forked from sosdave/Enumeration-as-a-Service
-
Notifications
You must be signed in to change notification settings - Fork 0
/
eaas.py
executable file
·143 lines (126 loc) · 4.39 KB
/
eaas.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#!/usr/local/bin/python3
import dns.resolver, warnings,sys
from ipwhois import IPWhois
import json
domain = sys.argv[1]
services = set()
txtrecords = {
"docusign":"DocuSign",
"facebook-domain-verification":"Facebook Business Manager",
"google-site-verification":"G Suite",
"adobe-sign-verification":"Adobe Sign",
"atlassian-domain-verification":"Atlassian",
"MS":"Microsoft Office 365",
"adobe-idp-site-verification":"Adobe Enterprise",
"yandex-verification":"Yandex",
"_amazonses":"Amazon Simple Email Services",
"logmein-verification-code":"LogMeIn",
"citrix-verification-code":"Citrix Services",
"pardot":"Salesforce",
"zuora":"Zuora"
}
cnamerecords = {
"autodiscover.":"Microsoft Exchange",
"lyncdiscover.":"Microsoft Lync",
"sip.":"Microsoft SIP Services",
"enterpriseregistration.":"Mobile Device Management (MDM) services",
"enterpriseenrollment.":"Mobile Device Management (MDM) services",
"adfs.":"Active Directory Federated Services",
"sts.":"Security Token Service"
}
asnproviders = {
"MICROSOFT":"Microsoft Corporation",
"GOOGLE":"Google (Alphabet) Corporation",
"AirWatch LLC":"AirWatch Mobile Device Management"
}
cnameproviders = {
"outlook":"Microsoft Office 365 (Managed Exchange)",
"awmdm.com":"Airwatch Mobile Device Management (MDM)",
"lync.com":"Microsoft Hosted Lync"
}
spfrecords = {
"_spf.salesforce.com":"Salesforce.com",
"_spf.google.com":"G Suite",
"protection.outlook.com":"Microsoft Outlook",
"service-now.com":"Service Now",
"mailsenders.netsuite.com":"NetSuite",
"mktomail.com":"Marketo",
"spf.mandrillapp.com":"Mandrill (MailChimp)",
"pphosted.com":"Proof Point",
"zendesk.com":"Zendesk",
"mcsv.net":"MailChimp",
"freshdesk.com":"Freshdesk"
}
mxrecords = {
"google.com":"G Suite",
"googlemail.com":"G Suite",
"pphosted.com":"Proof Point",
"zoho.com":"ZOHO",
"protection.outlook.com":"Microsoft Outlook"
}
misctxt = {
"pardot":"Pardot Business-to-Business Marketing by Salesforce"
}
def displayhelp():
print("EaaS - Enumeration as a Service.")
print("Usage : ./eaas.py [domain]")
# Function to query TXT DNS entries
def querytxt():
answers = dns.resolver.resolve(domain,"TXT")
for rdata in answers:
# Examine various TXT based records for the domain
for key, value in txtrecords.items():
if key in rdata.to_text():
services.add(value)
# Examine SPF records for the domain
for spfkey, spfvalue in spfrecords.items():
if spfkey in rdata.to_text():
services.add(spfvalue)
# Function to query and examine CNAME records for the chosen domain
def querycname():
for key, value in cnamerecords.items():
lookup = key + domain
try:
answers = dns.resolver.resolve(lookup, 'CNAME')
for rdata in answers:
for cnamekey, cnamevalue in cnameproviders.items():
if cnamekey in rdata.target.to_text():
services.add(cnamevalue)
except:
pass
# Function to query and exmaine A records for the chosen domain.
def queryarecords():
for key, value in cnamerecords.items():
lookup = key + domain
try:
answers = dns.resolver.resolve(lookup, 'A')
for rdata in answers:
with warnings.catch_warnings():
warnings.filterwarnings("ignore", category=UserWarning)
obj = IPWhois(str(rdata.address))
results = obj.lookup_rdap()
for asnkey, asnvalue in asnproviders.items():
if asnkey in format(results['asn_description']):
services.add(asnvalue)
except:
pass
# Function to query and examine the MX records for the chosen domain.
def querymxrecords():
try:
answers = dns.resolver.resolve(domain, 'MX')
for rdata in answers:
for mxkey, mxvalue in mxrecords.items():
if mxkey in rdata.exchange.to_text():
services.add(mxvalue)
except:
pass
if __name__ == "__main__":
if len(sys.argv) == 1:
displayhelp()
sys.exit()
else:
querytxt()
querycname()
queryarecords()
querymxrecords()
print(json.dumps(list(services)))