标签 python 下的文章

渗透测试常见信息收集(python实现子域名与ip收集)


渗透测试中子域名和ip收集(我这里子域名用的网上找的接口,还是挺全的:二级域名查询

import urllib
import re
import sys
import socket 

def get_html(url):
    r = urllib.urlopen(url)
    res = r.read()
    return res

def scan_sub(html):
    resu = re.compile(r'<a href="http://(.*?)" rel=nofollow target=_blank>')
    a = resu.findall(html)
    return a

def get_ip():
    target_file = '%s.txt' % (sys.argv[1].split('.')[0] + '_ip')
    with open(target_file, 'w') as f:
        for i in file((sys.argv[1].split('.')[0]+".txt"),'rb'):
            i = i.strip()
            try:
                ip = socket.getaddrinfo(i, 'http')
                #print ip[0][4][0]       
                a = ip[0][4][0] + "\n"
                f.write(a)
            except:
                pass

api = 'http://i.links.cn/subdomain/'
target = sys.argv[1]
url = api + target + '.html'
html = get_html(url)

if __name__ == '__main__':
    
    result = scan_sub(html)
    b = '\n'.join(result)
    resfile = '%s.txt' % sys.argv[1].split('.')[0]
    print 'the result saved in ' + resfile + "\n"
    with open(resfile, 'w') as F:
        F.write(b)
    get_ip()     
    print 'the result_ip is saved in: %s.txt' % (sys.argv[1].split('.')[0] + '_ip')
    

贴一下效果图


python简易端口扫描器


Python多线程实现常见端口扫描

import threading 
import sys
import socket
import threading 
import sys

port_list = [21, 22, 23, 25, 80, 135, 137, 139, 445, 1433, 1502, 3306, 3389, 8080 ,9015]
target_ip = sys.argv[1]
#print target_ip
Lock = threading.Lock()

def scan_port(target_ip,target_port):
    #global target
    try:
        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        s.connect((target_ip,target_port))
        Lock.acquire()  
        print u'port :'+str(target_port)+' is opening'
        Lock.release()
        s.close()
    except Exception,e:
        #with Lock:
        pass

if __name__ == '__main__':
    for port in port_list:
        #scan_port(target_ip,port)
        t=(threading.Thread(target = scan_port,args = (target_ip,port)))
        t.setDaemon(True)
        t.start()
    t.join()

本地测试效果如下: