Using a list of common host names that I update when ever I find a new one through a zone transfer. I make a script to do host name.domain.com
Here is my Hostname list.
www
www2
mail
smtp
pop3
mailgw
proxy
vpn
ssl
imap
ns1
ns2
router
cisco
conf
exchange
isa
juniper
gopher
irc
Next I wrote the script to query the file for certain domains.
#!/bin/bash
for name in $(cat names.txt);do
host $name.docstar.com | grep "has address"
done
The output will give you the list of resolved names
docstar.com has address 50.57.86.180
www2.docstar.com has address 67.215.65.132
mail.docstar.com has address 206.17.147.38
smtp.docstar.com has address 67.215.65.132
pop3.docstar.com has address 67.215.65.132
mailgw.docstar.com has address 67.215.65.132
proxy.docstar.com has address 67.215.65.132
vpn.docstar.com has address 67.215.65.132
ssl.docstar.com has address 67.215.65.132
imap.docstar.com has address 67.215.65.132
ns1.docstar.com has address 67.215.65.132
ns2.docstar.com has address 67.215.65.132
router.docstar.com has address 67.215.65.132
cisco.docstar.com has address 67.215.65.132
conf.docstar.com has address 67.215.65.132
exchange.docstar.com has address 67.215.65.132
isa.docstar.com has address 67.215.65.132
juniper.docstar.com has address 67.215.65.132
gopher.docstar.com has address 67.215.65.132
irc.docstar.com has address 67.215.65.132
Just to clean it up I will throw cut in the script using a delimiter of a space and use field 4
|cut -d " " -f4
Next I'll output it to a file
>>docstarip.txt
cat docstarip.txt | sort -u
206.17.147.38
50.57.86.180
67.215.65.132
Monday, July 2, 2012
Friday, June 29, 2012
IP Enumeration
Now to find the IP addresses of the yahoo hosts we piped into yahoohost.txt
I'm going to make a quick bash script to retrieve the IP addresses.
[root@localhost yahoo]# nano yahooip.sh
#!/bin/bash
for hostname in $(cat yahoohost.txt); do
host $hostname
done
[root@localhost yahoo]# chmod 775 yahooip.sh
Now after doing this that output isn't that pretty to say the least I'll get aliases
"www.yahoo.com is an alias for fd-fp3.wg1.b.yahoo.com."
and other garbage so lets clean up the script a little bit.
#!/bin/bash
for hostname in $(cat yahoohost.txt); do
host $hostname | grep " has address"
done
It is better
"any-ycpi-uno.aycpi.b.yahoodns.net has address 98.136.145.152"
to clean this up we can use cut using space as a delimiter and use the 4th field.
Now we get a list of IP's many duplicates for some reason when I put | sort -u in the the script it does not work. If anyone knows how to do this let me know.
So I just pipe the IP's into yahooip.txt
[root@localhost yahoo]# ./yahooip.sh >yahooip.txt
Then cat it out using | sort -u
[root@localhost yahoo]# cat yahooip.txt | sort -u
216.115.101.178
216.115.101.179
74.6.117.48
74.6.238.254
76.13.115.116
98.136.145.152
98.136.145.153
98.136.145.154
98.136.145.155
98.136.145.156
98.136.145.157
98.136.70.45
98.136.78.47
98.137.220.33
98.139.138.100
98.139.169.19
98.139.183.24
98.139.235.15
98.139.241.94
98.139.52.59
That is it we have enumerated IP's for the hostnames we got.
I'm going to make a quick bash script to retrieve the IP addresses.
[root@localhost yahoo]# nano yahooip.sh
#!/bin/bash
for hostname in $(cat yahoohost.txt); do
host $hostname
done
[root@localhost yahoo]# chmod 775 yahooip.sh
Now after doing this that output isn't that pretty to say the least I'll get aliases
"www.yahoo.com is an alias for fd-fp3.wg1.b.yahoo.com."
and other garbage so lets clean up the script a little bit.
#!/bin/bash
for hostname in $(cat yahoohost.txt); do
host $hostname | grep " has address"
done
It is better
"any-ycpi-uno.aycpi.b.yahoodns.net has address 98.136.145.152"
to clean this up we can use cut using space as a delimiter and use the 4th field.
Now we get a list of IP's many duplicates for some reason when I put | sort -u in the the script it does not work. If anyone knows how to do this let me know.
So I just pipe the IP's into yahooip.txt
[root@localhost yahoo]# ./yahooip.sh >yahooip.txt
Then cat it out using | sort -u
[root@localhost yahoo]# cat yahooip.txt | sort -u
216.115.101.178
216.115.101.179
74.6.117.48
74.6.238.254
76.13.115.116
98.136.145.152
98.136.145.153
98.136.145.154
98.136.145.155
98.136.145.156
98.136.145.157
98.136.70.45
98.136.78.47
98.137.220.33
98.139.138.100
98.139.169.19
98.139.183.24
98.139.235.15
98.139.241.94
98.139.52.59
That is it we have enumerated IP's for the hostnames we got.
