def __checkDnsTransThread(self):
'''
线程类,探测是否存在域传送漏洞
'''
while True:
if self.dns_que.qsize() > 0:
try:
dns_name = self.dns_que.get(block=False)
bStart = False
process = subprocess.Popen(['dig axfr @%s %s' % (dns_name, self.suffix_domain)], shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT)
for info in process.stdout.readlines():
info = info.strip('\r\n')
if info == '':
continue
if 'Query time' in info:
break
if 'global options: +cmd' in info:
bStart = True
continue
if 'Transfer failed' in info:
break
if 'connection timed out' in info:
break
if bStart:
try:
each_domain = info.split()
self.dns_enum.retcode = True
if each_domain[3] != 'SOA' or each_domain[3] != 'NS':
domain_name = each_domain[0].rstrip('.')
domain_ip = each_domain[4]
if not self.dns_enum.checkRetInList({'domain': domain_name, 'ip':domain_ip}):
if not is_vaild_ip(domain_ip):
ip_range = get_domain_crange(domain_name)
if ip_range is not None:
domain_ip = ip_range
else:
domain_ip = None
self.dns_enum.retlist.append({'domain': domain_name, 'ip':domain_ip})
except IndexError:
continue
process.wait()
except Queue.Empty:
break
time.sleep(0.1)
else:
break
def analyse(self):
try:
req = urllib2.urlopen(self.interface_url, timeout = 20)
soup = BeautifulSoup(req, fromEncoding="GBK")
data = soup.findAll("div",{"class":"domain"})
url_list = []
ip_list = []
for index in range(len(data)):
soup1 = BeautifulSoup(str(data[index]));
data1 = soup1.find('a').text
url = data1[7:]
ip = get_domain_crange(url)
url_list.append(url)
if ip is not None:
ip_list.append(ip)
self.retlist = {'ip':list(set(ip_list)), 'domain':list(set(url_list))}
except Exception,e:
self.retlist = {'ip':[], 'domain':[]}
def analyse(self):
try:
req = urllib2.urlopen(self.interface_url, timeout=20)
soup = BeautifulSoup(req, fromEncoding="GBK")
data = soup.findAll("div", {"class": "domain"})
url_list = []
ip_list = []
for index in range(len(data)):
soup1 = BeautifulSoup(str(data[index]))
data1 = soup1.find('a').text
url = data1[7:]
ip = get_domain_crange(url)
url_list.append(url)
if ip is not None:
ip_list.append(ip)
self.retlist = {
'ip': list(set(ip_list)),
'domain': list(set(url_list))
}
except Exception, e:
self.retlist = {'ip': [], 'domain': []}
def __checkDnsTransThread(self):
'''
线程类,探测是否存在域传送漏洞
'''
while True:
if self.dns_que.qsize() > 0:
try:
dns_name = self.dns_que.get(block=False)
bStart = False
process = subprocess.Popen(
['dig axfr @%s %s' % (dns_name, self.suffix_domain)],
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
for info in process.stdout.readlines():
info = info.strip('\r\n')
if info == '':
continue
if 'Query time' in info:
break
if 'global options: +cmd' in info:
bStart = True
continue
if 'Transfer failed' in info:
break
if 'connection timed out' in info:
break
if bStart:
try:
each_domain = info.split()
self.dns_enum.retcode = True
if each_domain[3] != 'SOA' or each_domain[
3] != 'NS':
domain_name = each_domain[0].rstrip('.')
domain_ip = each_domain[4]
if not self.dns_enum.checkRetInList(
{
'domain': domain_name,
'ip': domain_ip
}):
if not is_vaild_ip(domain_ip):
ip_range = get_domain_crange(
domain_name)
if ip_range is not None:
domain_ip = ip_range
else:
domain_ip = None
self.dns_enum.retlist.append({
'domain':
domain_name,
'ip':
domain_ip
})
except IndexError:
continue
process.wait()
except Queue.Empty:
break
time.sleep(0.1)
else:
break
