#!/usr/bin/perl -w
#
# Copyright (C) 2007, Joshua D. Abraham (jabra@spl0it.org)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
# use strict;
#
# ext_brutedns.pl - extension brute force DNS script
#
# ex: ./ext_brutedns.pl -d google.com
#
# ex: ./ext_brutedns.pl -d google.com -e extensions.txt
#
use strict;
use Getopt::Long;
use Socket;
use vars qw( $PROG );
( $PROG = $0 ) =~ s/^.*[\/\\]//;    # Truncate calling path from the prog name
my $AUTH    = 'Joshua D. Abraham';  # author
my $EMAIL   = 'jabra@spl0it.org';   # email
my $VERSION = '1.00';               # version
my %options;                        # getopt option hash
my $domain;
my @ext_list;
#
# help:
# display help information
#
sub help {
    print "Usage: $PROG [Input Option] [Option] 
    -d  --domain            Domain to perform the Extension BruteForce against

    -e  --extfile           List of extensions to attempt
    
    -v  --version           Display version
    -h  --help              Display this information
Send Comments to $AUTH ( $EMAIL )\n";
    exit;
}

#
# print_version:
# displays version
#
sub print_version {
    print "$PROG version $VERSION by $AUTH ( $EMAIL )\n";
    exit;
}

#
# extension_bruteforce: domain(Scalar) ext_list(Ref Array) ->
# bruteforce the domain and by replacing the extension with items from the
# the ext list
#
sub extension_bruteforce {
    my ($domain, $extension_list) = @_;    
    $domain =~ s/\.\w+$//g;
    my @output;
    foreach my $extension ( @$extension_list ) {
        my $inet = inet_aton("$domain.$extension");
        if ( defined $inet ) {
            print "$domain.$extension\t\t " . inet_ntoa($inet) .    "\n";
        }
    }
}

GetOptions(
    \%options,
    'domain|d=s', 'extfile|e=s', 
    'help|h'    => sub { help(); },
    'version|v' => sub { print_version(); },
) or exit 1;

if ( $options{domain} ) {
    $domain = $options{domain};
}
else {
    help();
}

if ( $options{extfile} ) {
    if ( -r $options{extfile} ) {
        open(DAT, $options{extfile}) || die("Could not open file!");
        @ext_list=<DAT>;
        close(DAT);
    }
}
else {
    @ext_list = ('com','edu','net','org','co.uk','au','mil','gov','de','xxx','info','tv','biz','cc','cn','name','pro','us','la');
}

extension_bruteforce($domain,\@ext_list);