Python 3.5 之爆破二级域名.

  • 内容
  • 相关

今天更新的是爆破二级域名

版本:Python 3.5

一共是两个文件1、Address.py  2、dns.py[附件配字典,如有不清楚的请联系我QQ]

下面有附件打包.


1、Address.py


import pymysql


class Address(object):
#domainName:www.baidu.com
#ip:192.168.0.1
#tableName:baidu.com
def __init__(self,domainName,ip,tableName):
self.domainName = domainName
self.ip = ip
self.tableName = tableName
#调用创建表的函数
self.createTable(tableName)
#如果这个IP地址存在,则不插入数据
if self.isHava(tableName,ip):
self.insertTable(domainName,ip,tableName)

def createTable(self,tableName):
#根据tableName的参数,创建表
coon = pymysql.connect(host = 'localhost',port = 3306, user = 'root', passwd = '',db = 'new',charset = 'UTF8')
cursor = coon.cursor()
#根据'.'对tableName进行拆分['baidu','com']   根据某一字符给它拆分
DM = tableName.split('.')
a = 'create table if not exists ' + DM[0] +' (id int primary key auto_increment,domainName varchar(1000),ip varchar(1000))'
cursor.execute(a)
coon.commit()
coon.close()

def insertTable(self,domainName,ip,tableName):
#根据tableName向表中插入domainName和ip
coon = pymysql.connect(host = 'localhost',port = 3306, user = 'root', passwd = '',db = 'new',charset = 'UTF8')
cursor = coon.cursor()
#根据'.'对tableName进行拆分['baidu','com']   根据某一字符给它拆分
DM = tableName.split('.')
a = 'insert into '+ DM[0]+ ' (domainName,ip) values (\'' +domainName+ "','" + ip + "')"
cursor.execute(a)
coon.commit()
coon.close()

def isHava(self,tableName,ip):
#根据ip去表中查询数据,如果查到了则视为已经插入过了
coon = pymysql.connect(host = 'localhost',port = 3306, user = 'root', passwd = '',db = 'new',charset = 'UTF8')
cursor = coon.cursor()
#根据'.'对tableName进行拆分['baidu','com']   根据某一字符给它拆分
DM = tableName.split('.')

a = 'select * from ' + DM[0] + ' where ip = \'' + ip + "'"
cursor.execute(a)
values = cursor.fetchall()
if values:
return False
else:
return True
if __name__ == '__main__':
a = Address('www.sina.com','192.168.0.1','sina.com')

2、Dns.py

import dns.resolver
import time
import threading
from multiprocessing import Queue
import os
from Address import Address

class DNSBrute(object):
def __init__(self,domainName,thread_NUM):
#domainName:开始的域名,格式:baidu.com
self.domainName = domainName
#thread_NMU:开启的线程数量
self.thread_count = self.thread_NUM = thread_NUM
#scan_count:扫描过的数量
#found_count:扫描到的域名的数量
self.scan_count = self.found_count = 0
#线程锁,因为有很多个线程同时操作,所以要有一个线程锁
self.lock = threading.Lock()
#保存DNS解析对象的列表
self.resolvers = [dns.resolver.Resolver() for _ in range(thread_NUM)]
self.load_dns_servers()
self.load_subname()
#查找出来的ip地址的字典
self.ip_dict = {}
#
self.STOP_ME = False
#查询出来的结果列表
#在查询结束之后,要保存到数据库
self.result = [] 


# for x in range(thread_NUM):
# #创建一个DNS解析对象
# new_resolver = dns.resolver.Resolver()
# #添加进列表中
# self.resolvers.append(new_resolver)


#第一个函数,从dns_servers.txt读取内容,保存到列表中
#第二个盘数,从subnama.txt 文档中读取内容,保存到Queue
def load_dns_servers(self):
dns_servers = []
with open('dict/dns_servers.txt','r') as f:
for x in f:
#strip()去掉字符串中的空格
server = x.strip()
#将去掉空格的dns保存到数组中
dns_servers.append(server)
#保存成全局通用的
self.dns_servers = dns_servers
self.dns_count = len(dns_servers)

def load_subname(self):
self.queue = Queue()
with open('dict/subnames.txt','r') as f:
for x in f:
subname = x.strip()
self.queue.put(subname)
print(self.queue)
#查询二级域名的函数
def scan(self):
#获取当前进程的名字
thread_id = int(threading.currentThread().name)
self.resolvers[thread_id].nameservers.insert(0,self.dns_servers[thread_id % self.dns_count])
self.resolvers[thread_id].lifetime = 10.0
self.resolvers[thread_id].timeout = 10.0
#获取队列里面任务数的函数
while self.queue.qsize() > 0 and not self.STOP_ME:
#QUEUE -> www,map,zhidao
#domainName - > baidu.com
#resolver -> 查询 www.baidu.com 的对象
#从队列中获取到二级域名
sub = self.queue.get()
#循环三次是因为对象中有三个dns服务器地址
for _ in range(3):
#sub_domain = www.baidu.com 等二级域名地址
sub_domain = sub + '.' + self.domainName
try:
#通过dns插查询对象去查询二级域名是否正确
answers = self.resolvers[thread_id].query(sub_domain)
if answers:
ips = ','.join(answer.address for answer in answers)
#开启线程锁
self.lock.acquire()
#发现的数量加1
self.found_count += 1
print(self.found_count)
print(sub_domain,ips)
#保存到结果列表中
self.result.append((sub_domain,ips))
self.lock.release()
except Exception as e:
pass
print(self.found_count,self.queue.qsize())
self.lock.acquire() #程序将要结束了
self.thread_count -= 1
self.lock.release()
def run(self):
for x in range(self.thread_NUM):
t = threading.Thread(target = self.scan,name = str(x))
#这个线程会在主线程结束的时候被注释掉
t.setDaemon(True)
t.start()
#以下这段代码的意义是只有用户在按主动退出的时候才结束程序
while self.thread_count > 1:
try:
time.sleep(0.5)
#KeyboardInterrupt 键盘输入退出ctrl + c
except KeyboardInterrupt as e:
self.STOP_ME = True

for x in self.result :
a = Address(x[0],x[1],self.domainName)



if __name__ == '__main__':
d = DNSBrute('lanou3g.com',60)
d.run()


yuming.zip

本文标签:

版权声明:若无特殊注明,本文皆为《舜哥哥吖》原创,转载请保留文章出处。

本文链接:Python 3.5 之爆破二级域名. - http://www.shungg.cn/post/40

发表评论

电子邮件地址不会被公开。 必填项已用*标注