ZoomEye-python 试用
Preface
https://github.com/knownsec/ZoomEye-python
安装
pip3 install zoomeye
命令行使用
# zoomeye -h usage: zoomeye [-h] [-v] {info,search,init,ip,history,clear,domain} ... positional arguments: {info,search,init,ip,history,clear,domain} info Show ZoomEye account info search Search the ZoomEye database init Initialize the token for ZoomEye-python ip Query IP information history Query device history clear Manually clear the cache and user information domain search associated domain or sub domain optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit
# zoomeye init -apikey "500E2FFd-63Bf-6667c-3f19-5a8dcc1ee98"
Role: developer Quota: 8970 successfully initialized
SDK 集成使用
# python3 Python 3.6.9 (default, Jan 26 2021, 15:33:00) [GCC 8.4.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from zoomeye.sdk import ZoomEye >>> dir(ZoomEye) ['__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_request', 'domain_search', 'dork_filter', 'dork_search', 'generate_dot', 'get_facet', 'history_ip', 'login', 'multi_page_search', 'resources_info', 'show_count'] >>> zm = ZoomEye(api_key="500E2FFd-63Bf-6667c-3f19-5a8dcc1ee98") >>> zm.resources_info() {'code': 60000, 'plan': 'developer', 'resources': {'search': 8970, 'stats': 100, 'interval': 'month'}, 'user_info': {'name': 'b0d5e170acb0', 'role': 'developer', 'expired_at': ''}, 'quota_info': {'remain_free_quota': 8970, 'remain_pay_quota': 0, 'remain_total_quota': 8970}}
替换成自己的 API_KEY 即可,以上表示展示安装、初始化正常。
试用
本篇仅演示 zoomeye 命令行使用模式。
info 显示账号信息
# zoomeye info Role: developer Quota: 8970 user_info: {'name': 'b0d5e170acb0', 'role': 'developer', 'expired_at': ''} quota_info: {'remain_free_quota': 8970, 'remain_pay_quota': 0, 'remain_total_quota': 8970}
domain 子域名查询
# zoomeye domain baidu.com 1 -page 1 name timestamp ip xunren.baidu.com 2022-02-04 ["180.76.160.148"] videom.baidu.com 2022-02-04 ["180.76.57.73"] open.gongyi.baidu.com 2022-02-04 ["111.206.210.26", "124.237.177.47", "220.181.33.218", "111.206.209.70"] lcs.baidu.com 2022-06-02 [] static.home.baidu.com 2022-05-10 [] bjdd-evs-idc01-gpu01.bjdd.baidu.com 2022-05-06 [] njjs-evs-idc01-cpu02.njjs.baidu.com 2022-05-06 [] as2.yuedu.baidu.com 2022-05-06 [] yjsstatic.baidu.com 2022-04-25 [] m.baidu.com 2022-04-10 [] image.baidu.com 2022-04-10 [] opendata.baidu.com 2022-04-09 [] www.xinbj.baidu.com 2022-03-19 [] xinbj.baidu.com 2022-03-19 [] gamein.baidu.com 2022-03-04 [] yiqifu.baidu.com 2022-03-04 [] bdi.baidu.com 2022-03-04 [] ifu.baidu.com 2022-03-04 [] cpro.baidu.com 2022-02-02 [] app.ka.baidu.com 2022-02-01 [] cpcontacts.usa.baidu.com 2022-02-01 [] meet.baidu.com 2022-02-01 [] www.usa.baidu.com 2022-02-01 [] www.videom.baidu.com 2022-02-01 [] www.persona.baidu.com 2022-02-01 [] newcopyright.baidu.com 2022-02-01 [] apollo-docker.baidu.com 2022-02-01 [] webcon.baidu.com 2022-02-01 [] dialin.baidu.com 2022-02-01 [] webmail.usa.baidu.com 2022-02-01 [] total: 30/6536
ip 地址查询
leave blank ...
