Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add asn input #249

Merged
merged 10 commits into from
Oct 19, 2022
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ FILTER:

PROBE:
-cdn display cdn name
-asn display host asn information

RATE-LIMIT:
-t, -threads int number of concurrent threads to use (default 100)
Expand Down Expand Up @@ -217,6 +218,17 @@ mta-sts.hackerone.com [hacker0x01.github.io]
mta-sts.forwarding.hackerone.com [hacker0x01.github.io]
events.hackerone.com [whitelabel.bigmarker.com]
```
Extract **ASN** records for the given list of subdomains:
```console
subfinder -silent -d hackerone.com | dnsx -silent -asn

b.ns.hackerone.com [AS13335, CLOUDFLARENET, US]
a.ns.hackerone.com [AS13335, CLOUDFLARENET, US]
hackerone.com [AS13335, CLOUDFLARENET, US]
www.hackerone.com [AS13335, CLOUDFLARENET, US]
api.hackerone.com [AS13335, CLOUDFLARENET, US]
support.hackerone.com [AS13335, CLOUDFLARENET, US]
```

Probe using [dns status code](https://github.com/projectdiscovery/dnsx/wiki/RCODE-ID-VALUE-Mapping) on given list of (sub)domains:

Expand Down Expand Up @@ -252,6 +264,21 @@ slc-a-origin-pointofsale.paypal.com
fpdbs.paypal.com
```

Extract subdomains from given ASN using `PTR` query:
```console
echo AS17012 | dnsx -silent -resp-only -ptr

apiagw-a.paypal.com
notify.paypal.com
adnormserv-slc-a.paypal.com
a.sandbox.paypal.com
apps2.paypal-labs.com
pilot-payflowpro.paypal.com
www.paypallabs.com
paypal-portal.com
micropayments.paypal-labs.com
minicart.paypal-labs.com
```
---------

### DNS Bruteforce
Expand Down
4 changes: 4 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ require (
github.com/logrusorgru/aurora v2.0.3+incompatible
github.com/miekg/dns v1.1.50
github.com/pkg/errors v0.9.1
github.com/projectdiscovery/asnmap v0.0.1
github.com/projectdiscovery/cdncheck v0.0.3
github.com/projectdiscovery/clistats v0.0.8
github.com/projectdiscovery/fileutil v0.0.1
Expand All @@ -18,6 +19,7 @@ require (
github.com/projectdiscovery/ratelimit v0.0.0-20221004232058-7b82379157fa
github.com/projectdiscovery/retryabledns v1.0.15
github.com/rs/xid v1.4.0
github.com/stretchr/testify v1.8.0
)

require (
Expand All @@ -34,6 +36,7 @@ require (
github.com/cockroachdb/pebble v0.0.0-20210728210723-48179f1d4dae // indirect
github.com/cockroachdb/redact v1.0.8 // indirect
github.com/cockroachdb/sentry-go v0.6.1-cockroachdb.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dgraph-io/badger v1.6.2 // indirect
github.com/dgraph-io/ristretto v0.0.3 // indirect
github.com/dustin/go-humanize v1.0.0 // indirect
Expand All @@ -50,6 +53,7 @@ require (
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/onsi/ginkgo v1.16.4 // indirect
github.com/onsi/gomega v1.16.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/projectdiscovery/blackrock v0.0.0-20220628111055-35616c71b2dc // indirect
github.com/projectdiscovery/reflectutil v0.0.0-20210804085554-4d90952bf92f // indirect
github.com/projectdiscovery/retryablehttp-go v1.0.2 // indirect
Expand Down
1 change: 1 addition & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,7 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/projectdiscovery/asnmap v0.0.1 h1:n4YCz1ljUaDA3dOUCkjI/bUOtiS7ge1KJ39qpURCd/o=
github.com/projectdiscovery/asnmap v0.0.1/go.mod h1:CjCVDhQPVtmlE247L6YFeIVX9c4m8pOX8V8BmB0JkX8=
github.com/projectdiscovery/blackrock v0.0.0-20210415162320-b38689ae3a2e/go.mod h1:/IsapnEYiWG+yEDPXp0e8NWj3npzB9Ccy9lXEUJwMZs=
github.com/projectdiscovery/blackrock v0.0.0-20210903102120-5a9d2412d21d/go.mod h1:/IsapnEYiWG+yEDPXp0e8NWj3npzB9Ccy9lXEUJwMZs=
Expand Down
2 changes: 2 additions & 0 deletions internal/runner/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ type Options struct {
Stream bool
CAA bool
OutputCDN bool
ASN bool
HealthCheck bool
}

Expand Down Expand Up @@ -104,6 +105,7 @@ func ParseOptions() *Options {

flagSet.CreateGroup("probe", "Probe",
flagSet.BoolVar(&options.OutputCDN, "cdn", false, "display cdn name"),
flagSet.BoolVar(&options.ASN, "asn", false, "display host asn information"),
)

flagSet.CreateGroup("rate-limit", "Rate-limit",
Expand Down
131 changes: 96 additions & 35 deletions internal/runner/runner.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (

"github.com/miekg/dns"
"github.com/pkg/errors"
asnmap "github.com/projectdiscovery/asnmap/libs"
"github.com/projectdiscovery/clistats"
"github.com/projectdiscovery/dnsx/libs/dnsx"
"github.com/projectdiscovery/fileutil"
Expand All @@ -20,6 +21,7 @@ import (
"github.com/projectdiscovery/hmap/store/hybrid"
"github.com/projectdiscovery/iputil"
"github.com/projectdiscovery/mapcidr"
"github.com/projectdiscovery/mapcidr/asn"
"github.com/projectdiscovery/ratelimit"
"github.com/projectdiscovery/retryabledns"
)
Expand All @@ -42,6 +44,7 @@ type Runner struct {
hm *hybrid.HybridMap
stats clistats.StatisticsClient
tmpStdinFile string
asnClient asn.ASNClient
}

func New(options *Options) (*Runner, error) {
Expand Down Expand Up @@ -143,6 +146,7 @@ func New(options *Options) (*Runner, error) {
limiter: limiter,
hm: hm,
stats: stats,
asnClient: asn.New(),
}

return &r, nil
Expand All @@ -160,14 +164,19 @@ func (r *Runner) InputWorkerStream() {

for sc.Scan() {
item := strings.TrimSpace(sc.Text())

hosts := []string{item}
if iputil.IsCIDR(item) {
hosts, _ = mapcidr.IPAddresses(item)
}

for _, host := range hosts {
r.workerchan <- host
switch {
case iputil.IsCIDR(item):
hostsC, _ := mapcidr.IPAddressesAsStream(item)
for host := range hostsC {
r.workerchan <- host
}
case asn.IsASN(item):
hostsC, _ := r.asnClient.GetIPAddressesAsStream(item)
for host := range hostsC {
r.workerchan <- host
}
default:
r.workerchan <- item
}
}
close(r.workerchan)
Expand Down Expand Up @@ -262,20 +271,22 @@ func (r *Runner) prepareInput() error {
subdomain := strings.TrimSpace(prefix) + "." + item
hosts = append(hosts, subdomain)
}
numHosts += r.addHostsToHMapFromList(hosts)
case iputil.IsCIDR(item):
hosts, _ = mapcidr.IPAddresses(item)
hostC, err := mapcidr.IPAddressesAsStream(item)
if err != nil {
return err
}
numHosts += r.addHostsToHMapFromChan(hostC)
case asn.IsASN(item):
hostC, err := r.asnClient.GetIPAddressesAsStream(item)
if err != nil {
return err
}
numHosts += r.addHostsToHMapFromChan(hostC)
default:
hosts = []string{item}
}

for _, host := range hosts {
// Used just to get the exact number of targets
if _, ok := r.hm.Get(host); ok {
continue
}
numHosts++
// nolint:errcheck
r.hm.Set(host, nil)
numHosts += r.addHostsToHMapFromList(hosts)
}
}

Expand All @@ -287,10 +298,35 @@ func (r *Runner) prepareInput() error {
// nolint:errcheck
r.stats.Start(makePrintCallback(), time.Duration(5)*time.Second)
}

return nil
}

func (r *Runner) addHostsToHMapFromList(hosts []string) (numHosts int) {
for _, host := range hosts {
// Used just to get the exact number of targets
if _, ok := r.hm.Get(host); ok {
continue
}
numHosts++
// nolint:errcheck
r.hm.Set(host, nil)
}
return
}

func (r *Runner) addHostsToHMapFromChan(hosts chan string) (numHosts int) {
for host := range hosts {
// Used just to get the exact number of targets
if _, ok := r.hm.Get(host); ok {
continue
}
numHosts++
// nolint:errcheck
r.hm.Set(host, nil)
}
return
}

func (r *Runner) preProcessArgument(arg string) (chan string, error) {
// read from:
// file
Expand Down Expand Up @@ -537,7 +573,6 @@ func (r *Runner) startWorkers() {

