From b05fa73efd1c5021513f1df9b2298dfd93901bb4 Mon Sep 17 00:00:00 2001 From: ozzi- Date: Thu, 28 Sep 2017 11:20:35 +0200 Subject: [PATCH] major refactoring --- src/hiJack/HiJack.java | 33 +++++++-------------- src/hiJack/Main.java | 30 ++++++++++++------- src/hiJack/ProcessToScanner.java | 17 +++++++++++ src/hiJack/SubdomainDork.java | 50 +++++++++++++------------------- 4 files changed, 68 insertions(+), 62 deletions(-) create mode 100644 src/hiJack/ProcessToScanner.java diff --git a/src/hiJack/HiJack.java b/src/hiJack/HiJack.java index ce36ae1..382d1ae 100644 --- a/src/hiJack/HiJack.java +++ b/src/hiJack/HiJack.java @@ -1,22 +1,16 @@ package hiJack; -import java.io.InputStream; import java.util.HashSet; import java.util.Scanner; public class HiJack { - public static void searchForCNamesHijacks(HashSet subdomainSet, String dnsIPP) { + public static void searchForCNamesHijacks(String target, HashSet subdomainSet, String dnsIPP) { boolean found=false; - for (String string : subdomainSet) { + for (String subdomain : subdomainSet) { try { String dnsIP = (dnsIPP==null)?"":" @"+dnsIPP; - Process extProc = Runtime.getRuntime().exec("dig " + string+dnsIP); - extProc.waitFor(); - - InputStream theInputStream = extProc.getInputStream(); - Scanner scannerNoDelimiter = new java.util.Scanner(theInputStream); - Scanner scanner = scannerNoDelimiter.useDelimiter("\\A"); + Scanner scanner = ProcessToScanner.run("dig " + subdomain+dnsIP); if (scanner.hasNext()) { String digResult = scanner.next(); @@ -29,8 +23,9 @@ public static void searchForCNamesHijacks(HashSet subdomainSet, String d String from = digLine.substring(0, fromEnd); int toStart = digLine.indexOf("CNAME") + "CNAME".length()+1; String to = digLine.substring(toStart); - if(isURLRegistered(to)){ - System.out.println("Found potential hijack: "+from + " CNAME " + to); + if(!isURLRegistered(to)){ + String potential = to.endsWith(target+".")?"potential":"actual"; + System.out.println("Found "+potential+" hijack: "+from + " CNAME " + to); found=true; } } @@ -38,7 +33,6 @@ public static void searchForCNamesHijacks(HashSet subdomainSet, String d } } scanner.close(); - scannerNoDelimiter.close(); } catch (Exception e) { e.printStackTrace(); } @@ -54,24 +48,19 @@ public static void searchForCNamesHijacks(HashSet subdomainSet, String d */ public static boolean isURLRegistered(String to) { try { - Process extProc = Runtime.getRuntime().exec("nslookup " + to); - extProc.waitFor(); - InputStream theInputStream = extProc.getInputStream(); - Scanner scanner = new java.util.Scanner(theInputStream); - - java.util.Scanner theScanner = scanner.useDelimiter("\\A"); - if (theScanner.hasNext()) { - String theReadBuffer = theScanner.next(); + Scanner scanner = ProcessToScanner.run("nslookup " + to); + if (scanner.hasNext()) { + String theReadBuffer = scanner.next(); // jackpot if(theReadBuffer.contains("** server can't find")){ scanner.close(); - return true; + return false; } } scanner.close(); } catch (Exception e) { e.printStackTrace(); } - return false; + return true; } } diff --git a/src/hiJack/Main.java b/src/hiJack/Main.java index 3733f7e..346a2c2 100644 --- a/src/hiJack/Main.java +++ b/src/hiJack/Main.java @@ -12,12 +12,27 @@ public static void main(String[] args) { String listPath = getListArg(args); String dnsIP = getDNSIPArg(args); - System.out.println("Starting"); - + System.out.println("Dorking subdomains for "+target); HashSet subdomainSet = SubdomainDork.runCRTSH(target); System.out.println(subdomainSet.size()+ " subdomains found via crt.sh dork"); + System.out.println(""); + int dorkSDCount = subdomainSet.size(); + subdomainSet = loadList(listPath, subdomainSet, dorkSDCount); + System.out.println(""); SubdomainDork.runAXFR(target,dnsIP); + + + System.out.println(subdomainSet.size()+" total number of subdomains that will be checked"); + System.out.println(subdomainSet.toString()); + System.out.println(""); + + HiJack.searchForCNamesHijacks(target,subdomainSet,dnsIP); + + System.out.println("Done"); + } + + private static HashSet loadList(String listPath, HashSet subdomainSet, int dorkSDCount) { if (listPath != null) { int lPC = 0; Scanner s; @@ -29,19 +44,14 @@ public