udig

package module
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 10, 2023 License: MIT Imports: 20 Imported by: 0

README

Build Status Go Report Card Go Doc FOSSA Status

ÜberDig - dig on steroids

Simple GoLang tool for domain recon.

The purpose of this tool is to provide fast overview of a target domain setup. Several active scanning techniques are employed for this purpose like DNS ping-pong, TLS certificate scraping, WHOIS banner parsing and more. Some tools on the other hand are not - intentionally (e.g. nmap, brute-force, search engines etc.). This is not a full-blown DNS enumerator, but rather something more unobtrusive and fast which can be deployed in long-term experiments with lots of targets.

Feature set:

  • Resolves a given domain to all DNS records of interest
  • Resolves a given domain to a set of WHOIS contacts (selected properties only)
  • Resolves a given domain to a TLS certificate chain
  • Supports automatic NS discovery with custom override
  • Dissects domains from resolutions and resolves them recursively
  • Unobtrusive human-readable CLI output as well as machine readable JSON
  • Supports multiple domains on the input
  • Colorized output
  • Parses domains in HTTP headers
  • Parses domains in Certificate Transparency logs
  • Parses IPs found in SPF record
  • Looks up BGP AS for each discovered IP
  • Looks up GeoIP record for each discovered IP
  • Attempts to detect DNS wildcards
  • Supports graph output

Download as dependency

go get github.com/netrixone/udig

Basic usage

dig := udig.NewUdig()
resolutions := dig.Resolve("example.com")
for _, res := range resolutions {
	...
}

API

                                                         +------------+
                                                         |            |
                                                  +------+    Udig    +-----------------------------------+
Delegates:                                        |      |            |                                   |
                                                  |      +------------+                                   |
                                                  |*                                                      |*
                                      +------------------+                                           +------------+
                                      |  DomainResolver  |                                           | IPResolver |
             +----------------------> +------------------+ <------------------+                      +------------+
             |                        ^      ^           ^                    |                         ^    ^
Implements:  |                  +-----+      |           |                    |                         |    +-------+
             |                  |            |           |                    |                         |            |
     +-------------+ +-------------+ +--------------+ +---------------+ +------------+        +-------------+ +---------------+
     | DNSResolver | | TLSResolver | | HTTPResolver | | WhoisResolver | | CTResolver |        | BGPResolver | | GeoipResolver |
     +-------------+ +-------------+ +--------------+ +---------------+ +------------+        +-------------+ +---------------+
             |              |                |               |             |                            |                |
             |              |                |               |             |                            |                |
Produces:    |              |                |               |             |                            |                |
             |              |                |               |             |                            |                |
             |*             |*               |*              |*            |*                           |*               |*
      +-----------+ +----------------+ +------------+ +--------------+ +-------+                  +----------+   +-------------+
      | DNSRecord | | TLSCertificate | | HTTPHeader | | WhoisContact | | CTLog |                  | ASRecord |   | GeoipRecord |
      +-----------+ +----------------+ +------------+ +--------------+ +-------+                  +----------+   +-------------+

CLI app

Download app

go get github.com/netrixone/udig/cmd/udig

Build from the sources

make or make install

This will also download the latest GeoIP database (IPLocation-lite).

Usage
udig [-h|--help] [-v|--version] [-V|--verbose] [-s|--strict]
            [-d|--domain "<value>"] [--ct:expired] [--ct:from "<value>"]
            [--json]

            ÜberDig - dig on steroids v1.5 by stuchl4n3k

Arguments:

  -h  --help        Print help information
  -v  --version     Print version and exit
  -V  --verbose     Be more verbose
  -s  --strict      Strict domain relation (TLD match)
  -d  --domain      Domain to resolve
      --ct:expired  Collect expired CT logs
      --ct:from     Date to collect logs from. Default: 1 year ago (2022-11-10)
      --json        Output payloads as JSON objects
Demo

udig demo

Dependencies and attributions

License

FOSSA Status

Documentation

Index

Constants

View Source 
const (
	LogLevelDebug = 0
	LogLevelInfo  = 10
	LogLevelErr   = 100
	LogLevelNone  = 1000
)

Logging levels: the smaller value the more verbose the output will be.

View Source 
const DefaultCTApiUrl = "https://crt.sh"
View Source 
const (
	// DefaultTimeout is a default timeout used in all network clients.
	DefaultTimeout = 3 * time.Second
)

Variables

View Source 
var CTApiUrl = DefaultCTApiUrl
View Source 
var CTExclude = "expired"
View Source 
var CTLogFrom = time.Now().AddDate(-1, 0, 0).Format("2006-01-02")
View Source 
var (
	// DefaultDNSQueryTypes is a list of default DNS RR types that we query.
	DefaultDNSQueryTypes = [...]uint16{
		dns.TypeA,
		dns.TypeNS,
		dns.TypeSOA,
		dns.TypeMX,
		dns.TypeTXT,
		dns.TypeSIG,
		dns.TypeKEY,
		dns.TypeAAAA,
		dns.TypeSRV,
		dns.TypeCERT,
		dns.TypeDNAME,
		dns.TypeOPT,
		dns.TypeKX,
		dns.TypeDS,
		dns.TypeRRSIG,
		dns.TypeNSEC,
		dns.TypeDNSKEY,
		dns.TypeNSEC3,
		dns.TypeNSEC3PARAM,
		dns.TypeTKEY,
		dns.TypeTSIG,
		dns.TypeIXFR,
		dns.TypeAXFR,
		dns.TypeMAILB,
		dns.TypeANY,
	}
)
View Source 
var (
	// DefaultHTTPHeaders is a list of default HTTP header names that we look for.
	DefaultHTTPHeaders = [...]string{
		"access-control-allow-origin",
		"alt-svc",
		"content-security-policy",
		"content-security-policy-report-only",
	}
)
View Source 
var (
	// GeoDBPath is a path to IP2Location DB file.
	GeoDBPath = findGeoipDatabase("IP2LOCATION-LITE-DB1.IPV6.BIN")
)
View Source 
var LogLevel = LogLevelDebug

LogLevel contains the actual log level setting.

View Source 
var (
	// SupportedWhoisProperties is a set of WHOIS properties that WhoisResolver honors.
	SupportedWhoisProperties = map[string]bool{
		"registry domain id":        true,
		"registrant":                true,
		"registrant organization":   true,
		"registrant state/province": true,
		"registrant country":        true,

		"registrar":              true,
		"registrar iana id":      true,
		"registrar whois server": true,
		"registrar url":          true,
		"creation date":          true,
		"updated date":           true,
		"registered":             true,
		"changed":                true,
		"expire":                 true,

		"nsset": true,

		"contact": true,
		"name":    true,
		"address": true,
	}
)

Functions

func LogDebug 

func LogDebug(format string, a ...interface{})

LogDebug formats and prints a given log on STDOUT.

func LogErr 

func LogErr(format string, a ...interface{})

LogErr formats and prints a given log on STDERR.

func LogInfo 

func LogInfo(format string, a ...interface{})

LogInfo formats and prints a given log on STDOUT.

func LogPanic 

func LogPanic(format string, a ...interface{})

LogPanic formats and prints a given log on STDERR and panics.

Types

type ASRecord added in v1.3.0 

type ASRecord struct {
	Name      string
	ASN       uint32
	BGPPrefix string
	Registry  string
	Allocated string
}

ASRecord contains information about an Autonomous System (AS).

func (*ASRecord) String added in v1.3.0 

func (record *ASRecord) String() string

type BGPResolution added in v1.3.0 

type BGPResolution struct {
	*ResolutionBase
	Records []ASRecord
}

BGPResolution is a BGP resolution of a given IP yielding AS records.

func (*BGPResolution) Type added in v1.3.0 

func (res *BGPResolution) Type() ResolutionType

Type returns "BGP".

type BGPResolver added in v1.3.0 

type BGPResolver struct {
	IPResolver
	Client *dns.Client
	// contains filtered or unexported fields
}

BGPResolver is a Resolver which is able to resolve an IP to AS name and ASN.

Internally this resolver is leveraging a DNS interface of IP-to-ASN lookup service by Team Cymru.

func NewBGPResolver added in v1.3.0 

func NewBGPResolver() *BGPResolver

NewBGPResolver creates a new BGPResolver with sensible defaults.

func (*BGPResolver) ResolveIP added in v1.3.0 

func (resolver *BGPResolver) ResolveIP(ip string) Resolution

ResolveIP resolves a given IP address to a list of corresponding AS records.

func (*BGPResolver) Type added in v1.3.0 

func (resolver *BGPResolver) Type() ResolutionType

Type returns "BGP".

type CTAggregatedLog added in v1.5.0 

type CTAggregatedLog struct {
	CTLog
	FirstSeen string
	LastSeen  string
}

CTAggregatedLog is a wrapper of a CT log that is aggregated over all logs with the same CN in time.

