DNS迭代穷举脚本

时间:2022-04-26
本文章向大家介绍DNS迭代穷举脚本,主要内容包括其使用实例、应用技巧、基本知识点总结和需要注意事项,具有一定的参考价值,需要的朋友可以参考一下。

在普通的DNS穷举中,如果使用字典进行穷举,会发现没有哪个字典能穷举完所有的域名,国外安全研究者在常年累月的DNS记录收集中发现,很多域名有大量的短主机名,并且很易记,通常为4个字符或更少,所以有了以下脚本:

#!/usr/bin/env ruby
#
## Brute code stolen form: #

@domain = 'microsoft.com'

def result?(sub)  
    results = %x(dig +noall #{sub}.#{@domain} +answer)  
    if results != ""      
        puts "============================"      
        puts "FOUND: t#{sub}"      
        puts "============================"      
        puts "#{results}"      
        puts "============================"  
    end
      1 == 2
end

def crack_yielding(chars)  
    crack_yield(chars){ |p|      
        return p if result?(p)  
    }
end

def crack_yield(chars)  
    chars.each { |c| yield c }  
    crack_yield(chars) { |c|      
        chars.each do |x|          
            yield c + x
        end
    }
end

chars = ('a'..'z').to_a(0..9).each {|x| chars << x.to_s} 

crack_yielding(chars)

gist: https://gist.github.com/mubix/9107284

它能正常运行,但是速度比较慢,所以进行了改进。

#!/usr/bin/env ruby

#
## Brute code stolen form: #

def result?(sub)  
    puts sub    
    1 == 2
end

def crack_yielding(chars)  
    crack_yield(chars){ |p|      
        return p if result?(p)  
    }
end

def crack_yield(chars)  
    chars.each { |c| yield c }  
    crack_yield(chars) { |c|         
        chars.each do |x|          
            yield c + x
          end  
    }
end

chars = ('a'..'z').to_a(0..9).each {|x| chars << x.to_s} 

crack_yielding(chars)

开始使用

ruby brutelist.rb | parallel -j100 dig +noall {}.microsoft.com +answer

工作回显如下所示:

c.microsoft.com. 2 IN CNAME c.microsoft.akadns.net.

c.microsoft.akadns.net. 499 IN A 65.55.58.184

e.microsoft.com. 3599 IN A 191.234.1.50

g.microsoft.com. 2798 IN CNAME g.msn.com.

g.msn.com. 99 IN CNAME g.msn.com.nsatc.net.

g.msn.com.nsatc.net. 148 IN A 131.253.34.154

i.microsoft.com. 779 IN CNAME i.toggle.www.ms.akadns.net.

i.toggle.www.ms.akadns.net. 44 IN CNAME i.g.www.ms.akadns.net.

i.g.www.ms.akadns.net. 225 IN CNAME i.microsoft.com.edgesuite.net.

i.microsoft.com.edgesuite.net. 116 IN CNAME a1475.g.akamai.net.

a1475.g.akamai.net. 16 IN A 23.45.65.26

a1475.g.akamai.net. 16 IN A 23.45.65.33

m.microsoft.com. 3599 IN CNAME origin.mobile.ms.akadns.net.

origin.mobile.ms.akadns.net. 299 IN A 65.55.186.235

s.microsoft.com. 3599 IN CNAME reroute.microsoft.com.

reroute.microsoft.com. 3599 IN A 65.55.58.201

reroute.microsoft.com. 3599 IN A 64.4.11.37

cs.microsoft.com. 81 IN CNAME wedcs.trafficmanager.net.

wedcs.trafficmanager.net. 7 IN CNAME wedcseus.cloudapp.net.

wedcseus.cloudapp.net. 8 IN A 137.116.48.250

...

[via room362]

随机文章
本站知识点必读
最近更新