public version) released at foro.elhacker.net +* bruteforcing based on builtin list and user-supplied wordlist +* obtain all available A records for each bruteforced (sub)domain (rather than only one) diff --git a/Reaktor/repos/dnsmap/Makefile b/Reaktor/repos/dnsmap/Makefile new file mode 100644 index 00000000..2393d374 --- /dev/null +++ b/Reaktor/repos/dnsmap/Makefile @@ -0,0 +1,12 @@ +CC=gcc +CFLAGS=-I. +BINDIR=/usr/local/bin + +dnsmap: dnsmap.c dnsmap.h + $(CC) $(CFLAGS) -o dnsmap dnsmap.c + +install: dnsmap + mkdir -p $(DESTDIR)$(BINDIR) + install -m 0755 dnsmap $(DESTDIR)$(BINDIR) + install -m 0755 dnsmap-bulk.sh $(DESTDIR)$(BINDIR)/dnsmap-bulk + diff --git a/Reaktor/repos/dnsmap/README.txt b/Reaktor/repos/dnsmap/README.txt new file mode 100644 index 00000000..beab0f21 --- /dev/null +++ b/Reaktor/repos/dnsmap/README.txt @@ -0,0 +1,177 @@ +INTRODUCTION + +dnsmap was originally released back in 2006 and was inspired by the +fictional story "The Thief No One Saw" by Paul Craig, which can be found +in the book "Stealing the Network - How to 0wn the Box" + +dnsmap is mainly meant to be used by pentesters during the information +gathering/enumeration phase of infrastructure security assessments. During the +enumeration stage, the security consultant would typically discover the target +company's IP netblocks, domain names, phone numbers, etc ... + +Subdomain brute-forcing is another technique that should be used in the +enumeration stage, as it's especially useful when other domain enumeration +techniques such as zone transfers don't work (I rarely see zone transfers +being *publicly* allowed these days by the way). + +If you are interested in researching stealth computer intrusion techniques, +I suggest reading this excellent (and fun) chapter which you can find for +*free* on the web: + +http://www.ethicalhacker.net/content/view/45/2/ + +I'm happy to say that dnsmap was included in Backtrack 2, 3 and 4 and has +been reviewed by the community: + +http://backtrack.offensive-security.com/index.php?title=Tools +http://www.networkworld.com/community/node/57543 +http://www.linuxhaxor.net/2007/07/14/backtrack-2-information-gathering-all-dnsmap/ +http://www.darknet.org.uk/2009/03/dnsmap-022-released-subdomain-bruteforcing-tool/ +http://www.gnucitizen.org/blog/new-version-of-dnsmap-out/ + + +COMPILING + +Compiling should be straightforward: + +$ make + +Or: + +$ gcc -Wall dnsmap.c -o dnsmap + + +INSTALLATION + +Example of manual installation: + +# cp ./dnsmap /usr/local/bin/dnsmap + +If you wish to bruteforce several target domains in bulk fashion, you can use the +included dnsmap-bulk.sh script. Just copy the script to /usr/local/bin/ so you can +call it from any location. e.g.: + +# cp ./dnsmap-bulk.sh /usr/local/bin/ + +And set execute permissions. e.g.: + +# chmod ugo+x /usr/local/bin/dnsmap-bulk.sh + + +LIMITATIONS + +Lack of multi-threading. This speed issue will hopefully be resolved in future versions. + + +FUN THINGS THAT CAN HAPPEN + +1. Finding interesting remote access servers (e.g.: https://extranet.targetdomain.com) + +2. Finding badly configured and/or unpatched servers (e.g.: test.targetdomain.com) + +3. Finding new domain names which will allow you to map non-obvious/hard-to-find netblocks + of your target organization (registry lookups - aka whois is your friend) + +4. Sometimes you find that some bruteforced subdomains resolve to internal IP addresses + (RFC 1918). This is great as sometimes they are real up-to-date "A" records which means + that it *is* possible to enumerate internal servers of a target organization from the + Internet by only using standard DNS resolving (as oppossed to zone transfers for instance). + +5. Discover embedded devices configured using Dynamic DNS services (e.g.: linksys-cam.com). + This method is an alternative to finding devices via Google hacking techniques + +USAGE + +Bruteforcing can be done either with dnsmap's built-in wordlist or a user-supplied wordlist. +Results can be saved in CSV and human-readable format for further processing. dnsmap does +NOT require root privileges to be run, and should NOT be run with such privileges for +security reasons. + +The usage syntax can be obtained by simply running dnsmap without any parameters: + +$ ./dnsmap + +dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org) + +usage: