最新要闻

广告

手机

iphone11大小尺寸是多少?苹果iPhone11和iPhone13的区别是什么?

iphone11大小尺寸是多少?苹果iPhone11和iPhone13的区别是什么?

警方通报辅警执法直播中被撞飞:犯罪嫌疑人已投案

警方通报辅警执法直播中被撞飞:犯罪嫌疑人已投案

家电

渗透测试——简单的流程化信息收集

来源:博客园


(相关资料图)

简单的流程化信息收集

脚本

import osimport fnmatchimport socketimport shutildef checkcdn(host):    ip_list=[]    try:        addrs = socket.getaddrinfo(host, None)        for item in addrs:            if item[4][0] not in ip_list:                ip_list.append(item[4][0])        count_ip = len(ip_list)        if count_ip > 1:            return False        elif count_ip == 1:            return ip_list[0]        else:            return False    except Exception as e:        return False# 打印错误print("by k1115h0t")print("根域名放置在domians.txt中")print("当前文件夹下放置httpx")os.system("subfinder/subfinder -dL domains.txt -all -o subfinder_subdomains.txt")os.system("python3 oneforall/oneforall.py --targets domains.txt run")oneforall_result=""for f_name in os.listdir("oneforall/results"):        if fnmatch.fnmatch(f_name, "all*.txt"):            oneforall_result="oneforall/results/"+f_name# 读取第一个文本文件with open(oneforall_result, "r") as file1:    content1 = file1.readlines()# 读取第二个文本文件with open("subfinder_subdomains.txt", "r") as file2:    content2 = file2.readlines()# 合并两个文本文件merged_content = content1 + content2# 去重unique_content = list(set(merged_content))# 将去重后的内容写入新的文本文件with open("subdomains.txt", "w") as merged_file:    merged_file.writelines(unique_content)print("================================================")print("================================================")print("================================================")print("子域名已经全部扫描完成,子域名结果存储在 subdomains.txt")print("开始识别CDN")print("================================================")print("================================================")print("================================================")if os.path.exists("oneforall/results"):    shutil.rmtree(r"oneforall/results")os.remove("subfinder_subdomains.txt")f1=open(file="subdomains.txt",mode="r",encoding="utf-8")f2=open(file="cdn.txt",mode="a",encoding="utf-8")f3=open(file="nocdn.txt",mode="a",encoding="utf-8")f4=open(file="nocdn_ip.txt",mode="a",encoding="utf-8")l1=[]num=1for i in f1.readlines():    newi=i.strip("\n")    result=checkcdn(newi)    # print(num)    num=num+1    if result!=False:        f3.write(i)        if result not in l1:            l1.append(result)    else:        f2.write(i)for j in l1:    f4.write(j+"\n")f1.close()f2.close()f3.close()f4.close()print("================================================")print("================================================")print("================================================")print("cdn识别完成,结果存储在 cdn.txt nocdn.txt nocdn_ip.txt")print("开始调用httpx")print("================================================")print("================================================")print("================================================")os.system("./httpx -l cdn.txt -sc -cl -title -o cdn_httpx.txt")os.system("./httpx -l nocdn.txt -sc -cl -title -o nocdn_httpx.txt")print("================================================")print("================================================")print("================================================")print("httpx识别完成,结果存储在 cdn_httpx.txt nocdn_httpx.txt")print("开始调用rustscan")print("================================================")print("================================================")print("================================================")os.system("rustscan -a nocdn_ip.txt -r 1-65535 -- -sC -Pn -n -sV >> rustscan_nocdn.txt")

使用时需要新建一个domains.txt用于存放根域名(baidu.com)

脚本的流程

  1. 调用 subfinder 和 oneforall进行子域名扫描

    生成 subdomains.txt 存储所有的子域名
  2. 对子域名结果进行分析去重,并识别cdn

    生成 cdn.txt nocdn.txt nocdn_ip.txt
  3. 使用httpx进行扫描

    生成 cdn_httpx.txt nocdn_httpx.txt
  4. 使用rustscan对无cdn的ip进行端口扫描

    生成 rustscan_nocdn.txt

目录下面工具的放置

在第二次使用的时候,需要先手动删除所有txt文件

rm *.txt

目录结构:

├── cdn_httpx.txt  有cdn的域名的httpx 结果├── cdn.txt  没有cdn的域名├── domains.txt 要进行信息收集的根域名├── httpxhttpx二进制文件├── nocdn_httpx.txt 无cdn的域名的httpx 结果├── nocdn_ip.txt无cdn域名解析出的ip├── nocdn.txt├── oneforall├── rustscan_nocdn.txt├── start.py├── subdomains.txt└── subfinder

工具链接

工具链接:https://github.com/shmilylty/OneForAllhttps://github.com/projectdiscovery/subfinderhttps://github.com/projectdiscovery/httpxhttps://github.com/RustScan/RustScan

关键词: