A few posts ago I released some rather simplistic code to do reverse DNS lookups. While useful, many improvements could obviously be made. The lookup speeds were pretty dismal (15-25 lookups a second), stemming from my poor handling of timeouts and the fact that I had lazily ignored multithreading because I wanted to get something working fast. In addition, the code was just a giant blob thrown together into a Python file, which probably made a few peoples’ eyes bleed.

Because of these issues, I took the time today to rework the code so that everything is *much* cleaner now (everything broken nicely into classes and such), and is, in addition, fully multithreaded. To do the threading, I adapted a basic thread pooling class shamelessly taken off the interwebs to use Python generators for speed and RAM considerations, and to allow for thread callbacks to be synchronized. As a result, with 35 threads in the thread pool, I am now getting about 400-600 DNS lookups / second. Not bad for 45 minutes of work 😛 . You can grab the new code here.

Hey all,

Sorry once again for the long lull in posting. School has not been kind towards my desire to blog. I will hopefully be posting more frequently in the coming weeks and months.

Anyways, now that the apologies are out of the way, here’s a little something I was messing around with this morning during class. It’s often useful to be able to do reverse DNS lookups of a given IP range to find hosts with interesting domain names, whether they’re interesting because it looks like a network administrator has forgotten about them, or because they look like they weren’t meant to be found (you’d be surprised how many machines rely on this sort of security through obscurity), or just because they have something like “mail” or “proxy” in their name. A simple way to do this is to write up a short bash script that uses the host or dig commands. However, this is slow (because you have to spawn a ton of processes), and I don’t get to use Python.

Enter dnspython. dnspython is a great tool for working with DNS, so I’d suggest you look through their site if you’re interested in messing around with DNS at all. Doing a reverse lookup of an IP address is quite easy:

from dns import resolver,reversename

This will probably throw a NXDOMAIN error, being a local address and all, but you get the idea. Taking this, it’s obviously very easy to make a fast, effective script for scanning large ranges of IP addresses to find potentially interesting hosts.

I took a bit and wrote up a short python script to test how well it works, and it seems to be pretty effective, doing about 14-20 lookups / sec . I have attached it in case anyone would find that useful. Usage instructions are included: revdns.py . Be sure that you have dnspython installed, or else this will probably not work 😛 .

Hopefully I’ll be back soon enough with some more interesting and in depth things I’ve been working on.

UPDATE 04/24/10: So yeah, I just realized that I mistakenly referenced “PyDNS” as the name of the module I used, when in fact it was the incredibly useful dnspython module. My bad. That’s what I get for not checking my posts thoroughly. I updated all the references to it accordingly, but I figured for the sake of honesty I would clarify here as well. I also updated the source to deal with lookup timeouts a little better, if you care. Happy hacking!

UPDATE 04/25/10: I just released a much, much better version of this tool here. The code is now multithreaded, and handles timeouts much more intelligently. With these improvements, speeds are between 400-600 lookups/sec. Enjoy

Reblog this post [with Zemanta]