python信息搜集

渗透测试 python 信息收集
python
发布日期:   2022-03-28
更新日期:   2022-03-29
文章字数:   389
阅读时长:   1 分

一共六个模块,可在cmd选择调用哪个模块,参数all是全部进行调用

子域名模块是自己的字典库,引入了nmap第三方库

可以在powershell直接调用或者添加自己的输入语句

源码:

import socket,os,time,sys,whois
#ip查询
def ip_check(url):
    ip=socket.gethostbyname(url)
    print(ip)
    print('------------------------------------++++++-------------------------------------------')
#whois查询
def whois_check(url):
    data = whois.whois(url)
    print(data)
    print('------------------------------------++++++-------------------------------------------')

#CDN判断-利用返回IP条数进行判断
def cdn_check(url):
    ns="nslookup "+url
    #data=os.system(ns)
    #print(data) #结果无法读取操作
    data=os.popen(ns,"r").read()
    if data.count(".")>8:
        print("存在CDN")
    else:
        print("不存在CDN")
    print('------------------------------------++++++-------------------------------------------')
#子域名查询-
#1.利用字典记载爆破进行查询
#2.利用第三方接口进行查询
def SubDomain_list_check(url):
    url=url.replace("www.","")
    for SubDomain_list in open("[自己的字典地址]"):
        SubDomain_list=SubDomain_list.replace("\n","")
        SubDomain_list_url=SubDomain_list+"."+url
        try:
            ip=socket.gethostbyname(SubDomain_list_url)
            print(SubDomain_list_url+"->"+ip)
            time.sleep(0.1)
        except Exception as e:
            time.sleep(0.1)
    print('------------------------------------++++++-------------------------------------------')

def SubDomain_api_check(url):
    url=url.replace("www.", "")


#端口扫描
def port_check(url):
    ip = socket.gethostbyname(url)
    #ip="192.168.76.155"
    #ports={'21','22','135','443','445','80','1433','3306',"3389",'1521','8000','7002','7001','8080',"9090",'8089',"4848}
    server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    #for port in ports:
    try:
        data=server.connect_ex((ip, 80))
        if data==0:
            print(ip+":"+str(80)+"|open")
        else:
            print(ip+":"+str(80)+"|close")
            pass
    except Exception as err:
            print("error")
    print('------------------------------------++++++-------------------------------------------')

#系统判断-
#1.基于TTL值进行判断
#2.基于第三方脚本(nmap)进行判断
def os_check(url):
    data = os.popen("nmap\\nmap -O "+url, "r").read()
    print(data)
    print('------------------------------------++++++-------------------------------------------')

if __name__ == '__main__':
    print("Test:python test.py www.dudu.com all")
    url = sys.argv[1]
    check = sys.argv[2]
    if check=="all":
        ip_check(url)
        whois_check(url)
        port_check(url)
        cdn_check(url)
        os_check(url)
        SubDomain_list_check(url)
文章作者: 小小星仔
文章链接: https://deades-coder.github.io/2022/03/28/python-xin-xi-sou-ji/
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 小小星仔 !
渗透测试 python 信息收集
评论
  目录