diff options
| author | bitform <matt@exploit-monday.com> | 2012-08-07 19:14:11 -0400 |
|---|---|---|
| committer | bitform <matt@exploit-monday.com> | 2012-08-07 19:14:11 -0400 |
| commit | 0ecd7cb158a12ec77d202da8a7392891d7d1707a (patch) | |
| tree | 5278954a7844da4e3992d55fc03d732fd143ed63 /Recon/Invoke-ReverseDnsLookup.ps1 | |
| parent | befc24a6e89ce6ff7d5007e27ba5ad4f1e5029a9 (diff) | |
| download | PowerSploit-0ecd7cb158a12ec77d202da8a7392891d7d1707a.tar.gz PowerSploit-0ecd7cb158a12ec77d202da8a7392891d7d1707a.zip | |
Added Get-HttpStatus and 'Recon' directory
* All recon scripts not live in the 'Recon' directory
* Added Get-HttpStatus - An http[s] enumeration tool
* Added default dictionary for Get-HttpStatus - .\Dictionaries\admin.txt
* Moved Invoke-ReverseDnsLookup to 'Recon'
Diffstat (limited to 'Recon/Invoke-ReverseDnsLookup.ps1')
| -rw-r--r-- | Recon/Invoke-ReverseDnsLookup.ps1 | 193 |
1 files changed, 193 insertions, 0 deletions
diff --git a/Recon/Invoke-ReverseDnsLookup.ps1 b/Recon/Invoke-ReverseDnsLookup.ps1 new file mode 100644 index 0000000..af45f2e --- /dev/null +++ b/Recon/Invoke-ReverseDnsLookup.ps1 @@ -0,0 +1,193 @@ +function Invoke-ReverseDnsLookup
+{
+
+<#
+.Synopsis
+
+ PowerSploit Module - Invoke-ReverseDnsLookup
+ Author: Matthew Graeber (@mattifestation)
+ License: BSD 3-Clause
+
+.Description
+
+ Invoke-ReverseDnsLookup scans an IP address range for DNS PTR records. This script
+ is useful for performing DNS reconnaisance prior to conducting an authorized
+ penetration test.
+
+.Parameter IPRange
+
+ Specifies the IP address range. The range provided can be in the form of a single
+ IP address, a low-high range, or a CIDR range. Comma-delimited ranges may can be
+ provided.
+
+.Example
+
+ PS> Invoke-ReverseDnsLookup 74.125.228.0/29
+
+ IP HostName
+ -- --------
+ 74.125.228.1 iad23s05-in-f1.1e100.net
+ 74.125.228.2 iad23s05-in-f2.1e100.net
+ 74.125.228.3 iad23s05-in-f3.1e100.net
+ 74.125.228.4 iad23s05-in-f4.1e100.net
+ 74.125.228.5 iad23s05-in-f5.1e100.net
+ 74.125.228.6 iad23s05-in-f6.1e100.net
+
+ Description
+ -----------
+ Returns the hostnames of the IP addresses specified by the CIDR range.
+
+.Example
+
+ PS> Invoke-ReverseDnsLookup '74.125.228.1,74.125.228.4-74.125.228.6'
+
+ IP HostName
+ -- --------
+ 74.125.228.1 iad23s05-in-f1.1e100.net
+ 74.125.228.4 iad23s05-in-f4.1e100.net
+ 74.125.228.5 iad23s05-in-f5.1e100.net
+ 74.125.228.6 iad23s05-in-f6.1e100.net
+
+ Description
+ -----------
+ Returns the hostnames of the IP addresses specified by the IP range specified.
+
+
+.Link
+
+ My blog: http://www.exploit-monday.com
+#>
+
+Param( [Parameter(Position = 0, Mandatory = $True)] [String] $IpRange )
+
+ function Parse-IPList ([String] $IpRange)
+ {
+
+ function IPtoInt
+ {
+ Param([String] $IpString)
+
+ $Hexstr = ""
+ $Octets = $IpString.Split(".")
