def __checkDnsTransThread(self): ''' 线程类,探测是否存在域传送漏洞 ''' while True: if self.dns_que.qsize() > 0: try: dns_name = self.dns_que.get(block=False) bStart = False process = subprocess.Popen(['dig axfr @%s %s' % (dns_name, self.suffix_domain)], shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT) for info in process.stdout.readlines(): info = info.strip('\r\n') if info == '': continue if 'Query time' in info: break if 'global options: +cmd' in info: bStart = True continue if 'Transfer failed' in info: break if 'connection timed out' in info: break if bStart: try: each_domain = info.split() self.dns_enum.retcode = True if each_domain[3] != 'SOA' or each_domain[3] != 'NS': domain_name = each_domain[0].rstrip('.') domain_ip = each_domain[4] if not self.dns_enum.checkRetInList({'domain': domain_name, 'ip':domain_ip}): if not is_vaild_ip(domain_ip): ip_range = get_domain_crange(domain_name) if ip_range is not None: domain_ip = ip_range else: domain_ip = None self.dns_enum.retlist.append({'domain': domain_name, 'ip':domain_ip}) except IndexError: continue process.wait() except Queue.Empty: break time.sleep(0.1) else: break
def analyse(self): try: req = urllib2.urlopen(self.interface_url, timeout = 20) soup = BeautifulSoup(req, fromEncoding="GBK") data = soup.findAll("div",{"class":"domain"}) url_list = [] ip_list = [] for index in range(len(data)): soup1 = BeautifulSoup(str(data[index])); data1 = soup1.find('a').text url = data1[7:] ip = get_domain_crange(url) url_list.append(url) if ip is not None: ip_list.append(ip) self.retlist = {'ip':list(set(ip_list)), 'domain':list(set(url_list))} except Exception,e: self.retlist = {'ip':[], 'domain':[]}
def analyse(self): try: req = urllib2.urlopen(self.interface_url, timeout=20) soup = BeautifulSoup(req, fromEncoding="GBK") data = soup.findAll("div", {"class": "domain"}) url_list = [] ip_list = [] for index in range(len(data)): soup1 = BeautifulSoup(str(data[index])) data1 = soup1.find('a').text url = data1[7:] ip = get_domain_crange(url) url_list.append(url) if ip is not None: ip_list.append(ip) self.retlist = { 'ip': list(set(ip_list)), 'domain': list(set(url_list)) } except Exception, e: self.retlist = {'ip': [], 'domain': []}
def __checkDnsTransThread(self): ''' 线程类,探测是否存在域传送漏洞 ''' while True: if self.dns_que.qsize() > 0: try: dns_name = self.dns_que.get(block=False) bStart = False process = subprocess.Popen( ['dig axfr @%s %s' % (dns_name, self.suffix_domain)], shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) for info in process.stdout.readlines(): info = info.strip('\r\n') if info == '': continue if 'Query time' in info: break if 'global options: +cmd' in info: bStart = True continue if 'Transfer failed' in info: break if 'connection timed out' in info: break if bStart: try: each_domain = info.split() self.dns_enum.retcode = True if each_domain[3] != 'SOA' or each_domain[ 3] != 'NS': domain_name = each_domain[0].rstrip('.') domain_ip = each_domain[4] if not self.dns_enum.checkRetInList( { 'domain': domain_name, 'ip': domain_ip }): if not is_vaild_ip(domain_ip): ip_range = get_domain_crange( domain_name) if ip_range is not None: domain_ip = ip_range else: domain_ip = None self.dns_enum.retlist.append({ 'domain': domain_name, 'ip': domain_ip }) except IndexError: continue process.wait() except Queue.Empty: break time.sleep(0.1) else: break