免费、自由、人人可编辑的漏洞库--pwnwiki.com
,
POC
#!/usr/bin/env python
###########################################
# Unrestricted DNS Zone Transfer Checker #
# CVE-1999-0532 #
# Researcher: Joel A. Ossi #
###########################################
import urllib2
import time
f = open('domains.txt', 'r') # text file containing the URLS
for line in f:
print("")
print ('Checking: ' + line)
try:
# the API File you can get in one of my other repository's
dns = urllib2.urlopen("https://yourwebsite.com/zonetransfer/index.php?q=" + line).read()
time.sleep(3) # small interval to prevent WAF Blockade.
if 'connection timed out; no servers could be reached' in dns:
print('- Transfer Failed. Reason: DNS Server Connection Timed-Out')
elif 'Transfer failed' in dns:
print("- Transfer failed. Reason: Denied")
elif 'Error occured while' in dns:
print('- Error: Unknown, Reason: Error occured while getting DNS records')
elif 'XFR size' in dns:
print ("+ VULNERABLE TARGET FOUND: " + line)
with open('vulnerable.txt', 'a') as vulnerables:
vulnerables.write(line + '\n')
else:
print ("- Unknown Error, Blank Page Returned ")
except urllib2.HTTPError, e:
print ('- Transfer Failed, Reason: Error ' + str(e.code))
except urllib2.URLError, e:
print('- Connection failed, Reason: ' + str(e.code))
PWNWIK.COM==免费、自由、人人可编辑的漏洞库
