major refactoring

ozzi- · Sep 28, 2017 · b05fa73 · b05fa73
1 parent 737ddc2
commit b05fa73
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 62 deletions.
diff --git a/src/hiJack/HiJack.java b/src/hiJack/HiJack.java
@@ -1,22 +1,16 @@
 package hiJack;
-import java.io.InputStream;
 import java.util.HashSet;
 import java.util.Scanner;
 
 
 public class HiJack {
 
-	public static void searchForCNamesHijacks(HashSet<String> subdomainSet, String dnsIPP) {
+	public static void searchForCNamesHijacks(String target, HashSet<String> subdomainSet, String dnsIPP) {
 		boolean found=false;
-		for (String string : subdomainSet) {
+		for (String subdomain : subdomainSet) {
 			try {
 				String dnsIP = (dnsIPP==null)?"":" @"+dnsIPP;
-				Process extProc = Runtime.getRuntime().exec("dig " + string+dnsIP);
-				extProc.waitFor();
-
-				InputStream theInputStream = extProc.getInputStream();
-				Scanner scannerNoDelimiter = new java.util.Scanner(theInputStream);
-				Scanner scanner = scannerNoDelimiter.useDelimiter("\\A");
+				Scanner scanner = ProcessToScanner.run("dig " + subdomain+dnsIP);
 
 				if (scanner.hasNext()) {
 					String digResult = scanner.next();
@@ -29,16 +23,16 @@ public static void searchForCNamesHijacks(HashSet<String> subdomainSet, String d
 								String from = digLine.substring(0, fromEnd);
 								int toStart = digLine.indexOf("CNAME") + "CNAME".length()+1;
 								String to = digLine.substring(toStart);
-								if(isURLRegistered(to)){
-									System.out.println("Found potential hijack: "+from + " CNAME " + to);
+								if(!isURLRegistered(to)){
+									String potential = to.endsWith(target+".")?"potential":"actual";
+									System.out.println("Found "+potential+" hijack: "+from + " CNAME " + to);
 									found=true;
 								}
 							}
 						}
 					}
 				}
 				scanner.close();
-				scannerNoDelimiter.close();
 			} catch (Exception e) {
 				e.printStackTrace();
 			}
@@ -54,24 +48,19 @@ public static void searchForCNamesHijacks(HashSet<String> subdomainSet, String d
 	 */
 	public static boolean isURLRegistered(String to) {
 		try {
-			Process extProc = Runtime.getRuntime().exec("nslookup " + to);
-			extProc.waitFor();
-			InputStream theInputStream = extProc.getInputStream();
-			Scanner scanner = new java.util.Scanner(theInputStream);
-
-			java.util.Scanner theScanner = scanner.useDelimiter("\\A");
-			if (theScanner.hasNext()) {
-				String theReadBuffer = theScanner.next();
+			Scanner scanner = ProcessToScanner.run("nslookup " + to);
+			if (scanner.hasNext()) {
+				String theReadBuffer = scanner.next();
 				// jackpot
 				if(theReadBuffer.contains("** server can't find")){
 					scanner.close();
-					return true;
+					return false;
 				}
 			}
 			scanner.close();
 		} catch (Exception e) {
 			e.printStackTrace();
 		}
-		return false;
+		return true;
 	}
 }
diff --git a/src/hiJack/Main.java b/src/hiJack/Main.java
@@ -12,12 +12,27 @@ public static void main(String[] args) {
 		String listPath = getListArg(args);
 		String dnsIP = getDNSIPArg(args);
 
-		System.out.println("Starting");
-
+		System.out.println("Dorking subdomains for "+target);
 		HashSet<String> subdomainSet = SubdomainDork.runCRTSH(target);
 		System.out.println(subdomainSet.size()+ " subdomains found via crt.sh dork");
+		System.out.println("");
+
 		int dorkSDCount = subdomainSet.size();
+		subdomainSet = loadList(listPath, subdomainSet, dorkSDCount);
+		System.out.println("");
 		SubdomainDork.runAXFR(target,dnsIP);
+
+
+		System.out.println(subdomainSet.size()+" total number of subdomains that will be checked");
+		System.out.println(subdomainSet.toString());
+		System.out.println("");
+
+		HiJack.searchForCNamesHijacks(target,subdomainSet,dnsIP);
+
+		System.out.println("Done");
+	}
+
+	private static HashSet<String> loadList(String listPath, HashSet<String> subdomainSet, int dorkSDCount) {
 		if (listPath != null) {
 			int lPC = 0;
 			Scanner s;
@@ -29,19 +44,14 @@ public static void main(String[] args) {
 				}
 				s.close();
 			} catch (FileNotFoundException e) {
-				e.printStackTrace();
+				System.err.println("Could not load list file: "+e.getMessage());
+				System.out.println("");
 			}
 			System.out.println(lPC+" subdomains provided via list " + listPath
 					+ ", effectively added: "
 					+ (subdomainSet.size() - dorkSDCount));
 		}
-		System.out.println(subdomainSet.size()+" total number of subdomains that will be checked");
-		System.out.println(subdomainSet.toString());
-		System.out.println("");
-
-		HiJack.searchForCNamesHijacks(subdomainSet,dnsIP);
-
-		System.out.println("Done");
+		return subdomainSet;
 	}
 