Thursday, June 28, 2012
Bash Text Manipulation
I've been trying to get into programing so I've decided to start with some scripting to automate some Enumeration. I originally started with Bash Text Manipulation here is an example I did using yahoo, to enumerate hosts.
[root@localhost yahoo]# wget yahoo.com
--15:37:08-- http://yahoo.com/
=> `index.html'
Resolving yahoo.com... 98.139.183.24, 72.30.38.140, 209.191.122.70
Connecting to yahoo.com|98.139.183.24|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.yahoo.com/ [following]
--15:37:09-- http://www.yahoo.com/
=> `index.html'
Resolving www.yahoo.com... 98.139.183.24, 2001:4998:f00b:1fe::3001, 2001:4998:f00b:1fe::3000
Connecting to www.yahoo.com|98.139.183.24|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
[ <=> ] 225,798 177.62K/s
15:37:10 (177.13 KB/s) - `index.html' saved [225798]
[root@localhost yahoo]# cat index.html | grep href | cut -d "/" -f3 | grep yahoo.com | cut -d '"' -f1 | sort -u
apps.search.yahoo.com
autos.yahoo.com
everything.yahoo.com
finance.yahoo.com
images.search.yahoo.com
info.yahoo.com
local.search.yahoo.com
login.yahoo.com
movies.yahoo.com
music.yahoo.com
news.yahoo.com
omg.yahoo.com
screen.yahoo.com
search.yahoo.com
shine.yahoo.com
shopping.yahoo.com
sports.yahoo.com
tools.search.yahoo.com
tv.yahoo.com
video.search.yahoo.com
weather.yahoo.com
www.yahoo.com
So just to explain what I did here; I'm going to take a link out of the index.html and break it down.
a href="http://weather.yahoo.com/redirwoei/12760452"
So I'm out putting anything that contains href in index.html as shown above.
Next I'm cutting using a delimiter of / and I only want the information from field 3.
The 1st field would be” a href="http:/"
The 2nd field would be "/"
The 3rd field would be weather.yahoo.com/"
Next I'm telling it only to output yahoo.com domain since there were links to imgur and etc.
Now this is pretty good but I do get some stragglers such as
www.yahoo.com">
www.yahoo.com">
So now I will cut using a delimiter of a " since it is a quote I need to surround it by single quotes and I want field 1.
Finally I will sort it by unique and pipe it to a file >yahoohost.txt
[root@localhost yahoo]# wget yahoo.com
--15:37:08-- http://yahoo.com/
=> `index.html'
Resolving yahoo.com... 98.139.183.24, 72.30.38.140, 209.191.122.70
Connecting to yahoo.com|98.139.183.24|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.yahoo.com/ [following]
--15:37:09-- http://www.yahoo.com/
=> `index.html'
Resolving www.yahoo.com... 98.139.183.24, 2001:4998:f00b:1fe::3001, 2001:4998:f00b:1fe::3000
Connecting to www.yahoo.com|98.139.183.24|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
[ <=> ] 225,798 177.62K/s
15:37:10 (177.13 KB/s) - `index.html' saved [225798]
[root@localhost yahoo]# cat index.html | grep href | cut -d "/" -f3 | grep yahoo.com | cut -d '"' -f1 | sort -u
apps.search.yahoo.com
autos.yahoo.com
everything.yahoo.com
finance.yahoo.com
images.search.yahoo.com
info.yahoo.com
local.search.yahoo.com
login.yahoo.com
movies.yahoo.com
music.yahoo.com
news.yahoo.com
omg.yahoo.com
screen.yahoo.com
search.yahoo.com
shine.yahoo.com
shopping.yahoo.com
sports.yahoo.com
tools.search.yahoo.com
tv.yahoo.com
video.search.yahoo.com
weather.yahoo.com
www.yahoo.com
So just to explain what I did here; I'm going to take a link out of the index.html and break it down.
a href="http://weather.yahoo.com/redirwoei/12760452"
So I'm out putting anything that contains href in index.html as shown above.
Next I'm cutting using a delimiter of / and I only want the information from field 3.
The 1st field would be” a href="http:/"
The 2nd field would be "/"
The 3rd field would be weather.yahoo.com/"
Next I'm telling it only to output yahoo.com domain since there were links to imgur and etc.
Now this is pretty good but I do get some stragglers such as
www.yahoo.com">
www.yahoo.com">
So now I will cut using a delimiter of a " since it is a quote I need to surround it by single quotes and I want field 1.
Finally I will sort it by unique and pipe it to a file >yahoohost.txt
Subscribe to:
Posts (Atom)