Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/multi/gather/dns_reverse_lookup.rb
19670 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7


8
  def initialize(info = {})

9
    super(

10
      update_info(

11
        info,

12
        'Name' => 'Multi Gather DNS Reverse Lookup Scan',

13
        'Description' => %q{

14
          Performs DNS reverse lookup using the OS included DNS query command.

15
        },

16
        'License' => MSF_LICENSE,

17
        'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],

18
        'Platform' => %w[bsd linux osx solaris win],

19
        'SessionTypes' => [ 'meterpreter', 'shell' ],

20
        'Notes' => {

21
          'Stability' => [CRASH_SAFE],

22
          'SideEffects' => [],

23
          'Reliability' => []

24
        }

25
      )

26
    )

27
    register_options(

28
      [

29
        OptAddressRange.new('RHOSTS', [true, 'IP Range to perform reverse lookup against.'])

30
      ]

31
    )

32
  end

33


34
  def run

35
    iprange = datastore['RHOSTS']

36
    print_status("Performing DNS Reverse Lookup for IP range #{iprange}")

37
    iplst = []

38


39
    a = []

40
    ipadd = Rex::Socket::RangeWalker.new(iprange)

41
    numip = ipadd.num_ips

42
    while (iplst.length < numip)

43
      ipa = ipadd.next_ip

44
      if !ipa

45
        break

46
      end

47


48
      iplst << ipa

49
    end

50


51
    case session.platform

52
    when 'windows'

53
      cmd = 'nslookup'

54
    when 'solaris'

55
      cmd = '/usr/sbin/host'

56
    else

57
      cmd = '/usr/bin/host'

58
    end

59


60
    while !iplst.nil? && !iplst.empty?

61
      1.upto session.max_threads do

62
        a << framework.threads.spawn("Module(#{refname})", false, iplst.shift) do |ip_add|

63
          next if ip_add.nil?

64


65
          r = cmd_exec(cmd, " #{ip_add}")

66
          case session.platform

67
          when 'windows'

68
            if r =~ /(Name)/

69
              r.scan(/Name:\s*\S*\s/) do |n|

70
                hostname = n.split(':    ')

71
                print_good "\t #{ip_add} is #{hostname[1].chomp("\n")}"

72
                report_host({

73
                  host: ip_add,

74
                  name: hostname[1].strip

75
                })

76
              end

77
            else

78
              vprint_status("#{ip_add} does not have a Reverse Lookup Record")

79
            end

80
          else

81
            if r !~ /not found/i

82
              hostname = r.scan(/domain name pointer (\S*)\./).join

83
              print_good "\t #{ip_add} is #{hostname}"

84
              report_host({

85
                host: ip_add,

86
                name: hostname.strip

87
              })

88
            else

89
              vprint_status("#{ip_add} does not have a Reverse Lookup Record")

90
            end

91
          end

92
        end

93
        a.map(&:join)

94
      end

95
    end

96
  end

97
end

98


99