逆天的ZoomEye语法到底有多逆天？！   

ZoomEye 是一个网络空间搜索引擎，旨在帮助用户发现和理解互联网上的各种设备、服务和资产。它提供了一个强大的搜索引擎，允许用户对互联网上的设备进行搜索和分析，以便识别可能的漏洞、风险和安全威胁。

ZoomEye不仅仅可用于网络空间的测绘，还可以用于威胁情报挖掘、C2跟踪分析、网络资产收集、漏洞发现与趋势跟踪、应用发现与识别、全球网络资产数据统计分析等等非常多。

本文分享一些红蓝对抗过程中遇到的一些“逆天”的ZoomEye语法并用ZoomEye-Python搜索对应的资产

1、搜索存在目录遍历的服务器中的敏感密码或sql文件

(title:"Index of" title:"directory listing for") +("password.txt" "admin.txt" ".sql" ".db")

https://www.zoomeye.org/searchResult?q=(title%3A%22Index%20of%22%20title%3A%22directory%20listing%20for%22)%20%2B(%22password.txt%22%20%22admin.txt%22%20%22.sql%22%20%22.db%22)

2、搜索暴露在公网上面的OPENAI的API-KEY

"openai_key": "sk-"

https://www.zoomeye.org/searchResult?q=%22openai_key%5C%22%5C%3A%20%5C%22sk-%22

3、数量非常多的DVWA靶场，直接可被Getshell了

app:"DVWA"

https://www.zoomeye.org/searchResult?q=app%3A%22DVWA%22

4、各类免费的AI机器人及免费AI制作平台

app:"ChatGPT-Next-Web"  title:"AgentGPT" title:"ChatGPT Admin Web" "content="Your personal ChatGPT Bot."" ("MathJax.Hub.Config" +"css/wenda.css") (app:"ChatGPT Web Midjourney Proxy") (app:"DocsGPT" app:"SpeechGPT" "picture generation")

https://www.zoomeye.org/searchResult?q=app%3A%22ChatGPT-Next-Web%22%20%20title%3A%22AgentGPT%22%20title%3A%22ChatGPT%20Admin%20Web%22%20%22content%3D%5C%22Your%20personal%20ChatGPT%20Bot.%5C%22%22%20(%22MathJax.Hub.Config%22%20%2B%22css%2Fwenda.css%22)%20(app%3A%22ChatGPT%20Web%20Midjourney%20Proxy%22)%20(app%3A%22DocsGPT%22%20app%3A%22SpeechGPT%22%20%22picture%20generation%22)

5、找我的世界游戏服务器

app:"Minecraft game server"

https://www.zoomeye.org/searchResult?q=app%3A%20%22Minecraft%20game%20server%22

6、威胁狩猎查询，找恶意服务器或者C2平台

(title:"Index of /" title:"Directory Listing for /")+("cve" "metasploit" "cobaltstrike" "sliver" "covenant" "brc4" "brute-ratel" "commander-runme" "bruteratel" "ps2exe" "badger" "shellcode" "beacon" "artifact" "payload" "teamviewer" "anydesk" "mimikatz" "rclone")

https://www.zoomeye.org/searchResult?q=(title%3A%22Index%20of%20%2F%22%20title%3A%22Directory%20Listing%20for%20%2F%22)%2B(%22cve%22%20%22metasploit%22%20%22cobaltstrike%22%20%22sliver%22%20%22covenant%22%20%22brc4%22%20%22brute-ratel%22%20%22commander-runme%22%20%22bruteratel%22%20%22ps2exe%22%20%22badger%22%20%22shellcode%22%20%22beacon%22%20%22artifact%22%20%22payload%22%20%22teamviewer%22%20%22anydesk%22%20%22mimikatz%22%20%22rclone%22)

7、开源的监控摄像头

title:"openipc"

https://www.zoomeye.org/searchResult?q=title%3A%22openipc%22    

8、未授权访问的Redis服务器

port:6379 -"NOAUTH Authentication required."+service:"redis"

https://www.zoomeye.org/searchResult?q=port%3A6379%20-%22NOAUTH%20Authentication%20required.%22%2Bservice%3A%22redis%22

9、匿名访问的FTP服务器

"230 Login successful." +port:21

https://www.zoomeye.org/searchResult?q=%22230%20Login%20successful.%22%20%2Bport%3A21    

10、Docker服务未授权访问，直接拉镜像666

"Docker Containers:" +port:2375

https://www.zoomeye.org/searchResult?q=%22Docker%20Containers%3A%22%20%2Bport%3A2375

原文始发于微信公众号（增益安全）：逆天的ZoomEye语法到底有多逆天？！