信息搜集_外网

具备联动子域名，whois，ip反查，cdn信息，端口扫描，系统详情六个功能，参数all全部调用；

可添加其他查询API接口，实现一键化收集；

子域名模块可自定义字典，默认字典也具备基本遍历能力；

后期可分布式，实现批量自动；

运行效果：

 

源代码如下：

import socket,os,time,sys
from whois import whois

#ip查询
def ip_check(url):
    ip=socket.gethostbyname(url)
    print(ip)

#whois查询
def whois_check(url):
    data=whois(url)
    print(data)

#CDN判断-利用返回IP条数进行判断
def cdn_check(url):
    ns="nslookup "+url
    #data=os.system(ns)
    #print(data) #结果无法读取操作
    data=os.popen(ns,"r").read()
    if data.count(".")>8:
        print("存在CDN")
    else:
        print("不存在CDN")

#子域名查询-
#1.利用字典记载爆破进行查询
#2.利用bing或第三方接口进行查询
def zym_list_check(url):
    url=url.replace("www.","")
    for zym_list in open("dic.txt"):
        zym_list=zym_list.replace("\n","")
        zym_list_url=zym_list+"."+url
        try:
            ip=socket.gethostbyname(zym_list_url)
            print(zym_list_url+"->"+ip)
            time.sleep(0.1)
        except Exception as e:
            print(zym_list_url+"->"+"error")
            time.sleep(0.1)

def zym_api_check(url):
    url=url.replace("www.", "")


#端口扫描
#1.自写socket协议tcp,udp扫描
#2.调用第三方masscan,nmap等扫描
def port_check(url):
    ip = socket.gethostbyname(url)
    #ip="192.168.76.155"
    #ports={'21','22','135','443','445','80','1433','3306',"3389",'1521','8000','7002','7001','8080',"9090",'8089',"4848}
    server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    #for port in ports:
    try:
        data=server.connect_ex((ip, 80))
        if data==0:
            print(ip+":"+str(80)+"|open")
        else:
            print(ip+":"+str(80)+"|close")
            pass
    except Exception as err:
            print("error")

#系统判断-
#1.基于TTL值进行判断
#2.基于第三方脚本进行判断
def os_check(url):
    data = os.popen("nmap\\nmap -O "+url, "r").read()
    print(data)


if __name__ == '__main__':
    print("Test：python test.py www.xiaodi8.com all")
    url = sys.argv[1]
    check = sys.argv[2]
    #print(url +"\n"+ check)
    if check=="all":
        ip_check(url)
        whois_check(url)
        cdn_check(url)
        os_check(url)
        #port_check(url)
        zym_list_check(url)

    #zym_list_check("www.xueersi.com")
    #port_check("www.xiaodi8.com")
    #os_check("www.xiaodi8.com")