-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathdomainTakeover.py
103 lines (97 loc) · 3.53 KB
/
domainTakeover.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#!/usr/bin/python
# -*- coding:utf-8 -*-
import dns.resolver
import requests
import json
import re
import threading
import time
import inspect
import ctypes
from tld import get_tld
#tld,dnspython,requests
class ThreadPool:
def __init__(self, size, timeout):
self._size = size
self._timeout = timeout
def _async_raise(self, tid, exctype):
"""raises the exception, performs cleanup if needed"""
tid = ctypes.c_long(tid)
if not inspect.isclass(exctype):
exctype = type(exctype)
res = ctypes.pythonapi.PyThreadState_SetAsyncExc(tid,
ctypes.py_object(
exctype))
if res == 0:
raise ValueError("invalid thread id")
elif res != 1:
ctypes.pythonapi.PyThreadState_SetAsyncExc(tid, None)
raise SystemError("PyThreadState_SetAsyncExc failed")
def _stop_thread(self, thread):
self._async_raise(thread.ident, SystemExit)
def start(self, func, task, data):
record = dict()
while len(task) or len(record) > 0: #任务必须有 记录线程
while len(record) < self._size and len(task) > 0:
item = task.pop()
t = threading.Thread(target=func, args=(item, data,))
t.start()
record[t.getName()] = {'thread': t, 'time': time.time(),'data':item} #记录
dellist = []
for k, v in record.items():
print('检测:' + k)
if v['thread'].isAlive():
if time.time() - v['time'] > self._timeout:
self._stop_thread(v['thread'])
dellist.append(k)
else:
dellist.append(k)
time.sleep(1)
for dl in dellist:
del (record[dl])
def takeover(domain):
n = 0
if domain:
domain = "http://" + domain[:-1]
url = get_tld(domain, as_object=True)
while True:
try:
r = requests.get(
'https://checkapi.aliyun.com/check/checkdomain?domain={0}&command=&token=Y3d83b57bc8aca0f156381976a6171f4a&ua=¤cy=&site=&bid=&_csrf_token=&callback=jsonp_1569557125267_14652'.format(
url.fld), timeout=5).text
if str(json.loads(re.match(".*?({.*}).*", r, re.S).group(1))['module'][0]['avail']) == '1':
return True
else:
return False
except Exception as e:
print e
n = n + 1
if n >= 3:
break
else:
continue
def main(domain, data):
try:
cn = dns.resolver.query(domain, 'CNAME')
for list in cn.response.answer:
for cname in list.items:
judge = takeover(cname.to_text())
if judge:
data.append(domain + "|" + str(judge))
return judge
except:
return False
if __name__ == '__main__':
f = open(r'domain.txt', 'rb')
final_domain_list = []
for line in f.readlines():
final_domain = line.strip('\n')
if final_domain.strip():
final_domain_list.append(final_domain)
data = []
pool = ThreadPool(20, 300)
pool.start(main, final_domain_list, data)
if len(data) >0:
with open(r'TakeoverResult.txt', 'ab+') as ff:
for i in data:
ff.write(i + '\n')