批量检测域传送漏洞python脚本

xfr_check.py

#!/usr/bin/env python
# -*- coding=utf-8
# 批量测试域传送漏洞
# usage: ./xfr_check.py domain.lst    domain.lst is the file contain domain per line
# by xk0n 2015.09.11

import sys
import time
import dns.resolver
import dns.zone
from multiprocessing.dummy import Lock, Pool as ThreadPool


def check(domain):
    # 获取name server
    try:
        r = dns.resolver.Resolver()
        r.timeout = 10
        nss = r.query(domain, "NS")
        # 测试域传送
        if nss:
            for ns in nss:
                try:
                    xfr = dns.query.xfr(
                        str(ns), domain, timeout=10, lifetime=10)
                    if dns.zone.from_xfr(xfr):
                        if not vul.has_key(domain):
                            vul[domain] = []
                        vul[domain].append(str(ns))
                except Exception, e:
                    pass
    except Exception, e:
        pass

if len(sys.argv) != 2:
    print 'usage: %s domainfile.lst'%sys.argv[0]
    sys.exit(1)

urls = [url.strip() for url in open(sys.argv[1])]
vul = {}
start = time.time()
thread_num = 10
print 'start xfr check \t\t cases: %s | thread: %s' % (len(urls), thread_num)

pool = ThreadPool(thread_num)
results = pool.map(check, urls)
pool.close()
pool.join()

if vul:
    for domain in vul:
        print "[+] vul: %s" % domain
        for ns in vul[domain]:
            print "    poc: dig @%s %s axfr" % (ns, domain)
    print '[*] vuls: %s' % len(vul),
else:
    print "[-] No vuls",

print '| elapsed time: %.2f minutes' % ((time.time()-start)/60)