 	private static String getTargetArg(String[] args) {

diff --git a/src/hiJack/ProcessToScanner.java b/src/hiJack/ProcessToScanner.java
@@ -0,0 +1,17 @@
+package hiJack;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Scanner;
+
+public class ProcessToScanner {
+	public static Scanner run(String cmd) throws IOException, InterruptedException {
+		java.lang.Process extProc = Runtime.getRuntime().exec(cmd);
+		extProc.waitFor();
+		InputStream theInputStream = extProc.getInputStream();
+		@SuppressWarnings("resource")
+		Scanner scanner = new java.util.Scanner(theInputStream);
+		Scanner theScanner = scanner.useDelimiter("\\A");
+		return theScanner;
+	}
+}
diff --git a/src/hiJack/SubdomainDork.java b/src/hiJack/SubdomainDork.java
@@ -1,5 +1,4 @@
 package hiJack;
-import java.io.InputStream;
 import java.util.HashSet;
 import java.util.Scanner;
 
@@ -15,7 +14,6 @@ public class SubdomainDork {
 	 */
 	public static HashSet<String> runCRTSH(String target){
 		HashSet<String> subdomainSet = new HashSet<String>();
-
 		try {
 			String html = HTTP.get("https://crt.sh/?q=%25."+target);
 			Document doc = Jsoup.parse(html);
@@ -44,26 +42,19 @@ public static HashSet<String> runAXFR(String target, String dnsIPP){
 		try {
 			HashSet<String> NSSet = getNSOfTarget(target,dnsIPP);
 			System.out.println("Testing for AXFR transfer with "+NSSet.toString());
-			String dnsIP = (dnsIPP==null)?"":" @"+dnsIPP;
 			boolean allFailed=true;
+
 			for (String NSIP : NSSet) {
 				boolean failed=false;
-				Process extProc = Runtime.getRuntime().exec("dig AXFR " + target+" @"+NSIP);
-				extProc.waitFor();
-				InputStream theInputStream = extProc.getInputStream();
-				Scanner scanner = new java.util.Scanner(theInputStream);
-
-				java.util.Scanner theScanner = scanner.useDelimiter("\\A");
-				if (theScanner.hasNext()) {
+				Scanner scanner = ProcessToScanner.run("dig AXFR " + target+" @"+NSIP);
+				if (scanner.hasNext()) {
 					String digResult = scanner.next();
-					if(digResult.contains("Transfer failed.") || digResult.contains("connection refused") || digResult.contains("connection timed out") || digResult.contains("network unreachable")){
-						failed=true;
-					}
+					failed = axfrDigFailed(digResult);
 				}
 				if(!failed){
+					// TODO implement logic for getting transfer data
 					System.out.println("AXFR transfer success with "+NSIP+"! TODO implement intel gained here");
 					allFailed=false;
-					// TODO implement logic for getting transfer data
 				}
 				scanner.close();
 			}
@@ -79,24 +70,17 @@ public static HashSet<String> runAXFR(String target, String dnsIPP){
 	private static HashSet<String> getNSOfTarget(String target, String dnsIP){
 		HashSet<String> nsSet = new HashSet<String>();
 		try {
-			dnsIP = (dnsIP==null)?"":" @"+dnsIP;
-			Process extProc = Runtime.getRuntime().exec("dig " + target+dnsIP);
-			extProc.waitFor();
-			InputStream theInputStream = extProc.getInputStream();
-			Scanner scanner = new java.util.Scanner(theInputStream);
-
-			java.util.Scanner theScanner = scanner.useDelimiter("\\A");
-			if (theScanner.hasNext()) {
+			dnsIP = (dnsIP==null)?"":" @"+dnsIP;	
+			Scanner scanner = ProcessToScanner.run("dig " + target+dnsIP);
+			if (scanner.hasNext()) {
 				String digResult = scanner.next();
 				String[] digLines = digResult.split("\n");
 				for (String digLine : digLines) {
-					if (digLine.contains("NS")) {
-						if(digLine.indexOf("NS")>5 && digLine.indexOf("NS")<digLine.length()-4 && Character.isWhitespace(digLine.substring(digLine.indexOf("NS")-1,digLine.indexOf("NS")).charAt(0))) {
-							int toStart = digLine.indexOf("NS") + "NS".length()+1;
-							String to = digLine.substring(toStart);
-							to=to.substring(0, to.length()-1);
-							nsSet.add(to);
-						}
+					if(isActuallyNSLine(digLine)) {
+						int toStart = digLine.indexOf("NS") + "NS".length()+1;
+						String to = digLine.substring(toStart);
+						to=to.substring(0, to.length()-1);
+						nsSet.add(to);
 					}
 				}
 			}
@@ -106,6 +90,12 @@ private static HashSet<String> getNSOfTarget(String target, String dnsIP){
 		}	
 		return nsSet;
 	}
-
 
+	private static boolean isActuallyNSLine(String digLine){
+		return digLine.indexOf("NS")>5 && digLine.indexOf("NS")<digLine.length()-4 && Character.isWhitespace(digLine.substring(digLine.indexOf("NS")-1,digLine.indexOf("NS")).charAt(0));
+	}
+
+	private static boolean axfrDigFailed(String digResult){
+		return (digResult.contains("Transfer failed.") || digResult.contains("connection refused") || digResult.contains("connection timed out") || digResult.contains("network unreachable"));
+	}
 }