Hey, I've got a script that I'm having trouble getting to work -- the idea of it is that it runs through a list/file of words and attempts to look each one up as a subdomain to the host you give the script as an argument.. in the code I have a reverse lookup option that does a gethostbyaddr() on the address returned by the original gethostbyname() (this is done if the reverse lookup flag is specific, of course). Anyway I've stripped down the code and left only what's needed to re-create the issue:
Code:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/socket.h>
#include <netinet/in.h>
int checkDomain(char *);
int wstrip(char *);
int usage(char *);
short reverse = 0, verbose = 0;
int main(int argc, char *argv[])
{
FILE *list;
char *sublist = NULL, *domain = NULL;
char line[256], host[256]; /* if your sub/domain is > 256 chars youre a gay or up to no good */
int opt;
if(argc < 2) {
usage(argv[0]);
}
while((opt = getopt(argc, argv, "hs:rv")) != -1) {
switch(opt) {
case 'h':
usage(argv[0]);
break;
case 's':
sublist = optarg;
break;
case 'r':
reverse = 1;
break;
case 'v':
verbose = 1;
break;
default:
usage(argv[0]);
}
}
domain = argv[argc-1];
wstrip(domain);
if(sublist == NULL) {
fprintf(stderr, "Error: no subdomain list specified. Use -h for help.\n");
return -1;
}
if((list = fopen(sublist, "r")) == NULL) {
fprintf(stderr, "Error: failed to open subdomain list\n");
return -1;
}
printf("\ndomain: %s ...\n\n", domain);
checkDomain(domain);
while(!feof(list)) {
fgets(line, sizeof(line), list);
if((line[0] == '#') || (line[0] == '\n'))
continue;
wstrip(line);
snprintf(host, sizeof(host), "%s.%s", line, domain);
checkDomain(host);
}
printf("\ncomplete ...\n");
fclose(list);
return 0;
}
int checkDomain(char *domain)
{
unsigned long addr;
struct hostent *hent;
if((hent = gethostbyname(domain)) == NULL) {
if(verbose == 1) {
if(h_errno != HOST_NOT_FOUND) {
herror(domain);
}
}
return 0;
}
addr = inet_ntoa(*((struct in_addr *)hent->h_addr));
printf("%-24s %-25s", domain, addr);
if(reverse == 1) {
if((hent = gethostbyaddr((char *)addr, sizeof((char *)addr), AF_INET)) != NULL) {
printf("(%s)\n", (char *)hent->h_name);
}else{
printf("(reverse lookup failed)\n");
}
}else{
printf("\n");
}
return 0;
}
int wstrip(char *str)
{
int i = 0, n;
while((str[i] == ' ') || (str[i] == '\t')) {
i++;
}
if(i > 0) {
for(n = 0; n < strlen(str); n++) {
str[n] = str[n+i];
}
str[n] = '\0';
}
i = strlen(str)-1;
while((str[i] == ' ') || (str[i] == '\t') || (str[i] == '\n')) {
i--;
}
if(i < (strlen(str)-1)) {
str[i++] = '\0';
}
return 0;
}
int usage(char *arg)
{
fprintf(stderr, "test - dns domain guessing script\n");
fprintf(stderr, "usage: %s [opts[args]]\n", arg);
fprintf(stderr, "-s <domain list>\n");
fprintf(stderr, "-r enable reverse lookups\n");
fprintf(stderr, "-h help\n");
fprintf(stderr, "-v verbose mode\n");
exit(0);
}
for testing purposes, save the following as, well, anything, and use it as your <domain list>:
Code:
# example subdomain list
www
home
ftp
ns1
shop
shopping
buy
stores
store
secure
forums
beta
example output:
Code:
code@devdeb ~
$ ./subscan -s example.lst -r amazon.com
domain: amazon.com ...
amazon.com 207.171.163.90 (reverse lookup failed)
www.amazon.com 207.171.163.90 (reverse lookup failed)
home.amazon.com 207.171.163.90 (reverse lookup failed)
ftp.amazon.com 207.171.165.22 (reverse lookup failed)
ns1.amazon.com 207.171.178.132 (reverse lookup failed)
shop.amazon.com 207.171.166.23 (reverse lookup failed)
shopping.amazon.com 207.171.166.23 (reverse lookup failed)
buy.amazon.com 207.171.166.23 (reverse lookup failed)
stores.amazon.com 207.171.166.23 (reverse lookup failed)
store.amazon.com 207.171.166.23 (reverse lookup failed)
secure.amazon.com 207.171.163.91 (reverse lookup failed)
forums.amazon.com 207.171.163.18 (reverse lookup failed)
beta.amazon.com 207.171.181.17 (reverse lookup failed)
complete ...
code@devdeb ~
$
so... yeah... obviously gethostbyaddr() keeps returning NULL, justifying the "(reverse lookup failed)" but I can't figure out why it's doing this, or how to fix it. I've tried it with dozens of domains so i know the domain itself isn't an issue. *shrug* I have the feeling it's something small that I'm overlooking. I dont know, help appreciated.