diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e2d4895b..bb4ffe8ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +- Added nameserver check for linux hosts (@0x636f646f) + + ## [5.11.2] - 2024-08-08 - Added Route4Me to sponsor page on Empire (@Cx01N) diff --git a/empire/server/data/module_source/python/discovery/nameserver.py b/empire/server/data/module_source/python/discovery/nameserver.py new file mode 100644 index 000000000..27aa7b895 --- /dev/null +++ b/empire/server/data/module_source/python/discovery/nameserver.py @@ -0,0 +1,72 @@ +#!/usr/bin/env python3 +"""Module for finding local nameserver + +Retrieve the local nameserver from resolv.conf +Author: 0x636f646f +""" + +import glob +import re + + +def check_for_resolv() -> list: + """Check for the resolv.conf file""" + resolv_conf_file = glob.glob('/etc/resolv.conf') + if resolv_conf_file: + return resolv_conf_file + return [] + + +def list_check(resolv_file) -> None: + """Return exception if list empty""" + if resolv_file: + return + if not resolv_file: + raise ValueError('resolv.conf not found!') + + +def nameserver_regex_check(resolv_file) -> str: + """return the nameserver ip""" + pattern = re.compile(rb'^\w+\s(?P\d+\.\d+\.\d+\.\d+)$') + nameserver = None + + if resolv_file: + with open(resolv_file[0], 'rb') as r_file: + for line in r_file.readlines(): + match = pattern.match(line) + if match: + nameserver = match.group('nameserver').decode('utf-8') + break + + return nameserver + + +def return_nameserver_ip(nameserver_ip) -> str: + """Print the nameserver if found""" + if not nameserver_ip: + raise ValueError("Nameserver not found!") + return nameserver_ip + + +def main() -> None: + """Execute the program""" + resolv_file = check_for_resolv() + list_check(resolv_file) + nameserver_ip_search = nameserver_regex_check(resolv_file) + nameserver_ip = return_nameserver_ip(nameserver_ip_search) + print(nameserver_ip) + + +# Comment out the functions/variables and uncomment +# if __name__ == '__main__' block when using as a standalone script. + + +resolv_file = check_for_resolv() +list_check(resolv_file) +nameserver_ip_search = nameserver_regex_check(resolv_file) +nameserver_ip = return_nameserver_ip(nameserver_ip_search) +print(nameserver_ip) + + +# if __name__ == '__main__': +# main() diff --git a/empire/server/modules/python/discovery/nameserver.yaml b/empire/server/modules/python/discovery/nameserver.yaml new file mode 100644 index 000000000..b146fc456 --- /dev/null +++ b/empire/server/modules/python/discovery/nameserver.yaml @@ -0,0 +1,23 @@ +name: Nameserver IP +authors: + - name: '0x636f646f' + handle: '@BuildAndDestroy' + link: https://github.com/BuildAndDestroy +description: Retrieve the nameserver IPv4 Address +software: '' +techniques: + - T1016.001 +background: false +output_extension: '' +needs_admin: false +opsec_safe: false +language: python +min_language_version: '3.6' +comments: + - https://attack.mitre.org/techniques/T1016/001/ +options: + - name: Agent + description: Agent to execute module on + required: true + value: '' +script_path: 'python/discovery/nameserver.py'