def analyse(self):
'''
查询对应domain下的节点IP
'''
if not self.bLogin():
return None
#print '[+] get all list ip and domains:'
if self.searchAuth_token is None:
self.searchAuth_token = self.get_auth_token(self.interface_url)
if self.searchAuth_token is not None:
try:
para = {'authenticity_token' : self.searchAuth_token,
'all' : 'true',
'domain': self.topDomain}
post_req = urllib2.Request(self.interface_url)
post_data = urllib.urlencode(para)
resp = urllib2.urlopen(post_req, post_data)
result_soup = BeautifulSoup(resp.read())
link_list = result_soup.findAll('a', attrs={'target':'_blank'})
ip_list = []
url_list = []
for link in link_list:
if is_vaild_ip(link.get_text()):
ip_list.append(getCrangeIP(link.get_text()))
else:
url_list.append(link.get_text())
self.retlist = {'ip':list(set(ip_list)), 'domain':list(set(url_list))}
except Exception:
return None
else:
return None
return self.retlist
def __checkDnsTransThread(self):
'''
线程类,探测是否存在域传送漏洞
'''
while True:
if self.dns_que.qsize() > 0:
try:
dns_name = self.dns_que.get(block=False)
bStart = False
process = subprocess.Popen(['dig axfr @%s %s' % (dns_name, self.suffix_domain)], shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT)
for info in process.stdout.readlines():
info = info.strip('\r\n')
if info == '':
continue
if 'Query time' in info:
break
if 'global options: +cmd' in info:
bStart = True
continue
if 'Transfer failed' in info:
break
if 'connection timed out' in info:
break
if bStart:
try:
each_domain = info.split()
self.dns_enum.retcode = True
if each_domain[3] != 'SOA' or each_domain[3] != 'NS':
domain_name = each_domain[0].rstrip('.')
domain_ip = each_domain[4]
if not self.dns_enum.checkRetInList({'domain': domain_name, 'ip':domain_ip}):
if not is_vaild_ip(domain_ip):
ip_range = get_domain_crange(domain_name)
if ip_range is not None:
domain_ip = ip_range
else:
domain_ip = None
self.dns_enum.retlist.append({'domain': domain_name, 'ip':domain_ip})
except IndexError:
continue
process.wait()
except Queue.Empty:
break
time.sleep(0.1)
else:
break
def __checkDnsTransThread(self):
'''
线程类,探测是否存在域传送漏洞
'''
while True:
if self.dns_que.qsize() > 0:
try:
dns_name = self.dns_que.get(block=False)
bStart = False
process = subprocess.Popen(
['dig axfr @%s %s' % (dns_name, self.suffix_domain)],
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
for info in process.stdout.readlines():
info = info.strip('\r\n')
if info == '':
continue
if 'Query time' in info:
break
if 'global options: +cmd' in info:
bStart = True
continue
if 'Transfer failed' in info:
break
if 'connection timed out' in info:
break
if bStart:
try:
each_domain = info.split()
self.dns_enum.retcode = True
if each_domain[3] != 'SOA' or each_domain[
3] != 'NS':
domain_name = each_domain[0].rstrip('.')
domain_ip = each_domain[4]
if not self.dns_enum.checkRetInList(
{
'domain': domain_name,
'ip': domain_ip
}):
if not is_vaild_ip(domain_ip):
ip_range = get_domain_crange(
domain_name)
if ip_range is not None:
domain_ip = ip_range
else:
domain_ip = None
self.dns_enum.retlist.append({
'domain':
domain_name,
'ip':
domain_ip
})
except IndexError:
continue
process.wait()
except Queue.Empty:
break
time.sleep(0.1)
else:
break
