-
-
Notifications
You must be signed in to change notification settings - Fork 318
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new checksum feature for more detection case
- Loading branch information
Showing
15 changed files
with
322 additions
and
87 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,142 @@ | ||
package core | ||
|
||
import ( | ||
"fmt" | ||
"github.com/jaeles-project/jaeles/dns" | ||
"github.com/jaeles-project/jaeles/libs" | ||
"github.com/jaeles-project/jaeles/utils" | ||
"github.com/robertkrimen/otto" | ||
"strings" | ||
) | ||
|
||
// InitDNSRunner init task | ||
func InitDNSRunner(url string, sign libs.Signature, opt libs.Options) (Runner, error) { | ||
var runner Runner | ||
runner.Input = url | ||
runner.Opt = opt | ||
runner.Sign = sign | ||
runner.RunnerType = "dns" | ||
runner.PrepareTarget() | ||
|
||
return runner, nil | ||
} | ||
|
||
// GetDns get dns ready to resolve | ||
func (r *Runner) Resolving() { | ||
if len(r.Sign.Dns) == 0 { | ||
return | ||
} | ||
for _, dnsRecord := range r.Sign.Dns { | ||
dnsRecord.Domain = ResolveVariable(dnsRecord.Domain, r.Target) | ||
dnsRecord.RecordType = ResolveVariable(dnsRecord.RecordType, r.Target) | ||
dnsRecord.Detections = ResolveDetection(dnsRecord.Detections, r.Target) | ||
dnsRecord.PostRun = ResolveDetection(dnsRecord.PostRun, r.Target) | ||
|
||
dns.QueryDNS(&dnsRecord, r.Opt) | ||
if len(dnsRecord.Results) == 0 { | ||
return | ||
} | ||
|
||
var rec Record | ||
// set somethings in record | ||
rec.Dns = dnsRecord | ||
rec.Sign = r.Sign | ||
rec.Opt = r.Opt | ||
r.Records = append(r.Records, rec) | ||
} | ||
|
||
r.DnsDetection() | ||
} | ||
|
||
// DnsDetection get requests ready to send | ||
func (r *Runner) DnsDetection() { | ||
for _, rec := range r.Records { | ||
rec.DnsDetector() | ||
} | ||
} | ||
|
||
func (r *Record) DnsDetector() bool { | ||
record := *r | ||
var extra string | ||
vm := otto.New() | ||
|
||
// Only for dns detection | ||
vm.Set("DnsString", func(call otto.FunctionCall) otto.Value { | ||
args := call.ArgumentList | ||
recordName := "ANY" | ||
searchString := args[0].String() | ||
if len(args) > 1 { | ||
searchString = args[1].String() | ||
recordName = args[0].String() | ||
} | ||
content := GetDnsComponent(record, recordName) | ||
record.Response.Beautify = content | ||
result, _ := vm.ToValue(StringSearch(content, searchString)) | ||
return result | ||
}) | ||
|
||
vm.Set("DnsRegex", func(call otto.FunctionCall) otto.Value { | ||
args := call.ArgumentList | ||
recordName := "ANY" | ||
searchString := args[0].String() | ||
if len(args) > 1 { | ||
searchString = args[1].String() | ||
recordName = args[0].String() | ||
} | ||
content := GetDnsComponent(record, recordName) | ||
record.Response.Beautify = content | ||
|
||
matches, validate := RegexSearch(content, searchString) | ||
result, err := vm.ToValue(validate) | ||
if err != nil { | ||
utils.ErrorF("Error Regex: %v", searchString) | ||
result, _ = vm.ToValue(false) | ||
} | ||
if matches != "" { | ||
extra = matches | ||
} | ||
return result | ||
}) | ||
|
||
// really run detection here | ||
for _, analyze := range record.Dns.Detections { | ||
// pass detection here | ||
result, _ := vm.Run(analyze) | ||
analyzeResult, err := result.Export() | ||
// in case vm panic | ||
if err != nil || analyzeResult == nil { | ||
r.DetectString = analyze | ||
r.IsVulnerable = false | ||
r.DetectResult = "" | ||
r.ExtraOutput = "" | ||
continue | ||
} | ||
r.DetectString = analyze | ||
r.IsVulnerable = analyzeResult.(bool) | ||
r.DetectResult = extra | ||
r.ExtraOutput = extra | ||
|
||
// add extra things for standard output | ||
r.Request.URL = r.Dns.Domain | ||
r.Request.Beautify = fmt.Sprintf("dig %s %s", r.Dns.RecordType, r.Dns.Domain) | ||
r.Response.Beautify = record.Response.Beautify | ||
|
||
utils.DebugF("[Detection] %v -- %v", analyze, r.IsVulnerable) | ||
// deal with vulnerable one here | ||
next := r.Output() | ||
if next == "stop" { | ||
return true | ||
} | ||
} | ||
|
||
return false | ||
} | ||
|
||
func GetDnsComponent(record Record, componentName string) string { | ||
for _, dnsResult := range record.Dns.Results { | ||
if dnsResult.RecordType == strings.TrimSpace(componentName) { | ||
return dnsResult.Data | ||
} | ||
} | ||
return "" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
package dns | ||
|
||
import ( | ||
"github.com/jaeles-project/jaeles/libs" | ||
"github.com/jaeles-project/jaeles/utils" | ||
"github.com/lixiangzhong/dnsutil" | ||
"github.com/thoas/go-funk" | ||
) | ||
|
||
var recordMap = map[string]uint16{ | ||
"A": 1, | ||
"AAAA": 28, | ||
"NS": 2, | ||
"CNAME": 5, | ||
"SOA": 6, | ||
"PTR": 12, | ||
"MX": 15, | ||
"TXT": 16, | ||
} | ||
|
||
var CommonResolvers = []string{ | ||
"1.1.1.1", // Cloudflare | ||
"8.8.8.8", // Google | ||
"8.8.4.4", // Google | ||
} | ||
|
||
func QueryDNS(dnsRecord *libs.Dns, options libs.Options) { | ||
resolver := options.Resolver | ||
if resolver == "" { | ||
index := funk.RandomInt(0, len(CommonResolvers)) | ||
resolver = CommonResolvers[index] | ||
} | ||
domain := dnsRecord.Domain | ||
queryType := dnsRecord.RecordType | ||
|
||
var dig dnsutil.Dig | ||
dig.Retry = options.Retry | ||
dig.SetDNS(resolver) | ||
utils.InforF("[resolved] %v -- %v", domain, queryType) | ||
|
||
if queryType == "ANY" || queryType == "" { | ||
for k, v := range recordMap { | ||
var dnsResult libs.DnsResult | ||
msg, err := dig.GetMsg(v, domain) | ||
if err != nil { | ||
utils.DebugF("err to resolved: %v -- %v", domain, err) | ||
return | ||
} | ||
dnsResult.Data = msg.String() | ||
dnsResult.RecordType = k | ||
dnsRecord.Results = append(dnsRecord.Results, dnsResult) | ||
} | ||
} else { | ||
var dnsResult libs.DnsResult | ||
msg, err := dig.GetMsg(recordMap[queryType], domain) | ||
if err != nil { | ||
utils.DebugF("err to resolved: %v -- %v", domain, err) | ||
return | ||
} | ||
dnsResult.Data = msg.String() | ||
dnsResult.RecordType = queryType | ||
dnsRecord.Results = append(dnsRecord.Results, dnsResult) | ||
} | ||
|
||
return | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
package dns | ||
|
||
import ( | ||
"fmt" | ||
"github.com/jaeles-project/jaeles/libs" | ||
"testing" | ||
) | ||
|
||
func TestQueryDNS(t *testing.T) { | ||
opt := libs.Options{ | ||
Concurrency: 3, | ||
Threads: 5, | ||
Verbose: true, | ||
NoDB: true, | ||
NoOutput: true, | ||
} | ||
|
||
dnsRcord := libs.Dns{ | ||
Domain: "github.com", | ||
} | ||
QueryDNS(&dnsRcord, opt) | ||
fmt.Println(dnsRcord) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.