zoukankan      html  css  js  c++  java

  • python dig 模拟—— DGA域名判定用

    #!/usr/bin/env python

import dns.resolver, sys


def get_domain_ip(domain):
    """Get the DNS record, if any, for the given domain."""
    dns_records = list()
    try:
        # get the dns resolutions for this domain
        dns_results = dns.resolver.query(domain)
        dns_records = [ip.address for ip in dns_results]
    except dns.resolver.NXDOMAIN as e:
        print "the domain does not exist so dns resolutions remain empty. domain:", domain
    except dns.resolver.NoAnswer as e:
        print "the resolver is not answering so dns resolutions remain empty, domain:", domain
    return dns_records



hostname = sys.argv[1]
print "Recursive name lookup (simulates dig)..."

n=hostname
try:
  while True:
    for rdata in dns.resolver.query(n, 'CNAME') :
      print n, "cname is", rdata
      n=rdata.target
except:
  print get_domain_ip(n)

    例如:

     python dig_ip.py 8264.com
    Recursive name lookup (simulates dig)...
    8264.com cname is qaz2d84guo7uz5q2.gfnormal01at.com.
    [u'121.29.18.91'] =>IP地址

    python dig_ip.py www.baidu.com
    Recursive name lookup (simulates dig)...
    www.baidu.com cname is www.a.shifen.com.
    www.a.shifen.com. cname is www.wshifen.com.
    [u'103.235.46.39', u'103.235.46.40'] =>IP地址

    来一个无查询结果的 DGA域名:

    python dig_ip.py s09xo3-l5domek9ck5ct3go4m.com
    Recursive name lookup (simulates dig)...
    the domain does not exist so dns resolutions remain empty. domain: s09xo3-l5domek9ck5ct3go4m.com
    []

    其中,dns.resolver.NoAnswer会在查询类别错误时候跑出此异常,例如:

    python dig_ip.py www.baidu.com
    Recursive name lookup (simulates dig)...
    www.baidu.com cname is www.a.shifen.com.
    www.a.shifen.com. cname is www.wshifen.com.
    The DNS response does not contain an answer to the question: www.wshifen.com. IN CNAME

    最后重构下代码:

    #!/usr/bin/env python

import dns.resolver, sys


def get_domain_ip(domain):
    """Get the DNS record, if any, for the given domain."""
    dns_records = list()
    try:
        # get the dns resolutions for this domain
        dns_results = dns.resolver.query(domain)
        dns_records = [ip.address for ip in dns_results]
    except dns.resolver.NXDOMAIN as e:
        print "the domain does not exist so dns resolutions remain empty. domain:", domain
    except dns.resolver.NoAnswer as e:
        print "the resolver is not answering so dns resolutions remain empty, domain:", domain
    return dns_records



def dig_ip(n):
    try:
        while True:
            for rdata in dns.resolver.query(n, 'CNAME') :
                print n, "cname is", rdata
                n=rdata.target
    except Exception as e:
        print e
        return get_domain_ip(n)

if __name__ == "__main__":
    print "Recursive name lookup (simulates dig)..."
    print dig_ip(sys.argv[1])
  • 相关阅读:
    关于Django
    Django
    如何在六个月掌握一门外语
    基础术语
    机器学习
    2018-01-05 通用型的中文编程语言探讨之一: 高考
    2018-01-04 浅尝The Little Prover一书, 重逢Chez Scheme
    2018-01-03 烂尾工程: Java实现的汇编语言编译器
    2018-01-03 中文编程专栏月报:2017年12月
    2017-12-26 Java关键字的汉化用词探讨
  • 原文地址:https://www.cnblogs.com/bonelee/p/8675078.html
Copyright © 2011-2022 走看看