渗透测试-信息收集-c段收集

平时做渗透测试我比较喜欢用lijiejie 写的 subDomainsBrute来爆破子域名

那么爆破完成后就想收集一下网站的c段信息

下面以平安为例

爆破得到子域名为

i.pingan.com.cn                 183.129.178.89
www.pingan.com.cn               202.69.26.13
club.pingan.com.cn              202.69.18.234
home.pingan.com.cn              202.69.21.142
mail.pingan.com.cn              202.69.21.81
member.pingan.com.cn            202.69.26.18
resources.pingan.com.cn         202.69.26.6
b.pingan.com.cn                 202.69.26.12
car.pingan.com.cn               202.69.19.184
wap.pingan.com.cn               202.69.26.16
api.pingan.com.cn               202.69.21.123
vp.pingan.com.cn                202.69.21.236
learn.pingan.com.cn             202.69.21.84
wifi.pingan.com.cn              116.31.80.134
download.pingan.com.cn          119.145.207.56, 113.107.107.15, 183.57.145.14, 113.107.57.44, 218.6.110.15, 59.56.26.227
legacy.pingan.com.cn            202.69.21.81
t.pingan.com.cn                 202.69.26.20
cash.pingan.com.cn              202.69.21.176
money.pingan.com.cn             202.69.26.12
update.pingan.com.cn            210.83.237.20
citrix.pingan.com.cn            202.69.19.26
vpn.pingan.com.cn               183.63.51.72
cm.pingan.com.cn                202.69.21.64
cz.pingan.com.cn                202.69.23.155
mx1.pingan.com.cn               202.69.19.105
events.pingan.com.cn            202.69.26.57
rss.pingan.com.cn               202.69.19.41
map.pingan.com.cn               121.15.166.179
ai.pingan.com.cn                202.69.21.226
sip.pingan.com.cn               202.69.18.186, 202.69.18.183
dialin.pingan.com.cn            202.69.21.70
meet.pingan.com.cn              202.69.21.70
mx2.pingan.com.cn               202.69.19.104
localhost.pingan.com.cn         127.0.0.1
ask.pingan.com.cn               116.31.80.169
rms.pingan.com.cn               202.69.18.168
push.pingan.com.cn              202.69.21.76
ocs.pingan.com.cn               218.17.221.53
stock.pingan.com.cn             202.69.18.155
mb.pingan.com.cn                183.63.51.69
bank.pingan.com.cn              202.69.23.136
mx4.pingan.com.cn               202.69.18.86
tb.pingan.com.cn                202.69.26.19
sbc.pingan.com.cn               121.15.166.178, 58.251.11.225
recruit.pingan.com.cn           202.69.19.118
ck.pingan.com.cn                183.63.51.71
mx5.pingan.com.cn               202.69.19.217
message.pingan.com.cn           202.69.18.33
fund.pingan.com.cn              202.69.26.4
mgw.pingan.com.cn               202.69.26.46
txt.pingan.com.cn               119.145.207.55, 218.5.238.218, 183.57.144.150
pcs.pingan.com.cn               202.69.21.99
ehs.pingan.com.cn               202.69.21.172
vpn.bank.pingan.com.cn          218.17.146.201

写了一个python脚本，一个域名对应多个ip的我这里是抛弃处理

#coding=utf-8
 
import re
from sys import argv
 
__author__ = "depycode"
 
def getC(ipList):
    resiplist = []
    for i in ipList:
        if i.startswith("127") or i.startswith("192.168") or i.startswith("10.") or i.startswith("172"):
            continue
        else:
            ip = re.match(r"\d+\.\d+\.\d+\.", i)
            ips = ip.group(0)
            resiplist.append(ips)
    resiplist = list(set(resiplist))
    return resiplist
 
def saveC(ipList,f):
    for i in ipList:
        for j in range(1,256):
            f.write(i+str(j)+"\n")
    f.close()
 
if __name__ == "__main__":
    if len(argv)!=3:
        print "usage:./script.py sub.txt res.txt"
        exit()
    f1 = open(argv[1],"r")
    f2 = open(argv[2],"w+")
    lis = f1.readlines()
    iplist = []
 
    for i in lis:
        s = re.split("\s+",i)
        ip = s[1].strip()
        if len(ip)<=16:
            iplist.append(ip)
    reslist = getC(iplist)
    saveC(reslist, f2)
    print reslist
    print "success save to %s"% str(argv[2])
    f1.close()