暴力枚举N级子域名
#!/usr/bin/env python
# -*- encoding: utf-8 -*-
# A simple and fast sub domains brute tool for pentesters
# my[at]lijiejie.com (http://www.lijiejie.com)
import Queue
import sys
import dns.resolver
import threading
import time
import optparse
import os
from lib.consle_width import getTerminalSize
class DNSBrute:
def __init__(self, target, names_file, ignore_intranet, threads_num, output):
self.target = target.strip()
self.names_file = names_file
self.ignore_intranet = ignore_intranet
self.thread_count = self.threads_num = threads_num
self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0] - 2 # Cal terminal width when starts up
self.resolvers = [dns.resolver.Resolver() for _ in range(threads_num)]
self._load_dns_servers()
self._load_sub_names()
self._load_next_sub()
outfile = target + '.txt' if not output else output
self.outfile = open(outfile, 'w') # won't close manually
self.ip_dict = {}
self.STOP_ME = False
def _load_dns_servers(self):
dns_servers = []
with open('dict/dns_servers.txt') as f:
for line in f:
server = line.strip()
if server.count('.') == 3 and server not in dns_servers:
dns_servers.append(server)
self.dns_servers = dns_servers
self.dns_count = len(dns_servers)
def _load_sub_names(self):
self.queue = Queue.Queue()
file = 'dict/' + self.names_file if not os.path.exists(self.names_file) else self.names_file
with open(file) as f:
for line in f:
sub = line.strip()
if sub: self.queue.put(sub)
def _load_next_sub(self):
next_subs = []
with open('dict/next_sub.txt') as f:
for line in f:
sub = line.strip()
if sub and sub not in next_subs:
next_subs.append(sub)
self.next_subs = next_subs
def _update_scan_count(self):
self.lock.acquire()
self.scan_count += 1
self.lock.release()
def _print_progress(self):
self.lock.acquire()
msg = '%s found | %s remaining | %s scanned in %.2f seconds' % (
self.found_count, self.queue.qsize(), self.scan_count, time.time() - self.start_time)
sys.stdout.write('\r' + ' ' * (self.console_width -len(msg)) + msg)
sys.stdout.flush()
self.lock.release()
@staticmethod
def is_intranet(ip):
ret = ip.split('.')
if not len(ret) == 4:
return True
if ret[0] == '10':
return True
if ret[0] == '172' and 16 <= int(ret[1]) <= 32:
return True
if ret[0] == '192' and ret[1] == '168':
return True
return False
def _scan(self):
thread_id = int( threading.currentThread().getName() )
self.resolvers[thread_id].nameservers.insert(0, self.dns_servers[thread_id % self.dns_count])
self.resolvers[thread_id].lifetime = self.resolvers[thread_id].timeout = 10.0
while self.queue.qsize() > 0 and not self.STOP_ME and self.found_count < 40000: # limit max found records to 40000
sub = self.queue.get(timeout=1.0)
for _ in range(3):
try:
cur_sub_domain = sub + '.' + self.target
answers = d.resolvers[thread_id].query(cur_sub_domain)
is_wildcard_record = False
if answers:
for answer in answers:
self.lock.acquire()
if answer.address not in self.ip_dict:
self.ip_dict[answer.address] = 1
else:
self.ip_dict[answer.address] += 1
if self.ip_dict[answer.address] > 2: # a wildcard DNS record
is_wildcard_record = True
self.lock.release()
if is_wildcard_record:
self._update_scan_count()
self._print_progress()
continue
ips = ', '.join([answer.address for answer in answers])
if (not self.ignore_intranet) or (not DNSBrute.is_intranet(answers[0].address)):
self.lock.acquire()
self.found_count += 1
msg = cur_sub_domain.ljust(30) + ips
sys.stdout.write('\r' + msg + ' ' * (self.console_width- len(msg)) + '\n\r')
sys.stdout.flush()
self.outfile.write(cur_sub_domain.ljust(30) + '\t' + ips + '\n')
self.lock.release()
try:
d.resolvers[thread_id].query('*.' + cur_sub_domain)
except:
for i in self.next_subs:
self.queue.put(i + '.' + sub)
break
except dns.resolver.NoNameservers, e:
break
except Exception, e:
pass
self._update_scan_count()
self._print_progress()
self._print_progress()
self.lock.acquire()
self.thread_count -= 1
self.lock.release()
def run(self):
self.start_time = time.time()
for i in range(self.threads_num):
t = threading.Thread(target=self._scan, name=str(i))
t.setDaemon(True)
t.start()
while self.thread_count > 1:
try:
time.sleep(1.0)
except KeyboardInterrupt,e:
msg = '[WARNING] User aborted, wait all slave threads to exit...'
sys.stdout.write('\r' + msg + ' ' * (self.console_width- len(msg)) + '\n\r')
sys.stdout.flush()
self.STOP_ME = True
if __name__ == '__main__':
parser = optparse.OptionParser('usage: %prog [options] target.com')
parser.add_option('-t', '--threads', dest='threads_num',
default=60, type='int',
help='Number of threads. default = 60')
parser.add_option('-f', '--file', dest='names_file', default='dict/subnames.txt',
type='string', help='Dict file used to brute sub names')
parser.add_option('-i', '--ignore-intranet', dest='i', default=False, action='store_true',
help='Ignore domains pointed to private IPs')
parser.add_option('-o', '--output', dest='output', default=None,
type='string', help='Output file name. default is {target}.txt')
(options, args) = parser.parse_args()
if len(args) < 1:
parser.print_help()
sys.exit(0)
d = DNSBrute(target=args[0], names_file=options.names_file,
ignore_intranet=options.i,
threads_num=options.threads_num,
output=options.output)
d.run()
while threading.activeCount() > 1:
time.sleep(0.1)
摘自:李姐姐的博客
暴力枚举N级子域名的更多相关文章
- 51Nod 1158 全是1的最大子矩阵 —— 预处理 + 暴力枚举 or 单调栈
题目链接:http://www.51nod.com/onlineJudge/questionCode.html#!problemId=1158 1158 全是1的最大子矩阵 基准时间限制:1 秒 空 ...
