用于在目标网络上执行 DNS 侦测的工具。结果包括对执行网络侦测的用户有用的各种信息。 返回的一些信息包括:
-
主机子域
-
不同的 dns 信息(MX、A 记录)
-
地理信息
-
电子邮件
0x01 工具安装
工具采用 python 开发,依赖库为:
-
requests
-
dnspython
-
simplejson
-
ip2geotools
-
ipwhois
$ pip3 install -r requirements.txt0x02 工具使用
$ python3 dnsdumpster.py -d nmmapper.comStarting dns dump against nmmapper.comSearchingusingengine NetcraftSearchingusingengine VirustotalSearchingusingengine ThreatCrowdSearchingusingengine SSL Certificates[{"asn": {"asn":"51167","asn_cidr":"173.212.192.0/19","asn_country_code":"DE","asn_date":"2009-10-26","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"173.212.208.249","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"www.nmmapper.com","subdomain_ip":"173.212.208.249"},{"asn": {"asn":"51167","asn_cidr":"207.180.222.0/23","asn_country_code":"DE","asn_date":"1996-08-21","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"207.180.222.55","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"analytics.nmmapper.com","subdomain_ip":"207.180.222.55"},{"asn": {"asn":"51167","asn_cidr":"173.212.192.0/19","asn_country_code":"DE","asn_date":"2009-10-26","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"173.212.208.249","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"celery.nmmapper.com","subdomain_ip":"173.212.208.249"},{"asn": {"asn":"51167","asn_cidr":"167.86.88.0/23","asn_country_code":"DE","asn_date":"1993-05-14","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"167.86.88.139","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"clk.nmmapper.com","subdomain_ip":"167.86.88.139"},{"asn": {"asn":"51167","asn_cidr":"167.86.88.0/23","asn_country_code":"DE","asn_date":"1993-05-14","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"167.86.88.139","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"d1.nmmapper.com","subdomain_ip":"167.86.88.139"},{"asn": {"asn":"51167","asn_cidr":"173.212.192.0/19","asn_country_code":"DE","asn_date":"2009-10-26","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"173.212.208.249","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"goaccess.nmmapper.com","subdomain_ip":"173.212.208.249"},{"asn": {"asn":"51167","asn_cidr":"167.86.88.0/23","asn_country_code":"DE","asn_date":"1993-05-14","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"167.86.88.139","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"mail.nmmapper.com","subdomain_ip":"167.86.88.139"},{"asn": {"asn":"51167","asn_cidr":"167.86.88.0/23","asn_country_code":"DE","asn_date":"1993-05-14","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"167.86.88.139","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"p0-cdn.nmmapper.com","subdomain_ip":"167.86.88.139"},{"asn": {"asn":"51167","asn_cidr":"167.86.88.0/23","asn_country_code":"DE","asn_date":"1993-05-14","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"167.86.88.139","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"p352931.nmmapper.com","subdomain_ip":"167.86.88.139"},{"asn": {"asn":"51167","asn_cidr":"167.86.88.0/23","asn_country_code":"DE","asn_date":"1993-05-14","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"167.86.88.139","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"p352931-cdn.nmmapper.com","subdomain_ip":"167.86.88.139"},{"asn": {"asn":"51167","asn_cidr":"167.86.88.0/23","asn_country_code":"DE","asn_date":"1993-05-14","asn_description":"CONTABO, DE","asn_registry":"ripencc"},"domain":"nmmapper.com","geo": {"city":"Munich (Ramersdorf-Perlach)","country":"DE","ip_address":"167.86.88.139","latitude": null,"longitude": null,"region":"Bavaria"},"subdomain":"upstream.nmmapper.com","subdomain_ip":"167.86.88.139"},{"asn": null,"domain":"nmmapper.com","geo": null,"subdomain":"webook.nmmapper.com","subdomain_ip":""},{"asn": {"asn":"15169","asn_cidr":"34.64.0.0/14","asn_country_code":"US","asn_date":"2018-09-28","asn_description":"GOOGLE - Google LLC, US","asn_registry":"arin"},"domain":"nmmapper.com","geo": {"city":"Ashburn","country":"US","ip_address":"34.67.67.41","latitude":39.0437192,"longitude":-77.4874899,"region":"Virginia"},"subdomain":"wss.nmmapper.com","subdomain_ip":"34.67.67.41"},{"asn": null,"domain":"nmmapper.com","geo": null,"subdomain":"wss1.nmmapper.com","subdomain_ip":""}]
支持 Web 应用程序防火墙检测。枚举所有子域后,我们会检测每个子域是否位于 Web 应用程序防火墙后面。为了检测 Web 应用程序防火墙,我们通过启用安全性使用 WAFW00F:
from wafw00f.mainimportWafW00Fdetector = WafW00F(host)waf = detector.identwaf()if(waf):returnwaf[0]else:return""
{"asn": {"asn":"13335","asn_cidr":"104.27.160.0/20","asn_country_code":"US","asn_date":"2014-03-28","asn_description":"CLOUDFLARENET - Cloudflare, Inc., US","asn_registry":"arin"},"geo": {"city":"Ashburn","country":"US","ip_address":"104.27.171.116","latitude":39.0437192,"longitude":-77.4874899,"region":"Virginia"},"server":"cloudflare","subdomain":"mail.mp3hunter.net","subdomain_ip":"104.27.171.116","waf":"Cloudflare (Cloudflare Inc.)"},
Web 服务器检测,该工具还支持对已枚举的主域和子域进行 Web 服务器检测。这是一段执行检测的代码:
defget_server_type(host):""":param host: the server we want to get it's server@returnstr"""try:ua= get_user_agent()headers = {'User-Agent': ua,'From':'[email protected]'}res = requests.get(add_protocol(host), headers=headers)if(res.headers):returnres.headers.get("Server")else:return""except Exception as e:return""
下载:
https://github.com/nmmapper/dnsdumpster
声明:该公众号大部分文章来自作者日常学习笔记,也有部分文章是经过作者授权和其他公众号白名单转载,未经授权,严禁转载,如需转载,联系开白名单。
请勿利用文章内的相关技术从事非法测试,如因此产生的一切不良后果与本公众号无关。
✦
✦
原文始发于微信公众号(白帽学子):自动化 dump 目标 DNS 信息
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论