Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7

8
  def initialize
9
    super(
10
      'Name'         => 'VSploit Zeus DNS Query Module',
11
      'Description'  => 'This module queries known Zeus Botnet DNS records.',
12
      'Author'       => 'MJC',
13
      'License'      => MSF_LICENSE,
14
      'References'   =>
15
        [
16
          [ 'URL', 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist']
17
        ]
18
    )
19
    register_options(
20
      [
21
        OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]),
22
        OptInt.new('COUNT', [false, "Number of intervals to loop",1]),
23
        OptInt.new('DELAY', [false, "Delay in seconds between intervals",3])
24
    ])
25
  end
26

27
  def run
28
    @res = Net::DNS::Resolver.new()
29

30
    domain = [
31
    "allspring.net","antifoher.biz","asdfasdgqghgsw.cx.cc",
32
    "ashnmjjpoljfnl.info","atlaz.net","b3l.org","back.boroborogold.ru",
33
    "bandwithcheckstart.com","batmanrobinho.com","bellicbridge.ru",
34
    "bestfihteerdr.com","bestprice2you.net","billyd.com.au",
35
    "bitschoonerop.com","blackskullbg.sytes.net","botikov.eu.tf",
36
    "botnetdown.gicp.net","boutique.vcm-mode.it","brandc.name",
37
    "bxkkuskgdjskdn.com","c0re.su","cdvqvnjqqtkqhsoo.info",
38
    "christmassuper.com","ciritas.ru","citi-spb.ru","clavn.ru",
39
    "client.trackups.org","client.upsclients.net","cnewsus.ru",
40
    "cnnus.ru","concapow.in","consoleencydd.com","cqoqgzqmkpkrmlo.com",
41
    "ctllutheran.org","currencytradechat.com","cyytmmlxsthywst.com",
42
    "damaka.com","datacricketuf.ru","deimingames.com",
43
    "dfhhdkdddqjda.start.tl","djerk.info","djpeterblue.com.br",
44
    "dlmsonisfzksioqq.org","domio.pwomega.ru","favdstgssdqdsfg.start.tl",
45
    "favoritopilodjd.com","favqnornkwvkwfxv.biz","fdhjkfhskas.com",
46
    "federalreserve-report.com","federetoktyt.net"
47
    ]
48

49
    if datastore['DNS_SERVER']
50
      @res.nameservers = datastore['DNS_SERVER']
51
    end
52

53
    count = 0
54

55
    while count < datastore['COUNT']
56

57
      domain.each do |name|
58
        query = @res.query(name, "A")
59
        time = Time.new
60
        time = time.strftime("%Y-%m-%d %H:%M:%S")
61
        print_status("#{time} - DNS Query sent for => #{name}")
62
        if query.answer.length == 0
63
          print_error("#{time} - #{name} => No Record Found")
64
        else
65
          a = query.answer[0].to_s.split(/[\s,]+/)
66
          print_good("#{time} - #{name} => #{a[-1]}")
67
        end
68
      end
69
      unless count == (datastore['COUNT'] - 1)
70
        time = Time.new
71
        time = time.strftime("%Y-%m-%d %H:%M:%S")
72
        print_status("#{time} - Waiting #{datastore['DELAY']} seconds to query")
73
        select(nil, nil, nil, datastore['DELAY'])
74
      end
75
      count += 1
76
    end
77
  end
78
end
79

80