- [Unity3D]巧妙利用父级子级实现Camera场景平面漫游
本文系作者原创,转载请注明出处 入门级的笔者想了一上午才搞懂那个欧拉角的Camera旋转..=.= 在调试场景的时候,每次都本能的按下W想前进,但是这是不可能的(呵呵) 于是便心血来潮想顺便添加个Ke ...
- CodeForces 742B Arpa’s obvious problem and Mehrdad’s terrible solution (暴力枚举)
题意:求定 n 个数,求有多少对数满足,ai^bi = x. 析:暴力枚举就行,n的复杂度. 代码如下: #pragma comment(linker, "/STACK:1024000000 ...
- 2014牡丹江网络赛ZOJPretty Poem(暴力枚举)
/* 将给定的一个字符串分解成ABABA 或者 ABABCAB的形式! 思路:暴力枚举A, B, C串! */ 1 #include<iostream> #include<cstri ...
- HNU 12886 Cracking the Safe(暴力枚举)
题目链接:http://acm.hnu.cn/online/?action=problem&type=show&id=12886&courseid=274 解题报告:输入4个数 ...
- 51nod 1116 K进制下的大数 (暴力枚举)
题目链接 题意:中文题. 题解:暴力枚举. #include <iostream> #include <cstring> using namespace std; ; ; ch ...
- Windows下Apache服务器中自动配置二级子域名
今天我们介绍的这个办法,只需要简单修改 httpd-vhosts.conf 文件,配合 .htaccess 文件即可实现自动配置二级域名. 我们这里以 wpchina.com 为例,以下代码中的 wp ...
- Codeforces Round #349 (Div. 1) B. World Tour 最短路+暴力枚举
题目链接: http://www.codeforces.com/contest/666/problem/B 题意: 给你n个城市,m条单向边,求通过最短路径访问四个不同的点能获得的最大距离,答案输出一 ...
- bzoj 1028 暴力枚举判断
昨天梦到这道题了,所以一定要A掉(其实梦到了3道,有两道记不清了) 暴力枚举等的是哪张牌,将是哪张牌,然后贪心的判断就行了. 对于一个状态判断是否为胡牌,1-n扫一遍,然后对于每个牌,先mod 3, ...
随机推荐
- sql server 2012 数据引擎任务调度算法解析(上)
微软在sql server 2012版本之后,引入了新的任务调度算法,这个算法与之前的版本有一些细微的差别.我在这里试着简单描述一下,一些基本概念就不再赘述了,比如NUMA.scheduler.wor ...
- [WPF系列]-DynamicResource与StaticResource的区别
探讨: 1.当引用资源时,选择StaticResource还是DynamicResource的考虑因素: (1)在哪里创建资源?(资源的范围或层级) a. 资源是在一个Page/Canvas/Wind ...
- monkeyrunner之录制与回放(七)
monkeyrunner为我们提供了录制 回放的功能. 录制与回放使用原因:实际项目,需求变更频繁,且测试任务多,我们没有足够时间去写测试脚本,这是就可以进行录制脚本,然后通过回放,跑完需要的流程. ...
- hdu1521 排列组合(指数型母函数)
题意: 有n种物品,并且知道每种物品的数量ki.要求从中选出m件物品的排数. (全题文末) 知识点: 普通母函数 指数型母函数:(用来求解多重集的排列问题) n个元素,其中a1,a2, ...
- hdu 5652 India and China Origins 并查集
题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=5652 题目大意:n*m的矩阵上,0为平原,1为山.q个询问,第i个询问给定坐标xi,yi,表示i年后这 ...
- UVALive 4426 Blast the Enemy! --求多边形重心
题意:求一个不规则简单多边形的重心. 解法:多边形的重心就是所有三角形的重心对面积的加权平均数. 关于求多边形重心的文章: 求多边形重心 用叉积搞一搞就行了. 代码: #include <ios ...
- 骨骼蒙皮动画算法(Linear Blending Skinning)
交互式变形是编辑几何模型的重要手段,目前出现了许多实时.直观的交互式变形方法.本文介绍一种利用线性混合蒙皮(Linear Blending Skinning,LBS)技术来实现网格变形的方法,线性混合 ...
- python高级之网络编程
python高级之网络编程 本节内容 网络通信概念 socket编程 socket模块一些方法 聊天socket实现 远程执行命令及上传文件 socketserver及其源码分析 1.网络通信概念 说 ...
- matlab常用的字符串操作函数之一
1,strcat和strvcat strcat:依次横向连接字符串: strvcat:依次纵向连接字符串: 实例1: >>a1='sophia '; >>a2='is a '; ...
- gradle项目中资源文件的相对路径打包处理技巧
开发java application时,不管是用ant/maven/gradle中的哪种方式来构建,通常最后都会打包成一个可执行的jar包程序,而程序运行所需的一些资源文件(配置文件),比如jdbc. ...