+ foreach ($Octet in $Octets) {
+ $Hexstr += "{0:X2}" -f [Int] $Octet
+ }
+ return [Convert]::ToInt64($Hexstr, 16)
+ }
+
+ function InttoIP
+ {
+ Param([Int64] $IpInt)
+ $Hexstr = $IpInt.ToString("X8")
+ $IpStr = ""
+ for ($i=0; $i -lt 8; $i += 2) {
+ $IpStr += [Convert]::ToInt64($Hexstr.SubString($i,2), 16)
+ $IpStr += '.'
+ }
+ return $IpStr.TrimEnd('.')
+ }
+
+ $Ip = [System.Net.IPAddress]::Parse("127.0.0.1")
+
+ foreach ($Str in $IpRange.Split(","))
+ {
+ $Item = $Str.Trim()
+ $Result = ""
+ $IpRegex = "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
+
+ # First, validate the input
+ switch -regex ($Item)
+ {
+ "^$IpRegex/\d{1,2}$"
+ {
+ $Result = "cidrRange"
+ break
+ }
+ "^$IpRegex-$IpRegex$"
+ {
+ $Result = "range"
+ break
+ }
+ "^$IpRegex$"
+ {
+ $Result = "single"
+ break
+ }
+ default
+ {
+ Write-Warning "Inproper input"
+ return
+ }
+ }
+
+ #Now, start processing the IP addresses
+ switch ($Result)
+ {
+ "cidrRange"
+ {
+ $CidrRange = $Item.Split("/")
+ $Network = $CidrRange[0]
+ $Mask = $CidrRange[1]
+
+ if (!([System.Net.IPAddress]::TryParse($Network, [ref] $Ip))) { Write-Warning "Invalid IP address supplied!"; return}
+ if (($Mask -lt 0) -or ($Mask -gt 30)) { Write-Warning "Invalid network mask! Acceptable values are 0-30"; return}
+
+ $BinaryIP = [Convert]::ToString((IPtoInt $Network),2).PadLeft(32,'0')
+ #Generate lower limit (Excluding network address)
+ $Lower = $BinaryIP.Substring(0, $Mask) + "0" * ((32-$Mask)-1) + "1"
+ #Generate upperr limit (Excluding broadcast address)
+ $Upper = $BinaryIP.Substring(0, $Mask) + "1" * ((32-$Mask)-1) + "0"
+ $LowerInt = [Convert]::ToInt64($Lower, 2)
+ $UpperInt = [Convert]::ToInt64($Upper, 2)
+ for ($i = $LowerInt; $i -le $UpperInt; $i++) { InttoIP $i }
+ }
+ "range"
+ {
+ $Range = $item.Split("-")
+
+ if ([System.Net.IPAddress]::TryParse($Range[0],[ref]$Ip)) { $Temp1 = $Ip }
+ else { Write-Warning "Invalid IP address supplied!"; return }
+
+ if ([System.Net.IPAddress]::TryParse($Range[1],[ref]$Ip)) { $Temp2 = $Ip }
+ else { Write-Warning "Invalid IP address supplied!"; return }
+
+ $Left = (IPtoInt $Temp1.ToString())
+ $Right = (IPtoInt $Temp2.ToString())
+
+ if ($Right -gt $Left) {
+ for ($i = $Left; $i -le $Right; $i++) { InttoIP $i }
+ }
+ else { Write-Warning "Invalid IP range. The right portion must be greater than the left portion."; return}
+
+ break
+ }
+ "single"
+ {
+ if ([System.Net.IPAddress]::TryParse($Item,[ref]$Ip)) { $Ip.IPAddressToString }
+ else { Write-Warning "Invalid IP address supplied!"; return }
+ break
+ }
+ default
+ {
+ Write-Warning "An error occured."
+ return
+ }
+ }
+ }
+
+ }
+
+ Parse-IPList $IpRange | ForEach-Object {
+ try {
+ $Temp = [System.Net.Dns]::GetHostEntry($_)
+
+ $Result = @{
+ IP = $_
+ HostName = $Temp.HostName
+ }
+
+ New-Object PSObject -Property $Result
+ } catch [System.Net.Sockets.SocketException] {}
+ }
+
+}
|