From df43ed76c7aa6320c223d492c2c49367e45de3f7 Mon Sep 17 00:00:00 2001
From: cmitcho <mitch.odonnell@outsystems.com>
Date: Tue, 13 Aug 2024 23:33:54 -0600
Subject: [PATCH 1/5] nameserver: discover nameserver within environment of
 this host

---
 .../python/discovery/nameserver.py            | 72 +++++++++++++++++++
 .../modules/python/discovery/nameserver.yaml  | 23 ++++++
 2 files changed, 95 insertions(+)
 create mode 100644 empire/server/data/module_source/python/discovery/nameserver.py
 create mode 100644 empire/server/modules/python/discovery/nameserver.yaml

diff --git a/empire/server/data/module_source/python/discovery/nameserver.py b/empire/server/data/module_source/python/discovery/nameserver.py
new file mode 100644
index 000000000..27aa7b895
--- /dev/null
+++ b/empire/server/data/module_source/python/discovery/nameserver.py
@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+"""Module for finding local nameserver
+
+Retrieve the local nameserver from resolv.conf
+Author: 0x636f646f
+"""
+
+import glob
+import re
+
+
+def check_for_resolv() -> list:
+    """Check for the resolv.conf file"""
+    resolv_conf_file = glob.glob('/etc/resolv.conf')
+    if resolv_conf_file:
+        return resolv_conf_file
+    return []
+
+
+def list_check(resolv_file) -> None:
+    """Return exception if list empty"""
+    if resolv_file:
+        return
+    if not resolv_file:
+        raise ValueError('resolv.conf not found!')
+
+
+def nameserver_regex_check(resolv_file) -> str:
+    """return the nameserver ip"""
+    pattern = re.compile(rb'^\w+\s(?P<nameserver>\d+\.\d+\.\d+\.\d+)$')
+    nameserver = None
+
+    if resolv_file:
+        with open(resolv_file[0], 'rb') as r_file:
+            for line in r_file.readlines():
+                match = pattern.match(line)
+                if match:
+                    nameserver = match.group('nameserver').decode('utf-8')
+                    break
+
+    return nameserver
+
+
+def return_nameserver_ip(nameserver_ip) -> str:
+    """Print the nameserver if found"""
+    if not nameserver_ip:
+        raise ValueError("Nameserver not found!")
+    return nameserver_ip
+
+
+def main() -> None:
+    """Execute the program"""
+    resolv_file = check_for_resolv()
+    list_check(resolv_file)
+    nameserver_ip_search = nameserver_regex_check(resolv_file)
+    nameserver_ip = return_nameserver_ip(nameserver_ip_search)
+    print(nameserver_ip)
+
+
+# Comment out the functions/variables and uncomment
+# if __name__ == '__main__' block when using as a standalone script.
+
+
+resolv_file = check_for_resolv()
+list_check(resolv_file)
+nameserver_ip_search = nameserver_regex_check(resolv_file)
+nameserver_ip = return_nameserver_ip(nameserver_ip_search)
+print(nameserver_ip)
+
+
+# if __name__ == '__main__':
+#    main()
diff --git a/empire/server/modules/python/discovery/nameserver.yaml b/empire/server/modules/python/discovery/nameserver.yaml
new file mode 100644
index 000000000..5523c3f3c
--- /dev/null
+++ b/empire/server/modules/python/discovery/nameserver.yaml
@@ -0,0 +1,23 @@
+name: Nameserver IP
+authors:
+  - name: 0x636f646f
+    handle: '@BuildAndDestroy'
+    link: https://github.com/BuildAndDestroy
+description: Retrieve the nameserver IPv4 Address
+software: ''
+techniques:
+  - T1016.001
+background: false
+output_extension: ''
+needs_admin: false
+opsec_safe: false
+language: python
+min_language_version: '3.6'
+comments:
+  - https://attack.mitre.org/techniques/T1016/001/
+options:
+  - name: Agent
+    description: Agent to execute module on
+    required: true
+    value: ''
+script_path: 'python/discovery/nameserver.py'

From ae8a81b44053186f006f86b87b8b42267c3faaad Mon Sep 17 00:00:00 2001
From: cmitcho <mitch.odonnell@outsystems.com>
Date: Tue, 13 Aug 2024 23:41:16 -0600
Subject: [PATCH 2/5] CHANGELOG.md: Update the changelog

---
 CHANGELOG.md | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e2d4895b..d63629a89 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,12 +5,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
--   **Added** for new features.
--   **Changed** for changes in existing functionality.
--   **Deprecated** for soon-to-be removed features.
--   **Removed** for now removed features.
--   **Fixed** for any bug fixes.
--   **Security** in case of vulnerabilities.
+## [Unreleased] - 2024-08-13
+
+-   Added nameserver check for linux hosts (@0x636f646f)
 
 ## [Unreleased]
 

From 74e98ae919d46d88eeaaff7c02ec8a7f82ce15c6 Mon Sep 17 00:00:00 2001
From: cmitcho <mitch.odonnell@outsystems.com>
Date: Tue, 13 Aug 2024 23:44:50 -0600
Subject: [PATCH 3/5] fixit! Add CHANGELOG.md verbiage that was removed

---
 CHANGELOG.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d63629a89..141ab4f28 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+-   **Added** for new features.
+-   **Changed** for changes in existing functionality.
+-   **Deprecated** for soon-to-be removed features.
+-   **Removed** for now removed features.
+-   **Fixed** for any bug fixes.
+-   **Security** in case of vulnerabilities.
+
 ## [Unreleased] - 2024-08-13
 
 -   Added nameserver check for linux hosts (@0x636f646f)

From 923341c4b26e1f764225ee43b46c1b8a6e574d13 Mon Sep 17 00:00:00 2001
From: cmitcho <81778357+cmitcho@users.noreply.github.com>
Date: Thu, 15 Aug 2024 07:27:48 -0600
Subject: [PATCH 4/5] Update CHANGELOG.md

Co-authored-by: Vincent Rose <vrose04@gmail.com>
---
 CHANGELOG.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 141ab4f28..bb4ffe8ef 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,11 +12,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   **Fixed** for any bug fixes.
 -   **Security** in case of vulnerabilities.
 
-## [Unreleased] - 2024-08-13
+## [Unreleased]
 
 -   Added nameserver check for linux hosts (@0x636f646f)
 
-## [Unreleased]
 
 ## [5.11.2] - 2024-08-08
 

From 436a98b12f9853aef170f4d9d003bafd41c24f87 Mon Sep 17 00:00:00 2001
From: cmitcho <mitch.odonnell@outsystems.com>
Date: Thu, 15 Aug 2024 07:59:38 -0600
Subject: [PATCH 5/5] fixit! Update author name as string

Seems the author name is being interpreted as byte data using the
GitHub install.
---
 empire/server/modules/python/discovery/nameserver.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/empire/server/modules/python/discovery/nameserver.yaml b/empire/server/modules/python/discovery/nameserver.yaml
index 5523c3f3c..b146fc456 100644
--- a/empire/server/modules/python/discovery/nameserver.yaml
+++ b/empire/server/modules/python/discovery/nameserver.yaml
@@ -1,6 +1,6 @@
 name: Nameserver IP
 authors:
-  - name: 0x636f646f
+  - name: '0x636f646f'
     handle: '@BuildAndDestroy'
     link: https://github.com/BuildAndDestroy
 description: Retrieve the nameserver IPv4 Address