func (*CTAggregatedLog) String added in v1.5.0 

func (log *CTAggregatedLog) String() string

type CTLog added in v1.5.0 

type CTLog struct {
	Id         int64  `json:"id"`
	IssuerName string `json:"issuer_name"`
	NameValue  string `json:"name_value"`
	LoggedAt   string `json:"entry_timestamp"`
	NotBefore  string `json:"not_before"`
	NotAfter   string `json:"not_after"`
}

CTLog is a wrapper for attributes of interest that appear in the CT log. The json mapping comes from crt.sh API schema.

func (*CTLog) ExtractDomains added in v1.5.0 

func (log *CTLog) ExtractDomains() (domains []string)

func (*CTLog) String added in v1.5.0 

func (log *CTLog) String() string

type CTResolution added in v1.5.0 

type CTResolution struct {
	*ResolutionBase
	Logs []CTAggregatedLog
}

CTResolution is a certificate transparency project resolution, which yields a CT log.

func (*CTResolution) Domains added in v1.5.0 

func (res *CTResolution) Domains() (domains []string)

Domains returns a list of domains discovered in records within this Resolution.

func (*CTResolution) Type added in v1.5.0 

func (res *CTResolution) Type() ResolutionType

Type returns "CT".

type CTResolver added in v1.5.0 

type CTResolver struct {
	DomainResolver
	Client *http.Client
	// contains filtered or unexported fields
}

CTResolver is a Resolver responsible for resolution of a given domain to a list of CT logs.

func NewCTResolver added in v1.5.0 

func NewCTResolver() *CTResolver

NewCTResolver creates a new CTResolver with sensible defaults.

func (*CTResolver) ResolveDomain added in v1.5.0 

func (resolver *CTResolver) ResolveDomain(domain string) Resolution

ResolveDomain resolves a given domain to a list of TLS certificates.

func (*CTResolver) Type added in v1.5.0 

func (resolver *CTResolver) Type() ResolutionType

Type returns "CT".

type DNSRecord added in v1.1.0 

type DNSRecord struct {
	dns.RR
}

DNSRecord is a wrapper for the actual DNS resource record.

func (*DNSRecord) String added in v1.1.0 

func (record *DNSRecord) String() string

type DNSRecordPair 

type DNSRecordPair struct {
	QueryType uint16
	Record    *DNSRecord
}

DNSRecordPair is a pair of DNS record type used in the query and a corresponding record found in the answer.

type DNSResolution 

type DNSResolution struct {
	*ResolutionBase
	Records []DNSRecordPair
	// contains filtered or unexported fields
}

DNSResolution is a DNS multi-query resolution yielding many DNS records in a form of query-answer pairs.

func (*DNSResolution) Domains 

func (res *DNSResolution) Domains() (domains []string)

Domains returns a list of domains discovered in records within this Resolution.

func (*DNSResolution) IPs added in v1.3.0 

func (res *DNSResolution) IPs() (ips []string)

IPs returns a list of IP addresses discovered in this resolution.

func (*DNSResolution) Type 

func (res *DNSResolution) Type() ResolutionType

Type returns "DNS".

type DNSResolver 

type DNSResolver struct {
	DomainResolver
	QueryTypes []uint16
	NameServer string
	Client     *dns.Client
	// contains filtered or unexported fields
}

DNSResolver is a Resolver which is able to resolve a domain to a bunch of the most interesting DNS records.

You can configure which query types are actually used and you can also supply a custom name server. If you don't a name server for each domain is discovered using NS record query, falling back to a local NS (e.g. the one in /etc/resolv.conf).

func NewDNSResolver 

func NewDNSResolver() *DNSResolver

NewDNSResolver creates a new DNS resolver instance pre-populated with sensible defaults.

func (*DNSResolver) ResolveDomain added in v1.3.0 

func (resolver *DNSResolver) ResolveDomain(domain string) Resolution

ResolveDomain attempts to resolve a given domain for every DNS record type defined in resolver.QueryTypes using either a user-supplied name-server or dynamically resolved one for this domain.

func (*DNSResolver) Type 

func (resolver *DNSResolver) Type() ResolutionType

Type returns "DNS".

