CN112272192A - Domain name blasting method and device, storage medium and electronic equipment - Google Patents
Domain name blasting method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN112272192A CN112272192A CN202011290918.6A CN202011290918A CN112272192A CN 112272192 A CN112272192 A CN 112272192A CN 202011290918 A CN202011290918 A CN 202011290918A CN 112272192 A CN112272192 A CN 112272192A
- Authority
- CN
- China
- Prior art keywords
- domain name
- processor
- blasting
- data packet
- blasted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000005422 blasting Methods 0.000 title claims abstract description 78
- 238000000034 method Methods 0.000 title claims abstract description 52
- 230000005540 biological transmission Effects 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 5
- 230000009172 bursting Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 15
- 230000006870 function Effects 0.000 description 9
- 230000008569 process Effects 0.000 description 7
- 230000009471 action Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 3
- 238000001914 filtration Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000035515 penetration Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 102100026278 Cysteine sulfinic acid decarboxylase Human genes 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 108010064775 protein C activator peptide Proteins 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
In the domain name blasting method, the domain name blasting device, the storage medium and the electronic equipment, a processor transmits a query packet to a network card through an independent interface, wherein the query packet comprises a target identifier, a domain name to be blasted and an address of a target DNS (domain name server); the processor acquires a data packet transmitted by the network card and fed back by the target DNS server; and the processor analyzes the data packet containing the target identifier to obtain a blasting result matched with the domain name to be blasted, wherein the blasting result contains the IP address corresponding to the domain name to be blasted. Because the independent interface is independent of the operating system, the sending of the query packet and the receiving of the data packet do not pass through the operating system, and identifiers in the operating system are not occupied. And the packet can be sent continuously without setting waiting time, and the purpose of quick packet sending is realized.
Description
Technical Field
The application relates to the field of internet, in particular to a domain name blasting method, a domain name blasting device, a storage medium and electronic equipment.
Background
The sub-domain name collection is a necessary means for information collection in the penetration test process, and the common way for sub-domain name collection is to acquire all existing domain names and corresponding addresses in the DNS server. Generally, a series of query messages are sent to the DNS server by traversing the dictionary, and after receiving the query messages, the DNS server returns messages if the corresponding domain name exists, and returns messages if the domain name does not exist, and the whole process is called DNS blasting.
In the prior art, after sending a request packet, an operating system waits for a corresponding time for receiving a message fed back by a DNS server until a response is overtime, resulting in a slow blasting speed. The corresponding time is required to be waited for receiving the return packet, so that the operating system sends 1000-3000 request packets at most every second. Meanwhile, when DNS blasting is performed, a large number of system descriptors are occupied, and a system network is affected.
Disclosure of Invention
An object of the present application is to provide a domain name blasting method, device, storage medium, and electronic apparatus, so as to at least partially improve the above problems.
In order to achieve the above purpose, the embodiments of the present application employ the following technical solutions:
in a first aspect, an embodiment of the present application provides a domain name blasting method, where the method includes:
the processor transmits a query packet to the network card through the independent interface, wherein the query packet comprises a target identifier, a domain name to be blasted and an address of a target DNS server;
the processor acquires a data packet which is transmitted by the network card and fed back by the target DNS server;
and the processor analyzes the data packet containing the target identifier to obtain a blasting result matched with the domain name to be blasted, wherein the blasting result contains the IP address corresponding to the domain name to be blasted.
In a second aspect, an embodiment of the present application provides a domain name blasting device, where the device includes:
the system comprises a transmission unit, a network card and a server, wherein the transmission unit is used for transmitting a query packet to the network card by a processor through an independent interface, and the query packet comprises a target identifier, a domain name to be blasted and an address of a target DNS (domain name server);
the transmission unit is further configured to acquire, by the processor, a data packet fed back by the target DNS server and transmitted by the network card;
and the processing unit is used for analyzing the data packet containing the target identifier by the processor to obtain a blasting result matched with the domain name to be blasted, wherein the blasting result contains the IP address corresponding to the domain name to be blasted.
In a third aspect, the present application provides a storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the method described above.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: a processor and memory for storing one or more programs; the one or more programs, when executed by the processor, implement the methods described above.
