Hi,

Command : trusttrees.py --target example.com

The following error occurs.

Traceback (most recent call last):
  File "trusttrees.py", line 765, in <module>
    draw_graph_from_cache(target_hostname),
  File "trusttrees.py", line 530, in draw_graph_from_cache
    ns_result=ns_result,
  File "trusttrees.py", line 636, in get_graph_data_for_ns_result
    query_error['error'],
TypeError: cannot concatenate 'str' and 'tuple' objects

os : kali linux (Linux kali 4.19.0-kali5-amd64 #1 SMP Debian 4.19.37-6kali1 (2019-07-22) x86_64 GNU/Linux)

i installed : graphviz and graphviz-dev

sudo pip install TrustTrees

Collecting TrustTrees
Using cached https://files.pythonhosted.org/packages/9c/fd/baa50e7ad4e82226c99cc1cf9ed15197bd7c2e1cf22a25b63201213e5c23/TrustTrees-2.0.1-py3-none-any.whl
Collecting tldextract==2.0.2 (from TrustTrees)
Using cached https://files.pythonhosted.org/packages/70/4e/08c9a650e2a67b1bb27137be0aeb879755984ca6efb58d26e5c1af42ddce/tldextract-2.0.2-py2.py3-none-any.whl
Collecting graphviz==0.6 (from TrustTrees)
Using cached https://files.pythonhosted.org/packages/ff/81/14ad4d67841aca1522c00eaad9e751dcab8f49958e0a3f474c483904d532/graphviz-0.6-py2.py3-none-any.whl
Requirement already satisfied: requests-file==1.4.1 in /usr/local/lib/python3.7/dist-packages (from TrustTrees) (1.4.1)
Requirement already satisfied: six==1.10.0 in /usr/local/lib/python3.7/dist-packages (from TrustTrees) (1.10.0)
Requirement already satisfied: requests==2.13.0 in /usr/local/lib/python3.7/dist-packages (from TrustTrees) (2.13.0)
Requirement already satisfied: pyOpenSSL==19.0.0 in /usr/lib/python3/dist-packages (from TrustTrees) (19.0.0)
Collecting pygraphviz==1.3.1 (from TrustTrees)
Using cached https://files.pythonhosted.org/packages/98/bb/a32e33f7665b921c926209305dde66fe41003a4ad934b10efb7c1211a419/pygraphviz-1.3.1.tar.gz
Requirement already satisfied: idna==2.5 in /usr/local/lib/python3.7/dist-packages (from TrustTrees) (2.5)
Requirement already satisfied: dnspython==1.15.0 in /usr/local/lib/python3.7/dist-packages (from TrustTrees) (1.15.0)
Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from tldextract==2.0.2->TrustTrees) (41.0.1)
Building wheels for collected packages: pygraphviz
Running setup.py bdist_wheel for pygraphviz ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-t2ega3lc/pygraphviz/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" bdist_wheel -d /tmp/pip-wheel-nb3oob74 --python-tag cp37:
running bdist_wheel
running build
running build_py
creating build
creating build/lib.linux-x86_64-3.7
creating build/lib.linux-x86_64-3.7/pygraphviz
copying pygraphviz/agraph.py -> build/lib.linux-x86_64-3.7/pygraphviz
copying pygraphviz/graphviz.py -> build/lib.linux-x86_64-3.7/pygraphviz
copying pygraphviz/release.py -> build/lib.linux-x86_64-3.7/pygraphviz
copying pygraphviz/version.py -> build/lib.linux-x86_64-3.7/pygraphviz
copying pygraphviz/init.py -> build/lib.linux-x86_64-3.7/pygraphviz
creating build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_edge_attributes.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_drawing.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_graph.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_subgraph.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_string.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_attribute_defaults.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_html.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_unicode.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_readwrite.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_attributes.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_layout.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_node_attributes.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/test_clear.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
copying pygraphviz/tests/init.py -> build/lib.linux-x86_64-3.7/pygraphviz/tests
running egg_info
writing pygraphviz.egg-info/PKG-INFO
writing dependency_links to pygraphviz.egg-info/dependency_links.txt
writing top-level names to pygraphviz.egg-info/top_level.txt
reading manifest file 'pygraphviz.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no previously-included files matching '~' found anywhere in distribution
warning: no previously-included files matching '.pyc' found anywhere in distribution
warning: no previously-included files matching '.svn' found anywhere in distribution
no previously-included directories found matching 'doc/build'
writing manifest file 'pygraphviz.egg-info/SOURCES.txt'
copying pygraphviz/graphviz.i -> build/lib.linux-x86_64-3.7/pygraphviz
copying pygraphviz/graphviz_wrap.c -> build/lib.linux-x86_64-3.7/pygraphviz
running build_ext
building 'pygraphviz._graphviz' extension
creating build/temp.linux-x86_64-3.7
creating build/temp.linux-x86_64-3.7/pygraphviz
x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -flto -fuse-linker-plugin -ffat-lto-objects -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.7m -c pygraphviz/graphviz_wrap.c -o build/temp.linux-x86_64-3.7/pygraphviz/graphviz_wrap.o
pygraphviz/graphviz_wrap.c: In function ‘agattr_label’:
pygraphviz/graphviz_wrap.c:3321:12: warning: returning ‘Agsym_t *’ {aka ‘struct Agsym_s *’} from a function with return type ‘int’ makes integer from pointer without a cast [-Wint-conversion]
return agattr(g, kind, name, val);
^~~~~~~~~~~~~~~~~~~~~~~~~~
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,relro -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 build/temp.linux-x86_64-3.7/pygraphviz/graphviz_wrap.o -lcgraph -lcdt -o build/lib.linux-x86_64-3.7/pygraphviz/_graphviz.cpython-37m-x86_64-linux-gnu.so
installing to build/bdist.linux-x86_64/wheel
running install
Trying pkg-config
Failed to find pkg-config
Trying dotneato-config
Failed to find dotneato-config
Failed to find dotneato-config

