October « 2010 « Security related discussions, articles, and tutorials

October 31st, 2010

Simple time saving dns info script

Simple dns info script which tells the user the nameservers, MX records, and attempts zone transfers on all nameservers. Check it out.
Click here to view and download the script.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/python

# a script that uses the host command to lookup various dns information of a target
# coded by: bostonlink

import sys,subprocess
usage = """\ndns_script.py coded by bostonlink @ pentestlabs.org\n
Usage: ./dns_script.py domainname
Example: ./dns_script.py google.com\n"""

if len(sys.argv) != 2:
    print(usage)
    sys.exit(0)

target = sys.argv[1]
print("\n" + "*" * 60)
print("%s nameservers" % sys.argv[1])
print("*" * 60 + "\n")

pro1 = subprocess.Popen(["host","-t","ns",target], stdout=subprocess.PIPE)
ns = pro1.stdout.read()
pro1.wait()
print(ns)

print("\n" + "*" * 60)
print("%s mailservers" % sys.argv[1])
print("*" * 60 + "\n")

pro2 = subprocess.Popen(["host","-t","mx",target], stdout=subprocess.PIPE)
mx = pro2.stdout.read()
pro2.wait()
print(mx)

ns_list = ns.strip().split()
for nameserver in ns_list:
    if nameserver.endswith("."):
        zone_tr = nameserver.rstrip(".")
        print("\n" + "*" * 60)
        print("%s zone transfer against %s" % (sys.argv[1],zone_tr))
        print("*" * 60 + "\n")
        pro3 = subprocess.Popen(["host","-l",target,zone_tr], stdout=subprocess.PIPE)
        ztrans = pro3.stdout.read()
        pro3.wait()
        print(ztrans)
    else:
        continue

print("\nScript completed")

Example:

root@bt:~/my stuff/scripts/python_dev# ./dns_script_2.py google.com

************************************************************
google.com nameservers
************************************************************

google.com name server ns1.google.com.
google.com name server ns2.google.com.
google.com name server ns4.google.com.
google.com name server ns3.google.com.

************************************************************
google.com mailservers
************************************************************

google.com mail is handled by 200 google.com.s9a2.psmtp.com.
google.com mail is handled by 100 google.com.s9a1.psmtp.com.
google.com mail is handled by 300 google.com.s9b1.psmtp.com.
google.com mail is handled by 400 google.com.s9b2.psmtp.com.

************************************************************
google.com zone transfer against ns1.google.com
************************************************************

; Transfer failed.
Using domain server:
Name: ns1.google.com
Address: 216.239.32.10#53
Aliases:

Host google.com.localdomain not found: 5(REFUSED)
; Transfer failed.

************************************************************
google.com zone transfer against ns2.google.com
************************************************************

snip……….

-bostonlink

No Comments »
October 28th, 2010

Nmap python script – defines targeted ports

To start I was doing some nmap scans of my own network of course =) and I was looking for multiple targeted ports on my network.  I got real tired of typing and even arrowing up and changing the IP address ranges while conducting my scans.  So I figured why not turn this into a python exercise. I quickly coded a python script with my targeted ports I was looking for, also I made the ip address range a command line option as well as the nmap file output name a command line option.  This script saves me a lot of time while scanning. See the code below. Click here to view and download the script.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/usr/bin/python

# Targeted nmap scan script with 20 targeted ports defined

import subprocess,os,sys

author = "\n./targeted_nmap coded by bostonlink\n"
usage = """./targeted_nmap.py ip file_output_name
example: ./targeted_nmap.py 1.2.3.4 int_pentest\n"""
if len(sys.argv) != 3:
    print(author)
    print("check the arguments - script needs IP range or address and file name defined see usage and example below")
    print(usage)
    sys.exit(0)

subprocess.Popen("nmap -sS -PN %s -p T:21-23,25,80,110,135-139,443,445,3389,4444,8080,50000,10000 --reason -oA %s" % (sys.argv[1],sys.argv[2]), shell=True).wait()
print("\nNmap scan has finished see output files within the directory you ran this script in")
print("brought to you by: bostonlink - pentest-labs.org\n")

Hope you enjoy!

-bostonlink

No Comments »