Compared with the prior art, in the domain name blasting method, the domain name blasting device, the storage medium and the electronic equipment provided by the embodiment of the application, the processor transmits the query packet to the network card through the independent interface, wherein the query packet comprises the target identifier, the domain name to be blasted and the address of the target DNS server; the processor acquires a data packet transmitted by the network card and fed back by the target DNS server; and the processor analyzes the data packet containing the target identifier to obtain a blasting result matched with the domain name to be blasted, wherein the blasting result contains the IP address corresponding to the domain name to be blasted. Because the independent interface is independent of the operating system, the sending of the query packet and the receiving of the data packet do not pass through the operating system, and identifiers in the operating system are not occupied. And the packet can be sent continuously without setting waiting time, and the purpose of quick packet sending is realized.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and it will be apparent to those skilled in the art that other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of a domain name blasting method according to an embodiment of the present application;
FIG. 3 is a partial schematic diagram of a query package provided by an embodiment of the present application;
FIG. 4 is a partial schematic diagram of a data packet provided by an embodiment of the present application;
FIG. 5 is a partial schematic view of the blasting results provided in the examples of the present application;
fig. 6 is another schematic flow chart of a domain name blasting method according to an embodiment of the present application;
fig. 7 is another schematic flow chart of a domain name blasting method according to an embodiment of the present application;
fig. 8 is another schematic flow chart of a domain name blasting method according to an embodiment of the present application;
FIG. 9 is a diagram of a query field provided in an embodiment of the present application;
fig. 10 is a schematic unit diagram of a domain name blasting device according to an embodiment of the present application.
In the figure: 10-a processor; 11-a memory; 12-a bus; 13-network card; 201-a transmission unit; 202-processing unit.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the description of the present application, it should be noted that the terms "upper", "lower", "inner", "outer", and the like indicate orientations or positional relationships based on orientations or positional relationships shown in the drawings or orientations or positional relationships conventionally found in use of products of the application, and are used only for convenience in describing the present application and for simplification of description, but do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed in a specific orientation, and be operated, and thus should not be construed as limiting the present application.
In the description of the present application, it is also to be noted that, unless otherwise explicitly specified or limited, the terms "disposed" and "connected" are to be interpreted broadly, e.g., as being either fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
The sub-domain name collection is a necessary means for information collection in the penetration test process, and the common way for sub-domain name collection is to acquire all existing domain names and corresponding addresses in the DNS server. Generally, a series of query messages are sent to the DNS server by traversing the dictionary, and after receiving the query messages, the DNS server returns messages if the corresponding domain name exists, and returns messages if the domain name does not exist, and the whole process is called DNS blasting. In the prior art, after sending a request packet, an operating system waits for a corresponding time for receiving a message fed back by a DNS server until a response is overtime, resulting in a slow blasting speed. The corresponding time is required to be waited for receiving the return packet, so that the operating system sends 1000-3000 request packets at most every second. Meanwhile, when DNS blasting is performed, a large number of system descriptors are occupied, and a system network is affected.
This application is through providing an use pcap bottom to send out the package, modifies the partial information of DNS package, reaches the purpose of sending data package and receiving data package, sends simultaneously and receives two kinds of action separation, makes the chartered plane speed of DNS blasting obtain very big promotion, for prior art, speed can promote 100 times.
In the embodiment of the present application, a Domain Name System (DNS) is a service of the internet. The DNS namesystem, which is a distributed database that maps domain names and IP addresses to each other, enables users to more conveniently access the internet. DNS uses TCP and UDP ports. Currently, the limit for the length of the domain name at each level is 63 characters, and the total length of the domain name cannot exceed 253 characters. The DNS blasting refers to sending a request to a DNS server multiple times by an enumeration method to obtain a domain name. The PCAP is an API (application programming interface) captured by a user layer packet independent of an operating system, and provides a portable framework for monitoring of an underlying network.
The embodiment of the application provides an electronic device which can be a server or other computer equipment. Please refer to fig. 1, a schematic structural diagram of an electronic device. The electronic device comprises a processor 10, a memory 11, a bus 12. The processor 10 and the memory 11 are connected by a bus 12, and the processor 10 is configured to execute an executable module, such as a computer program, stored in the memory 11.
The processor 10 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the domain name blasting method may be performed by an integrated logic circuit of hardware or an instruction in the form of software in the processor 10. The Processor 10 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
The Memory 11 may comprise a high-speed Random Access Memory (RAM) and may further comprise a non-volatile Memory (non-volatile Memory), such as at least one disk Memory.