type DomainRelationFn added in v1.4.0 

type DomainRelationFn func(domainA string, domainB string) bool
var (
	DefaultDomainRelation DomainRelationFn = func(domainA string, domainB string) bool {
		return isDomainRelated(domainA, domainB, false)
	}
	StrictDomainRelation DomainRelationFn = func(domainA string, domainB string) bool {
		return isDomainRelated(domainA, domainB, true)
	}
	IsDomainRelated = DefaultDomainRelation
)

type DomainResolver added in v1.3.0 

type DomainResolver interface {
	ResolveDomain(domain string) Resolution // Resolves a given domain.
}

DomainResolver is an API contract for all Resolver modules that resolve domains. Discovered domains that relate to the original query are recursively resolved.

type GeoRecord added in v1.3.0 

type GeoRecord struct {
	CountryCode string
}

GeoRecord contains information about a geographical location.

func (*GeoRecord) String added in v1.3.0 

func (record *GeoRecord) String() string

type GeoResolution added in v1.3.0 

type GeoResolution struct {
	*ResolutionBase
	Record *GeoRecord
}

GeoResolution is a GeoIP resolution of a given IP yielding geographical records.

func (*GeoResolution) Type added in v1.3.0 

func (res *GeoResolution) Type() ResolutionType

Type returns "BGP".

type GeoResolver added in v1.3.0 

type GeoResolver struct {
	IPResolver
	// contains filtered or unexported fields
}

GeoResolver is a Resolver which is able to resolve an IP to a geographical location.

func NewGeoResolver added in v1.3.0 

func NewGeoResolver() *GeoResolver

NewGeoResolver creates a new GeoResolver with sensible defaults.

func (*GeoResolver) ResolveIP added in v1.3.0 

func (resolver *GeoResolver) ResolveIP(ip string) Resolution

ResolveIP resolves a given IP address to a corresponding GeoIP record.

func (*GeoResolver) Type added in v1.3.0 

func (resolver *GeoResolver) Type() ResolutionType

Type returns "GEO".

type HTTPHeader added in v1.2.0 

type HTTPHeader struct {
	Name  string
	Value []string
}

HTTPHeader is a pair of HTTP header name and corresponding value(s).

func (*HTTPHeader) String added in v1.2.0 

func (header *HTTPHeader) String() string

type HTTPResolution added in v1.2.0 

type HTTPResolution struct {
	*ResolutionBase
	Headers []HTTPHeader
}

HTTPResolution is a HTTP header resolution yielding many HTTP protocol headers.

func (*HTTPResolution) Domains added in v1.2.0 

func (res *HTTPResolution) Domains() (domains []string)

Domains returns a list of domains discovered in records within this Resolution.

func (*HTTPResolution) Type added in v1.2.0 

func (res *HTTPResolution) Type() ResolutionType

Type returns "HTTP".

type HTTPResolver added in v1.2.0 

type HTTPResolver struct {
	DomainResolver
	Headers []string
	Client  *http.Client
}

HTTPResolver is a Resolver responsible for resolution of a given domain to a list of corresponding HTTP headers.

func NewHTTPResolver added in v1.2.0 

func NewHTTPResolver() *HTTPResolver

NewHTTPResolver creates a new HTTPResolver with sensible defaults.

func (*HTTPResolver) ResolveDomain added in v1.3.0 

func (resolver *HTTPResolver) ResolveDomain(domain string) Resolution

ResolveDomain resolves a given domain to a list of corresponding HTTP headers.

func (*HTTPResolver) Type added in v1.2.0 

func (resolver *HTTPResolver) Type() ResolutionType

Type returns "HTTP".

type IPResolver added in v1.3.0 

type IPResolver interface {
	ResolveIP(ip string) Resolution // Resolves a given IP.
}

IPResolver is an API contract for all Resolver modules that resolve IPs.

type Resolution 

type Resolution interface {
	Type() ResolutionType // Returns a type of this resolution.
	Query() string        // Returns the queried domain or IP.
	Domains() []string    // Returns a list of domains discovered in this resolution.
	IPs() []string        // Returns a list of IP addresses discovered in this resolution.
}

Resolution is an API contract for all Resolutions (i.e. results).

type ResolutionBase 

type ResolutionBase struct {
	Resolution `json:"-"`
	// contains filtered or unexported fields
}

ResolutionBase is a shared implementation for all Resolutions (i.e. results).

func (*ResolutionBase) Domains added in v1.3.0 

func (res *ResolutionBase) Domains() (domains []string)

Domains returns a list of domains discovered in this resolution.

func (*ResolutionBase) IPs added in v1.3.0 

func (res *ResolutionBase) IPs() (ips []string)

IPs returns a list of IP addresses discovered in this resolution.

