Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-0987 PoC — ISC BIND伪来源IP地址的DNS远程攻击漏洞

Source
https://github.com/pcastagnaro/dns_amplification_scanner
Associated Vulnerability
Title:ISC BIND伪来源IP地址的DNS远程攻击漏洞 (CVE-2006-0987)
Description:ISC BIND缺省配置,当配置成域名服务器时,允许递归查询和提供附加代表信息给任意IP地址,从而允许远程攻击者通过带伪来源IP地址的DNS 查询,制造拒绝服务(流量放大) 。
Description
This script checks if each domain from a given domain list is vulnerable to CVE-2006-0987
Readme
## DNS Amplification DDoS Detection and Verification Tool

This script is designed to identify and verify potential DNS servers vulnerable to exploitation in DNS amplification distributed denial-of-service (DDoS) attacks. It addresses the limitations of automated vulnerability scanners like Nessus, which may generate [false positives](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/ "false positives") when detecting this issue using plugin 35450.

### Background

DNS amplification attacks are a type of reflection-based DDoS attack that exploits misconfigured or open DNS resolvers. Attackers send small DNS queries with spoofed source IP addresses, causing the DNS server to send large responses to the victim's IP address. This amplifies the attack traffic, potentially overwhelming the target's network resources.

### Functionality

The script performs the following key functions:

1. Bulk domain processing: Analyzes multiple domains efficiently to identify potential vulnerabilities.
2. DNS query simulation: Sends specially crafted DNS queries to test for amplification behavior.
3. Response analysis: Examines DNS responses to determine if the server exhibits characteristics conducive to amplification attacks.
4. False positive reduction: Implements additional checks to minimize false positives compared to basic vulnerability scans.

### Use Case

This tool is particularly useful for:

- Security professionals conducting large-scale DNS infrastructure audits
- Network administrators verifying the security posture of their DNS servers
- Researchers studying DNS amplification attack vectors

By providing a more accurate assessment of DNS amplification vulnerabilities, this script enables organizations to prioritize mitigation efforts and enhance their DDoS resilience.

------------


# Usage
## Clone the repository
```bash
git clone https://github.com/pcastagnaro/dns_amplification_scanner/
cd dns_amplification_scanner
```

## Create a Virtual Environment
```bash
python3 -m venv myenv; source myenv/bin/activate
```

## Install Dependancies
```bash
pip install colorama
```

## Run the Script
```bash
python dns_amplification_scanner.py <DNS> --domains <DOMAIN_LIST> --type ANY 
```

## Example
```bash
python dns_amplification_scanner.py 8.8.8.8 --domains domains.txt --type ANY 
```

![Amplification](https://github.com/user-attachments/assets/9ca0079f-214b-40ac-b82c-639de79d0566)
File Snapshot

 [4.0K]  /data/pocs/d69f6f7f853e984eb9b08a70379ac7651ceb7ed1
├── [3.4K]  dns_amplification_scanner.py
└── [2.4K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.