diff --git a/tools/dnslog.yaml b/tools/dnslog.yaml index 6fdacaf9..def44fcb 100644 --- a/tools/dnslog.yaml +++ b/tools/dnslog.yaml @@ -2,7 +2,7 @@ name: "dnslog" command: "python3" args: - "-c" - - "import sys\nimport requests\nimport json\nimport time\nimport os\nimport tempfile\n\nif len(sys.argv) < 2:\n sys.stderr.write(\"错误: 缺少操作类型参数 (get_domain 或 get_records)\\n\")\n sys.exit(1)\n\noperation = sys.argv[1]\nbase_url = \"http://dnslog.cn\"\n\n# 使用临时文件存储Cookie\ncookie_file = os.path.join(tempfile.gettempdir(), \"dnslog_cookie.txt\")\n\n# 创建session以保持Cookie\nsession = requests.Session()\n\n# 如果Cookie文件存在,加载Cookie\ntry:\n if os.path.exists(cookie_file):\n with open(cookie_file, 'r') as f:\n for line in f:\n if 'PHPSESSID' in line:\n session.cookies.set('PHPSESSID', line.strip().split('=')[1])\nexcept:\n pass\n\ntry:\n if operation == \"get_domain\":\n # 获取临时域名(这会设置Cookie)\n response = session.get(f\"{base_url}/getdomain.php\", timeout=10)\n response.raise_for_status()\n domain = response.text.strip().rstrip('%')\n \n # 保存Cookie到文件\n try:\n with open(cookie_file, 'w') as f:\n for cookie in session.cookies:\n f.write(f\"{cookie.name}={cookie.value}\\n\")\n except:\n pass\n \n if domain:\n result = {\n \"status\": \"success\",\n \"domain\": domain,\n \"message\": f\"成功获取临时域名: {domain}\",\n \"usage\": f\"使用此域名进行DNS查询测试,例如: nslookup {domain} 或 curl http://{domain}\",\n \"note\": \"域名有效期为24小时,请及时查询记录\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n else:\n print(json.dumps({\n \"status\": \"error\",\n \"message\": \"未能获取到域名,请稍后重试\"\n }, ensure_ascii=False, indent=2))\n sys.exit(1)\n \n elif operation == \"get_records\":\n # 获取DNS查询记录\n if len(sys.argv) < 3:\n sys.stderr.write(\"错误: get_records 操作需要提供域名参数\\n\")\n sys.exit(1)\n \n domain = sys.argv[2]\n wait_time = int(sys.argv[3]) if len(sys.argv) > 3 and sys.argv[3] else 0\n \n # 如果指定了等待时间,先等待\n if wait_time > 0:\n print(f\"等待 {wait_time} 秒后查询记录...\", file=sys.stderr)\n time.sleep(wait_time)\n \n # 加载Cookie(如果存在)\n try:\n if os.path.exists(cookie_file):\n with open(cookie_file, 'r') as f:\n for line in f:\n if 'PHPSESSID' in line:\n session.cookies.set('PHPSESSID', line.strip().split('=')[1])\n except:\n pass\n \n response = session.get(f\"{base_url}/getrecords.php\", params={\"t\": domain}, timeout=10)\n response.raise_for_status()\n records_text = response.text.strip().rstrip('%')\n \n if records_text and records_text != \"[]\" and records_text.strip():\n # 尝试解析为JSON(如果返回的是JSON格式)\n try:\n records = json.loads(records_text)\n if isinstance(records, list) and len(records) > 0:\n result = {\n \"status\": \"success\",\n \"domain\": domain,\n \"record_count\": len(records),\n \"records\": records,\n \"message\": f\"发现 {len(records)} 条DNS查询记录\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n else:\n result = {\n \"status\": \"no_records\",\n \"domain\": domain,\n \"records\": [],\n \"message\": \"暂无DNS查询记录,目标可能尚未触发DNS查询\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n except json.JSONDecodeError:\n # 如果不是JSON,按行分割\n records = [line.strip() for line in records_text.split(\"\\n\") if line.strip() and line.strip() != \"[]\"]\n if records:\n result = {\n \"status\": \"success\",\n \"domain\": domain,\n \"record_count\": len(records),\n \"records\": records,\n \"message\": f\"发现 {len(records)} 条DNS查询记录\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n else:\n result = {\n \"status\": \"no_records\",\n \"domain\": domain,\n \"records\": [],\n \"message\": \"暂无DNS查询记录\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n else:\n result = {\n \"status\": \"no_records\",\n \"domain\": domain,\n \"records\": [],\n \"message\": \"暂无DNS查询记录,目标可能尚未触发DNS查询\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n \n else:\n sys.stderr.write(f\"错误: 未知的操作类型 '{operation}',支持的操作: get_domain, get_records\\n\")\n sys.exit(1)\n\nexcept requests.RequestException as e:\n error_result = {\n \"status\": \"error\",\n \"message\": f\"请求失败: {str(e)}\",\n \"suggestion\": \"请检查网络连接或稍后重试\"\n }\n print(json.dumps(error_result, ensure_ascii=False, indent=2))\n sys.exit(1)\nexcept Exception as e:\n error_result = {\n \"status\": \"error\",\n \"message\": f\"执行出错: {str(e)}\"\n }\n