search 查找
search 是 zoomeye 的核心功能,可以组合一些查询条件,来获取自己想要的数据。
simple search
# zoomeye search confluence ip:port service country app banner 8.215.46.19:5555 http Singapore Synology RackStati... HTTP/1.1 200 OK\r\nDate... 8.209.127.181:5555 http Germany Cisco-Broadband-Ac... HTTP/1.0 200 OK\r\nAcce... 8.208.86.109:5555 http United Kingdom Synology RackStati... HTTP/1.1 200 OK\r\nDate... 8.209.220.107:5555 http Japan Cisco-Broadband-Ac... HTTP/1.0 200 OK\r\nAcce... 8.215.64.46:5555 http Singapore Cisco-Broadband-Ac... HTTP/1.0 200 OK\r\nAcce... 8.208.77.139:5555 http United Kingdom Coturn HTTP/1.1 200 OK\r\nDate... 8.216.33.16:5555 http Singapore Coturn HTTP/1.1 200 OK\r\nDate... 8.208.16.102:5555 http United Kingdom Cisco-Broadband-Ac... HTTP/1.0 401 Unauthoriz... 8.211.146.56:5555 http Japan Coturn HTTP/1.1 200 OK\r\nDate... 8.213.137.29:5555 http Singapore Coturn HTTP/1.1 200 OK\r\nDate... 8.213.136.249:5555 http Singapore Cisco-Broadband-Ac... HTTP/1.0 200 OK\r\nAcce... 8.216.32.94:5555 http Singapore Cisco-Broadband-Ac... HTTP/1.0 200 OK\r\nAcce... 8.211.22.130:5555 http Germany Cisco-Broadband-Ac... HTTP/1.0 200 OK\r\nAcce... 8.213.136.234:5555 http Singapore Cisco-Broadband-Ac... HTTP/1.0 200 OK\r\nAcce... 8.213.137.172:5555 http Singapore Cisco-Broadband-Ac... HTTP/1.0 401 Unauthoriz... 8.210.59.86:5555 http China Cisco-Broadband-Ac... HTTP/1.0 200 OK\r\nAcce... 120.46.159.242:8097 http China Cisco-Broadband-Ac... HTTP/1.0 200 OK\r\nAcce... 120.46.155.74:8097 http China Cisco-Broadband-Ac... HTTP/1.0 200 OK\r\nAcce... 120.46.137.97:8097 http China Cisco-Broadband-Ac... HTTP/1.0 401 Unauthoriz... 45.117.83.37:8095 http Viet Nam Apache httpd HTTP/1.1 200 OK\r\nAcce... total: 20/399393
facets
-facet [field] Perform statistics on ZoomEye database, host field:
[app,device,service,os,port,country,city] web field:
[webapp,component,framework,server,waf,os,country]
# zoomeye search confluence -facet country ---------------------------------------- ZoomEye total data:399393 -------------country Top 10------------- country count China 114340 United States 98613 Germany 35586 Singapore 14604 United Kingdom 13113 Australia 10957 Japan 9708 France 9544 Canada 8961 Netherlands 7748
# zoomeye search confluence -facet port ---------------------------------------- ZoomEye total data:399393 --------------port Top 10--------------- port count 443 70935 8090 50723 80 43845 8080 10347 8443 6796 8983 5129 53 3610 8081 2693 8085 2540 9090 2059
过滤查询
在日常使用中,我们可以结合过滤条件,获得更为精细/准确的查询结果。
zoomeye 命令行使用也是类似的,通过 '+'/与,组合查询条件即可。
# zoomeye search "country:\"United States\" +port:\"8090\" +app:\"Atlassian Confluence\""
ip:port service country app banner 173.248.141.144:8090 http United States Atlassian Confluence HTTP/1.1 302 \r\nCache-... 63.231.117.120:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.92:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.23:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.68:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.215:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.251:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.254:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.82:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.91:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.48:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.240:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.72:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.252:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.34:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.62:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.51:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.11:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.154:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... 63.231.117.0:8090 http United States Atlassian Confluence HTTP/1.1 200 \nDate: Mo... total: 20/971
数据导出
zoomeye 提供了数据导出的功能极为方便,而且没有以前的只能获取前 30% 数据限制。
- -save:可以指定相关的字段;
- -num:指定数量;
# zoomeye search "country:\"United States\" +port:\"8090\" +app:\"Atlassian Confluence\"" -save ip,port,app,version,device,city,country,service -num 971 save file to /root/country_United_States_port_8090_app_Atlassian_Confluence_971_1654584890.json successful! # cat /root/country_United_States_port_8090_app_Atlassian_Confluence_971_1654584890.json | grep ip | wc -l 971
以上基本上能满足大部分对搜索的需求。
-------------------------------------------
个性签名:如果世上的事都按你说的道理走 世界就不是现在这样了!
如果觉得这篇文章对你有小小的帮助的话,记得在右下角点个“推荐”哦,博主在此感谢!
