UJP - 技術情報1

DNSReconをDNSレコードを調査する

更新履歴

2021.03.24

はじめに

このドキュメントでは，DNSReconを使って指定されたドメインのDNS情報を調査する．Kali Linuxに入っているというので，優秀なツールなのだろうと思う．

使ってみる

githubから入手．
$ git clone https://github.com/darkoperator/dnsrecon🆑 Cloning into 'dnsrecon'... remote: Enumerating objects: 143, done. remote: Counting objects: 100% (143/143), done. remote: Compressing objects: 100% (104/104), done. remote: Total 1641 (delta 73), reused 77 (delta 34), pack-reused 1498 Receiving objects: 100% (1641/1641), 1.09 MiB | 1.91 MiB/s, done. Resolving deltas: 100% (919/919), done. [macmini2014:ujpadmin 01:18:58 ~/bin ] $

ファイルを確認．

$ cd dnsrecon🆑 [macmini2014:ujpadmin 01:19:05 ~/bin/dnsrecon ] $ ls -la🆑 total 1404 drwxr-xr-x 25 ujpadmin staff 800 3 26 01:18 . drwxr-xr-x 18 ujpadmin staff 576 3 26 01:18 .. drwxr-xr-x 12 ujpadmin staff 384 3 26 01:18 .git -rw-r--r-- 1 ujpadmin staff 682 3 26 01:18 .gitattributes drwxr-xr-x 5 ujpadmin staff 160 3 26 01:18 .github -rw-r--r-- 1 ujpadmin staff 32 3 26 01:18 .gitignore -rw-r--r-- 1 ujpadmin staff 138 3 26 01:18 .lgtm.yml -rw-r--r-- 1 ujpadmin staff 6474 3 26 01:18 Changelog.md -rw-r--r-- 1 ujpadmin staff 333 3 26 01:18 Dockerfile -rw-r--r-- 1 ujpadmin staff 1135 3 26 01:18 README.md -rw-r--r-- 1 ujpadmin staff 0 3 26 01:18 __init__.py drwxr-xr-x 3 ujpadmin staff 96 3 26 01:18 bin -rwxr-xr-x 1 ujpadmin staff 70264 3 26 01:18 dnsrecon.py drwxr-xr-x 9 ujpadmin staff 288 3 26 01:18 lib drwxr-xr-x 3 ujpadmin staff 96 3 26 01:18 msf_plugin -rw-r--r-- 1 ujpadmin staff 11971 3 26 01:18 namelist.txt -rw-r--r-- 1 ujpadmin staff 45 3 26 01:18 requirements.txt🈁 -rw-r--r-- 1 ujpadmin staff 40 3 26 01:18 setup.cfg -rw-r--r-- 1 ujpadmin staff 1151 3 26 01:18 setup.py -rw-r--r-- 1 ujpadmin staff 21 3 26 01:18 snoop.txt -rw-r--r-- 1 ujpadmin staff 149229 3 26 01:18 subdomains-top1mil-20000.txt -rw-r--r-- 1 ujpadmin staff 33771 3 26 01:18 subdomains-top1mil-5000.txt -rw-r--r-- 1 ujpadmin staff 1117832 3 26 01:18 subdomains-top1mil.txt drwxr-xr-x 5 ujpadmin staff 160 3 26 01:18 tests drwxr-xr-x 3 ujpadmin staff 96 3 26 01:18 tools [macmini2014:ujpadmin 01:19:06 ~/bin/dnsrecon ] $

requirements.txtがあるので追加のパッケージがある模様．
ファイルの中身を確認する．

$ cat requirements.txt🆑 dnspython>=2.0.0 netaddr lxml flake8 pytest [macmini2014:ujpadmin 01:19:12 ~/bin/dnsrecon ] $

