前言:
昨天晚上在看DNS协议,然后想到了
DNS传输漏洞。便想写一个DNS查询与DNS传输漏洞查询
DNS传输漏洞介绍:
DNS传输漏洞:若DNS服务器配置不当,可能导致匿名用户获取某个域的所有记录。造成整个网络的拓扑结构泄露给潜在的攻击者,包括一些安全性较低的内部主机,如测试服务器。凭借这份网络蓝图,攻击者可以节省很少的扫描时间。
例如:
dnsenum查询到的
----- baidu.com -----
Host's addresses:
__________________
baidu.com. 5 IN A 111.13.101.208
baidu.com. 5 IN A 123.125.114.144
baidu.com. 5 IN A 220.181.57.216
Name Servers:
______________
dns.baidu.com. 5 IN A 202.108.22.220
ns2.baidu.com. 5 IN A 61.135.165.235
ns3.baidu.com. 5 IN A 220.181.37.10
ns4.baidu.com. 5 IN A 220.181.38.10
ns7.baidu.com. 5 IN A 180.76.76.92
Mail (MX) Servers:
___________________
jpmx.baidu.com. 5 IN A 61.208.132.13
mx50.baidu.com. 5 IN A 180.76.13.18
mx.maillb.baidu.com. 5 IN A 220.181.3.85
mx.n.shifen.com. 5 IN A 220.181.3.85
mx1.baidu.com. 5 IN A 61.135.165.120
mx1.baidu.com. 5 IN A 220.181.50.185
0x01:
安装dnsknife模块
[!]widnows下会报错所以我在Linux下写的。环境是py2
pip install dnsknife 或者去:https://pypi.python.org/pypi/dnsknife/0.11下载该包
然后 python steup.py install
0x02:
编写代码
from dnsknife.scanner import Scanner
import dnsknife
import optparse
import sys
def main():
usage="[-i Fast query] " \
"[-d DNS domain transmission vulnerability detection]"
parser=optparse.OptionParser(usage)
parser.add_option('-i',dest='Fastquery',help='Quickly check some dns records')
parser.add_option('-d',dest='detection',help='Detects possible DNS transmission vulnerabilities')
(options,parser)=parser.parse_args()
if options.Fastquery :
Fastquery=options.Fastquery
query(Fastquery)
elif options.detection :
detection=options.detection
vulnerability(detection)
else:
sys.exit()
def query(Fastquery):
print '--------mx record--------'
try:
dns=dnsknife.Checker(Fastquery).mx()
for x in dns:
print x
except Exception , c:
print '[-]wrong reason:',c print '--------txt record--------'
try:
dnstxt=dnsknife.Checker(Fastquery).txt()
print dnstxt
except Exception , g:
print '[-]wrong reason:',g try:
print '--------spf record------'
dnsspf=dnsknife.Checker(Fastquery).spf()
print dnsspf
except Exception , l:
print '[-]wrong reason:',l def vulnerability(detection):
print '--------DNS transmission vulnerability detection-----------'
try:
dnschuan=Scanner(detection).scan()
for list in dnschuan:
print list
except Exception , p:
print '[-]Wrong reason:',p
if __name__ == '__main__':
main()
运行结果:
脚本得出的:
--------DNS transmission vulnerability detection-----------
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
mail.baidu.com. 7200 IN CNAME mail.mailcdn.baidu.com.
autodiscover.baidu.com. 600 IN CNAME email.maillb.baidu.com.
test.baidu.com. 7200 IN CNAME testatmp.n.shifen.com.
support.baidu.com. 7200 IN CNAME pheonest.e.shifen.com.
baidu.com. 600 IN A 123.125.114.144
baidu.com. 600 IN A 220.181.57.216
baidu.com. 600 IN A 111.13.101.208
baidu.com. 86400 IN NS ns4.baidu.com.
baidu.com. 86400 IN NS ns2.baidu.com.
baidu.com. 86400 IN NS ns7.baidu.com.
baidu.com. 86400 IN NS ns3.baidu.com.
baidu.com. 86400 IN NS dns.baidu.com.
baidu.com. 7200 IN MX 20 jpmx.baidu.com.
baidu.com. 7200 IN MX 20 mx50.baidu.com.
baidu.com. 7200 IN MX 10 mx.maillb.baidu.com.
baidu.com. 7200 IN MX 15 mx.n.shifen.com.
baidu.com. 7200 IN MX 20 mx1.baidu.com.
baidu.com. 7200 IN TXT "google-site-verification=GHb98-6msqyx_qqjGl5eRatD3QTHyVB6-xQ3gJB5UwM"
baidu.com. 7200 IN TXT "v=spf1 include:spf1.baidu.com include:spf2.baidu.com include:spf3.baidu.com a mx ptr -all"
forum.baidu.com. 7200 IN A 10.26.109.19
git.baidu.com. 7200 IN A 10.42.4.104
admin.baidu.com. 7200 IN A 10.26.109.19
ns4.baidu.com. 86400 IN A 220.181.38.10
ns2.baidu.com. 86400 IN A 61.135.165.235
ns7.baidu.com. 86400 IN A 180.76.76.92
ns3.baidu.com. 86400 IN A 220.181.37.10
dns.baidu.com. 86400 IN A 202.108.22.220
jpmx.baidu.com. 7200 IN A 61.208.132.13
mx50.baidu.com. 300 IN A 180.76.13.18
mx1.baidu.com. 300 IN A 61.135.165.120
mx1.baidu.com. 300 IN A 220.181.50.185
---------END祝大家新年快乐END-----------
献上一曲: