Follow us on Twitter!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 27
Guests Online: 25
Members Online: 2

Registered Members: 82841
Newest Member: and3rv1sh
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

DNS scanning

n3w7yp3
Member

Your avatar

Posts: 358
Location: USA
Joined: 19.03.05
Rank:
Moderate
Posted on 24-06-05 19:43
just a little idea that i had one day when i was learning about DNS and networking. there must be systems out there that are not instandard set type=any queries, so i hacked up the following script:

Code

#!/usr/bin/perl -w

#declarations
$timeout = shift;
$domain = shift || &usage;
$total = 0;

#input validation
if($timeout !~ /[0-9]{1,}/)
{
   die "Timeout value is numeric.\n";
}
if(-e "prefix")
{
   open(PRE, "prefix") || die "Unable to open the prefix file for reading.\n";
   {
      print "Starting DNS Scan v 3.0 by n3w7yp3....\n";
      print "Doing multiple DNS lookups on $domain with a timeout of $timeout seconds between requests...\n";
      system("touch host_file");
      while(defined($lookup = <PRE>))
      {
         chomp $lookup;
         system("host $lookup.$domain >> host_file");
         sleep($timeout);
         $total++;
      }
      print "DNS lookups complete.\n";
      print "Assembling list of hosts..\n";
      print "Based on the info recived the following hosts appear to be alive:\n\n";
      system("grep -v \"NXDOMAIN\" host_file");
      print "\nSUMMARY: A total of $total lookups were made.\n";
      system("rm host_file");
      close PRE;
      print "\n";
      exit;
   }
}
die "The prefix file was not found.\n";

#sub routines
sub usage
{
   die "Usage: $0 <timeout> <domain>\nTimeout is number of seconds to wait between sending requests.\nDomain is the domain to do lookups on.\n";
}






the prefix file contains a list of prefixes. here's the one that i use:

Code
www
www2
web
web0
web1
web2
web3
web4
web5
whois
ns
ns0
ns1
ns2
ns3
ns4
ns5
dns
dns0
dns1
dns2
dns3
dns4
dns5
vpn
firewall
mail
mail0
mail1
mail2
mail3
mail4
mail5
maila
mailb
mailc
mx.mail
mx1.mail1
mx2.mail2
mx3.mail3
mx4.mail4
mx5.mail5
smtp
smtp0
smtp1
smtp2
smtp3
smtp4
smtp5
mx1.smtp1
mx2.smtp2
mx3.smtp3
mx4.smtp4
mx5.smtp5
store
support
news
login
gateway
db
db0
db1
db2
db3
db4
db5
sql
ftp
ftp0
ftp1
ftp2
ftp3
ftp4
ftp5
ssh
pop
intranet
intra
extranet
extra
irc
outlook
owl







---EDIT---

hmm, why wont the lines inside the loops tab over correctly?


"Root is a state of mind" -- K0resh

Edited by n3w7yp3 on 24-06-05 20:01