外网信息收集:
1.ip查询
import socket
ip=socket.gethostbyname(url)
print(ip)
2.whois查询
from whois import whois #需要安装python-whois模块
whois_data=whois(url)
print(whois_data)
3.cdn判断
#方法1:缺点是结果无法读取操作
import system,os
ns="nslookup "+url
cdn_data=os.system(ns)
print(cdn_data)
#方法2:
import system,os
cdn_data = os.popen(ns,'r').read()
#数“.”的数量,看是否超过本来应该有的数量
count=cdn_data.count('.')
if count>8:
print("CDN 存在")
else:
print("CDN不存在")
4.端口扫描
#自写socket协议tcp,udp扫描
import socket
ip = socket.gethostbyname(url)
ports={21,22,135,443,445,80,1433,3306,3389,1521,8000,8080,7002,7001,9090,8089,4848}
server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
for port in ports:
result = server.connect_ex((ip,port))
if result == 0:
print(str(port)+'|open')
else:
print(str(port)+'|close')
5.子域名查询
#利用字典加载爆破进行查询,dic.txt为字典文档
import time
import socket
urls=url.replace('www.','')
for zym_data in open('dic.txt'):
zym_data = zym_data.replace('n','')
url = zym_data + '.xueersi.com'
try:
ip = socket.gethostbyname(url)
print(url + '->' + ip)
time.sleep(0.1)
except Exception as e:
print("error")
内网信息收集-nmap
import os
from nmap import nmap #需要安装python-nmap模块
#系统判断
def os_check(url):
data = os.popen("nmap -O " + url,"r").read()
print(data)
#内网主机信息探针
def nmap_scan(url):
nm = nmap.PortScanner()
try:
# data = nm.scan(url, '80,8080','-sV')
data = nm.scan(hosts='192.168.73.0/24', arguments='-T4 -F')
print(nm.all_hosts())
print(nm.csv())
print(data)
except Exception as err:
print("error")
if __name__ == '__main__':
url = 'www.xiaodi8.com'
os_check(url)
