aatlasis / pholus Goto Github PK

A multicast DNS and DNS Service Discovery Security Assessment Tool

License: Other

Python 100.00%

pholus's Introduction

Pholus

A multicast DNS and DNS Service Discovery Security Assessment Tool It can perform recconnaisance, Denial of Service, Man in the Middle attacks

Scan passively

Scan passively (for amount of timeout) python pholus3.py eth0 -stimeout 60

Discovery of available services

Sends a DNS query for PTR records with the name "_services._dns-sd._udp."; this yields a set of PTR records where the rdata of each PTR record is the two-label name plus the same domain, e.g., "_http._tcp.". By sending such a query, we can automatically discover all the services advertised in the network.

python pholus3.py eth0 -sscan

#If you want to perform the scan both for IPv4 and IPv6: python pholus3.py eth0 -sscan -4 -6

#You can also spoof the souce address to perform this reconnaissance in a stealthy way. python pholus3.py eth0 -sscan -s4 192.168.2.30

Send mdns request

python pholus3.py eth0 --request

Perform a scan using reverse mDNS by providing a subnet

python pholus3.py eth0 -rdns_scanning 192.168.2.0/24

Send automatically fake responses

python pholus3.py eth0 -afre -stimeout 100

further MiTM (and other) capabilities

use --help to identify specific spoofing capabilities for MiTM purposes, eg -printer)

Read a pcap file and pring mDNS info (no sudo/root required)

python pholus3.py ../mdns_traffic.pcap --readpcap

pholus's People

Contributors

Stargazers

Watchers

Forkers

gnebbia sasqwatch ifurther jayanand1 gainskills resteex0 silocityit lanceae fz3r0 natem135 3isenheim tcarmelveilleux jokob-sk dverbeeck laurentfough excloudx6 aceizwild paulklima pyro57000

pholus's Issues

pholus3.py str and bytes concatenation error

  File "/home/natem135/Pholus/pholus3.py", line 81, in handler
    ext_handler(packets,self.queue,self.dns,self.show_ttl,1,self.dos_ttl,self.conflict, self.ttl,self.interface,self.d4,self.d6,self.target_mac,self.auto_fake_responses,self.source_IPv6,self.source_IPv4,self.target_mac1,self.target_mac2,self.source_mac,self.hlimit,self.workstation,self.printer,self.googlecast,self.airtv,self.flood,self.flooding_timeout,self.flooding_interval,self.v4,self.v6)
  File "/home/natem135/Pholus/pholus3.py", line 505, in ext_handler
    res = res0 + " Auth_NS: "+dnsrr.rrname + " " + dns_type[dnsrr.type]+" " + rclass + ' "' +dnsrr.rdata+'"'

dnsrr.rrname is of type bytes, everything else is a string or an int which is fine but strings and bytes cannot be added together.

TypeError

Hello !
I wanted to try your script but .. if I run sudo ./pholus.py eth0 -afre for example (on a Raspberry, Python 2.7.13, Scapy 2.4) , I get :

source MAC address: b8:00:eb:1e:3f:8b source IPv4 Address: 192.168.9.112 source IPv6 address: fe80::8fc9:483a:2336:d966 Send fake responses to requests Sniffer filter is: not ether src b8:00:eb:1e:3f:8b and udp and port 5353 I will sniff for 5 seconds, unless interrupted by Ctrl-C Press Ctrl-C to exit Traceback (most recent call last): File "./pholus.py", line 975, in <module> main() File "./pholus.py", line 754, in main Sniffer(myfilter, values.interface, float(values.sniffer_timeout),q,values.dns,values.show_ttl, values.dos_ttl, values.conflict, values.ttl,values.d4, values.d6, values.target_mac, values.auto_fake_responses,source_IPv6, source_IPv4, target_mac1, target_mac2,source_mac,values.hlimit,values.workstation,values.printer,values.googlecast,values.airtv,values.flood,values.flooding_timeout,values.flooding_interval,values.v4,values.v6) File "./pholus.py", line 89, in __init__ sniff(filter=self.filter, iface=self.interface, prn=self.handler, store=0, timeout=self.sniffer_timeout) File "/usr/local/lib/python2.7/dist-packages/scapy/sendrecv.py", line 780, in sniff r = prn(p) File "./pholus.py", line 91, in handler ext_handler(packets,self.queue,self.dns,self.show_ttl,1,self.dos_ttl,self.conflict, self.ttl,self.interface,self.d4,self.d6,self.target_mac,self.auto_fake_responses,self.source_IPv6,self.source_IPv4,self.target_mac1,self.target_mac2,self.source_mac,self.hlimit,self.workstation,self.printer,self.googlecast,self.airtv,self.flood,self.flooding_timeout,self.flooding_interval,self.v4,self.v6) File "./pholus.py", line 126, in ext_handler res0= Ether_src + " " + IP_src TypeError: cannot concatenate 'str' and 'NoneType' objects

Any idea what is wrong here?

thanks!

AttributeError on -sscan

OS = Linux kali 6.1.0-kali7-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.20-2kali1 (2023-04-18) x86_64 GNU/Linux
Python = 3.11.3

$ sudo python pholus3.py tun0 -sscan -stimeout 60
source MAC address: 00:00:00:00:00:00 source IPv4 Address: 10.8.76.160 source IPv6 address: fe80::cbb5:f46d:f943:8bbf
Sniffer filter is: not ether src 00:00:00:00:00:00 and udp and port 5353
I will sniff for 60 seconds, unless interrupted by Ctrl-C
------------------------------------------------------------------------
ERROR: Cannot set filter: Failed to compile filter expression not ether src 00:00:00:00:00:00 and udp and port 5353 (-1)
Sending mdns requests
Process Process-1:
Traceback (most recent call last):
  File "/usr/lib/python3.11/multiprocessing/process.py", line 314, in _bootstrap
    self.run()
  File "/usr/lib/python3.11/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
  File "/Tools/Recon/Pholus/pholus3.py", line 79, in __init__
    sniff(filter=self.filter, iface=self.interface, prn=self.handler, store=0, timeout=self.sniffer_timeout)
  File "/usr/lib/python3/dist-packages/scapy/sendrecv.py", line 1311, in sniff
    sniffer._run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/scapy/sendrecv.py", line 1254, in _run
    session.on_packet_received(p)
  File "/usr/lib/python3/dist-packages/scapy/sessions.py", line 109, in on_packet_received
    result = self.prn(pkt)
             ^^^^^^^^^^^^^
  File "/Tools/Recon/Pholus/pholus3.py", line 81, in handler
    ext_handler(packets,self.queue,self.dns,self.show_ttl,1,self.dos_ttl,self.conflict, self.ttl,self.interface,self.d4,self.d6,self.target_mac,self.auto_fake_responses,self.source_IPv6,self.source_IPv4,self.target_mac1,self.target_mac2,self.source_mac,self.hlimit,self.workstation,self.printer,self.googlecast,self.airtv,self.flood,self.flooding_timeout,self.flooding_interval,self.v4,self.v6)
  File "/Tools/Recon/Pholus/pholus3.py", line 110, in ext_handler
    Ether_src=packets.getlayer(Ether).src
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'src'
ERROR: Cannot set filter: Failed to compile filter expression not ether src 00:00:00:00:00:00 and udp and port 5353 (-1)