Implemented -dns command line flag

Author: codingo

reconnoitre/reconnoitre.py

@@ -18,8 +18,9 @@ def main():
     parser.add_argument("-w", dest="wordlist", required=False, help="Set the wordlist to use for generated commands. Ex /usr/share/wordlist.txt")
     parser.add_argument("-pS", dest="ping_sweep", action="store_true", help="Write a new target.txt by performing a ping sweep and discovering live hosts.", default=False)
     parser.add_argument("-fD", dest="find_dns_servers", action="store_true", help="Find DNS servers from a list of targets.", default=False)
-    parser.add_argument("-sS", dest="perform_service_scan", action="store_true", help="Perform service scan over targets.", default=False)
+    parser.add_argument("-dns", dest="dns", required=False, help="Optionally specify a DNS server to use with a service scan.")    
     parser.add_argument("--quiet", dest="quiet",  action="store_true", help="Supress banner and headers to limit to comma dilimeted results only.", default=False)
+    
     parser.add_argument("--execute", dest="follow",  action="store_true", help="Execute shell comamnds from recommendations as they are discovered. Likely to lead to very long execute times depending on the wordlist being used.", default=False)
     arguments = parser.parse_args()
 
@@ -39,7 +40,9 @@ def main():
         find_dns(arguments.target_hosts, arguments.output_directory, arguments.quiet)
     if arguments.perform_service_scan is True:
         print("[#] Performing service scans")
-        service_scan(arguments.target_hosts, arguments.output_directory, arguments.quiet)
-
+        if arguments.dns is True:
+            service_scan(arguments.target_hosts, arguments.output_directory, arguments.dns, arguments.quiet)
+        else:
+            service_scan(arguments.target_hosts, arguments.output_directory, '', arguments.quiet)
 if __name__ == "__main__":
     main()

reconnoitre/service_scan.py

@@ -9,9 +9,7 @@
 from directory_helper import create_dir_structure
 
 
-DNSSRV=''
-
-def nmapScan(ip_address, outputdir):
+def nmapScan(ip_address, outputdir, dns_server):
    ip_address = ip_address.strip()
    outfile = outputdir + "/" + ip_address + "_findings.txt"
 
@@ -21,12 +19,16 @@ def nmapScan(ip_address, outputdir):
 
    print("[+] Starting detailed TCP/UDP nmap scans for %s" % (ip_address))
    serv_dict = {}
-   if DNSSRV:
-       TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 -script-args=unsafe=1 --dns-servers %s -oN '%s/%s.nmap' -oX '%s/%s_nmap_scan_import.xml' %s"  % (DNSSRV, outputdir, ip_address, outputdir, ip_address, ip_address)
-       UDPSCAN = "nmap -vv -Pn -A -sC -sU -T 4 --top-ports 200 --dns-servers %s -oN '%s/%sU.nmap' -oX '%s/%sU_nmap_scan_import.xml' %s" % (DNSSRV, outputdir, ip_address, outputdir, ip_address, ip_address)
+
+
+   if dns_server:
+       print("[+] Using DNS server %s" % (dns_server))
+       TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 -script-args=unsafe=1 --dns-servers %s -oN '%s/%s.nmap' -oX '%s/%s_nmap_scan_import.xml' %s"  % (dns_server, outputdir, ip_address, outputdir, ip_address, ip_address)
+       UDPSCAN = "nmap -vv -Pn -A -sC -sU -T 4 --top-ports 200 --dns-servers %s -oN '%s/%sU.nmap' -oX '%s/%sU_nmap_scan_import.xml' %s" % (dns_server, outputdir, ip_address, outputdir, ip_address, ip_address)
    else:
-       TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 -script-args=unsafe=1 -n %s -oN '%s/%s.nmap' -oX '%s/%s_nmap_scan_import.xml' %s"  % (DNSSRV, outputdir, ip_address, outputdir, ip_address, ip_address)
-       UDPSCAN = "nmap -vv -Pn -A -sC -sU -T 4 --top-ports 200 -n %s -oN '%s/%sU.nmap' -oX '%s/%sU_nmap_scan_import.xml' %s" % (DNSSRV, outputdir, ip_address, outputdir, ip_address, ip_address)
+       print("[+] No DNS server was specified. Continuing with a regular scan.")
+       TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 -script-args=unsafe=1 -n %s -oN '%s/%s.nmap' -oX '%s/%s_nmap_scan_import.xml' %s"  % (dns_server, outputdir, ip_address, outputdir, ip_address, ip_address)
+       UDPSCAN = "nmap -vv -Pn -A -sC -sU -T 4 --top-ports 200 -n %s -oN '%s/%sU.nmap' -oX '%s/%sU_nmap_scan_import.xml' %s" % (dns_server, outputdir, ip_address, outputdir, ip_address, ip_address)
 
    results = subprocess.check_output(TCPSCAN, shell=True)
    udpresults = subprocess.check_output(UDPSCAN, shell=True)
@@ -133,7 +135,7 @@ def valid_ip(address):
     except socket.error:
         return False
 
-def target_file(target_hosts, output_directory, quiet):    
+def target_file(target_hosts, output_directory, dns_server, quiet):    
     targets = load_targets(target_hosts, output_directory, quiet)
     target_file = open(targets, 'r')
     print("[*] Loaded targets from: %s" % targets)
@@ -152,12 +154,12 @@ def target_file(target_hosts, output_directory, quiet):
        nmap_directory = host_directory + "/nmap"
 
        jobs = []
-       p = multiprocessing.Process(target=nmapScan, args=(ip_address, nmap_directory))
+       p = multiprocessing.Process(target=nmapScan, args=(ip_address, nmap_directory, dns_server))
        jobs.append(p)
        p.start()
     target_file.close() 
 
-def target_ip(target_hosts, output_directory, quiet):
+def target_ip(target_hosts, output_directory, dns_server, quiet):
     print("[*] Loaded single target: %s" % target_hosts)
     target_hosts = target_hosts.strip()    
     create_dir_structure(target_hosts, output_directory)
@@ -166,14 +168,14 @@ def target_ip(target_hosts, output_directory, quiet):
     nmap_directory = host_directory + "/nmap"
 
     jobs = []
-    p = multiprocessing.Process(target=nmapScan, args=(target_hosts, nmap_directory))
+    p = multiprocessing.Process(target=nmapScan, args=(target_hosts, nmap_directory, dns_server))
     jobs.append(p)
     p.start()
 
-def service_scan(target_hosts, output_directory, quiet):
+def service_scan(target_hosts, output_directory, dns_server, quiet):
     check_directory(output_directory)
 
     if(valid_ip(target_hosts)):
-        target_ip(target_hosts, output_directory, quiet)
+        target_ip(target_hosts, output_directory, dns_server, quiet)
     else:
-        target_file(target_hosts, output_directory, quiet)
+        target_file(target_hosts, output_directory, dns_server, quiet)