From ca18ac9403025d7b45fb3c18fdeef2fd9ddf21ee Mon Sep 17 00:00:00 2001
From: Tib3rius <48113936+Tib3rius@users.noreply.github.com>
Date: Fri, 20 Aug 2021 13:22:55 -0400
Subject: [PATCH] Plugin Updates

Added global option "domain" for use with DNS / Active Directory.
Updated DNS and Kerberos plugins.
---
 global.toml         | 4 ++++
 plugins/dns.py      | 7 +++----
 plugins/kerberos.py | 5 ++++-
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/global.toml b/global.toml
index 47c7edc..2ea6ce1 100644
--- a/global.toml
+++ b/global.toml
@@ -5,3 +5,7 @@ help = 'A wordlist of usernames, useful for bruteforcing. Default: %(default)s'
 [global.password-wordlist]
 default = '/usr/share/seclists/Passwords/darkweb2017-top100.txt'
 help = 'A wordlist of passwords, useful for bruteforcing. Default: %(default)s'
+
+[global.domain]
+default = false
+help = 'The domain to use (if known). Used for DNS and/or Active Directory.'
diff --git a/plugins/dns.py b/plugins/dns.py
index 45d3b3b..249b846 100644
--- a/plugins/dns.py
+++ b/plugins/dns.py
@@ -22,13 +22,12 @@ class DNSZoneTransfer(ServiceScan):
 
 	def configure(self):
 		self.match_service_name('^domain')
-		self.add_option('domain', help='The domain name to perform a zone transfer on.')
 
 	async def run(self, service):
-		if self.get_option('domain') is None:
-			await service.execute('dig AXFR -p {port} @{address}', outfile='{protocol}_{port}_dns_zone-transfer.txt')
+		if self.get_global('domain'):
+			await service.execute('dig AXFR -p {port} @{address} ' + self.get_global('domain'), outfile='{protocol}_{port}_dns_zone-transfer.txt')
 		else:
-			await service.execute('dig AXFR -p {port} @{address} ' + self.get_option('domain'), outfile='{protocol}_{port}_dns_zone-transfer.txt')
+			await service.execute('dig AXFR -p {port} @{address}', outfile='{protocol}_{port}_dns_zone-transfer.txt')
 
 class DNSReverseLookup(ServiceScan):
 
diff --git a/plugins/kerberos.py b/plugins/kerberos.py
index 5637f56..d13f1db 100644
--- a/plugins/kerberos.py
+++ b/plugins/kerberos.py
@@ -11,4 +11,7 @@ class NmapKerberos(ServiceScan):
 		self.match_service_name(['^kerberos', '^kpasswd'])
 
 	async def run(self, service):
-		await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,krb5-enum-users" -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}')
+		if self.get_global('domain') and self.get_global('username-wordlist'):
+			await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="' + self.get_global('domain') + '",userdb="' + self.get_global('username-wordlist') + '" -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}')
+		else:
+			await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,krb5-enum-users" -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}')