|
3 | 3 | import hashlib |
4 | 4 | import hmac |
5 | 5 | import os |
6 | | -import socket |
7 | 6 | from binascii import hexlify |
8 | 7 | from datetime import datetime, timedelta |
9 | 8 | from re import sub, I |
10 | 9 | from zipfile import ZipFile |
11 | 10 | from termcolor import colored |
| 11 | +from dns import resolver |
12 | 12 |
|
13 | 13 | from Cryptodome.Hash import MD4 |
14 | 14 | from OpenSSL.SSL import SysCallError |
@@ -701,27 +701,58 @@ def groups(self): |
701 | 701 |
|
702 | 702 | def dc_list(self): |
703 | 703 | # Building the search filter |
| 704 | + resolv = resolver.Resolver() |
| 705 | + if self.args.dns_server: |
| 706 | + resolv.nameservers = [self.args.dns_server] |
| 707 | + else: |
| 708 | + resolv.nameservers = [self.host] |
| 709 | + resolv.timeout = self.args.dns_timeout |
| 710 | + |
704 | 711 | search_filter = "(&(objectCategory=computer)(primaryGroupId=516))" |
705 | 712 | attributes = ["dNSHostName"] |
706 | 713 | resp = self.search(search_filter, attributes, 0) |
| 714 | + resp_parse = parse_result_attributes(resp) |
707 | 715 |
|
708 | | - for item in resp: |
709 | | - if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True: |
710 | | - continue |
711 | | - name = "" |
| 716 | + for item in resp_parse: |
| 717 | + name = item.get("dNSHostName", "") # Get dNSHostName attribute or empty string |
712 | 718 | try: |
713 | | - for attribute in item["attributes"]: |
714 | | - if str(attribute["type"]) == "dNSHostName": |
715 | | - name = str(attribute["vals"][0]) |
716 | | - try: |
717 | | - ip_address = socket.gethostbyname(name.split(".")[0]) |
718 | | - if ip_address is not True and name != "": |
719 | | - self.logger.highlight(f"{name} = {colored(ip_address, host_info_colors[0])}") |
720 | | - except socket.gaierror: |
721 | | - self.logger.fail(f"{name} = Connection timeout") |
| 719 | + # Resolve using DNS server for A, AAAA, CNAME, PTR, and NS records |
| 720 | + if name: |
| 721 | + found_record = False # Flag to check if any record is found |
| 722 | + |
| 723 | + for record_type in ["A", "AAAA", "CNAME", "PTR", "NS"]: |
| 724 | + if found_record: |
| 725 | + break # If a record has been found, stop checking further |
| 726 | + |
| 727 | + try: |
| 728 | + answers = resolv.resolve(name, record_type, tcp=self.args.dns_tcp) |
| 729 | + for rdata in answers: |
| 730 | + if record_type in ["A", "AAAA"]: |
| 731 | + ip_address = rdata.to_text() |
| 732 | + self.logger.highlight(f"{name} = {colored(ip_address, host_info_colors[0])}") |
| 733 | + found_record = True # Set flag to true since a record is found |
| 734 | + elif record_type == "CNAME": |
| 735 | + self.logger.highlight(f"{name} CNAME = {colored(rdata.to_text(), host_info_colors[0])}") |
| 736 | + found_record = True |
| 737 | + elif record_type == "PTR": |
| 738 | + self.logger.highlight(f"{name} PTR = {colored(rdata.to_text(), host_info_colors[0])}") |
| 739 | + found_record = True |
| 740 | + elif record_type == "NS": |
| 741 | + self.logger.highlight(f"{name} NS = {colored(rdata.to_text(), host_info_colors[0])}") |
| 742 | + found_record = True |
| 743 | + except resolv.NXDOMAIN: |
| 744 | + self.logger.fail(f"{name} = Host not found (NXDOMAIN)") |
| 745 | + except resolv.Timeout: |
| 746 | + self.logger.fail(f"{name} = Connection timed out") |
| 747 | + except resolv.NoAnswer: |
| 748 | + self.logger.fail(f"{name} = DNS server did not respond") |
| 749 | + except Exception as e: |
| 750 | + self.logger.fail(f"{name} encountered an unexpected error: {e}") |
| 751 | + else: |
| 752 | + self.logger.fail("dNSHostName value is empty, unable to process.") |
722 | 753 | except Exception as e: |
723 | | - self.logger.fail("Exception:", exc_info=True) |
724 | | - self.logger.fail(f"Skipping item, cannot process due to error {e}") |
| 754 | + self.logger.fail("General Error:", exc_info=True) |
| 755 | + self.logger.fail(f"Skipping item(dNSHostName) {name}, error: {e}") |
725 | 756 |
|
726 | 757 | def active_users(self): |
727 | 758 | if len(self.args.active_users) > 0: |
|
0 commit comments