Your Graphviz installation could not be found.

      1) You don't have Graphviz installed:
         Install Graphviz (http://graphviz.org)

      2) Your Graphviz package might incomplete.
         Install the binary development subpackage (e.g. libgraphviz-dev or similar.)

      3) You are using Windows
         There are no PyGraphviz binary packages for Windows but you might be
         able to build it from this source.  See
         http://networkx.lanl.gov/pygraphviz/reference/faq.html

      If you think your installation is correct you will need to manually
      change the include_dirs and library_dirs variables in setup.py to
      point to the correct locations of your graphviz installation.

      The current setting of library_dirs and include_dirs is:

library_dirs=None
include_dirs=None

error: Error locating graphviz.

Failed building wheel for pygraphviz
Running setup.py clean for pygraphviz
Failed to build pygraphviz
Installing collected packages: tldextract, graphviz, pygraphviz, TrustTrees
Running setup.py install for pygraphviz ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-t2ega3lc/pygraphviz/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-annpjoys/install-record.txt --single-version-externally-managed --compile:
running install
Trying pkg-config
Failed to find pkg-config
Trying dotneato-config
Failed to find dotneato-config
Failed to find dotneato-config

Your Graphviz installation could not be found.

        1) You don't have Graphviz installed:
           Install Graphviz (http://graphviz.org)

        2) Your Graphviz package might incomplete.
           Install the binary development subpackage (e.g. libgraphviz-dev or similar.)

        3) You are using Windows
           There are no PyGraphviz binary packages for Windows but you might be
           able to build it from this source.  See
           http://networkx.lanl.gov/pygraphviz/reference/faq.html

        If you think your installation is correct you will need to manually
        change the include_dirs and library_dirs variables in setup.py to
        point to the correct locations of your graphviz installation.

        The current setting of library_dirs and include_dirs is:
library_dirs=None
include_dirs=None

error: Error locating graphviz.

----------------------------------------

Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-t2ega3lc/pygraphviz/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-annpjoys/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-install-t2ega3lc/pygraphviz/

getting the above errors.

