信息搜集_外网
具备联动子域名,whois,ip反查,cdn信息,端口扫描,系统详情六个功能,参数all全部调用;
可添加其他查询API接口,实现一键化收集;
子域名模块可自定义字典,默认字典也具备基本遍历能力;
后期可分布式,实现批量自动;
运行效果:
源代码如下:
1 import socket,os,time,sys 2 from whois import whois 3 4 #ip查询 5 def ip_check(url): 6 ip=socket.gethostbyname(url) 7 print(ip) 8 9 #whois查询 10 def whois_check(url): 11 data=whois(url) 12 print(data) 13 14 #CDN判断-利用返回IP条数进行判断 15 def cdn_check(url): 16 ns="nslookup "+url 17 #data=os.system(ns) 18 #print(data) #结果无法读取操作 19 data=os.popen(ns,"r").read() 20 if data.count(".")>8: 21 print("存在CDN") 22 else: 23 print("不存在CDN") 24 25 #子域名查询- 26 #1.利用字典记载爆破进行查询 27 #2.利用bing或第三方接口进行查询 28 def zym_list_check(url): 29 url=url.replace("www.","") 30 for zym_list in open("dic.txt"): 31 zym_list=zym_list.replace("\n","") 32 zym_list_url=zym_list+"."+url 33 try: 34 ip=socket.gethostbyname(zym_list_url) 35 print(zym_list_url+"->"+ip) 36 time.sleep(0.1) 37 except Exception as e: 38 print(zym_list_url+"->"+"error") 39 time.sleep(0.1) 40 41 def zym_api_check(url): 42 url=url.replace("www.", "") 43 44 45 #端口扫描 46 #1.自写socket协议tcp,udp扫描 47 #2.调用第三方masscan,nmap等扫描 48 def port_check(url): 49 ip = socket.gethostbyname(url) 50 #ip="192.168.76.155" 51 #ports={'21','22','135','443','445','80','1433','3306',"3389",'1521','8000','7002','7001','8080',"9090",'8089',"4848} 52 server = socket.socket(socket.AF_INET,socket.SOCK_STREAM) 53 #for port in ports: 54 try: 55 data=server.connect_ex((ip, 80)) 56 if data==0: 57 print(ip+":"+str(80)+"|open") 58 else: 59 print(ip+":"+str(80)+"|close") 60 pass 61 except Exception as err: 62 print("error") 63 64 #系统判断- 65 #1.基于TTL值进行判断 66 #2.基于第三方脚本进行判断 67 def os_check(url): 68 data = os.popen("nmap\\nmap -O "+url, "r").read() 69 print(data) 70 71 72 if __name__ == '__main__': 73 print("Test:python test.py www.xiaodi8.com all") 74 url = sys.argv[1] 75 check = sys.argv[2] 76 #print(url +"\n"+ check) 77 if check=="all": 78 ip_check(url) 79 whois_check(url) 80 cdn_check(url) 81 os_check(url) 82 #port_check(url) 83 zym_list_check(url) 84 85 #zym_list_check("www.xueersi.com") 86 #port_check("www.xiaodi8.com") 87 #os_check("www.xiaodi8.com")