func (r *Runner) worker() {
defer r.wgresolveworkers.Done()

for domain := range r.workerchan {
if isURL(domain) {
domain = extractDomain(domain)
Expand Down Expand Up @@ -601,6 +636,27 @@ func (r *Runner) worker() {
if r.options.OutputCDN {
dnsData.IsCDNIP, dnsData.CDNName, _ = r.dnsx.CdnCheck(domain)
}
if r.options.ASN {
results := []asnmap.Response{}
ips := dnsData.A
if ips == nil {
ips, _ = r.dnsx.Lookup(domain)
}
for _, ip := range ips {
results = append(results, asnmap.NewClient().GetData(asnmap.IP(ip))...)
}
if iputil.IsIP(domain) {
results = asnmap.NewClient().GetData(asnmap.IP(domain))
}
if len(results) > 0 {
dnsData.ASN.ASN_org = results[0].Org
dnsData.ASN.AS_country = results[0].Country
dnsData.ASN.ASN = fmt.Sprintf("AS%v", results[0].ASN)
for _, cidr := range asnmap.GetCIDR(results) {
dnsData.ASN.AS_range = append(dnsData.ASN.AS_range, cidr.String())
}
}
}
// if wildcard filtering just store the data
if r.options.WildcardDomain != "" {
// nolint:errcheck
Expand All @@ -621,48 +677,53 @@ func (r *Runner) worker() {
continue
}
if r.options.A {
r.outputRecordType(domain, dnsData.A, dnsData.CDNName)
r.outputRecordType(domain, dnsData.A, dnsData.CDNName, dnsData.ASN)
}
if r.options.AAAA {
r.outputRecordType(domain, dnsData.AAAA, dnsData.CDNName)
r.outputRecordType(domain, dnsData.AAAA, dnsData.CDNName, dnsData.ASN)
}
if r.options.CNAME {
r.outputRecordType(domain, dnsData.CNAME, dnsData.CDNName)
// fmt.Println("inside cname", dnsData.ASN)
r.outputRecordType(domain, dnsData.CNAME, dnsData.CDNName, dnsData.ASN)
}
if r.options.PTR {
r.outputRecordType(domain, dnsData.PTR, dnsData.CDNName)
r.outputRecordType(domain, dnsData.PTR, dnsData.CDNName, dnsData.ASN)
}
if r.options.MX {
r.outputRecordType(domain, dnsData.MX, dnsData.CDNName)
r.outputRecordType(domain, dnsData.MX, dnsData.CDNName, dnsData.ASN)
}
if r.options.NS {
r.outputRecordType(domain, dnsData.NS, dnsData.CDNName)
r.outputRecordType(domain, dnsData.NS, dnsData.CDNName, dnsData.ASN)
}
if r.options.SOA {
r.outputRecordType(domain, dnsData.SOA, dnsData.CDNName)
r.outputRecordType(domain, dnsData.SOA, dnsData.CDNName, dnsData.ASN)
}
if r.options.TXT {
r.outputRecordType(domain, dnsData.TXT, dnsData.CDNName)
r.outputRecordType(domain, dnsData.TXT, dnsData.CDNName, dnsData.ASN)
}
if r.options.CAA {
r.outputRecordType(domain, dnsData.CAA, dnsData.CDNName)
r.outputRecordType(domain, dnsData.CAA, dnsData.CDNName, dnsData.ASN)
}
}
}

func (r *Runner) outputRecordType(domain string, items []string, cdnName string) {
func (r *Runner) outputRecordType(domain string, items []string, cdnName string, asn dnsx.ASNResult) {
var details string
if cdnName != "" {
cdnName = fmt.Sprintf(" [%s]", cdnName)
details = fmt.Sprintf(" [%s]", cdnName)
}
if asn.ASN != "" {
details = fmt.Sprintf("%s [%s, %s, %s]", details, asn.ASN, asn.ASN_org, asn.AS_country)
}
for _, item := range items {
item := strings.ToLower(item)
if r.options.ResponseOnly {
r.outputchan <- item + cdnName
r.outputchan <- fmt.Sprintf("%s%s", item, details)
} else if r.options.Response {
r.outputchan <- domain + " [" + item + "]" + cdnName
r.outputchan <- fmt.Sprintf("%s [ %s ]%s", domain, item, details)
} else {
// just prints out the domain if it has a record type and exit
r.outputchan <- domain + cdnName
r.outputchan <- fmt.Sprintf("%s%s", domain, details)
break
}
}
Expand Down
Loading