The bus 12 may be an ISA (Industry Standard architecture) bus, a PCI (peripheral Component interconnect) bus, an EISA (extended Industry Standard architecture) bus, or the like. Only one bi-directional arrow is shown in fig. 1, but this does not indicate only one bus 12 or one type of bus 12.
The memory 11 is used for storing programs, such as programs corresponding to the domain name blasting device. The domain name blasting apparatus includes at least one software function module which may be stored in the memory 11 in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the electronic device. The processor 10 executes the program to implement the domain name blasting method after receiving the execution instruction.
Possibly, the electronic device provided in the embodiment of the present application further includes a network card 13. The network card 13 is connected to the processor 10 via a bus. The processor 10 may communicate with other servers (DNS servers) via the network card 13.
It should be understood that the structure shown in fig. 1 is merely a structural schematic diagram of a portion of an electronic device, which may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
The domain name blasting method provided in the embodiment of the present invention can be applied to, but is not limited to, the electronic device shown in fig. 1, and please refer to fig. 2:
s101, the processor transmits a query packet to the network card through the independent interface.
The query packet comprises a target identifier, a domain name to be blasted and an address of a target DNS server.
Alternatively, the separate interface may be understood as an interface not associated with the operating system of the electronic device. Because the network card and the operating system are independent, the network card is written in for sending packets in information transmission, and waiting time after the query packet is sent in the operating system is not needed.
And S104, the processor acquires the data packet fed back by the target DNS server transmitted by the network card.
And S109, the processor analyzes the data packet containing the target identifier to obtain a blasting result matched with the domain name to be blasted.
And the blasting result comprises the IP address corresponding to the domain name to be blasted.
Optionally, the query packet includes a UDP data segment, and the target identifier is a flag bit of the UDP data segment; or the query packet includes the DNS data segment, and the destination identifier is an ID field of the DNS data segment, but the query packet may also include the UDP data segment and the DNS data segment, and the destination identifier also includes the flag bit of the UDP data segment and the ID field of the DNS data segment. Referring to fig. 3 and 4, fig. 3 and 4 are a partial schematic diagram of a query packet and a partial schematic diagram of a data packet, respectively. Wherein, Source Port represents the flag bit of UDP data segment, and transaction ID represents the ID field of DNS data segment. The value range of the zone bit of the UDP data segment is 1-65535, and the value range of the ID field of the DNS data segment is 1-65535. Optionally, setting the flag bit of the UDP data segment and/or the ID field of the DNS data segment to a specific value may serve as an identification function. For example, the flag bit of the UDP data segment is 10000, and the ID field of the DNS data segment is set to 0X 0064.
To sum up, in the domain name blasting method provided in the embodiment of the present application, the processor transmits a query packet to the network card through the independent interface, where the query packet includes the target identifier, the domain name to be blasted, and the address of the target DNS server; the processor acquires a data packet transmitted by the network card and fed back by the target DNS server; and the processor analyzes the data packet containing the target identifier to obtain a blasting result matched with the domain name to be blasted, wherein the blasting result contains the IP address corresponding to the domain name to be blasted. Because the independent interface is independent of the operating system, the sending of the query packet and the receiving of the data packet do not pass through the operating system, and identifiers in the operating system are not occupied. And the packet can be sent continuously without setting waiting time, and the purpose of quick packet sending is realized.
Alternatively, as for the independent interface involved in the above embodiments, a Pcap interface (also referred to as Libpcap) may be employed. The reason for this is that Libpcap is a network data packet capture database under the Unix/Linux platform. The system is a user-level data packet capturing API interface independent of the system, and a portable framework is provided for monitoring of an underlying network. The working principle is as follows: a packet capture mechanism comprises three main parts, namely a packet capture engine facing to a bottom layer, a data packet filter facing to a middle layer and a user interface facing to an application layer. The Linux operating system processes the data packet from bottom to top, sequentially passes through a network interface card, a network card driver layer, a data link layer, an IP layer and a transmission layer, and finally reaches an application program. Libpcap is also based on the principle, and the capture mechanism of the Libpcap does not influence the processing of a network protocol stack to a data packet in a Linux operating system. For an application program, the Libpcap packet capturing mechanism only provides a uniform API interface, and a user can capture an interested data packet by simply calling a plurality of functions according to a related programming flow.