dnsmap [options] +options: +-w +-r +-c +-d +-i (useful if you're obtaining false positives) + +Note: delay value is a maximum random value. e.g.: if you enter 1000, each DNS request +will be delayed a *maximum* of 1 second. By default, dnsmap uses a value of 10 milliseconds +of maximum delay between DNS lookups + + +EXAMPLES +Subdomain bruteforcing using dnsmap's built-in word-list: + +$ ./dnsmap targetdomain.foo + +Subdomain bruteforcing using a user-supplied wordlist: + +$ ./dnsmap targetdomain.foo -w wordlist.txt + +Subdomain bruteforcing using the built-in wordlist and saving the results to /tmp/ : + +$ ./dnsmap targetdomain.foo -r /tmp/ + +Since no filename was provided in the previous example, but rather only a path, dnsmap would +create an unique filename which includes the current timestamp. e.g.: +/tmp/dnsmap_targetdomain_foo_2009_12_15_234953.txt + +Example of subdomain bruteforcing using the built-in wordlist, saving the results to /tmp/, +and waiting a random maximum of 3 milliseconds between each request: + +$ ./dnsmap targetdomain.foo -r /tmp/ -d 300 + +It is recommended to use the -d (delay in milliseconds) option in cases where dnsmap is +interfering with your online experience. i.e.: killing your bandwidth + +Subdomain bruteforcing with 0.8 seconds delay, saving results in regular and CSV format, +filtering 2 user-provided IP and using a user-supplied wordlist: + +$ ./dnsmap targetdomain.foo -d 800 -r /tmp/ -c /tmp/ -i 10.55.206.154,10.55.24.100 -w ./wordlist_TLAs.txt + +For bruteforcing a list of target domains in a bulk fashion use the bash script provided. e.g.: + +$ ./dnsmap-bulk.sh domains.txt /tmp/results/ + + +WORDLISTS + +http://packetstormsecurity.org/Crackers/wordlists/dictionaries/ +http://www.cotse.com/tools/wordlists1.htm +http://wordlist.sourceforge.net/ + + +OTHER SIMILAR TOOLS - choice is freedom! + +WS-DNS-BFX +http://ws.hackaholic.org/tools/WS-DNS-BFX.tgz + +DNSDigger +http://www.ernw.de/download/dnsdigger.zip + +Fierce Domain Scan +http://ha.ckers.org/fierce/ + +Desperate +http://www.sensepost.com/research_misc.html + +DNSenum +http://dnsenum.googlecode.com/files/dnsenum1.2.tar.gz + +ReverseRaider +http://complemento.sourceforge.net/ + +Knock +http://knock.gianniamato.it/ + + +-- +pagvac | GNUCITIZEN.org +Feb 2010 diff --git a/Reaktor/repos/dnsmap/TODO.txt b/Reaktor/repos/dnsmap/TODO.txt new file mode 100644 index 00000000..0df13680 --- /dev/null +++ b/Reaktor/repos/dnsmap/TODO.txt @@ -0,0 +1,13 @@ +* multi-threading - use pthread.h? +* can't handle wildcarded domains that return more than one IP address on non-existing subdomains + test domain: proboards.com +* allow using a customized list of DNS server to share network load +* allow using DNS server supplied on the command line +* for openDNS users: document how to permanently change DNS server settings so they are not overwritten by DHCP settings +* convert hostent structs to addrinfo ? +* replace inet_ntoa(*((struct in_addr *)host->h_addr_list[j])) with ipstr +* obtain aliases for each domain (CNAME records)? +* clever numerical domain bruteforce for clusters. i.e.: www2, www3 +* pickup new subdomains via reverse lookups (PTR records) +* better input validation + * improve function that validates target domain diff --git a/Reaktor/repos/dnsmap/dnsmap-bulk.sh b/Reaktor/repos/dnsmap/dnsmap-bulk.sh new file mode 100755 index 00000000..574aba22 --- /dev/null +++ b/Reaktor/repos/dnsmap/dnsmap-bulk.sh @@ -0,0 +1,19 @@ +#!/bin/bash +if [[ $# -ne 1 && $# -ne 2 ]] +then + echo "usage: `basename $0` [results-path]"; + echo "e.g.:"; + echo "`basename $0` domains.txt"; + echo "`basename $0` domains.txt /tmp/"; + exit +fi +for i in `cat $1` +do + if [[ $# -eq 1 ]] + then + dnsmap $i + elif [[ $# -eq 2 ]] + then + dnsmap $i -r $2 + fi +done diff --git a/Reaktor/repos/dnsmap/dnsmap.c b/Reaktor/repos/dnsmap/dnsmap.c new file mode 100644 index 00000000..5276e305 --- /dev/null +++ b/Reaktor/repos/dnsmap/dnsmap.c @@ -0,0 +1,795 @@ +/* + * ** dnsmap - DNS Network Mapper by pagvac + * ** Copyright (C) 2010 gnucitizen.org + * ** + * ** This program is free software; you can redistribute it and/or modify + * ** it under the terms of the GNU General Public License as published by + * ** the Free Software Foundation; either version 