python dig 模拟—— DGA域名判定用
#!/usr/bin/env python import dns.resolver, sys def get_domain_ip(domain): """Get the DNS record, if any, for the given domain.""" dns_records = list() try: # get the dns resolutions for this domain dns_results = dns.resolver.query(domain) dns_records = [ip.address for ip in dns_results] except dns.resolver.NXDOMAIN as e: print "the domain does not exist so dns resolutions remain empty. domain:", domain except dns.resolver.NoAnswer as e: print "the resolver is not answering so dns resolutions remain empty, domain:", domain return dns_records hostname = sys.argv[1] print "Recursive name lookup (simulates dig)..." n=hostname try: while True: for rdata in dns.resolver.query(n, 'CNAME') : print n, "cname is", rdata n=rdata.target except: print get_domain_ip(n)
例如:
python dig_ip.py 8264.com
Recursive name lookup (simulates dig)...
8264.com cname is qaz2d84guo7uz5q2.gfnormal01at.com.
[u'121.29.18.91'] =>IP地址
python dig_ip.py www.baidu.com
Recursive name lookup (simulates dig)...
www.baidu.com cname is www.a.shifen.com.
www.a.shifen.com. cname is www.wshifen.com.
[u'103.235.46.39', u'103.235.46.40'] =>IP地址
来一个无查询结果的 DGA域名:
python dig_ip.py s09xo3-l5domek9ck5ct3go4m.com
Recursive name lookup (simulates dig)...
the domain does not exist so dns resolutions remain empty. domain: s09xo3-l5domek9ck5ct3go4m.com
[]
其中,dns.resolver.NoAnswer会在查询类别错误时候跑出此异常,例如:
python dig_ip.py www.baidu.com
Recursive name lookup (simulates dig)...
www.baidu.com cname is www.a.shifen.com.
www.a.shifen.com. cname is www.wshifen.com.
The DNS response does not contain an answer to the question: www.wshifen.com. IN CNAME
最后重构下代码:
#!/usr/bin/env python import dns.resolver, sys def get_domain_ip(domain): """Get the DNS record, if any, for the given domain.""" dns_records = list() try: # get the dns resolutions for this domain dns_results = dns.resolver.query(domain) dns_records = [ip.address for ip in dns_results] except dns.resolver.NXDOMAIN as e: print "the domain does not exist so dns resolutions remain empty. domain:", domain except dns.resolver.NoAnswer as e: print "the resolver is not answering so dns resolutions remain empty, domain:", domain return dns_records def dig_ip(n): try: while True: for rdata in dns.resolver.query(n, 'CNAME') : print n, "cname is", rdata n=rdata.target except Exception as e: print e return get_domain_ip(n) if __name__ == "__main__": print "Recursive name lookup (simulates dig)..." print dig_ip(sys.argv[1])
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· DeepSeek 开源周回顾「GitHub 热点速览」