func (*ResolutionBase) Query 

func (res *ResolutionBase) Query() string

Query getter.

type ResolutionType 

type ResolutionType string

ResolutionType is an enumeration type for resolutions types. 

const (
	// TypeDNS is a type of all DNS resolutions.
	TypeDNS ResolutionType = "DNS"

	// TypeWHOIS is a type of all WHOIS resolutions.
	TypeWHOIS ResolutionType = "WHOIS"

	// TypeTLS is a type of all TLS resolutions.
	TypeTLS ResolutionType = "TLS"

	// TypeHTTP is a type of all HTTP resolutions.
	TypeHTTP ResolutionType = "HTTP"

	// TypeCT is a type of all CT resolutions.
	TypeCT ResolutionType = "CT"

	// TypeBGP is a type of all BGP resolutions.
	TypeBGP ResolutionType = "BGP"

	// TypeGEO is a type of all GeoIP resolutions.
	TypeGEO ResolutionType = "GEO"
)

type TLSCertificate added in v1.1.0 

type TLSCertificate struct {
	x509.Certificate
}

TLSCertificate is a wrapper for the actual x509.Certificate.

func (*TLSCertificate) String added in v1.1.0 

func (cert *TLSCertificate) String() string

type TLSResolution 

type TLSResolution struct {
	*ResolutionBase
	Certificates []TLSCertificate
}

TLSResolution is a TLS handshake resolution, which yields a certificate chain.

func (*TLSResolution) Domains 

func (res *TLSResolution) Domains() (domains []string)

Domains returns a list of domains discovered in records within this Resolution.

func (*TLSResolution) Type 

func (res *TLSResolution) Type() ResolutionType

Type returns "TLS".

type TLSResolver 

type TLSResolver struct {
	DomainResolver
	Client *http.Client
}

TLSResolver is a Resolver responsible for resolution of a given domain to a list of TLS certificates.

func NewTLSResolver 

func NewTLSResolver() *TLSResolver

NewTLSResolver creates a new TLSResolver with sensible defaults.

func (*TLSResolver) ResolveDomain added in v1.3.0 

func (resolver *TLSResolver) ResolveDomain(domain string) Resolution

ResolveDomain resolves a given domain to a list of TLS certificates.

func (*TLSResolver) Type 

func (resolver *TLSResolver) Type() ResolutionType

Type returns "TLS".

type Udig 

type Udig interface {
	Resolve(domain string) []Resolution
	AddDomainResolver(resolver DomainResolver)
	AddIPResolver(resolver IPResolver)
}

Udig is a high-level facade for domain resolution which:

  1. delegates work to specific resolvers
  2. deals with domain crawling
  3. caches intermediate results and summarizes the outputs

func NewUdig 

func NewUdig() Udig

NewUdig creates a new Udig instances provisioned with all supported resolvers. You can also supply your own resolvers to the returned instance.

type WhoisContact 

type WhoisContact map[string]string

WhoisContact is just a set of key/value pairs.

Note that all map keys are lowercase intentionally. For a default list of supported properties refer to `udig.SupportedWhoisProperties`.

func (*WhoisContact) String added in v1.1.0 

func (contact *WhoisContact) String() string

type WhoisResolution 

type WhoisResolution struct {
	*ResolutionBase
	Contacts []WhoisContact
}

WhoisResolution is a WHOIS query resolution yielding many contacts.

func (*WhoisResolution) Domains 

func (res *WhoisResolution) Domains() (domains []string)

Domains returns a list of domains discovered in records within this Resolution.

func (*WhoisResolution) Type 

func (res *WhoisResolution) Type() ResolutionType

Type returns "WHOIS".

type WhoisResolver 

type WhoisResolver struct {
	DomainResolver
	Client *whois.Client
}

WhoisResolver is a Resolver responsible for resolution of a given domain to a list of WHOIS contacts.

func NewWhoisResolver 

func NewWhoisResolver() *WhoisResolver

NewWhoisResolver creates a new WhoisResolver instance provisioned with sensible defaults.

func (*WhoisResolver) ResolveDomain added in v1.3.0 

func (resolver *WhoisResolver) ResolveDomain(domain string) Resolution

ResolveDomain attempts to resolve a given domain using WHOIS query yielding a list of WHOIS contacts.

func (*WhoisResolver) Type 

func (resolver *WhoisResolver) Type() ResolutionType

Type returns "WHOIS".

Source Files

View all Source files

Directories

Path Synopsis
cmd
udig

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.