2 of the License, or + * ** (at your option) any later version. + * ** + * ** This program is distributed in the hope that it will be useful, + * ** but WITHOUT ANY WARRANTY; without even the implied warranty of + * ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * ** GNU General Public License for more details. + * ** + * ** You should have received a copy of the GNU General Public License + * ** along with this program; if not, write to the Free Software + * ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "dnsmap.h" // built-in subdomains list and define macros + + +// function prototypes +unsigned short int wildcarDetect(char *, char *); +unsigned short int dodelay(unsigned short int); +unsigned short int isPrivateIP(char *); +unsigned short int isValidDomain(char *); +unsigned short int usesOpenDNS(char *); +unsigned short int isIPblacklisted(char *); + +int main(int argc, char *argv[]) { + + unsigned short int i=0, j=0, k=0, l=0, found=0, ipCount=0, filtIPcount=0, milliseconds=10, intIPcount=0, + wordlist=FALSE, txtResults=FALSE, csvResults=FALSE, + delay=TRUE, filter=FALSE; + unsigned long int start=0, end=0; + char dom[MAXSTRSIZE]={'\0'}, csvResultsFilename[MAXSTRSIZE]={'\0'}, + txtResultsFilename[MAXSTRSIZE]={'\0'}, wordlistFilename[MAXSTRSIZE]={'\0'}, + ipstr[INET_ADDRSTRLEN]={'\0'}, wildcardIpStr[INET_ADDRSTRLEN]={'\0'}, + filterIPs[5][INET_ADDRSTRLEN]={{'\0'}}, + invalidTldIpstr[INET_ADDRSTRLEN]={'\0'}; + void *addr; + char *ipver, *strP; + + struct hostent *h; + // start of IPv6 stuff + struct addrinfo hints, *res, *p; + int status; + char ipv6str[INET6_ADDRSTRLEN]; + memset(&hints, 0, sizeof hints); + hints.ai_family = AF_INET6; // AF_INET or AF_INET6 to force version + hints.ai_socktype = SOCK_STREAM; + // end of IPv6 stuff + + FILE *fpWords,*fpCsvLogs,*fpTxtLogs; + + time_t now; + struct tm *ts; + char timestampBuf[18]; + + printf("%s", BANNER); + + // get the current time + now = time(NULL); + + // timestamp format: yyyy_mm_dd_hhmmss + ts = localtime(&now); + strftime(timestampBuf, sizeof(timestampBuf), "%Y_%m_%d_%H%M%S", ts); + + + // start of *primitive* input validation + // ideally more work should be spent on this! + if(argc==1) { + printf("%s%s", USAGE, EXAMPLES); + exit(1); + } + else if(argc%2==1 && argc>2) { + printf("%s%s", USAGE, EXAMPLES); + exit(1); + } + for(i=0;argv[1][i];++i) // convert domain to lower case + argv[1][i]=(tolower(argv[1][i])); + #if DEBUG + printf("domain: %s\n", argv[1]); + #endif + if(!isValidDomain(argv[1])) { + printf("%s", DOMAINERR); + exit(1); + } + + for(i=0;iMAXSTRSIZE) { + printf("%s",INPUTERR); + exit(1); + } + } + // end of simple input validation + + /* + else if ((h=gethostbyname(argv[1])) == NULL) { // get the host info + herror("gethostbyname"); + exit(1); + } + */ + + start=(int)time(NULL); + + #if DEBUG + printf("start time: %d\n", (int)start); + #endif + + // parse options + for(i=0;i300000) { // delay must be between 1 ms and 5 minutes + printf("%s", DELAYINPUTERR); + exit(1); + } + delay=TRUE; + milliseconds=atoi(argv[(i+1)]); + } + // filter out user-provided IP(s) + if(!strcmp(argv[i],"-i")) { + for(filtIPcount=1,j=0;argv[i+1][j]!='\0';++j) + if(argv[i+1][j]==',') + ++filtIPcount; + #if DEBUG + printf("%d IP(s) to filter found\nParsing ...\n", filtIPcount); + #endif + if(filtIPcount<=5) { + printf(FILTERMSG); + strP=strtok(argv[i+1],","); + for(j=0;strP;) { + if(strlen(strP)=1) + printf(DELAYMSG); + + printf("%s", "\n"); + for(i=0;i<(sizeof(sub)/MAXSUBSIZE);++i) { + //skipResolve=FALSE; + strncpy(dom,sub[i],MAXSTRSIZE-strlen(dom)-1); + strncat(dom,".",MAXSTRSIZE-strlen(dom)-1);//TEST + strncat(dom,argv[1],MAXSTRSIZE-strlen(dom)-1); + #if DEBUG + printf("brute-forced domain: %s\n",dom); + #endif + + // ipv6 code modded from www.kame.net + status = getaddrinfo(dom, NULL, &hints, &res); + if ((status=getaddrinfo(dom, NULL, &hints, &res))==0) { + printf("%s\n", dom); + ++found; + if(txtResults) + fprintf(fpTxtLogs, "%s\n", dom); + if(csvResults) + fprintf(fpCsvLogs, "%s", dom); + for(p=res,k=0;p;p=p->ai_next,++k) { + if (p->ai_family==AF_INET6) { // IPv6 + struct sockaddr_in6 *ipv6=(struct sockaddr_in6 *)p->ai_addr; + addr = &(ipv6->sin6_addr); + ipver = "IPv6"; + } + // convert the IP to a string and print it: + inet_ntop(p->ai_family, addr, ipv6str, sizeof