Class: Ronin::Recon::DNS::SuffixEnum

Inherits:

Ronin::Recon::DNSWorker

• Object
• Worker
• Ronin::Recon::DNSWorker
• Ronin::Recon::DNS::SuffixEnum

Defined in:

lib/ronin/recon/builtin/dns/suffix_enum.rb

Overview

Finds other domains with different suffixes for a given domain using the public suffix list.

Constant Summary

BAD_SUFFIXES =

Known bad suffixes that act like wildcard domains.

Constants included from Mixins::DNS

Mixins::DNS::IDN, Mixins::DNS::RECORD_TYPES

Instance Attribute Summary

• #public_suffix_list ⇒ Ronin::Support::Network::PublicSuffixList readonly

  The public suffix list.

Attributes included from Mixins::DNS

#dns_resolver

Instance Method Summary

• #initialize(**kwargs) ⇒ SuffixEnum constructor

  Initializes the DNS suffix enum worker.

• #process(domain) {|new_domain| ... } ⇒ Object

  Bruteforce resolves the other domains with different suffixes for the given domain.

Methods included from Mixins::DNS

#dns_get_a_address, #dns_get_a_addresses, #dns_get_a_record, #dns_get_a_records, #dns_get_aaaa_address, #dns_get_aaaa_addresses, #dns_get_aaaa_record, #dns_get_aaaa_records, #dns_get_address, #dns_get_addresses, #dns_get_any_records, #dns_get_cname, #dns_get_cname_record, #dns_get_hinfo_record, #dns_get_loc_record, #dns_get_mailservers, #dns_get_minfo_record, #dns_get_mx_records, #dns_get_name, #dns_get_names, #dns_get_nameservers, #dns_get_ns_records, #dns_get_ptr_name, #dns_get_ptr_names, #dns_get_ptr_record, #dns_get_ptr_records, #dns_get_record, #dns_get_records, #dns_get_soa_record, #dns_get_srv_records, #dns_get_txt_record, #dns_get_txt_records, #dns_get_txt_string, #dns_get_txt_strings, #dns_get_wks_records

Methods inherited from Worker

accepts, concurrency, intensity, outputs, register, run

Constructor Details

#initialize(**kwargs) ⇒ SuffixEnum

Initializes the DNS suffix enum worker.

Parameters:

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments.

# File 'lib/ronin/recon/builtin/dns/suffix_enum.rb', line 110

def initialize(**kwargs)
  super(**kwargs)

  @public_suffix_list = Support::Network::PublicSuffix.list
end

Instance Attribute Details

#public_suffix_list ⇒ Ronin::Support::Network::PublicSuffixList (readonly)

The public suffix list.

Returns:

• (Ronin::Support::Network::PublicSuffixList)

# File 'lib/ronin/recon/builtin/dns/suffix_enum.rb', line 102

def public_suffix_list
  @public_suffix_list
end

Instance Method Details

#process(domain) {|new_domain| ... } ⇒ Object

Bruteforce resolves the other domains with different suffixes for the given domain.

Parameters:

• domain (Values::Domain) —

  The domain name to bruteforce.

Yields:

• (new_domain) —

  Each new domain with a different public suffix.

Yield Parameters:

• new_domain (Values::Domain) —

  A valid domain with a different suffix.

# File 'lib/ronin/recon/builtin/dns/suffix_enum.rb', line 129

def process(domain)
  queue = Async::LimitedQueue.new(params[:concurrency])

  domain_name, orig_suffix = @public_suffix_list.split(domain.name)

  Async do |task|
    task.async do
      public_suffixes = @public_suffix_list.non_wildcards.icann.reject do |suffix|
        BAD_SUFFIXES.include?(suffix.name)
      end

      public_suffixes.each do |suffix|
        unless suffix.name == orig_suffix
          queue << "#{domain_name}.#{suffix.name}"
        end
      end

      # send stop messages for each sub-task
      params[:concurrency].times do
        queue << nil
      end
    end

    # spawn the sub-tasks
    params[:concurrency].times do
      task.async do
        while (new_domain = queue.dequeue)
          if dns_get_address(new_domain)
            yield Domain.new(new_domain)
          end
        end
      end
    end
  end
end