Environment:
$ lsb_release -a
LSB Version: core-11.0.1ubuntu1-noarch:security-11.0.1ubuntu1-noarch
Distributor ID: Ubuntu
Description: Ubuntu 19.10
Release: 19.10
Codename: eoan
$ python3 -V
Python 3.7.5

I tried it as user in ~/.local/...:
$ pip3 install --user trusttrees

I tried it as root in /usr/local:

pip3 install trusttrees

I tried it from git as root:

git clone https://github.com/mandatoryprogrammer/TrustTrees

cd TrustTrees

pip3 install .

I always get:

trusttrees

Traceback (most recent call last):
File "/usr/local/bin/trusttrees", line 6, in
from trusttrees.main import main
ModuleNotFoundError: No module named 'trusttrees'

Any hints for a python dummy?
Thanks!
Lars

Right now it is hard-coded as False

There's currently 0% test coverage, the code is fairly straightforward, but test will make any contributions a lot easier to merge.

Gandi switched to API version 5, it's impossible to get the key of the latest version for new users, and the new one does not fit.

Pretty new to the whole python, but tried to install your software.

The following command worked to install the software:
python3.7 -m pip install TrustTrees pygraphviz

When it complained about missing xmlrpclib, I installed xmlrpclib-1.0.1.zip from effbot.org

But now I'm seeing the below error:

$ trusttrees.py --help
Traceback (most recent call last):
File "/usr/local/bin/trusttrees.py", line 19, in
import xmlrpclib
File "/usr/local/lib/python3.7/site-packages/xmlrpclib.py", line 169
MAXINT = 2L**31-1
^
SyntaxError: invalid syntax

How to fix it? I need the --resolvers argument(not found until 2.0.1 version??) to work. Appreciate your help.

More info:
OS= Centos 7
Has python, python2, python3 and python3.7 binaries in the path.

Seems easy enough

There's a couple of issues that have been around for a while. I think it'd be good if we got some new people to check it out and make some contributions.

Hey All,

There is an issue with TrustTrees when following a CNAME which results in false REFUSED responses being returned.

Currently when TrustTrees encounts a CNAME it will follow the CNAME and Query the CNAME's nameservers with the original domain instead of the CNAME Hostname.

Does this make sense? - I can provide an example domain it's happening with over Twitter @m0chan98

Cheers

~ @m0chan

File "C:\Users\users\Desktop\TrustTrees-master\trusttrees.py", line 124
print "obj.%s = %s" % (attr, getattr(obj, attr))
^
I can't use any switches even --help without getting this error.

trusttrees.py --target example.com --open --resolvers
usage: trusttrees.py [-h] (-t TARGET_HOSTNAME | -l TARGET_HOSTNAMES_LIST) [-o]
[--gandi-api-v4-key GANDI_API_V4_KEY]
[--gandi-api-v5-key GANDI_API_V5_KEY] [-x EXPORT_FORMATS]
trusttrees.py: error: unrecognized arguments: --resolvers

Description
I get a FileNotFoundError exception when I run the default example from the README.md. Without --open TrustTrees works as expected.

Environment

• TrustTrees version:
  • v3.0.0
• pyenv local:
  • 3.7.0
• OS:

$ lsb_release -a
LSB Version:	core-11.0.1ubuntu1-noarch:security-11.0.1ubuntu1-noarch
Distributor ID:	Ubuntu
Description:	Ubuntu 19.10
Release:	19.10
Codename:	eoan

Output

$ trusttrees --target example.com --open

      ______                __ ______
     /_  __/______  _______/ //_  __/_______  ___  _____
      / / / ___/ / / / ___/ __// / / ___/ _ \/ _ \/ ___/
     / / / /  / /_/ (__  ) /_ / / / /  /  __/  __(__  )
    /_/ /_/   \__,_/____/\__//_/ /_/   \___/\___/____/
              Graphing & Scanning DNS Delegation Trees
    
