最近迷上了python,于是就想在学习中,一边学习一边编写一下小脚本来满足一些懒散的愿望。顺带水水文章O(∩_∩)O哈哈~,只希望各位大佬多多指点。
脚本编写目的:完成一些简单的信息收集工作。
记录一个菜鸟的编程之路
MYscan
-dic.txt #子域名字典
-scan.py #起始文件
-nmapscan.py #端口扫描
-subdomain.py #子域名爆破
思路:造轮子网络上有很多现成的代码,嘿嘿厚颜无耻的Ctrl+c
#!/usr/bin/python3import socketimport sysimport osfrom nmapscan import *from subdomain import *#IP查询def ip_check(url):ip = socket.gethostbyname(url)print (url+'t'+'该网址IP为:'+ip)print('--------------------------------------------------')#cdn判定#采用nslookup执行结果进行返回ip解析数目判断def cdn_check(url):print("CDN判断")ns = "nslookup "+url #利用nslookup做cdn判断data = os.popen(ns,"r").read() #执行命令并且获取数据#print(data) #输出执行结果if data.count(".")>10: #cdn判断print (url + 't' + "存在CDN")print('--------------------------------------------------')else:print (url + 't' + "不存在CDN")print('--------------------------------------------------')#程序入口def main():url = sys.argv[1]check = sys.argv[2]if check == '-all':ip_check(url) #获取ipcdn_check(url) #判断cdnnm = nmapscan(url) #端口扫描nm.nmapscan_s()su = subdomain(url) #子域名爆破su.subdomain_s()if __name__ == '__main__':main()
#!/usr/bin/python3import nmapimport socket#端口扫描class nmapscan(object):def __init__(self,url):self.u = urldef nmapscan_s(self):ip = socket.gethostbyname(self.u)nm = nmap.PortScanner() #实例化try:nm.scan(hosts = ip,arguments = '-sS -Pn -sV')command = nm.command_line() #返回的扫描方法映射到具体的nmap命令print(command)for host in nm.all_hosts(): #遍历扫描主机print('--------------------------------------------------')print('Host : %s %s' % (host, nm[host].hostname())) #输出主机及主机名print('State : %s' % nm[host].state()) #输出主机状态,up、downfor proto in nm[host].all_protocols(): #遍历扫描协议,tcp、udpprint('--------------------------------------------------')print('Protocol : %s' % proto) #输出协议名lport = sorted(nm[host][proto].keys()) #获取协议的所有扫描端口for port in lport: #遍历端口及输出端口、状态及信息print('port : %ststate : %stservice : %s' % (port, nm[host][proto][port]['state'],nm[host][proto][port]['name']))except Exception as err:print("error")
#!/usr/bin/python3import socketimport timeimport osclass subdomain():def __init__(self,url):self.u = urldef subdomain_s(self):sites = [] #创建个列表print('--------------------------------------------------')print('子域名爆破')url = self.u.replace("www.", "")for zym_list in open("dic.txt"): #遍历子域名字典zym_list = zym_list.replace("n", "")zym_list_url = zym_list + "." + urltry:ip = socket.gethostbyname(zym_list_url)print(zym_list_url + "->" + ip)sites += sites.append(zym_list_url)time.sleep(0.1)except Exception as err:passfile_path = os.path.dirname(__file__) + "/子域名扫描结果.txt" # 在当前目录创建文件,保存结果fp = open(file_path, 'w', encoding='utf-8')for i in sites:fp.write(i + "n")print('[+]扫描结束,结果保存至当前目录下,文件名:子域名扫描结果.txt')
python3 scan.py www.xxx.com -all使用效果
nmap模块引用:https://www.cnblogs.com/csnd/p/11807823.htmlhttps://blog.51cto.com/11555417/2112069
PS:萌生写工具的想法是在小迪大佬的课上,对自写工具的一些认知。
END
本文始发于微信公众号(NOVASEC):从零开始造轮子-python(信息收集脚本1)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论