ipv6str); + printf("%s address #%d: %s\n",ipver,k+1,ipv6str); + ++ipCount; + if(txtResults) + fprintf(fpTxtLogs,"%s address #%d: %s\n",ipver,k+1,ipv6str); + if(csvResults) + fprintf(fpCsvLogs,",%s", ipv6str); + } + printf("%s", "\n"); + if(txtResults) + fprintf(fpTxtLogs,"\n"); + if(csvResults) + fprintf(fpCsvLogs,"\n"); + freeaddrinfo(res); // free the linked list + } // end of if conditional + h=gethostbyname(dom); + //sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[0])),"%s"); + //for(j=0;h->h_addr_list[j];++j) { + // sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[j])),"%s"); + // if(isIPblacklisted(ipstr)) { + // skipResolve=TRUE; + // break; + // } + //} + //if(h && !skipResolve) { + //if(h && !isIPblacklisted(ipstr)) { + if(h && !isIPblacklisted(inet_ntoa(*((struct in_addr *)h->h_addr_list[0])))) { + for(j=0;h->h_addr_list[j];++j) { + sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[j])),"%s"); + for(k=0;kh_addr_list[j+1]) + ++j; + else + break; + } + } + // END OF TEST + //if(strcmp(wildcardIpStr,ipstr) && strcmp(filterIpStr,ipstr)) { + if(strcmp(wildcardIpStr,ipstr) && filter==FALSE) { + if(j==0) { + ++found; + printf("%s\n", dom); + + if(txtResults) + fprintf(fpTxtLogs, "%s\n", dom); + if(csvResults) + fprintf(fpCsvLogs, "%s", dom); + } + printf("[%d] %s : %s\n", j+1,dom,ipstr); + ++ipCount; + + if(isPrivateIP(ipstr)) { + //if(isPrivateIP(inet_ntoa(*((struct in_addr *)h->h_addr_list[j])))) { + printf("%s",INTIPWARN); + ++intIPcount; + } + if(!strcmp(ipstr,"127.0.0.1") && strcmp(wildcardIpStr,ipstr)) { + //if(!strcmp(inet_ntoa(*((struct in_addr *)h->h_addr_list[j])), + //"127.0.0.1")) + printf("%s",SAMESITEXSSWARN); + } + if(txtResults) { + //fprintf(fpCsvLogs,",%s", + // inet_ntoa(*((struct in_addr *)h->h_addr_list[j]))); + fprintf(fpTxtLogs,"IP address #%d: %s\n", j+1, ipstr); + if(isPrivateIP(ipstr) && strcmp(wildcardIpStr,ipstr)) + fprintf(fpTxtLogs,"%s",INTIPWARN); + if(!strcmp(ipstr,"127.0.0.1") && strcmp(wildcardIpStr,ipstr)) + fprintf(fpTxtLogs,"%s",SAMESITEXSSWARN); + } + if(csvResults && strcmp(wildcardIpStr,ipstr)) + fprintf(fpCsvLogs,",%s",ipstr); + } + } + //if(strcmp(wildcardIpStr,ipstr) && strcmp(filterIpStr,ipstr)) { + if(strcmp(wildcardIpStr,ipstr) && filter==FALSE) { + printf("%s", "\n"); + if(txtResults) + fprintf(fpTxtLogs,"%s","\n"); + if(csvResults) + fprintf(fpCsvLogs,"%s","\n"); + } + filter=FALSE; + } + // user wants delay between DNS requests? + if(delay) + dodelay(milliseconds); + } + if(txtResults) + fclose(fpTxtLogs); + if(csvResults) + fclose(fpCsvLogs); + } + + // read subdomains from wordlist file + else if(wordlist) { + // openDNS detection + if(usesOpenDNS(invalidTldIpstr)) + printf("%s",OPENDNSMSG); + + // wildcard detection + wildcarDetect(argv[1],wildcardIpStr); + if(strcmp(invalidTldIpstr,wildcardIpStr)) + printf(WILDCARDWARN); + + fpWords=fopen(wordlistFilename, "r"); + if(fpWords) { + printf(EXTERNALMSG); + if(milliseconds>=1) + printf(DELAYMSG); + printf("%s","\n"); + + while(!feof(fpWords)) { + //strncpy(dom,"",MAXSTRSIZE-strlen(dom)-1); + for(i=0;iai_next,++k) { + void *addr; + char *ipver; + if (p->ai_family==AF_INET6) { // IPv6 + struct sockaddr_in6 *ipv6=(struct sockaddr_in6 *)p->ai_addr; + addr = &(ipv6->sin6_addr); + ipver = "IPv6"; + } + // convert the IP to a string and print it: + inet_ntop(p->ai_family, addr, ipv6str, sizeof ipv6str); + printf("%s address #%d: %s\n",ipver,k+1,ipv6str); + ++ipCount; + if(txtResults) + fprintf(fpTxtLogs,"%s address #%d: %s\n",ipver,k+1,ipv6str); + if(csvResults) + fprintf(fpCsvLogs,",%s", ipv6str); + } + printf("%s", "\n"); + if(txtResults) + fprintf(fpTxtLogs,"\n"); + if(csvResults) + fprintf(fpCsvLogs,"\n"); + + freeaddrinfo(res); // free the linked list + // ipv6 code modded from www.kame.net + } // end of if conditional + + h=gethostbyname(dom); + + if(h && !isIPblacklisted(inet_ntoa(*((struct in_addr *)h->h_addr_list[0])))) { + for(j=0;h->h_addr_list[j];++j) { + sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[j])),"%s"); + //TEST + for(k=0;kh_addr_list[j+1]) + ++j; + else + break; + } + } + // END OF TEST + + //if(strcmp(wildcardIpStr,ipstr) && strcmp(filterIpStr,ipstr)) { + if(strcmp(wildcardIpStr,ipstr) && filter==FALSE) { + if(j==0) { + ++found; + printf("%s\n",dom); + + if(txtResults) { + //fprintf(fpCsvLogs,"%s",dom); + fprintf(fpTxtLogs,"%s\n",dom); + } + if(csvResults) { + //fprintf(fpCsvLogs,"%s",dom); + fprintf(fpCsvLogs,"%s",dom); + } + } + printf("IP