The user API is a programming interface provided by the Libpcap upper-layer application program, and a user realizes the capture or transmission of the data packet by calling a related function. Specifically, the operating principle of Libpcap can be described as that when a packet arrives at the network card, Libpcap uses the created socket to obtain a copy of the packet from the link layer driver, i.e. a bypass mechanism, and sends the packet to the BPF filter through the Tap function. And the BPF filter performs one-by-one matching on the data packets according to filtering which is defined by a user, if the matching is successful, the data packets are put into a kernel buffer area and transmitted to a user buffer area, and if the matching is failed, the data packets are directly discarded. If no filtering rules are set, all packets are placed in the kernel buffer and passed to the user buffer.
Specifically, the query packet is written into the network card by using the Pcap interface, and the packet is sent. Optionally, another monitoring thread (possibly, another Pcap interface) is started for monitoring the network card while sending the data packet, so as to separate sending from receiving, thereby greatly improving the speed. Because the data is directly written into the network card for packet transmission, the waiting time after the query packet is transmitted in the operating system is not needed, the speed per second can reach 300,000/s, and the speed is increased by 100 times.
For the blasting result in fig. 2, the embodiment of the present application further provides a possible implementation manner, please refer to fig. 5, and fig. 5 is a partial schematic diagram of the blasting result.
As shown in fig. 5, the domain name to be blasted is www.baidu.com, the domain name to be blasted is resolved to www.a.shifen.com, and www.a.shifen.com is again resolved to www.wshifen.com. www.wshifen.com have corresponding IP addresses 104.193.88.77 and 104.193.88.123. The IP addresses of domain name to be blasted www.baidu.com are 104.193.88.77 and 104.193.88.123.
On the basis of fig. 2, regarding how the processor 10 obtains the data packet, the embodiment of the present application further provides a possible implementation manner, please refer to fig. 6, where the domain name bursting method further includes:
s102, the network card transmits the query packet to the target DNS server and receives the data packet fed back by the target DNS server.
S103, the network card transmits the data packet to the processor.
Specifically, the network card 13 transmits all the received data packets to the processor 10 through another set of listening threads.
On the basis of fig. 2, regarding how to obtain a blasting result, a possible implementation manner is further provided in the embodiment of the present application, please refer to fig. 7, where the domain name blasting method further includes:
s107, the processor judges whether the data packet has a blasting result. If yes, executing S109; if not, go to S108.
Specifically, whether a blasting interface exists can be judged by acquiring a DNS response field ANCount. If ANCount is greater than 0, the domain name exists, and step S109 is executed, otherwise, the domain name does not exist, and step S108 is executed.
S108, the processor determines that the domain name to be blasted does not exist in the target DNS server.
On the basis of fig. 2, regarding how to obtain a blasting result quickly, a possible implementation manner is further provided in the embodiment of the present application, please refer to fig. 8, where the domain name blasting method further includes:
s105, the processor judges whether the data packet contains the target identification. If yes, executing S109; if not, go to step S106.
Specifically, referring to fig. 3 and fig. 4, when a data packet includes a target identifier (a flag bit of a UDP data segment and/or an ID field of a DNS data segment), it indicates that the data packet is fed back by a query packet corresponding to a domain name to be blasted by a DNS server; at this time, S109 is executed; otherwise, S106 is executed.
S106, the processor deletes the data packet which does not contain the target identification.
Optionally, according to the definition of the DNS protocol, a domain name to be queried may be added to the DNS Query field, for example, www.baidu.com sends a Query packet, and the blasting of the corresponding domain name may be completed, as shown in fig. 9.
Referring to fig. 10, fig. 10 is a diagram of a domain name blasting apparatus according to an embodiment of the present application, where the domain name blasting apparatus is optionally applied to the electronic device described above.
The domain name blasting unit includes: a transmission unit 201 and a processing unit 202.
A transmission unit 201, configured to transmit, by the processor, a query packet to the network card through the independent interface, where the query packet includes a target identifier, a domain name to be blasted, and an address of the target DNS server. Alternatively, the transmission unit 201 may perform S101 described above.
The transmission unit 201 is further configured to obtain, by the processor, a data packet fed back by the target DNS server transmitted by the network card. Alternatively, the transmission unit 201 may perform S104 described above.
