Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7

8
  def initialize
9
    super(
10
      'Name'         => 'VSploit Mariposa DNS Query Module',
11
      'Description'  => 'This module queries known Mariposa Botnet DNS records.',
12
      'Author'       => 'MJC',
13
      'License'      => MSF_LICENSE,
14
      'References'   =>
15
        [
16
          [ 'URL', 'http://www.defintel.com/docs/Mariposa_Analysis.pdf']
17
        ]
18
    )
19
    register_options(
20
      [
21
        OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]),
22
        OptInt.new('COUNT', [false, "Number of intervals to loop",1]),
23
        OptInt.new('DELAY', [false, "Delay in seconds between intervals",3])
24
    ])
25
  end
26

27
  def run
28
    @res = Net::DNS::Resolver.new()
29

30
    domain = [
31
    "lalundelau.sinip.es","bf2back.sinip.es","thejacksonfive.mobi",
32
    "thejacksonfive.us","thejacksonfive.biz","butterfly.BigMoney.biz",
33
    "bfisback.sinip.es","bfisback.no-ip.org","qwertasdfg.sinip.es",
34
    "shv4b.getmyip.com","shv4.no-ip.biz","butterfly.sinip.es",
35
    "defintelsucks.sinip.es","defintelsucks.net","defintelsucks.com",
36
    "gusanodeseda.sinip.es","gusanodeseda.net","legion.sinip.es",
37
    "booster.estr.es","sexme.in","extraperlo.biz",
38
    "legionarios.servecounterstrike.com","thesexydude.com",
39
    "yougotissuez.com","gusanodeseda.mobi","tamiflux.org",
40
    "tamiflux.net","binaryfeed.in","youare.sexidude.com",
41
    "mierda.notengodominio.com",
42
    ]
43

44
    if datastore['DNS_SERVER']
45
      @res.nameservers = datastore['DNS_SERVER']
46
    end
47

48
    count = 0
49

50
    while count < datastore['COUNT']
51

52
      domain.each do |name|
53
        query = @res.query(name, "A")
54
        time = Time.new
55
        time = time.strftime("%Y-%m-%d %H:%M:%S")
56
        print_status("#{time} - DNS Query sent for => #{name}")
57
        if query.answer.length == 0
58
          print_error("#{time} - #{name} => No Record Found")
59
        else
60
          a = query.answer[0].to_s.split(/[\s,]+/)
61
          print_good("#{time} - #{name} => #{a[-1]}")
62
        end
63
      end
64
      unless count == (datastore['COUNT'] - 1)
65
        time = Time.new
66
        time = time.strftime("%Y-%m-%d %H:%M:%S")
67
        print_status("#{time} - Waiting #{datastore['DELAY']} seconds to query")
68
        select(nil, nil, nil, datastore['DELAY'])
69
      end
70
      count += 1
71
    end
72
  end
73
end
74

75