def analyse(self): ''' 查询对应domain下的节点IP ''' if not self.bLogin(): return None #print '[+] get all list ip and domains:' if self.searchAuth_token is None: self.searchAuth_token = self.get_auth_token(self.interface_url) if self.searchAuth_token is not None: try: para = {'authenticity_token' : self.searchAuth_token, 'all' : 'true', 'domain': self.topDomain} post_req = urllib2.Request(self.interface_url) post_data = urllib.urlencode(para) resp = urllib2.urlopen(post_req, post_data) result_soup = BeautifulSoup(resp.read()) link_list = result_soup.findAll('a', attrs={'target':'_blank'}) ip_list = [] url_list = [] for link in link_list: if is_vaild_ip(link.get_text()): ip_list.append(getCrangeIP(link.get_text())) else: url_list.append(link.get_text()) self.retlist = {'ip':list(set(ip_list)), 'domain':list(set(url_list))} except Exception: return None else: return None return self.retlist
def __checkDnsTransThread(self): ''' 线程类,探测是否存在域传送漏洞 ''' while True: if self.dns_que.qsize() > 0: try: dns_name = self.dns_que.get(block=False) bStart = False process = subprocess.Popen(['dig axfr @%s %s' % (dns_name, self.suffix_domain)], shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT) for info in process.stdout.readlines(): info = info.strip('\r\n') if info == '': continue if 'Query time' in info: break if 'global options: +cmd' in info: bStart = True continue if 'Transfer failed' in info: break if 'connection timed out' in info: break if bStart: try: each_domain = info.split() self.dns_enum.retcode = True if each_domain[3] != 'SOA' or each_domain[3] != 'NS': domain_name = each_domain[0].rstrip('.') domain_ip = each_domain[4] if not self.dns_enum.checkRetInList({'domain': domain_name, 'ip':domain_ip}): if not is_vaild_ip(domain_ip): ip_range = get_domain_crange(domain_name) if ip_range is not None: domain_ip = ip_range else: domain_ip = None self.dns_enum.retlist.append({'domain': domain_name, 'ip':domain_ip}) except IndexError: continue process.wait() except Queue.Empty: break time.sleep(0.1) else: break
def __checkDnsTransThread(self): ''' 线程类,探测是否存在域传送漏洞 ''' while True: if self.dns_que.qsize() > 0: try: dns_name = self.dns_que.get(block=False) bStart = False process = subprocess.Popen( ['dig axfr @%s %s' % (dns_name, self.suffix_domain)], shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) for info in process.stdout.readlines(): info = info.strip('\r\n') if info == '': continue if 'Query time' in info: break if 'global options: +cmd' in info: bStart = True continue if 'Transfer failed' in info: break if 'connection timed out' in info: break if bStart: try: each_domain = info.split() self.dns_enum.retcode = True if each_domain[3] != 'SOA' or each_domain[ 3] != 'NS': domain_name = each_domain[0].rstrip('.') domain_ip = each_domain[4] if not self.dns_enum.checkRetInList( { 'domain': domain_name, 'ip': domain_ip }): if not is_vaild_ip(domain_ip): ip_range = get_domain_crange( domain_name) if ip_range is not None: domain_ip = ip_range else: domain_ip = None self.dns_enum.retlist.append({ 'domain': domain_name, 'ip': domain_ip }) except IndexError: continue process.wait() except Queue.Empty: break time.sleep(0.1) else: break