-
Notifications
You must be signed in to change notification settings - Fork 157
/
Copy pathdga.py
61 lines (51 loc) · 1.52 KB
/
dga.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
import hashlib
from datetime import datetime, timedelta
import argparse
def dga(date, key):
for index in range(1020):
seed = 8*[0]
seed[0] = ((date.year & 0xFF) + 0x30) & 0xFF
seed[1] = date.month & 0xFF
seed[2] = date.day & 0xFF
seed[3] = 0
r = (index) & 0xFFFFFFFE
for i in range(4):
seed[4+i] = r & 0xFF
r >>= 8
seed_str = ""
for i in range(8):
k = (key >> (8*(i%4))) & 0xFF if key else 0
seed_str += chr((seed[i] ^ k))
m = hashlib.md5()
m.update(seed_str)
md5 = m.digest()
domain = ""
for m in md5:
tmp = (ord(m) & 0xF) + (ord(m) >> 4) + ord('a')
if tmp <= ord('z'):
domain += chr(tmp)
tlds = [".biz", ".info", ".org", ".net", ".com"]
for i, tld in enumerate(tlds):
m = len(tlds) - i
if not index % m:
domain += tld
break
print(domain)
if __name__=="__main__":
# known keys:
# -k D6D7A4BE
# -k DEADC2DE
# -k D6D7A4B1
parser = argparse.ArgumentParser()
parser.add_argument("-d", "--date", help="date for which to generate domains")
parser.add_argument("-k", "--key", help="key", default=None)
args = parser.parse_args()
if args.key:
key = int(args.key, 16)
else:
key = None
if args.date:
d = datetime.strptime(args.date, "%Y-%m-%d")
else:
d = datetime.now()
dga(d, key)