static void main(String[] args) { } s.close(); } catch (FileNotFoundException e) { - e.printStackTrace(); + System.err.println("Could not load list file: "+e.getMessage()); + System.out.println(""); } System.out.println(lPC+" subdomains provided via list " + listPath + ", effectively added: " + (subdomainSet.size() - dorkSDCount)); } - System.out.println(subdomainSet.size()+" total number of subdomains that will be checked"); - System.out.println(subdomainSet.toString()); - System.out.println(""); - - HiJack.searchForCNamesHijacks(subdomainSet,dnsIP); - - System.out.println("Done"); + return subdomainSet; } private static String getTargetArg(String[] args) { diff --git a/src/hiJack/ProcessToScanner.java b/src/hiJack/ProcessToScanner.java new file mode 100644 index 0000000..a367676 --- /dev/null +++ b/src/hiJack/ProcessToScanner.java @@ -0,0 +1,17 @@ +package hiJack; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Scanner; + +public class ProcessToScanner { + public static Scanner run(String cmd) throws IOException, InterruptedException { + java.lang.Process extProc = Runtime.getRuntime().exec(cmd); + extProc.waitFor(); + InputStream theInputStream = extProc.getInputStream(); + @SuppressWarnings("resource") + Scanner scanner = new java.util.Scanner(theInputStream); + Scanner theScanner = scanner.useDelimiter("\\A"); + return theScanner; + } +} diff --git a/src/hiJack/SubdomainDork.java b/src/hiJack/SubdomainDork.java index 666732e..ac98d90 100644 --- a/src/hiJack/SubdomainDork.java +++ b/src/hiJack/SubdomainDork.java @@ -1,5 +1,4 @@ package hiJack; -import java.io.InputStream; import java.util.HashSet; import java.util.Scanner; @@ -15,7 +14,6 @@ public class SubdomainDork { */ public static HashSet runCRTSH(String target){ HashSet subdomainSet = new HashSet(); - try { String html = HTTP.get("https://crt.sh/?q=%25."+target); Document doc = Jsoup.parse(html); @@ -44,26 +42,19 @@ public static HashSet runAXFR(String target, String dnsIPP){ try { HashSet NSSet = getNSOfTarget(target,dnsIPP); System.out.println("Testing for AXFR transfer with "+NSSet.toString()); - String dnsIP = (dnsIPP==null)?"":" @"+dnsIPP; boolean allFailed=true; + for (String NSIP : NSSet) { boolean failed=false; - Process extProc = Runtime.getRuntime().exec("dig AXFR " + target+" @"+NSIP); - extProc.waitFor(); - InputStream theInputStream = extProc.getInputStream(); - Scanner scanner = new java.util.Scanner(theInputStream); - - java.util.Scanner theScanner = scanner.useDelimiter("\\A"); - if (theScanner.hasNext()) { + Scanner scanner = ProcessToScanner.run("dig AXFR " + target+" @"+NSIP); + if (scanner.hasNext()) { String digResult = scanner.next(); - if(digResult.contains("Transfer failed.") || digResult.contains("connection refused") || digResult.contains("connection timed out") || digResult.contains("network unreachable")){ - failed=true; - } + failed = axfrDigFailed(digResult); } if(!failed){ + // TODO implement logic for getting transfer data System.out.println("AXFR transfer success with "+NSIP+"! TODO implement intel gained here"); allFailed=false; - // TODO implement logic for getting transfer data } scanner.close(); } @@ -79,24 +70,17 @@ public static HashSet runAXFR(String target, String dnsIPP){ private static HashSet getNSOfTarget(String target, String dnsIP){ HashSet nsSet = new HashSet(); try { - dnsIP = (dnsIP==null)?"":" @"+dnsIP; - Process extProc = Runtime.getRuntime().exec("dig " + target+dnsIP); - extProc.waitFor(); - InputStream theInputStream = extProc.getInputStream(); - Scanner scanner = new java.util.Scanner(theInputStream); - - java.util.Scanner theScanner = scanner.useDelimiter("\\A"); - if (theScanner.hasNext()) { + dnsIP = (dnsIP==null)?"":" @"+dnsIP; + Scanner scanner = ProcessToScanner.run("dig " + target+dnsIP); + if (scanner.hasNext()) { String digResult = scanner.next(); String[] digLines = digResult.split("\n"); for (String digLine : digLines) { - if (digLine.contains("NS")) { - if(digLine.indexOf("NS")>5 && digLine.indexOf("NS") getNSOfTarget(String target, String dnsIP){ } return nsSet; } - + private static boolean isActuallyNSLine(String digLine){ + return digLine.indexOf("NS")>5 && digLine.indexOf("NS")