踩点信息生成工具

于 2013-04-30 00:42:19 发布
阅读量2.2k 收藏
点赞数
分类专栏: 工具源码 渗透测试相关 python
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/yatere/article/details/8868578
版权 
# -*- coding: gb18030 -*-
from subprocess import  *
import socket,httplib2
import sys,os,socket,threading
from bs34 import BeautifulSoup34
import json,urllib2,urllib
from urlparse import urlparse as up
import simplejson,pprint


class target(object):
    def __init__(self,domain):
        self.domain=domain
        self.ips=[]
        self.subdomain=[]
        self.ipinfo=[]
        self.iprinfo=[]
        self.samesite=[]
        self.url=r'http://cn.bing.com/search?count=100&q=ip:'
        self.subdomainurl=r'https://ajax.googleapis.com/ajax/services/search/web?v=1.0&start={}&rsz=8&q=site:{}'
        self.httphead={
        'User-Agent':'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152)',
        'Cookie':'SRCHUID=V=2&GUID=79E9F92F75B54E60B4588D130264EFD4; MUID=0A81369FC80C6E532B69359EC9026E42; SRCHD=SM=1&MS=2196069&D=2160426&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20120209; _SS=SID=C8C39DCC3EA342E2859C472E445A1BEC; _UR=D=0; RMS=F=O&A=Q; SCRHDN=ASD=0&DURL=#',
        'Referer':'http://cn.bing.com/'}
        self.portlist=[21,22,23,25,53,80,81,110,139,135,443,445,1723,2012,3389,1433,3306,1521,8080,8089,8090,3128,5900]
        self.op=[]
        self.ipq=r'http://api.ipinfodb.com//v2/ip_query.php?key=5eb5b4de91741e2e4b98748989dc84f3236b55f6dd38aa689921884867536f36&ip={}&output=json&timezone=false'
        self.getips()
        self.trac()
        self.scanport()
        self.getsubdomain()
        self.getpzinfo()
        self.disp()

#--------------------------------获得ip,srver 信息----------------------------
    def getips(self):
        h=httplib2.Http()
        res,_=h.request(r'http://'+self.domain,headers=self.httphead)
        _,con=h.request(self.ipq.format(self.domain))
        con=json.loads(con)
        for i in socket.gethostbyname_ex(self.domain)[2]:
            self.ips.append(i)
        self.ipinfo.append((res.get('server'),res.get('x-powered-by'),con.get("CountryName"),con.get("RegionName"),con.get("City")))
            
#--------------------------------路由跟踪代码----------------------------
    def trac(self):
        p=Popen(['tracert',self.domain,'-h','20',],shell=False,stdout=PIPE)
        data=p.stdout.readline()
        while data:
            #if "*" in data:break
            d=data.strip().split()
            if len(d)==8:self.iprinfo.append((d[7],d[7]))
            if len(d)==9:self.iprinfo.append((d[7],d[8][1:-1]))
            data=p.stdout.readline()

#--------------------------------获得目标子域信息--------------------------
    def getsubdomain(self):
        for n in range(1,200,8):
            request = urllib2.Request(self.subdomainurl.format(n,self.domain[self.domain.index('.')+1:]), None, {'Referer': 'http://www.baidu.com'})
            try:info=simplejson.load(urllib2.urlopen(request))['responseData']['results']
            except Exception as err:break
            for i in info:
                for l in i:
                    if l=='url':
                        self.subdomain.append( up(i[l]).netloc.encode() )
            self.subdomain=list(set(self.subdomain))
#--------------------------------胖猪代码----------------------------
    def getpzinfo(self):
        ip=socket.gethostbyname(self.domain.strip())
        h=httplib2.Http()
        res,cont=h.request(self.url+ip,headers=self.httphead)
        soup=BeautifulSoup(cont)
        for i in soup.findAll('div',attrs={'class':'sb_tlst'}):
            self.samesite.append(up(i.a['href']).netloc.encode())
        self.samesite=list(set(self.samesite))

#/
#---------------------------端口扫描代码-------------------------------


    def conport(self,tar,port):
        s=socket.socket()
        s.settimeout(3)
        try:s.connect((tar,port));self.op.append(port)
        except Exception as err:pass
        finally:s.close()

    def scanport(self):
        tlist=[]
        for i in self.portlist:
            for l in self.ips:
                tlist.append(threading.Thread(target=self.conport,args=((l,i))))
        for i in tlist:
            i.start()
        for i in tlist:
            i.join()
        del tlist
    def disp(self):
        f=open(r'./txt/'+self.domain+'.txt','at')
        print >>f,"目标域名:\n",self.domain
        print "目标域名:\n",self.domain
        if len(self.samesite)>1:
            print >>f,"目标为虚拟主机"
            print "目标为虚拟主机"
        
        print >>f,"IP地址 :"
        pprint.pprint (self.ips,f)
        print "IP地址 :"
        pprint.pprint (self.ips)
        print >>f,"目标地址信息: "
        pprint.pprint (self.ipinfo,f)
        print "目标地址信息: "
        pprint.pprint (self.ipinfo)
        print >>f,"目标路由跟踪信息: "
        pprint.pprint (self.iprinfo,f)
        print "目标路由跟踪信息: "
        pprint.pprint (self.iprinfo)
        print >>f,"目标的开放端口信息: "
        pprint.pprint (self.op,f)
        print "目标的开放端口信息: "
        pprint.pprint (self.op)
        print >>f,"目标的子域信息:"
        pprint.pprint (self.subdomain,f)
        print "目标的子域信息:"
        pprint.pprint (self.subdomain)
        print >>f,"目标的同站服务器信息:"
        pprint.pprint (self.samesite,f)
        print "目标的同站服务器信息:"
        pprint.pprint (self.samesite)
        print >>f,"*"*30+'\r\n\r\n'
        print "*"*30+'\r\n\r\n'

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值