利用Python实现网站子域名枚举
实现原理
将子域名拼接到目标域名前面,然后通过Python代码进行访问,判断返回结果,从而跑出子域名是否存在。也就是,利用Requests模块发起对目标网站的请求,如果没有连接错误则表明该子域名存在。本代码虽然使用了多线程模块,但是在实际测试中发现更慢,可能是目标网站对并发连接实施了限制。
import requests import threading import sys import optparse import os """ Step 1: 利用Optparse模块传递参数,即目标域名,以及字典文件名称 Step 2: 遍历字典文件,并构建URL Step 3: 对于每个URL尝试访问 """ def get_domain(): parser = optparse.OptionParser('Usage: <Program> -d target domain') parser.add_option('-d','--domain',dest='domain', type='string', help='Specify domain name of target') parser.add_option('-w','--wordlist', dest='wordlist', type='string', help="Specify wordlist to brute crack") options, args = parser.parse_args() if not options.domain: print(parser.usage) sys.exit() if not options.wordlist: print(parser.usage) sys.exit() return options.domain, options.wordlist def login(url): headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0' } try: # print("Trying subdomain: %s" % url) response = requests.get(headers=headers, url=url) print(url) except requests.exceptions.ConnectionError: pass def banner(): banner = """ *********************************************************************************** ********************************Subdomain Enumerator By Jason Wong***************** *********************************************************************************** """ print(banner) if __name__ == "__main__": banner() target_domain, wordlist = get_domain() if not os.path.exists(wordlist): print("The file doesn't exist") sys.exit(0) with open(wordlist, 'r') as f: print("Start to brute force subdomain of %s\n" % target_domain) for line in f.readlines(): url = "http://" + line.strip().strip('\n') + '.' + target_domain login(url) # t = threading.Thread(target=login, args=(url,)) # t.start()
STRIVE FOR PROGRESS,NOT FOR PERFECTION