多分全部入ってないような．全部入れる．

$ pip install -r requirements.txt Requirement already satisfied: dnspython>=2.0.0 in /usr/local/lib/python3.9/site-packages (from -r requirements.txt (line 1)) (2.1.0) Collecting netaddr Downloading netaddr-0.8.0-py2.py3-none-any.whl (1.9 MB) |████████████████████████████████| 1.9 MB 3.3 MB/s Collecting lxml Downloading lxml-4.6.3-cp39-cp39-macosx_10_9_x86_64.whl (4.6 MB) |████████████████████████████████| 4.6 MB 4.1 MB/s Collecting flake8 Downloading flake8-3.9.0-py2.py3-none-any.whl (73 kB) |████████████████████████████████| 73 kB 2.0 MB/s Collecting pytest Downloading pytest-6.2.2-py3-none-any.whl (280 kB) |████████████████████████████████| 280 kB 3.7 MB/s Collecting pyflakes<2.4.0,>=2.3.0 Downloading pyflakes-2.3.1-py2.py3-none-any.whl (68 kB) |████████████████████████████████| 68 kB 2.6 MB/s Collecting mccabe<0.7.0,>=0.6.0 Downloading mccabe-0.6.1-py2.py3-none-any.whl (8.6 kB) Collecting pycodestyle<2.8.0,>=2.7.0 Downloading pycodestyle-2.7.0-py2.py3-none-any.whl (41 kB) |████████████████████████████████| 41 kB 737 kB/s Collecting attrs>=19.2.0 Downloading attrs-20.3.0-py2.py3-none-any.whl (49 kB) |████████████████████████████████| 49 kB 2.8 MB/s Collecting toml Downloading toml-0.10.2-py2.py3-none-any.whl (16 kB) Collecting packaging Downloading packaging-20.9-py2.py3-none-any.whl (40 kB) |████████████████████████████████| 40 kB 4.3 MB/s Collecting iniconfig Downloading iniconfig-1.1.1-py2.py3-none-any.whl (5.0 kB) Collecting py>=1.8.2 Downloading py-1.10.0-py2.py3-none-any.whl (97 kB) |████████████████████████████████| 97 kB 2.5 MB/s Collecting pluggy<1.0.0a1,>=0.12 Downloading pluggy-0.13.1-py2.py3-none-any.whl (18 kB) Requirement already satisfied: pyparsing>=2.0.2 in /usr/local/lib/python3.9/site-packages (from packaging->pytest->-r requirements.txt (line 5)) (2.4.7) Installing collected packages: toml, pyflakes, pycodestyle, py, pluggy, packaging, mccabe, iniconfig, attrs, pytest, netaddr, lxml, flake8 Successfully installed attrs-20.3.0 flake8-3.9.0 iniconfig-1.1.1 lxml-4.6.3 mccabe-0.6.1 netaddr-0.8.0 packaging-20.9 pluggy-0.13.1 py-1.10.0 pycodestyle-2.7.0 pyflakes-2.3.1 pytest-6.2.2 toml-0.10.2 [macmini2014:ujpadmin 01:20:30 ~/bin/dnsrecon ] $

入りました．
まずは，ドメインを与えて検索．

$ python dnsrecon.py -d ujp.jp -t std🆑 [*] Performing General Enumeration of Domain: ujp.jp [-] DNSSEC is not configured for ujp.jp [*] SOA 01.dnsv.jp 157.7.32.53 [*] SOA 01.dnsv.jp 2400:8500:3300::53 [*] NS 01.dnsv.jp 157.7.32.53 [*] NS 01.dnsv.jp 2400:8500:3300::53 [*] NS 02.dnsv.jp 157.7.33.53 [*] NS 03.dnsv.jp 157.7.34.53 [*] NS 03.dnsv.jp 2400:8500:3000::53 [*] NS 04.dnsv.jp 157.7.35.53 [*] NS 04.dnsv.jp 2400:8500:3fff::53 [*] MX mail.ujp.jp 203.141.135.21 [*] A ujp.jp 203.141.135.20 [*] TXT ujp.jp v=spf1 ip4:203.141.135.21 ~all [*] TXT _dmarc.ujp.jp v=DMARC1;p=none;rua=mailto:dmarc@ujp.jp;ruf=mailto:dmarc@ujp.jp;rf=afrf;pct=100 [*] Enumerating SRV Records [+] 0 Records Found [macmini2014:ujpadmin 01:26:24 ~/bin/dnsrecon ] $

高速だが，網羅性に欠ける．