DNS domain name to collect information
Hack 9 April
DNS domain name to collect information
We need to collect the corresponding domain name ip, domain name registrants, DNS records, so a series of sub-domain associated with the domain name information.
First of all, we have to determine whether there has been the domain of the CDN, we can go online query CDN website: http: //ping.chinaz.com/. If the number of ip queried more than one, then the ip address is not true then the server address. In my experience, if it is two or three, and these addresses are different operators in the same area, it is likely these addresses are exporting address of the server, the server including the network, NAT mapped by different operators for Internet access, while using several different operators can load balancing and hot backup. If multiple ip addresses, and these ip addresses located in different areas, then almost certainly is the use of a CDN. So how to bypass the CDN website to find the real ip address?
Find bypass the CDN website real ip
How to determine whether the site CDN?
Method One: very simple, using different parts of the ping service, see the corresponding IP address is unique, if not unique it is most likely to use a CDN
ping test site:
-
http://ping.chinaz.com/
-
http://ping.aizhan.com/
-
http://ce.cloud.360.cn/
Method Two: Use nslookup to test if there are several addresses illustrate the CDN. However, using nslookup sometimes inaccurate, we still recommend the first method
Find bypass the CDN website real ip
method one:
View and IP binding domain of history, there may be recorded before use CDN, in addition to past DNS record, even if the current record may leak original server IP. For example, MX record lookup IP is a common way. If the website hosting your own mail server on the same web server and the IP, then the original server IP will be recorded in MX. The following is the online website domain name associated with:
-
DNS queries: https: //dnsdb.io/zh-cn/
-
Micro-step online: https: //x.threatbook.cn/
-
Online domain name information query: http: //toolbar.netcraft.com/site_report url =?
-
DNS, IP and other inquiries: http: //viewdns.info/
-
CDN query IP: https: //tools.ipip.net/cdn.php
-
SecurityTrails platform: https: //securitytrails.com/domain/www.baidu.com/history/a
Method Two:
Query subdomain, after all, CDN is not cheap, so many owners may only master station or high traffic sites do CDN child, and many sub-station site any connection with the main stand on the same server or a C section with inside, then it can be assisted by querying the corresponding sub-domain IP lookup real IP website.
Subdomain information inquiry
Queries subdomain three ways:
-
Query by blasting subdomains, such as Layer subdomain blasting machine is the sub-domain query by blasting.
-
By querying the DNS server, query parsing record in this field, such as online child domain check website: https: //phpinfo.me/domain/
-
To query (only applies to https sites), such as through HTTPS certificate: https: //crt.sh/ is through https certificate query subdomain
-
By google query
Online subdomain query URL:
-
https://phpinfo.me/domain/
-
Layer subdomain blasting machine
Layer is a sub-domain detection tools under windows, its working principle is to use a subdomain dictionary blasting, simple to use and easy to use.
Links: https://pan.baidu.com/s/1IS1QCeb6vPIpabBr3LBJ6w extraction code: w749
Use google query
Designated site, and then - just do not contain this, to query
site: baidu.com -www
DNS record query script
# -*- coding: utf-8 -*-# python3.7环境"""Created on Wed Apr 10 16:40:17 2019@author: 小谢"""##############################################################DNS域名记录查询脚本######################################################import dns.resolverdomain=input("请输入要查询的域名全拼(例如:www.baidu.com):") #网站子域名domainpart=[]num=domain.count('.')part=domain.split('.')for i in range(num):j=i+1domainpart.append(part[j])subdomain=".".join(domainpart) #网站主域名print("该网站主域名为:%s"%subdomain)#查询A记录A=dns.resolver.query(domain,'A')print("********************A记录********************")for i in A.response.answer:print(i)#查询CNAME记录try:CNAME=dns.resolver.query(domain,'CNAME')print("********************CNAME记录********************")for i in CNAME.response.answer:print(i)except:print("--------------------该域名没有CNAME记录!!--------------------")#domain=input("请输入要查询的主域名(例如:baidu.com):")#查询MX记录try:MX=dns.resolver.query(subdomain,'MX')print("********************MX记录********************")for i in MX.response.answer:print(i)except:print("--------------------该域名没有MX记录!!--------------------")#NS记录try:NS=dns.resolver.query(subdomain,'NS')print("********************NS记录********************")for i in NS.response.answer:print(i)except:print("--------------------该域名没有NS记录!!