[ STATUS ] Querying nameserver '192.203.230.10/e.root-servers.net.' for NS of 'example.com.'
......
[ STATUS ] Opening final graph...
Traceback (most recent call last):
  File "/home/dgzlopes/.pyenv/versions/3.7.0/bin/trusttrees", line 11, in <module>
    load_entry_point('TrustTrees', 'console_scripts', 'trusttrees')()
  File "/home/dgzlopes/TrustTrees/trusttrees/__main__.py", line 43, in main
    args.upload_args,
  File "/home/dgzlopes/TrustTrees/trusttrees/draw.py", line 170, in generate_graph
    subprocess.call(['open', filename])
  File "/home/dgzlopes/.pyenv/versions/3.7.0/lib/python3.7/subprocess.py", line 304, in call
    with Popen(*popenargs, **kwargs) as p:
  File "/home/dgzlopes/.pyenv/versions/3.7.0/lib/python3.7/subprocess.py", line 756, in __init__
    restore_signals, start_new_session)
  File "/home/dgzlopes/.pyenv/versions/3.7.0/lib/python3.7/subprocess.py", line 1499, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'open': 'open'

Hi.

This tool is very interesting.

I am very happy that this store is being maintained.

I have a small opinion.

1.first time

As far as I know, the current option does not have an option that only shows the problem.
So, the user have to execute all the results and check them out.
This reduces efficiency. For priority, I wish I had the option to view the problematic files.

2. second time

It is now seen as using a local resolvers.txt
However, it would be good to support multiple resolvers if you check for a large amount of domains. Because many requests can be blacklisted.

What do you think?

Thanks.

The first time I ran the tool I got this error:

Traceback (most recent call last):
File "trusttrees.py", line 486, in
grapher.draw( file_name, prog="dot" )
File "/usr/local/lib/python2.7/dist-packages/pygraphviz/agraph.py", line 1477, in draw
fh = self._get_fh(path, 'w+b')
File "/usr/local/lib/python2.7/dist-packages/pygraphviz/agraph.py", line 1506, in _get_fh
fh = open(path, mode=mode)
IOError: [Errno 2] No such file or directory: './output/example.com_trust_tree_graph.png'

Once I created a directory it was fine, but it might be more user friendly to make the directory if it doesn't exist. If I find time, I'll fork and suggest the change, but it's logged here in case I forget.

I've been trying to run the tool for a while now, and it seems I can't manage to run it effectively.

I managed to install the thing with git clone and pip install.

But I still can't find a way to run the tool.

──(kali㉿kali)-[/bin/TrustTrees]
└─$ trusttrees -h       
Traceback (most recent call last):
  File "/usr/local/bin/trusttrees", line 5, in <module>
    from trusttrees.__main__ import main
  File "/usr/local/lib/python3.11/dist-packages/trusttrees/__main__.py", line 3, in <module>
    from .dns import enumerate_nameservers
  File "/usr/local/lib/python3.11/dist-packages/trusttrees/dns.py", line 14, in <module>
    from .utils import is_authoritative
  File "/usr/local/lib/python3.11/dist-packages/trusttrees/utils.py", line 9, in <module>
    from .registar_checking import is_domain_available
  File "/usr/local/lib/python3.11/dist-packages/trusttrees/registar_checking.py", line 5, in <module>
    import boto3
  File "/usr/local/lib/python3.11/dist-packages/boto3/__init__.py", line 16, in <module>
    from boto3.session import Session
  File "/usr/local/lib/python3.11/dist-packages/boto3/session.py", line 17, in <module>
    import botocore.session
  File "/usr/local/lib/python3.11/dist-packages/botocore/session.py", line 29, in <module>
    import botocore.configloader
  File "/usr/local/lib/python3.11/dist-packages/botocore/configloader.py", line 19, in <module>
    from botocore.compat import six
  File "/usr/local/lib/python3.11/dist-packages/botocore/compat.py", line 25, in <module>
    from botocore.exceptions import MD5UnavailableError
  File "/usr/local/lib/python3.11/dist-packages/botocore/exceptions.py", line 15, in <module>
    from botocore.vendored import requests
  File "/usr/local/lib/python3.11/dist-packages/botocore/vendored/requests/__init__.py", line 58, in <module>
    from . import utils
  File "/usr/local/lib/python3.11/dist-packages/botocore/vendored/requests/utils.py", line 26, in <module>
    from .compat import parse_http_list as _parse_list_header
  File "/usr/local/lib/python3.11/dist-packages/botocore/vendored/requests/compat.py", line 7, in <module>
    from .packages import chardet
  File "/usr/local/lib/python3.11/dist-packages/botocore/vendored/requests/packages/__init__.py", line 3, in <module>
    from . import urllib3
  File "/usr/local/lib/python3.11/dist-packages/botocore/vendored/requests/packages/urllib3/__init__.py", line 10, in <module>
    from .connectionpool import (
  File "/usr/local/lib/python3.11/dist-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 38, in <module>
    from .response import HTTPResponse
  File "/usr/local/lib/python3.11/dist-packages/botocore/vendored/requests/packages/urllib3/response.py", line 9, in <module>
    from ._collections import HTTPHeaderDict
  File "/usr/local/lib/python3.11/dist-packages/botocore/vendored/requests/packages/urllib3/_collections.py", line 1, in <module>
    from collections import Mapping, MutableMapping
ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.11/collections/__init__.py)