The processing unit 202 is configured to analyze the data packet including the target identifier by the processor, and obtain a blasting result matched with the domain name to be blasted, where the blasting result includes the IP address corresponding to the domain name to be blasted. Alternatively, the processing unit 202 may execute S109 described above.
Optionally, the processing unit 202 is further configured to determine whether the data packet includes a target identifier; if so, the processor analyzes the data packet containing the target identifier to obtain a blasting result matched with the domain name to be blasted; if not, the processor deletes the data packet which does not contain the target identification. Alternatively, the processing unit 202 may execute S105 and S106 described above.
It should be noted that the domain name bursting device provided in this embodiment may execute the method flows shown in the above method flow embodiments to achieve corresponding technical effects. For the sake of brevity, the corresponding contents in the above embodiments may be referred to where not mentioned in this embodiment.
The embodiment of the invention also provides a storage medium, wherein the storage medium stores computer instructions and programs, and the computer instructions and the programs execute the domain name blasting method of the embodiment when being read and run. The storage medium may include memory, flash memory, registers, or a combination thereof, etc.
The following provides an electronic device, which may be a server or other computer device, and as shown in fig. 1, the electronic device may implement the domain name blasting method described above; specifically, the electronic device includes: processor 10, memory 11, bus 12 and network card 13. The processor 10 may be a CPU. The memory 11 is used for storing one or more programs, and when the one or more programs are executed by the processor 10, the domain name blasting method of the above embodiment is performed. The network card 13 is used for communication with other terminals.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A domain name blasting method, characterized in that the method comprises:
the processor transmits a query packet to the network card through the independent interface, wherein the query packet comprises a target identifier, a domain name to be blasted and an address of a target DNS server;
the processor acquires a data packet which is transmitted by the network card and fed back by the target DNS server;
and the processor analyzes the data packet containing the target identifier to obtain a blasting result matched with the domain name to be blasted, wherein the blasting result contains the IP address corresponding to the domain name to be blasted.
2. The domain name blasting method according to claim 1, wherein after the processor transmits the query packet to the network card through the independent interface, the method further comprises:
the network card transmits the query packet to the target DNS server and receives a data packet fed back by the target DNS server;
and the network card transmits the data packet to the processor.
3. The domain name blasting method according to claim 1, wherein the query packet includes a UDP data segment, and the target identifier is a flag of the UDP data segment.
4. The domain name blasting method according to claim 1, wherein the query packet includes a DNS data segment, and the destination identifier is an ID field of the DNS data segment.
5. The domain name blasting method according to claim 1, wherein before the processor parses the data packet containing the target identifier to obtain a blasting result matching the domain name to be blasted, the method further comprises:
the processor judges whether the data packet has a blasting result or not; and if so, the processor analyzes the data packet containing the target identifier to obtain a blasting result matched with the domain name to be blasted.
6. The domain name blasting method according to claim 1, wherein before the processor parses the data packet containing the target identifier to obtain a blasting result matching the domain name to be blasted, the method further comprises:
the processor judges whether the data packet contains the target identification; if so, the processor analyzes the data packet containing the target identifier to obtain a blasting result matched with the domain name to be blasted;
if not, the processor deletes the data packet which does not contain the target identification.
7. A domain name blasting apparatus, characterized in that the apparatus comprises:
the system comprises a transmission unit, a network card and a server, wherein the transmission unit is used for transmitting a query packet to the network card by a processor through an independent interface, and the query packet comprises a target identifier, a domain name to be blasted and an address of a target DNS (domain name server);
the transmission unit is further configured to acquire, by the processor, a data packet fed back by the target DNS server and transmitted by the network card;
and the processing unit is used for analyzing the data packet containing the target identifier by the processor to obtain a blasting result matched with the domain name to be blasted, wherein the blasting result contains the IP address corresponding to the domain name to be blasted.
8. The domain name bursting device of claim 7, wherein the processing unit is further configured to determine whether a packet contains the target identifier; if so, the processor analyzes the data packet containing the target identifier to obtain a blasting result matched with the domain name to be blasted; if not, the processor deletes the data packet which does not contain the target identification.