print(json.dumps(error_result, ensure_ascii=False, indent=2))\n sys.exit(1)\n" + - "import sys\nimport requests\nimport json\nimport time\nimport os\nimport tempfile\n\nif len(sys.argv) < 2:\n sys.stderr.write(\"错误: 缺少操作类型参数 (get_domain 或 get_records)\\n\")\n sys.exit(1)\n\noperation = sys.argv[1]\nbase_url = \"http://dnslog.cn\"\n\n# 使用临时文件存储Cookie\ncookie_file = os.path.join(tempfile.gettempdir(), \"dnslog_cookie.txt\")\n\n# 创建session以保持Cookie\nsession = requests.Session()\n\n# 如果Cookie文件存在,加载Cookie\ntry:\n if os.path.exists(cookie_file):\n with open(cookie_file, 'r') as f:\n for line in f:\n if 'PHPSESSID' in line:\n session.cookies.set('PHPSESSID', line.strip().split('=')[1])\nexcept:\n pass\n\ntry:\n if operation == \"get_domain\":\n # 获取临时域名(这会设置Cookie)\n response = session.get(f\"{base_url}/getdomain.php\", timeout=10)\n response.raise_for_status()\n domain = response.text.strip().rstrip('%')\n \n # 保存Cookie到文件\n try:\n with open(cookie_file, 'w') as f:\n for cookie in session.cookies:\n f.write(f\"{cookie.name}={cookie.value}\\n\")\n except:\n pass\n \n if domain:\n result = {\n \"status\": \"success\",\n \"domain\": domain,\n \"message\": f\"成功获取临时域名: {domain}\",\n \"usage\": f\"使用此域名进行DNS查询测试,例如: nslookup {domain} 或 ping http://{domain}\",\n \"note\": \"域名有效期为24小时,请及时查询记录\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n else:\n print(json.dumps({\n \"status\": \"error\",\n \"message\": \"未能获取到域名,请稍后重试\"\n }, ensure_ascii=False, indent=2))\n sys.exit(1)\n \n elif operation == \"get_records\":\n # 获取DNS查询记录\n if len(sys.argv) < 3:\n sys.stderr.write(\"错误: get_records 操作需要提供域名参数\\n\")\n sys.exit(1)\n \n domain = sys.argv[2]\n wait_time = int(sys.argv[3]) if len(sys.argv) > 3 and sys.argv[3] else 0\n \n # 如果指定了等待时间,先等待\n if wait_time > 0:\n print(f\"等待 {wait_time} 秒后查询记录...\", file=sys.stderr)\n time.sleep(wait_time)\n \n # 加载Cookie(如果存在)\n try:\n if os.path.exists(cookie_file):\n with open(cookie_file, 'r') as f:\n for line in f:\n if 'PHPSESSID' in line:\n session.cookies.set('PHPSESSID', line.strip().split('=')[1])\n except:\n pass\n \n response = session.get(f\"{base_url}/getrecords.php\", params={\"t\": domain}, timeout=10)\n response.raise_for_status()\n records_text = response.text.strip().rstrip('%')\n \n if records_text and records_text != \"[]\" and records_text.strip():\n # 尝试解析为JSON(如果返回的是JSON格式)\n try:\n records = json.loads(records_text)\n if isinstance(records, list) and len(records) > 0:\n result = {\n \"status\": \"success\",\n \"domain\": domain,\n \"record_count\": len(records),\n \"records\": records,\n \"message\": f\"发现 {len(records)} 条DNS查询记录\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n else:\n result = {\n \"status\": \"no_records\",\n \"domain\": domain,\n \"records\": [],\n \"message\": \"暂无DNS查询记录,目标可能尚未触发DNS查询\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n except json.JSONDecodeError:\n # 如果不是JSON,按行分割\n records = [line.strip() for line in records_text.split(\"\\n\") if line.strip() and line.strip() != \"[]\"]\n if records:\n result = {\n \"status\": \"success\",\n \"domain\": domain,\n \"record_count\": len(records),\n \"records\": records,\n \"message\": f\"发现 {len(records)} 条DNS查询记录\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n else:\n result = {\n \"status\": \"no_records\",\n \"domain\": domain,\n \"records\": [],\n \"message\": \"暂无DNS查询记录\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n else:\n result = {\n \"status\": \"no_records\",\n \"domain\": domain,\n \"records\": [],\n \"message\": \"暂无DNS查询记录,目标可能尚未触发DNS查询\"\n }\n print(json.dumps(result, ensure_ascii=False, indent=2))\n \n else:\n sys.stderr.write(f\"错误: 未知的操作类型 '{operation}',支持的操作: get_domain, get_records\\n\")\n sys.exit(1)\n\nexcept requests.RequestException as e:\n error_result = {\n \"status\": \"error\",\n \"message\": f\"请求失败: {str(e)}\",\n \"suggestion\": \"请检查网络连接或稍后重试\"\n }\n print(json.dumps(error_result, ensure_ascii=False, indent=2))\n sys.exit(1)\nexcept Exception as e:\n error_result = {\n \"status\": \"error\",\n \"message\": f\"执行出错: {str(e)}\"\n }\n print(json.dumps(error_result, ensure_ascii=False, indent=2))\n sys.exit(1)\n" enabled: true short_description: "DNSlog工具,用于盲注、SSRF、XXE等无回显漏洞验证" description: |