I do have Python3 installed.

┌──(kali㉿kali)-[/bin/TrustTrees]
└─$ python --version      
Python 3.11.2

┌──(kali㉿kali)-[/bin/TrustTrees]
└─$ trusttrees.py --target example.com
trusttrees.py: command not found

┌──(kali㉿kali)-[/bin/TrustTrees]
└─$ ./trusttrees.py --target example.com
zsh: no such file or directory: ./trusttrees.py

Am I using the right command to run the tool ?
So far, I've tried as guest and as root : trusttrees.py --target example.com, trusttrees --target example.com and ./trusttrees.py --target example.com but none is working...

We can already pass AWS credentials to TrustTrees

Let's make it so that we can pass a bucket and prefix, then upload the e.g. pngs to an S3 bucket. In case you made e.g. Jira tickets with the alerts, and wanted to link an S3 signed URL or something, to make the graph easily viewable outside of the box TrustTrees is running on.

Make sure to doc in the readme that you need PutObject etc.

It could be interesting to add support for checking-domains using DNSimple.

They have a REST API and clients on multiple languages (Python one is on development stage).

e.g API usage:

# Check for domain availability

curl -H "Authorization: Bearer [TOKEN]" \ 
-H "Accepts: application/json" \ 
https://api.sandbox.dnsimple.com/v2/[ACCOUNT_ID]/registrar/domains/[DOMAIN_NAME]/check

disclaimer: happy customer 😛

Building wheel for pygraphviz (setup.py) ... error
error: subprocess-exited-with-error

× python setup.py bdist_wheel did not run successfully.
│ exit code: 1
╰─> [58 lines of output]

  x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.10 -c pygraphviz/graphviz_wrap.c -o build/temp.linux-x86_64-3.10/pygraphviz/graphviz_wrap.o
  pygraphviz/graphviz_wrap.c:2987:10: fatal error: graphviz/cgraph.h: No such file or directory
   2987 | #include "graphviz/cgraph.h"
        |          ^~~~~~~~~~~~~~~~~~~
  compilation terminated.
  error: command '/usr/bin/x86_64-linux-gnu-gcc' failed with exit code 1
  [end of output]

note: This error originates from a subprocess, and is likely not a problem with pip.
ERROR: Failed building wheel for pygraphviz
Running setup.py clean for pygraphviz

Running setup.py install for pygraphviz ... error
error: subprocess-exited-with-error

× Running setup.py install for pygraphviz did not run successfully.
│ exit code: 1
╰─> [63 lines of output]

https://github.com/mandatoryprogrammer/TrustTrees/blob/master/trusttrees.py#L140

>>> hostname = 'my_host'
>>> hostname
'my_host'
>>> hostname += hostname + "."
>>> hostname
'my_hostmy_host.'

check_domain_availability from boto3 seems like it should do the trick.

Gandi is their registrar associate so that's cool too.