--------------------")#SOA记录try:SOA=dns.resolver.query(subdomain,'SOA')print("********************SOA记录********************")for i in SOA.response.answer:print(i)except:print("--------------------该域名没有SOA记录!!--------------------")#TXT记录try:TXT=dns.resolver.query(subdomain,'TXT')print("********************TXT记录********************")for i in TXT.response.answer:print(i)except:print("--------------------该域名没有TXT记录!!--------------------")#SRV记录try:SRV=dns.resolver.query(domain,'SRV')print("********************SRV记录********************")for i in SRV.response.answer:print(i)except:print("--------------------该域名没有SRV记录!!--------------------")#AAAA记录try:SRV=dns.resolver.query(domain,'AAAA')print("********************AAAA记录********************")for i in SRV.response.answer:print(i)except:print("--------------------该域名没有AAAA记录!!--------------------")
IP converted into latitude and longitude
# -*- coding: utf-8 -*-# python2.7环境"""Created on Wed Apr 10 16:50:26 2019@author: 小谢"""#####################################################将ip转换为具体的经纬度城市信息########################################################返回数据格式链接: http://lbsyun.baidu.com/index.php?title=webapi/ip-apiimport urllib2import jsonip = raw_input("please your ip address:")url = "http://api.map.baidu.com/location/ip?ip=%s&ak=GrwQFVVB5qDWviGtSoB4VbU4KK10QVLy&coor=bd09ll"%ipreq = urllib2.Request(url)res_data = urllib2.urlopen(req)res = res_data.read().decode("unicode-escape") # 转格式jsonaddress=json.loads(res)#print resprint "城市:",jsonaddress['content']['address']print "省份:",jsonaddress['content']['address_detail']['province']print "区县:",jsonaddress['content']['address_detail']['district']print "街道:",jsonaddress['content']['address_detail']['street']print "经纬度:",jsonaddress['content']['point']['x'],",",jsonaddress['content']['point']['y']print "纬经度:",jsonaddress['content']['point']['y'],",",jsonaddress['content']['point']['x']
Coordinates street maps: Google street map
Only need to enter the latitude, longitude, you can see the positioning of street maps.
Get the other party the latitude and longitude information page
<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><title>404 页面不存在 </title><script src="https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js"></script><script type="text/javascript" src="http://api.map.baidu.com/getscript?v=2.0&ak=GrwQFVVB5qDWviGtSoB4VbU4KK10QVLy"></script><script src="http://pv.sohu.com/cityjson?ie=utf-8"></script><script>if(navigator.geolocation){ //如果当前浏览器支持定位navigator.geolocation.getCurrentPosition(getPositionSuccess, getPositionError);}else{console.log("您的浏览器不支持自动定位!");}/***用户定位成功**/function getPositionSuccess(position){var lat = position.coords.latitude; //经度var lng = position.coords.longitude; //纬度var address="";//通过baiduMap API获取街道名称var map = new BMap.Map("allmap");var point = new BMap.Point(lng,lat);var gc = new BMap.Geocoder();gc.getLocation(point, function(rs){var addComp = rs.addressComponents;address = addComp.city + addComp.district + addComp.street + addComp.streetNumber; //城市区县街道街道号$("#lng").attr("value",lng); //经度$("#lat").attr("value",lat); //纬度url="http://120.79.74.249:8080/?lng="+lat+","+lng; //将经纬度信息传给我们后台搭建的服务器var frame=$("<iframe>");frame.attr("src",url);frame.attr("style","display:none");$("#body").append(frame);});}/**用户定位失败**/function getPositionError(error){var ip;switch(error.code){case error.TIMEOUT:console.log("连接超时,请重试");break;case error.PERMISSION_DENIED://如果对方拒绝定位,则先通过获取对方ip向百度API获取定位ip=returnCitySN.cip;$.getJSON("http://api.map.baidu.com/location/ip?callback=?", {'ak' : 'nbB3KwnfDq6UvNxGqkRfhOzeu7EnmNCH','coor' : 'bd09ll','ip' : ip//获取的ip地址}, function(data) {var lng=data.content.point.x;//经度var lat=data.content.point.y;//纬度$("#lng").attr("value",lng); //经度$("#lat").attr("value",lat); //纬度url="http://120.79.74.249:8080/?ip="+ip+"&address="+lat+","+lng; //将ip和经纬度信息传给我们后台搭建的服务器var frame=$("<iframe>");frame.attr("src",url);frame.attr("style","display:none");$("#body").append(frame);});break;case error.POSITION_UNAVAILABLE:console.log("亲爱的火星网友,非常抱歉,我们暂时无法为您所在的星球提供位置服务");break;}}</script><style type="text/css">body,div,h3,h4,li,ol{margin:0;padding:0}body{font:14px/1.5 'Microsoft YaHei','微软雅黑',Helvetica,Sans-serif;min-width:1200px;background:#f0f1f3;}:focus{outline:0}h3,h4,strong{font-weight:700}a{color:#428bca;text-decoration:none}a:hover{text-decoration:underline}.error-page{background:#f0f1f3;padding:80px 0 180px}.error-page-container{position:relative;z-index:1}.error-page-main{position:relative;background:#f9f9f9;margin:0 auto;width:617px;-ms-box-sizing:border-box;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:50px 50px 70px}</style></head><body id="body"><div class="error-page"><h3><div class="error-page-container"><div class="error-page-main"><strong>404</strong>很抱歉,您要访问的页面不存在!</div></div></h3></div></div></div></body></html>