address #%d: %s\n",j+1,ipstr); + ++ipCount; + + if(isPrivateIP(ipstr) && strcmp(wildcardIpStr,ipstr)) { + printf("%s",INTIPWARN); + ++intIPcount; + } + if(!strcmp(ipstr,"127.0.0.1") && strcmp(wildcardIpStr,ipstr)) + printf("%s",SAMESITEXSSWARN); + if(txtResults && strcmp(wildcardIpStr,ipstr)) { + fprintf(fpTxtLogs,"IP address #%d: %s\n",j+1,ipstr); + if(isPrivateIP(ipstr)) + fprintf(fpTxtLogs,"%s",INTIPWARN); + if(!strcmp(ipstr,"127.0.0.1")) + fprintf(fpTxtLogs,"%s",SAMESITEXSSWARN); + } + if(csvResults && strcmp(wildcardIpStr,ipstr)) + fprintf(fpCsvLogs,",%s",ipstr); + } + } + //if(strcmp(wildcardIpStr,ipstr) && strcmp(filterIpStr,ipstr)) { + if(strcmp(wildcardIpStr,ipstr) && filter==FALSE) { + printf("%s", "\n"); + if(txtResults) + fprintf(fpTxtLogs,"%s","\n"); + if(csvResults) + fprintf(fpCsvLogs,"%s","\n"); + } + filter=FALSE; + } + // user wants delay between DNS requests? + if(delay) + dodelay(milliseconds); + } // end while() loop + fclose(fpWords); + } + else { + printf(OPENFILEERR); + exit(1); + } + if(txtResults) + fclose(fpTxtLogs); + if(csvResults) + fclose(fpCsvLogs); + } + + printf(RESULTSMSG4); + if(intIPcount>=1) + printf(RESULTSMSG1); + + if(txtResults) + printf(RESULTSMSG2); + if(csvResults) + printf(RESULTSMSG5); + + end=(int)time(NULL); + printf(RESULTSMSG3); + + return 0; +} + +// return true if domain wildcards are enabled +unsigned short int wildcarDetect(char *dom, char *ipstr) { + char strTmp[30]={'\0'},s[MAXSTRSIZE]={'\0'}; + unsigned short int i=0,n=0,max=0; + struct hostent *h; + + srand(time(NULL)); + max=rand()%20; + // max should be between 10 and 20 + if(max<10) + max=max+(10-max); + + // generate up to random 20 digits-long subdomain + // e.g. 06312580442146732554 + + for(i=0;ih_addr_list[i];++i) { + */ + //sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[i])),"%s"); + sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[0])),"%s"); + #if DEBUG + printf("wildcard domain\'s IP address: %s\n",ipstr); + #endif + return TRUE; + } + else + return FALSE; +} + +// return number of milliseconds delayed +unsigned short int dodelay(unsigned short int maxmillisecs) { + unsigned short int n=0; + + srand(time(NULL)); + n=rand()%maxmillisecs; + ++n; + maxmillisecs=n; + #if DEBUG + printf("sleeping %d milliseconds ...\n",maxmillisecs); + #endif + usleep(maxmillisecs*1000); + + return maxmillisecs; +} + +// return true if IP addr is internal (RFC1918) +unsigned short int isPrivateIP(char *ip) { + + char classB[][8]={"172.16.","172.17.","172.18.","172.19.", + "172.20.","172.21.","172.22.","172.23.","172.24.", + "172.25.","172.26.","172.27.","172.28.","172.29.", + "172.30.","172.31."}; + + unsigned short int i=0,j=0; + size_t len = strlen(ip); + + // shortest: 0.0.0.0 - 8 chars inc \0 + // longest: 255.255.255.255 - 16 chars inc \0 + if(len<8 || len>16) + return 0; + // ip addr must have three period signs + for(i=0,j=0;i6)) // tld must be between 2-6 char. e.g. .museum, .uk + return FALSE; + + // valid domain can only contain digits, letters, dot (.) and dash symbol (-) + len = strlen(d); + for(i=0;i= '0' && d[i] <= '9') && + !(d[i] >= 'a' && d[i] <= 'z') && + !(d[i] >= 'A' && d[i] <= 'Z') && + !(d[i] >= '-' && d[i] <= '.')) + return 0; + } + + srand(time(NULL)); + max=rand()%20; + // max should be between 10 and 20 + if(max<10) + max=max+(10-max); + + // generate up to random 20 digits-long subdomain + // e.g. 06312580442146732554 + + for(i=0;ih_addr_list[j];++j) + inet_ntoa(*((struct in_addr *)h->h_addr_list[j])); + if(j>1) { + #if DEBUG + + printf("wildcard domain\'s number of IP address(es): %d" + " (this causes dnsmap to produce false positives)\n",j); + #endif + return FALSE; + } + } + + return TRUE; + +} + +// return true if IP is blacklisted, false otherwise +unsigned short int isIPblacklisted(char *ip) { + int i; + // add you own blacklisted IP addresses here if dnsmap is producing false positives. + // this could be caused by your ISP returning a captive portal search page when + // when requesting invalid domains on your browser + char ips[][INET_ADDRSTRLEN]={ + "81.200.64.50", + "67.215.66.132", + "1.2.3.4", + "0.0.0.0" // add your false