GithubHelp home page GithubHelp logo

dnslog's Introduction

DNSLog

别的轮子实在是用不懂,于是就借鉴+写了个简单的。主要用于漏洞验证。

主要提供以下两个功能:

  1. python manager.py 0.0.0.0:80 一键部署,包括DNS服务器。因此只需要在申请域名的地方设置好DNS解析路径。

  2. 提供/api/verify?q=域名接口,如果该域名确实被访问过,则返回{'data': 'Yes'},否则返回{'data': 'No'}

  3. 提供JWTToken 认证,只允许认证的人使用/api/verify?q=域名接口

  4. 记得修改logger.pyscripts/logger.py中的主机IP,修改为 dnslog主机IP

部署步骤

两种部署方案:一种是直接裸奔上 python manager.py makemigrations, python manager.py migrate, python manager.py 0.0.0.0:80,坏处是静态文件找不到,admin界面难看;另一种则是通过Apache部署,这里直接介绍第二种。

部署主机是在Ubuntu 18上:

  1. 安装apache2以及相关组件:apt-get install apache2 libapache2-mod-wsgi-py3
  2. 安装virtualenv:pip3 install virtualenv
  3. 将改项目放在 /var/www
  4. /var/www/dnslog 下运行 virtualenv env,并运行 source /var/www/dnslog/env/bin/activate
  5. /var/www/dnslog/dnslog 下运行 pip install -r req.tt
  6. 修改/var/www/dnslog/dnslog/dnslog/setting.py 中的 ALLOWED_HOSTS = [] 改为 ALLOWED_HOSTS = ['dnslog主机IP'],以及DEBUG=True改为DEBUG=False
  7. 配置apache, vim /etc/apache2/sites-avaliable/000-default.conf 添加如下行:
<VirtualHost *:80>
        Alias /static /var/www/dnslog/dnslog/dnslog/static
        <Directory /var/www/dnslog/dnslog/dnslog/static>
                Require all granted
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        WSGIScriptAlias / /var/www/dnslog/dnslog/dnslog/wsgi.py
        WSGIDaemonProcess dnslog python-path=/var/www/dnslog/dnslog/ python-home=/var/www/dnslog/env
        WSGIProcessGroup dnslog
        WSGIPassAuthorization On
        <Directory /var/www/dnslog/dnslog/dnslog>
        <Files wsgi.py>
                Require all granted
        </Files>
        </Directory>
</VirtualHost>
  1. 运行python manager.py makemigrations, python manager.py migrate, python manager.py collectstatic
  2. 运行 chown -R www-data:www-data /var/www/dnslog
  3. 运行service apache start
  4. 由于apache是www-data权限,无法绑定端口,手动运行nohup python manager.py runscript logger开启dns记录
  5. 搞定

关于DNS解析的配置

我是在阿里云上整的。所以这里只提供阿里云的配置方法。

1. 在阿里云上买个域名。
2. 在 `云解析DNS/域名解析/解析设置 `里面设置两个记录
	2.1、ns	A `你的dnslog主机IP`
	2.2、*	A `你的dnslog主机IP`
3. 在 `自定义DNS Host`中设置你的 `dnslog主机IP`
4. 在 `DNS修改` 中添加两条DNS解析路径,第一个用你的`dnslog主机IP`,第二个选个能用的就行。
5. 以上四步就搞定了。

使用步骤

  1. 运行 python manager.py createsuperuser 新建一个账户。
  2. api/user/login 处登录获取JWTToken,Token有效期无限
  3. 在header中加一个Authorization: JWT xxxxx,其中xxxxx为第二步获得的token,访问/api/verify?q=域名获知靶机是否执行命令。

PS:如果是想利用DNSLog带数据出来,可以在admin/,利用新建的账户登录,在dns log标签下就是近期所有的dns请求列表。

dnslog's People

Contributors

kai5174 avatar

Stargazers

avatar

Watchers

avatar avatar

Forkers

xiaoc94

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.