信息搜集_内网
扫描内网高危端口,定期进行资产梳理,整合内网有哪些web资产,然后将这些数据以execl表格的形式进行统计。
运行效果:
扫描端口的使用方式 :python3 port_Scan.py -a "-p 0-65535 -iL r.txt" -T 1
http资产梳理的使用方式:python3 port_Scan.py -a "-p http* -iL r.txt" -T 2 -t 50 这里只扫描http服务,效率更高,准确率比全端口扫描要低,由于自己搭建的web服务较为简陋,没有title值,所以这里为[]
源代码如下:
1 import nmap 2 from openpyxl import * #数据处理,将获取到的数据保存在excel文件中 3 import threading 4 import queue 5 import urllib3 6 import requests 7 from optparse import OptionParser #自定义输入参数 8 import time 9 import re 10 11 numb_req=0 12 list=[] 13 class DoRun(threading.Thread): #自定义 多线程运行时使用的类 14 def __init__(self,queue): 15 threading.Thread.__init__(self) 16 self._queue=queue 17 def run(self): 18 while not self._queue.empty(): 19 date=req(self._queue.get()) 20 #print(date) 21 if(date): 22 list.append(date)
23 def init_excel(filename,sheetName): #创建.xlsx表格,并初始化内容 24 wb=Workbook() 25 if(sheetName=="PortScan"): 26 head=['numb','ip','port','protocol','state'] 27 else: 28 head=['numb','url','title'] 29 ws=wb.create_sheet(sheetName,index=0) 30 for i in range(0,len(head)): 31 ws.cell(1,i+1).value=head[i] 32 wb.save(filename) 33 def Save_Data(datas,filename): #将数据存储到表格当中 34 filename=filename+".xlsx" 35 init_excel(filename,"PortScan") 36 wb_save=load_workbook(filename) 37 ws_save=wb_save.worksheets[0] 38 for data in datas: 39 print(data) 40 current_col=1 41 for key in data: 42 ws_save.cell(data['numb']+1,current_col).value=str(data[key]) 43 current_col+=1 44 wb_save.save(filename)
45 def get_datas(res): #将 nmap 返回的数据 进行处理,返回 list[dir] 46 dir=res['scan'] 47 numb=0 48 datas=[] 49 for k in dir.keys(): 50 #ip=(dir[k]['addresses']['ipv4']) 51 for p in dir[k]['tcp']: 52 data={'numb':'','ip':'','port':'','protocol':'','state':''} 53 numb+=1 54 data['numb']=numb 55 data['ip']=str(dir[k]['addresses']['ipv4']) 56 data['port']=str(p) 57 data['state']=dir[k]['tcp'][p]['state'] 58 data['protocol']=dir[k]['tcp'][p]['name'] 59 #print("[+]data={}".format(data)) 60 datas.append(data) 61 return datas
62 def get_title(datas,thread_count): #使用多线程 调用req ,获取datas(全局变量) 63 que=queue.Queue() 64 threads=[] 65 for date in datas: 66 url='' 67 if(date['protocol']=='https'): 68 url="https://"+date['ip']+":"+date['port'] 69 elif("http" in date['protocol']): 70 url="http://"+date['ip']+":"+date['port'] 71 72 if(url!=''): 73 que.put(url) 74 for i in range(thread_count): 75 threads.append(DoRun(que)) #使用多线程 默认调用 run()函数 76 for i in threads: 77 i.start() #启动多线程 78 for i in threads: 79 i.join() #等待线程结束 后将数据保存至文件 80 81 Save_title(list,str(int(time.time())))
82 def Save_title(datas,filename): #将获取的title 保存到execle 文件中 83 filename=filename+".xlsx" 84 init_excel(filename,"title") 85 wb_save=load_workbook(filename) 86 ws_save=wb_save.worksheets[0] 87 for data in datas: 88 current_col=1 89 for key in data: 90 ws_save.cell(data['numb']+1,current_col).value=str(data[key]) 91 current_col+=1 92 wb_save.save(filename)
93 def req(url): #对域名进行验证,返回状态码,title 94 global numb_req 95 heads = { #全局变量 请求头 96 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36', #模拟浏览器请求 97 'Connection':'close', 98 'Accept-Encoding':'gzip, deflate' 99 } 100 data={'numb':'','url':'','title':''} 101 try: 102 urllib3.disable_warnings() 103 resp = requests.get(url=url,headers=heads,verify=False,timeout=10) #请求漏洞的url 104 if resp.status_code == 200: 105 title=re.findall("<title>(.*?)</title>",resp.text) 106 numb_req+=1 107 data['numb']=numb_req 108 data['url']=url 109 data['title']=title 110 #print("[+]"+url+"\ttitle:"+title) 111 print("[+]请求成功{}".format(data)) 112 return data 113 else: 114 print('[-]请求失败') 115 except Exception as e: 116 print('[-]请求失败e:')
117 def get_Input(): #获取用户输入的参数 ,返回 argument, 118 optParser = OptionParser() 119 optParser.add_option('-a','--arguments',action = 'store',type = "string",help='调用nmap模块 使用的参数',default="-iL r.txt") 120 optParser.add_option("-T","--Type", action="store", type="int",help='当Type的值为1 时扫描端口, 当Type的值为2时,扫描http服务',default=1) 121 optParser.add_option("-t","--thread_count", action="store", type="int",help='线程数量,默认为50',default=50) 122 (options , args) = optParser.parse_args() 123 return options.arguments,options.Type,options.thread_count
124 def print_info(datas): 125 for data in datas: 126 print("[+]"+str(data['ip'])+" "+str(data['port']+" "+str(data['protocol'])+" is "+str(data['state']))) 127 128 def run(): 129 arguments,Type,thread_count=get_Input() #获取用户输入的参数 130 print("arguments={},Type={},thread_count={}".format(arguments,Type,thread_count)) 131 np=nmap.PortScanner() 132 res=np.scan(hosts='',arguments=arguments) #调用nmap模块 进行端口扫描 133 datas=get_datas(res) #将扫描到的数据进行整理,提取 134 filename=str(int(time.time())) #文件名为时间戳 135 136 if(Type==1): 137 Save_Data(datas,filename) #当Type=1时,直接扫描端口 然后保存 138 elif(Type==2): 139 get_title(datas,thread_count) #当Type=2时,先扫描http服务,然后使用requests模块进行验证,获取title值,再保存 140 141 run()