python开发-信息收集
1.ip查询-sockets
def ip_check(url):
ip=socket.gethostbyname(url)
print (ip)
2.whois查询
需要导入python-whois库
pip install python-whois
def whois_check(url):
data=whois(url)
print(data)
3.cdn判断
def cdn_check(url):
cdn_data=os.popen('nslookup '+ url)
cdn_datas=cdn_data.read()
x=cdn_datas.count('.')
if x>10:
print("存在cdn")
else:
print("不存在cdn")
4.端口扫描
1.原生自写socket协议tcp,udp扫描
2.调用第三方模块等扫描
3.调用系统工具脚本执行
def port_scan(url):
ip=socket.gethostbyname(url)
#ip="192.168.1.142"
ports={
'21','22','135','443','445','80','1433','3306','1521','3389','8080'}
server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
for port in ports:
result = server.connect_ex((url,int(port)))
if result==0:
print(port+'|open')
else:
print(port+'|close')
nmap扫描 需要安装python-nmap模块,主要用于内网信息探测
def nmapscan():
nm = nmap.PortScanner()
try:
data=nm.scan(hosts='192.168.1.1/24', arguments='-T4 -F')
print(nm.all_hosts())
print(nm.csv())
print(data)
except Exception as err:
print("error")
两种方法都可以
5.子域名查询
1.利用字典加载爆破进行查询
2.利用bing或第三方接口查询
本次使用的是字典加载方法,在子域名挖掘机Layer中,下载之后会有一个字典dic,内容丰富
def sub_domain_check(url):
urls=url.replace('www.','')
for sub_domain_data in open('dic.txt'):
data = sub_domain_data.replace('\n', '')
url = data + urls
try:
ip = socket.gethostbyname(url)
print(url + '->' + ip)
time.sleep(0.1)
except Exception as e:
# print('error')
pass
6.需要用到的模块和主函数
#encoding: utf-8
import socket
import os
import time
import sys
from whois import whois
if __name__ == '__main__':
#check= sys.argv[1]
#url=sys.argv[2]
#if check=='-all':
url = 'www.baidu.com'
ip_check(url)
whois_check(url)
cdn_check(url)
port_scan(url)
sub_domain_check(url)
也可写成工具,用到的是sys方法
python main.py -all url