#!/usr/bin/ruby require 'rubygems' require 'optparse' require 'resolv' require 'whois' def resolve_IPs(ip) puts "IP\tDNS Name\talias 1\talias 2\talias 3\talias 4" ip.each do |f| #remove the new_line character from the end of the line while(f["\n"]) f["\n"] = ""; end #start new threads while (Thread.list.length > $mythreads.to_i) do sleep 1 end Thread.new do #resolve the IP success = false begin a = Resolv.getnames(f) #gets all names (aliases) success = true rescue Exception => err success = false puts f + "\tCould_not_resolve_it" + "\t" + "\t"+ "\t" + "\t" #puts "Exception: #{err}" end b = "" if success then #puts each alias in the same line with the IP and the main host name #finds up to 4 aliases for each IP i = 0 a.each do |line| b << "\t" + line i = i+1 break if i==5 end while i< 5 do b << "\t" i = i +1 end puts f + b end #endof if success then end #endof Thread.new do end #endof $hosts.each do |f| join_all end def resolve_DNS_names(host) puts "DNS Name\tIP" host.each do |f| #remove the new_line character from the end of the line while(f["\n"]) f["\n"] = ""; end #start new threads while (Thread.list.length > $mythreads.to_i) do sleep 1 end Thread.new do #resolve the IP success = false begin a = Resolv.getaddresses(f) #gets all names (aliases) success = true rescue Exception => err success = false puts f + "\tCould_not_resolve_it" #puts "Exception: #{err}" end #b = "" if success then print f,"\t",a,"\n" #puts f ,"\t",a end #endof if success then end #endof Thread.new do end #endof $hosts.each do |f| join_all end def read_file(filename) f = File.open(filename, "r") f.each_line do |line| $hosts << line end f.close rescue => err puts "Exception: #{err}" exit() err end def find_whois(ip) puts "start_ip\tend_ip\tnetname\tdescr\tcountry\tirt\temail1\tperson1\temail2\tperson2\temail3\tperson3\troute1\tdescr1\torigin1\troute2\tdescr2\torigin2" ip.each do |f| #remove the new_line character from the end of the line while(f["\n"]) f["\n"] = ""; end while (Thread.list.length > $mythreads.to_i) do sleep 1 end Thread.new do success = false tries = 0 begin tries += 1 s = Whois.lookup(f) success = true rescue Exception => err if (tries < 5) then puts "attempt " + tries.to_s + " failed for IP: " + f.to_s sleep(20*tries + rand(15)) retry else puts "Exception: #{err}" exit() end end #string initialisations start_ip, inetnum = "", "" #dns = "\t" netname, country, irt, email1, email2, email3, person1, person2, person3, descr, descr1, descr2, route1, route2, end_ip, origin1, origin2 = "\t", "\t", "\t", "\t", "\t", "\t", "\t", "\t", "\t", "\t", "\t", "\t", "\t", "\t", "\t", "\t", "\t" #find dns server names for the inet first #s.to_s.each_line do |line| # if line =~ /\d\d?\d?[.]\d\d\d[.]\d\d?\d?[.]\d\d?\d?/ then #if dns == "\t" then # dns = dns + $~.to_s #else # dns = dns + ", " + $~.to_s #end #end #end #print s,"\n" s.to_s.each_line do |line| if line["inet"] then inetnum << line.split[1..-1].to_s if inetnum.include? '-' then start_ip = inetnum.split("-")[0] end_ip << inetnum.split("-")[1] end end if line["netname:"] then netname << line.split[1..-1].to_s end if line["country:"] then country << line.split[1..-1].to_s end if line["irt:"] then if irt == "\t" then irt << line.split[1..-1].to_s end end if line["e-mail:"] then if email1 == "\t" then email1 << line.split[1..-1].to_s else if email2 == "\t" then email2 << line.split[1..-1].to_s else if email3 == "\t" then email3 << line.split[1..-1].to_s end end end end if line["person:"] then if person1 == "\t" then person1 << line.split[1..-1].to_s else if person2 == "\t" then person2 << line.split[1..-1].to_s else if person3 == "\t" then person3 << line.split[1..-1].to_s end end end end if line["route"] then if route1 == "\t" then route1 << line.split[1..-1].to_s else if route2 == "\t" then route2 << line.split[1..-1].to_s end #route = route + " " + line.split[1..-1].to_s end end if line["descr:"] then if route1 == "\t" then if descr == "\t" then descr << line.split[1..-1].to_s else descr << ", " << line.split[1..-1].to_s end else if route2 == "\t" then descr1 << line.split[1..-1].to_s else if descr2 == "\t" then descr2 << line.split[1..-1].to_s end end end end if line["origin:"] then if route2 == "\t" then origin1 << line.split[1..-1].to_s else if origin2 == "\t" then origin2 << line.split[1..-1].to_s end end end end #mywhois = start_ip + end_ip + netname + descr + country + irt + email + person + route + descr2 + dns if inetnum.include? '-' then mywhois = start_ip + end_ip + netname + descr + country + irt + email1 + person1 + email2 + person2 + email3 + person3 + route1 + descr1 + origin1 + route2 + descr2 + origin2 else mywhois = inetnum + netname + descr + country + irt + email1 + person1 + email2 + person2 + email3 + person3 + route1 + descr1 + origin1 + route2 + descr2 + origin2 end puts mywhois end end join_all end #this function joins all threads in order not to exit from main function if not all of them finish! def join_all main = Thread.main current = Thread.current all=Thread.list all.each {|t| t.join unless t == current or t == main} end #initialise global variable $mythreads = 10 #default number of threads #let's define the options now if ARGV.length == 0 then puts "-h Displays the help screen" exit() end # This hash will hold all of the options parsed from the command-line by OptionParser. options = {} optparse = OptionParser.new do|opts| # Set a banner, displayed at the top of the help screen. opts.banner = "Usage: ./resolver.rb [options] {target specification}" # Define the options, and what they do options[:ips] = nil opts.on( '-i', '--ips ', 'Displays the IPs and the corresponding resolved DNS names. The filename must contain an IP or an IPv6 address per line.' ) do|ips| options[:ips] = ips end options[:ips_whois] = nil opts.on( '-w', '--whois ', 'Displays the results of the whois query per IP. The filename must contain an IP or an IPv6 address per line.' ) do|ips_whois| options[:ips_whois] = ips_whois end options[:dns_name] = nil opts.on( '-d', '--dns_name ', 'Displays the DNS names and the corresponding IPs. The filename must contain an FQDN per line.' ) do|dns_name| options[:dns_name] = dns_name end options[:threads] = nil opts.on( '-t', '--threads ', 'Define the number of concurrent threads - default 10' ) do|threads| options[:threads] = threads end # This displays the help screen opts.on( '-h', '--help', 'Display this screen' ) do puts "whois_resolver .3" puts "By Antonios Atlasis \nEmail: aatlasis@secfu.net" puts "This is a simple tool writen for resolving IPs, DNS and quering whois." puts opts exit() end end optparse.parse! if options[:threads] then $mythreads = options[:threads] end if options[:ips] then filename = options[:ips] $hosts = Array.new() read_file(filename) resolve_IPs($hosts) end if options[:dns_name] then filename = options[:dns_name] $hosts = Array.new() read_file(filename) resolve_DNS_names($hosts) end if options[:ips_whois] then filename = options[:ips_whois] $hosts = Array.new() read_file(filename) find_whois($hosts) end