9. A storage medium on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-6.
10. An electronic device, comprising: a processor and memory for storing one or more programs; the one or more programs, when executed by the processor, implement the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011290918.6A CN112272192A (en) | 2020-11-18 | 2020-11-18 | Domain name blasting method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011290918.6A CN112272192A (en) | 2020-11-18 | 2020-11-18 | Domain name blasting method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112272192A true CN112272192A (en) | 2021-01-26 |
Family
ID=74340184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011290918.6A Pending CN112272192A (en) | 2020-11-18 | 2020-11-18 | Domain name blasting method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112272192A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113032659A (en) * | 2021-03-12 | 2021-06-25 | 北京百度网讯科技有限公司 | Information processing method for device information, electronic device, and medium |
| CN113992628A (en) * | 2021-12-30 | 2022-01-28 | 北京华云安信息技术有限公司 | Domain name blasting test method, device, equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108449345A (en) * | 2018-03-22 | 2018-08-24 | 深信服科技股份有限公司 | A kind of networked asset continues method for safety monitoring, system, equipment and storage medium |
| CN110099046A (en) * | 2019-04-08 | 2019-08-06 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Network hopping method and system of super-convergence server |
| CN110351275A (en) * | 2019-07-11 | 2019-10-18 | 北京脉冲星科技有限公司 | A kind of host port flux monitoring method, system, device and storage equipment |
-
2020
- 2020-11-18 CN CN202011290918.6A patent/CN112272192A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108449345A (en) * | 2018-03-22 | 2018-08-24 | 深信服科技股份有限公司 | A kind of networked asset continues method for safety monitoring, system, equipment and storage medium |
| CN110099046A (en) * | 2019-04-08 | 2019-08-06 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Network hopping method and system of super-convergence server |
| CN110351275A (en) * | 2019-07-11 | 2019-10-18 | 北京脉冲星科技有限公司 | A kind of host port flux monitoring method, system, device and storage equipment |
Non-Patent Citations (1)
| Title |
|---|
| W7AY@知道创宇404实验室: "ksubdomain 无状态域名爆破工具", 《HTTPS://PAPER.SEEBUG.ORG/1325/》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113032659A (en) * | 2021-03-12 | 2021-06-25 | 北京百度网讯科技有限公司 | Information processing method for device information, electronic device, and medium |
| CN113032659B (en) * | 2021-03-12 | 2023-08-04 | 北京百度网讯科技有限公司 | Information processing method for device information, electronic device and medium |
| CN113992628A (en) * | 2021-12-30 | 2022-01-28 | 北京华云安信息技术有限公司 | Domain name blasting test method, device, equipment and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2015165296A1 (en) | Method and device for identifying protocol type | |
| CN113949748B (en) | Network asset identification method and device, storage medium and electronic equipment | |
| JP6861720B2 (en) | Service implementation methods, devices, and systems based on the FIX protocol | |
| CN110519265B (en) | Method and device for defending attack | |
| CN108170578B (en) | Log collection method and device | |
| CN111131320B (en) | Asset identification method, device, system and medium | |
| US11818151B2 (en) | Identification of malicious domain campaigns using unsupervised clustering | |
| CN108737584A (en) | The access method of container service, the analytic method of network address, device and system | |
| CN112272192A (en) | Domain name blasting method and device, storage medium and electronic equipment | |
| JP2006501551A (en) | Rule creation for computer application screening; | |
| CN110719215B (en) | Flow information acquisition method and device of virtual network | |
| CN108234345A (en) | A kind of traffic characteristic recognition methods of terminal network application, device and system | |
| CN108600010A (en) | Data transmission method and device | |
| CN116634046A (en) | Message processing method and device, electronic equipment and storage medium | |
| CN113810381B (en) | Crawler detection method, web application cloud firewall device and storage medium | |
| CN111917682B (en) | Access behavior identification method, performance detection method, device, equipment and system | |
| CN113992426A (en) | Message distribution method and device, storage medium and electronic equipment | |
| CN111224878A (en) | Route forwarding method and device, electronic equipment and storage medium | |
| CN106682508A (en) | Method and device for searching and killing viruses | |
| CN111064729B (en) | Message processing method and device, storage medium and electronic device | |
| US10419351B1 (en) | System and method for extracting signatures from controlled execution of applications and application codes retrieved from an application source | |
| CN105100246A (en) | Network flow management and control method based on downloaded resource name | |
| CN109450797B (en) | Message forwarding method and device and computer equipment | |
| CN111741127A (en) | Communication connection blocking method and device, electronic equipment and storage medium | |
| CN112989315B (en) | Fingerprint generation method, device and equipment for terminal of Internet of things and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210126 |