positive IPs here + }; + + //for(i=0;ips[i];++i) { + for(i=0;i<(sizeof(ips)/INET_ADDRSTRLEN);++i) { + if(!strcmp(ips[i],ip)) + return TRUE; + } + + return FALSE; +} + + +// return true if usage of public DNS server is detected +// Note: right now this function only detects openDNS, but might be +// updated in the future to detect other common public DNS servers +unsigned short int usesOpenDNS(char *ipstr) { + char strTmp[30]={'\0'}, s[MAXSTRSIZE]={'\0'}, dummyLTD[4]={"xyz"}/*, ipstr[INET_ADDRSTRLEN]={'\0'}*/; + char ips[][INET_ADDRSTRLEN]={"67.215.65.132"}; + unsigned short int i=0,j=0,n=0,max=0; + struct hostent *h; + + srand(time(NULL)); + max=rand()%20; + // max should be between 10 and 20 + if(max<10) + max=max+(10-max); + + // generate up to random 20 digits-long subdomain + // e.g. 06312580442146732554 + + for(i=0;ih_addr_list[i];++i) { + sprintf(ipstr,inet_ntoa(*((struct in_addr *)h->h_addr_list[i])),"%s"); + #if DEBUG + printf("public DNS server\'s default IP address #%d: %s\n",i+1,ipstr); + #endif + for(j=0;i<(sizeof(ips)/INET_ADDRSTRLEN);++j) { + if(!strcmp(ips[i],ipstr)) + return TRUE; + } + } + return TRUE; + } + else + return FALSE; +} diff --git a/Reaktor/repos/dnsmap/dnsmap.h b/Reaktor/repos/dnsmap/dnsmap.h new file mode 100644 index 00000000..7dde6bdc --- /dev/null +++ b/Reaktor/repos/dnsmap/dnsmap.h @@ -0,0 +1,1047 @@ +/* + * ** dnsmap - DNS Network Mapper by pagvac + * ** Copyright (C) 2010 gnucitizen.org + * ** + * ** This program is free software; you can redistribute it and/or modify + * ** it under the terms of the GNU General Public License as published by + * ** the Free Software Foundation; either version 2 of the License, or + * ** (at your option) any later version. + * ** + * ** This program is distributed in the hope that it will be useful, + * ** but WITHOUT ANY WARRANTY; without even the implied warranty of + * ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * ** GNU General Public License for more details. + * ** + * ** You should have received a copy of the GNU General Public License + * ** along with this program; if not, write to the Free Software + * ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * */ + +#define MAXSUBSIZE 100 +#define MAXSTRSIZE 200 +#define BANNER "dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)\n\n" +#define USAGE "usage: dnsmap [options]\noptions:\n"\ + "-w \n-r \n-c \n"\ + "-d \n-i (useful if you're obtaining false positives)\n\n" +#define EXAMPLES "e.g.:\ndnsmap target-domain.foo\n"\ + "dnsmap target-domain.foo -w yourwordlist.txt -r /tmp/domainbf_results.txt\n"\ + "dnsmap target-fomain.foo -r /tmp/ -d 3000\n"\ + "dnsmap target-fomain.foo -r ./domainbf_results.txt\n\n" +#define INTIPWARN "[+] warning: internal IP address disclosed\n" +#define SAMESITEXSSWARN "[+] warning: domain might be vulnerable to \"same site\" scripting (http://snipurl.com/etbcv)\n" +#define WILDCARDWARN "[+] warning: domain might use wildcards. "\ + "%s will be ignored from results\n", wildcardIpStr +#define INPUTERR "[+] error: entered parameter(s) is/are too long!\n" +#define DELAYINPUTERR "[+] error: delay must be between 1 and 300000 milliseconds (5 minutes)!\n" +#define FILTIPINPUTERR "[+] error: the maxium number of IPs to filter is 5!\n" +#define DOMAINERR "[+] error: entered domain is not valid!\n" +#define CREATEFILEERR "%s\"%s\"!\n\n", "[+] error creating results file on ", argv[(i+1)] +#define OPENFILEERR "%s\"%s\"!\n\n", "[+] error opening wordlist file ", wordlistFilename +#define OPENDNSMSG "[+] openDNS detected. good! this might help with performance\n" +#define BUILTINMSG "%s%s%s\n", "[+] searching (sub)domains for ", argv[1], " using built-in wordlist" +#define EXTERNALMSG "%s%s%s%s\n", "[+] searching (sub)domains for ", argv[1], " using ", wordlistFilename +#define DELAYMSG "%s%d%s\n", "[+] using maximum random delay of ", milliseconds, " millisecond(s) between requests" +#define FILTERMSG "[+] %d provided IP address(es) will be ignored from results: %s\n", filtIPcount, argv[i+1] +#define RESULTSMSG1 "[+] %d internal IP address(es) disclosed\n", intIPcount +#define RESULTSMSG2 "[+] regular-format results can be found on %s\n", txtResultsFilename +#define RESULTSMSG3 "[+] completion time: %lu second(s)\n", end-start +#define RESULTSMSG4 "[+] %d%s%d%s\n", found, " (sub)domains and ",ipCount, " IP address(es) found" +#define RESULTSMSG5 "[+] csv-format results can be found on %s\n", csvResultsFilename +#define FALSE 0 +#define TRUE 1 +#define DEBUG 0 + +// buil-in list of subdomains +// mainly targeting English and Spanish keywords +char sub[][MAXSUBSIZE]= +{ +"a", +"aa", +"ab", +"ac", +"access", +"accounting", +"accounts", +"ad", +"admin", +"administrator", +"ae", +"af", +"ag", +"ah", +"ai", +"aix", +"aj", +"ak", +"al", +"am", +"an", +"ao", +"ap", +"apollo", +"aq", +"ar", +"archivos", +"as", +"at", +"au", +"aula", +"aulas", +"av", +"aw", +"ax", +"ay", +"ayuda", +"az", +"b", +"ba", +"backup", +"backups", +"bart", +"bb", +"bc", +"bd", +"be", +"beta", +"bf", +"bg", +"bh", +"bi", +"biblioteca", +"billing", +"bj", +"bk", +"bl", +"blackboard", +"blog", +"blogs", +"bm", +"bn", +"bo", +"bp", +"bq", +"br", +"bs", +"bsd", +"bt", +"bu", +"bv", +"bw", +"bx", +"by", +"bz", +"c", +"ca", +"carro", +"cart", +"cas", +"catalog", +"catalogo", +"catalogue", +"cb", +"cc", +"cd", +"ce", +"cf", +"cg", +"ch", +"chat", +"chimera", +"chronos", // time server? +"ci", +"citrix", +"cj", +"ck", +"cl", +"classroom", +"clientes", +"clients", +"cm", +"cn", +"co", +"connect", +"controller", +"correoweb", +"cp", +"cpanel", +"cq", +"cr", +"cs", +"csg", +"ct", +"cu", +"customers", +"cv", +"cw", +"cx", +"cy", +"cz", +"d", +"da", +"data", +"db", +"dbs", +"dc", // domain controller? +"dd", +"de", +"demo", +"demon", +"demostration", +"descargas", +"developers", +"development", +"df", +"dg", +"dh", +"di", +"diana", +"directory", +"dj", +"dk", +"dl", +"dm", +"dmz", +"dn", +"do", +"domain", +"domaincontroller", +"domain-controller", +"download", +"downloads", +"dp", +"dq", +"dr", +"ds", +"dt", +"du", +"dv", +"dw", +"dx", +"dy", +"dz", +"e", +"ea", +"eaccess", +"eb", +"ec", +"ed", +"ee", +"ef", +"eg", +"eh", +"ei", +"ej", +"ejemplo", +"ejemplos", +"ek", +"el", +"em", +"email", +"en", +"enrutador", +"eo", +"ep", +"eq", +"er", +"es", +"et", +"eu", +"ev", +"eventos", +"events", +"ew", +"ex", +"example", +"examples", +"exchange", +"extranet", +"ey", +"ez", +"f", +"fa", +"fb", +"fc", +"fd", +"fe", +"ff", +"fg", +"fh", +"fi", +"files", +"finance", +"firewall", +"fj", +"fk", +"fl", +"fm", +"fn", +"fo", +"foro", +"foros", +"forum", +"forums", +"fp", +"fq", +"fr", +"freebsd", +"fs", +"ft", +"ftp", +"ftpd", +"fu", +"fv", +"fw", +"fx", +"fy", +"fz", +"g", +"ga", +"galeria", +"gallery", +"gateway", +"gb", +"gc", +"gd", +"ge", +"gf", +"gg", +"gh", +"gi", +"gilford", +"gj", +"gk", +"gl", +"gm", +"gn", +"go", +"gp", +"gq", +"gr", +"groups", +"groupwise", +"gs", +"gt", +"gu", +"guest", +"guia", +"guide", +"gv", +"gw", +"gx", +"gy", +"gz", +"h", +"ha", +"hb", +"hc", +"hd", +"he", +"help", +"helpdesk", +"hera", +"heracles", +"hercules", +"hf", +"hg", +"hh", +"hi", +"hj", +"hk", +"hl", +"hm", +"hn", +"ho", +"home", +"homer", +"hotspot", +"hp", +"hq", +"hr", +"hs", +"ht", +"hu", +"hv", +"hw", +"hx", +"hy", +"hypernova", +"hz", +"i", +"ia", +"ib", +"ic", +"id", +"ie", +"if", +"ig", +"ih", +"ii", +"ij", +"ik", +"il", +"im", +"images", +"imail", +"imap", +"imap3", +"imap3d", +"imapd", +"imaps", +"imgs", +"imogen", +"in", +"inmuebles", +"internal", +"interno", +"intranet", +"io", +"ip", +"ip6", +"ipsec", +"ipv6", +"iq", +"ir", +"irc", +"ircd", +"is", +"isa", //ISA proxy? +"it", +"iu", +"iv", +"iw", +"ix", +"iy", +"iz", +"j", +"ja", +"jabber", +"jb", +"jc", +"jd", +"je", +"jf", +"jg", +"jh", +"ji", +"jj", +"jk", +"jl", +"jm", +"jn", +"jo", +"jp", +"jq", +"jr", +"js", +"jt", +"ju", +"jupiter", +"jv", +"jw", +"jx", +"jy", +"jz", +"k", +"ka", +"kb", +"kc", +"kd", +"ke", +"kf", +"kg", +"kh", +"ki", +"kj", +"kk", +"kl", +"km", +"kn", +"ko", +"kp", +"kq", +"kr", +"ks", +"kt", +"ku", +"kv", +"kw", +"kx", +"ky", +"kz", +"l", +"la", +"lab", +"laboratories", +"laboratorio", +"laboratory", +"labs", +"lb", +"lc", +"ld", +"le", +"lf", +"lg", +"lh", +"li", +"library", +"linux", +"lisa", +"lj", +"lk", +"ll", +"lm", +"ln", +"lo", +"localhost", +"log", +"login", +"logon", +"logs", +"lp", +"lq", +"lr", +"ls", +"lt", +"lu", +"lv", +"lw", +"lx", +"ly", +"lz", +"m", +"ma", +"mail", +"mailgate", +"manager", +"marketing", +"mb", +"mc", +"md", +"me", +"media", +"member", +"members", +"mercury", // MX