自动化 dump 目标 DNS 信息

admin
admin
admin
102737
文章
87
评论
2023年4月3日09:14:16评论57 views字数 6368阅读21分13秒阅读模式

用于在目标网络上执行 DNS 侦测的工具。结果包括对执行网络侦测的用户有用的各种信息。 返回的一些信息包括:

  • 主机子域

  • 不同的 dns 信息(MX、A 记录)

  • 地理信息

  • 电子邮件

0x01 工具安装

工具采用 python 开发,依赖库为:

  • requests

  • dnspython

  • simplejson

  • ip2geotools

  • ipwhois

$ pip3 install -r requirements.txt

0x02 工具使用

$ python3 dnsdumpster.py -d nmmapper.com
Starting dns dump against nmmapper.comSearching using engine NetcraftSearching using engine VirustotalSearching using engine ThreatCrowdSearching using engine SSL Certificates[    {        "asn": {            "asn": "51167",            "asn_cidr": "173.212.192.0/19",            "asn_country_code": "DE",            "asn_date": "2009-10-26",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "173.212.208.249",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "www.nmmapper.com",        "subdomain_ip": "173.212.208.249"    },    {        "asn": {            "asn": "51167",            "asn_cidr": "207.180.222.0/23",            "asn_country_code": "DE",            "asn_date": "1996-08-21",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "207.180.222.55",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "analytics.nmmapper.com",        "subdomain_ip": "207.180.222.55"    },    {        "asn": {            "asn": "51167",            "asn_cidr": "173.212.192.0/19",            "asn_country_code": "DE",            "asn_date": "2009-10-26",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "173.212.208.249",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "celery.nmmapper.com",        "subdomain_ip": "173.212.208.249"    },    {        "asn": {            "asn": "51167",            "asn_cidr": "167.86.88.0/23",            "asn_country_code": "DE",            "asn_date": "1993-05-14",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "167.86.88.139",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "clk.nmmapper.com",        "subdomain_ip": "167.86.88.139"    },    {        "asn": {            "asn": "51167",            "asn_cidr": "167.86.88.0/23",            "asn_country_code": "DE",            "asn_date": "1993-05-14",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "167.86.88.139",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "d1.nmmapper.com",        "subdomain_ip": "167.86.88.139"    },    {        "asn": {            "asn": "51167",            "asn_cidr": "173.212.192.0/19",            "asn_country_code": "DE",            "asn_date": "2009-10-26",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "173.212.208.249",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "goaccess.nmmapper.com",        "subdomain_ip": "173.212.208.249"    },    {        "asn": {            "asn": "51167",            "asn_cidr": "167.86.88.0/23",            "asn_country_code": "DE",            "asn_date": "1993-05-14",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "167.86.88.139",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "mail.nmmapper.com",        "subdomain_ip": "167.86.88.139"    },    {        "asn": {            "asn": "51167",            "asn_cidr": "167.86.88.0/23",            "asn_country_code": "DE",            "asn_date": "1993-05-14",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "167.86.88.139",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "p0-cdn.nmmapper.com",        "subdomain_ip": "167.86.88.139"    },    {        "asn": {            "asn": "51167",            "asn_cidr": "167.86.88.0/23",            "asn_country_code": "DE",            "asn_date": "1993-05-14",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "167.86.88.139",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "p352931.nmmapper.com",        "subdomain_ip": "167.86.88.139"    },    {        "asn": {            "asn": "51167",            "asn_cidr": "167.86.88.0/23",            "asn_country_code": "DE",            "asn_date": "1993-05-14",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "167.86.88.139",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "p352931-cdn.nmmapper.com",        "subdomain_ip": "167.86.88.139"    },    {        "asn": {            "asn": "51167",            "asn_cidr": "167.86.88.0/23",            "asn_country_code": "DE",            "asn_date": "1993-05-14",            "asn_description": "CONTABO, DE",            "asn_registry": "ripencc"        },        "domain": "nmmapper.com",        "geo": {            "city": "Munich (Ramersdorf-Perlach)",            "country": "DE",            "ip_address": "167.86.88.139",            "latitude": null,            "longitude": null,            "region": "Bavaria"        },        "subdomain": "upstream.nmmapper.com",        "subdomain_ip": "167.86.88.139"    },    {        "asn": null,        "domain": "nmmapper.com",        "geo": null,        "subdomain": "webook.nmmapper.com",        "subdomain_ip": ""    },    {        "asn": {            "asn": "15169",            "asn_cidr": "34.64.0.0/14",            "asn_country_code": "US",            "asn_date": "2018-09-28",            "asn_description": "GOOGLE - Google LLC, US",            "asn_registry": "arin"        },        "domain": "nmmapper.com",        "geo": {            "city": "Ashburn",            "country": "US",            "ip_address": "34.67.67.41",            "latitude": 39.0437192,            "longitude": -77.4874899,            "region": "Virginia"        },        "subdomain": "wss.nmmapper.com",        "subdomain_ip": "34.67.67.41"    },    {        "asn": null,        "domain": "nmmapper.com",        "geo": null,        "subdomain": "wss1.nmmapper.com",        "subdomain_ip": ""    }]

支持 Web 应用程序防火墙检测。枚举所有子域后,我们会检测每个子域是否位于 Web 应用程序防火墙后面。为了检测 Web 应用程序防火墙,我们通过启用安全性使用 WAFW00F:

from wafw00f.main import WafW00Fdetector = WafW00F(host)waf = detector.identwaf()if(waf):    return waf[0]else:    return ""
{            "asn": {                "asn": "13335",                "asn_cidr": "104.27.160.0/20",                "asn_country_code": "US",                "asn_date": "2014-03-28",                "asn_description": "CLOUDFLARENET - Cloudflare, Inc., US",                "asn_registry": "arin"            },            "geo": {                "city": "Ashburn",                "country": "US",                "ip_address": "104.27.171.116",                "latitude": 39.0437192,                "longitude": -77.4874899,                "region": "Virginia"            },            "server": "cloudflare",            "subdomain": "mail.mp3hunter.net",            "subdomain_ip": "104.27.171.116",            "waf": "Cloudflare (Cloudflare Inc.)"        },

Web 服务器检测,该工具还支持对已枚举的主域和子域进行 Web 服务器检测。这是一段执行检测的代码:

def get_server_type(host):    """    :param host: the server we want to get it's server    @return str    """    try:        ua = get_user_agent()        headers = {            'User-Agent': ua,            'From': '[email protected]'         }        res  = requests.get(add_protocol(host), headers=headers)        if(res.headers):            return res.headers.get("Server")        else:            return ""                except Exception as e:        return ""

下载:

https://github.com/nmmapper/dnsdumpster

自动化 dump 目标 DNS 信息

声明:该公众号大部分文章来自作者日常学习笔记,也有部分文章是经过作者授权和其他公众号白名单转载,未经授权,严禁转载,如需转载,联系开白名单。

请勿利用文章内的相关技术从事非法测试,如因此产生的一切不良后果与本公众号无关。

原文始发于微信公众号(白帽学子):自动化 dump 目标 DNS 信息

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2023年4月3日09:14:16
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   自动化 dump 目标 DNS 信息http://cn-sec.com/archives/1648610.html

发表评论

匿名网友 填写信息