python安全开发—内外网收集Socket&子域名&DNS
(学习自b站小迪师傅公开课程:https://www.bilibili.com/video/BV1JZ4y1c7ro?p=75)
1.python用处:
2.IP&Whois&系统指纹&CDN&子域名&端口扫描&交互 代码段—外网:
涉及 :域名查ip、查cdn(也可以nslookup命令)、正则判断cdn、子域名查询、系统判断、端口扫描、调用库或接口查whois、异常处理。
import os
import socket
cdn_data=os.system('nslookup www.xiaodi8.com')
print(cdn_data)
def ip_check(url):
ip=socket.gethostbyname(url)
print(ip)
domain=input("输入:")
ip_check(domain)
# -*- codeing = utf-8 -*-
# @Time : 2021/5/25 11:16 上午
# @Author : GLSakura
# @File : 76test.py
# @Software : PyCharm
import os
import socket
# pip install python-whois
from whois import whois
import time
# import sys
import nmap
# ip查询-socket
def ip_check(url):
ip = socket.gethostbyname(url)
print(ip)
# CDN判断-利用返回IP条数进行判断
def cdn_check(url):
ns = "nslookup " + url
# data=os.system(ns)
# print(data)
# 结果无法读取操作
data = os.popen(ns, "r").read()
if data.count(".") > 15:
print("存在CDN")
else:
print(data)
print("不存在CDN")
# 端口扫描
# 1.原生自写socket协议tcp,udp扫描
# 2.调用第三方模块等扫描
# 3.调用系统工具脚本执行
def port_check(url):
ports = {'21', '22', '80'}
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
for port in ports:
ip = socket.gethostbyname(url)
result = server.connect_ex((ip, int(port)))
if result == 0:
print(port + '\topen')
else:
print(port + '\tclose')
# whois查询
def whois_check(url):
data = whois(url)
print(data)
# 子域名查询
def domain_check(url):
url = url.replace('www.', '')
for domain_data in open("/Users/glan/Sec/Dicts/fuzzDicts/subdomainDicts/main.txt"):
domain_data = domain_data.replace('\n', '')
domain_url = domain_data + '.' + url
try:
ip = socket.gethostbyname(domain_url)
print(domain_url + '\t\t->\t' + ip)
time.sleep(0.1)
except Exception as e:
pass
# nmap扫描
def nmap_check(url):
nm = nmap.PortScanner()
ret = nm.scan(hosts=url, ports='22')
print(ret)
if __name__ == '__main__':
url = 'www.baidu.com'
ip_check(url)
cdn_check(url)
nmap_check(url)
whois(url)
domain_check(url)
3.IP&计算机名&存活主机&端口扫描代码段----内网:
python的强大之处就在于库连nmap都有模块可以导入,特殊情况下不使用工具直接执行脚本来探寻内网主机或端口。
python的nmap模块使用
# coding=utf-8
import nmap
#内网主机信息探针
#1.原生利用ping进行获取
#2.原生利用icmp,tcp,udp等协议获取
#3.利用第三方模块库nmap等加载扫描获取
def nmapscan():
nm = nmap.PortScanner()
try:
data=nm.scan(hosts='192.168.76.0/24', arguments='-T4 -F')
print(nm.all_hosts())
print(nm.csv())
print(data)
except Exception as err:
print("error")
if __name__ == '__main__':
nmapscan()
4.py格式解析环境与可执行程序格式转换—Pyinstaller
在没有安装python环境的机器中,需要用到这个库,将py文件转换为exe/sh等可执行文件格式。
安装也很简单,就是pip导入pyinstaller库即可,想了解原理可以审计一下库的源码,具体使用参考:http://c.biancheng.net/view/2690.html