server? +"meta", +"meta01", +"meta02", +"meta03", +"meta1", +"meta2", +"meta3", +"mf", +"mg", +"mh", +"mi", +"miembros", +"minerva", +"mj", +"mk", +"ml", +"mm", +"mn", +"mo", +"mob", +"mobile", +"moodle", +"movil", +"mp", +"mq", +"mr", +"ms", +"mssql", +"mt", +"mu", +"mv", +"mw", +"mx", +"mx0", +"mx01", +"mx02", +"mx03", +"mx1", +"mx2", +"mx3", +"my", +"mysql", +"mz", +"n", +"na", +"nb", +"nc", +"nd", +"ne", +"nelson", +"neon", +"net", +"netmail", +"news", +"nf", +"ng", +"nh", +"ni", +"nj", +"nk", +"nl", +"nm", +"nn", +"no", +"novell", +"np", +"nq", +"nr", +"ns", +"ns0", +"ns01", +"ns02", +"ns03", +"ns1", +"ns2", +"ns3", +"nt", +"ntp", +"nu", +"nv", +"nw", +"nx", +"ny", +"nz", +"o", +"oa", +"ob", +"oc", +"od", +"oe", +"of", +"og", +"oh", +"oi", +"oj", +"ok", +"ol", +"om", +"on", +"online", +"oo", +"op", +"oq", +"or", +"ora", +"oracle", +"os", +"osx", +"ot", +"ou", +"ov", +"ow", +"owa", +"ox", +"oy", +"oz", +"p", +"pa", +"partners", +"pb", +"pc", +"pcanywhere", +"pd", +"pe", +"pegasus", +"pendrell", +"personal", +"pf", +"pg", +"ph", +"photo", +"photos", +"pi", +"pj", +"pk", +"pl", +"pm", +"pn", +"po", +"pop", +"pop3", +"portal", +"postgresql", +"postman", +"postmaster", +"pp", // preprod? +"ppp", +"pq", +"pr", +"preprod", +"pre-prod", +"private", +"prod", +"proxy", +"prueba", +"pruebas", +"ps", +"pt", +"pu", +"pub", +"public", +"pv", +"pw", +"px", +"py", +"pz", +"q", +"qa", +"qb", +"qc", +"qd", +"qe", +"qf", +"qg", +"qh", +"qi", +"qj", +"qk", +"ql", +"qm", +"qn", +"qo", +"qp", +"qq", +"qr", +"qs", +"qt", +"qu", +"qv", +"qw", +"qx", +"qy", +"qz", +"r", +"ra", +"ras", +"rb", +"rc", +"rd", +"re", +"remote", +"reports", +"research", +"restricted", +"rf", +"rg", +"rh", +"ri", +"rj", +"rk", +"rl", +"rm", +"rn", +"ro", +"robinhood", +"router", +"rp", +"rq", +"rr", +"rs", +"rt", +"rtr", +"ru", +"rv", +"rw", +"rx", +"ry", +"rz", +"s", +"sa", +"sales", +"sample", +"samples", +"sandbox", +"sb", +"sc", +"sd", +"se", +"search", +"secure", +"seguro", +"server", +"services", +"servicios", +"servidor", +"sf", +"sg", +"sh", +"sharepoint", +"shop", +"shopping", +"si", +"sj", +"sk", +"sl", +"sm", +"sms", +"smtp", +"sn", +"so", +"socios", +"solaris", +"soporte", +"sp", // sharepoint? +"sq", +"sql", +"squirrel", +"squirrelmail", +"sr", +"ss", +"ssh", +"st", +"staff", +"staging", +"stats", +"su", +"sun", +"support", +"sv", +"sw", +"sx", +"sy", +"sz", +"t", +"ta", +"tb", +"tc", +"td", +"te", +"test", +"tf", +"tftp", +"tg", +"th", +"ti", +"tienda", +"tj", +"tk", +"tl", +"tm", +"tn", +"to", +"tp", +"tq", +"tr", +"ts", +"tt", +"tu", +"tunnel", +"tv", +"tw", +"tx", +"ty", +"tz", +"u", +"ua", +"uat", +"ub", +"uc", +"ud", +"ue", +"uf", +"ug", +"uh", +"ui", +"uj", +"uk", +"ul", +"um", +"un", +"unix", +"uo", +"up", +"upload", +"uploads", +"uq", +"ur", +"us", +"ut", +"uu", +"uv", +"uw", +"ux", +"uy", +"uz", +"v", +"va", +"vb", +"vc", +"vd", +"ve", +"ventas", +"vf", +"vg", +"vh", +"vi", +"virtual", +"vista", +"vj", +"vk", +"vl", +"vm", +"vn", +"vnc", +"vo", +"vp", +"vpn", +"vpn1", +"vpn2", +"vpn3", +"vq", +"vr", +"vs", +"vt", +"vu", +"vv", +"vw", +"vx", +"vy", +"vz", +"w", +"wa", +"wap", +"wb", +"wc", +"wd", +"we", +"web", +"web0", +"web01", +"web02", +"web03", +"web1", +"web2", +"web3", +"webadmin", +"webct", +"weblog", +"webmail", +"webmaster", +"webmin", +"wf", +"wg", +"wh", +"wi", +"win", +"windows", +"wj", +"wk", +"wl", +"wm", +"wn", +"wo", +"wp", +"wq", +"wr", +"ws", +"wt", +"wu", +"wv", +"ww", +"ww0", +"ww01", +"ww02", +"ww03", +"ww1", +"ww2", +"ww3", +"www", +"www0", +"www01", +"www02", +"www03", +"www1", +"www2", +"www3", +"wx", +"wy", +"wz", +"x", +"xa", +"xanthus", +"xb", +"xc", +"xd", +"xe", +"xf", +"xg", +"xh", +"xi", +"xj", +"xk", +"xl", +"xm", +"xn", +"xo", +"xp", +"xq", +"xr", +"xs", +"xt", +"xu", +"xv", +"xw", +"xx", +"xy", +"xz", +"y", +"ya", +"yb", +"yc", +"yd", +"ye", +"yf", +"yg", +"yh", +"yi", +"yj", +"yk", +"yl", +"ym", +"yn", +"yo", +"yp", +"yq", +"yr", +"ys", +"yt", +"yu", +"yv", +"yw", +"yx", +"yy", +"yz", +"z", +"za", +"zb", +"zc", +"zd", +"ze", +"zeus", +"zf", +"zg", +"zh", +"zi", +"zj", +"zk", +"zl", +"zm", +"zn", +"zo", +"zp", +"zq", +"zr", +"zs", +"zt", +"zu", +"zv", +"zw", +"zx", +"zy", +"zz" +}; diff --git a/Reaktor/repos/dnsmap/gpl-2.0.txt b/Reaktor/repos/dnsmap/gpl-2.0.txt new file mode 100644 index 00000000..d511905c --- /dev/null +++ b/Reaktor/repos/dnsmap/gpl-2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You