Codebase list faraday-plugins / c19a85b faraday_plugins / plugins / repo / dnswalk / plugin.py
c19a85b

Tree @c19a85b (Download .tar.gz)

plugin.py @c19a85braw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
"""
Faraday Penetration Test IDE
Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information

"""
import re

from faraday_plugins.plugins.plugin import PluginBase

__author__ = "Francisco Amato"
__copyright__ = "Copyright (c) 2013, Infobyte LLC"
__credits__ = ["Francisco Amato"]
__license__ = ""
__version__ = "1.0.0"
__maintainer__ = "Francisco Amato"
__email__ = "[email protected]"
__status__ = "Development"


class DnswalkParser:
    """
    The objective of this class is to parse an xml file generated
    by the dnswalk tool.

    TODO: Handle errors.
    TODO: Test dnswalk output version. Handle what happens if the parser
    doesn't support it.
    TODO: Test cases.

    @param dnswalk_filepath A proper simple report generated by dnswalk
    """

    def __init__(self, output, resolve_hostName):

        lists = output.split("\n")
        self.items = []
        self.resolve_hostName = resolve_hostName

        for line in lists:
            mregex = re.search(r"WARN: ([\w\.]+) ([\w]+) ([\w\.]+):", line)
            if mregex is not None:
                item = {
                    'host': mregex.group(1),
                    'ip': mregex.group(3),
                    'type': mregex.group(2)}

                self.items.append(item)

            mregex = re.search(
                r"Getting zone transfer of ([\w\.]+) from ([\w\.]+)\.\.\.done\.",
                line)

            if mregex is not None:
                ip = self.resolve_hostname(mregex.group(2))
                item = {
                    'host': mregex.group(1),
                    'ip': ip,
                    'type': 'info'}
                self.items.append(item)


class DnswalkPlugin(PluginBase):
    """
    Example plugin to parse dnswalk output.
    """

    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
        self.id = "Dnswalk"
        self.name = "Dnswalk XML Output Plugin"
        self.plugin_version = "0.0.1"
        self.version = "2.0.2"
        self.options = None
        self._current_output = None
        self._command_regex = re.compile(
            r'^(sudo dnswalk|dnswalk|\.\/dnswalk)\s+.*?')

    def canParseCommandString(self, current_input):
        if self._command_regex.match(current_input.strip()):
            self.command = self.get_command(current_input)
            return True
        else:
            return False

    def parseOutputString(self, output):
        """
        output is the shell output of command Dnswalk.
        """
        parser = DnswalkParser(output, self.resolve_hostname)

        for item in parser.items:
            if item['type'] == "A":
                h_id = self.createAndAddHost(item['ip'], hostnames=[item['host']])
            elif item['type'] == "info":
                h_id = self.createAndAddHost(item['ip'], hostnames=[item['host']])
                s_id = self.createAndAddServiceToHost(
                    h_id,
                    "domain",
                    "tcp",
                    ports=['53'])
                self.createAndAddVulnToService(
                    h_id,
                    s_id,
                    "Zone transfer",
                    desc="A Dns server allows unrestricted zone transfers",
                    ref=["CVE-1999-0532"])

        return True


def createPlugin(*args, **kwargs):
    return DnswalkPlugin(*args, **kwargs)