一、IP查詢
原理:通過目標URL查詢目標的IP地址。
所需庫:socket
Python代碼示例:
import socketip = socket.gethostbyname('www.163.com')
print(ip)
上述代碼中,使用gethostbyname函數。該函數位于Python內置的socket庫中,其原型如下:
def gethostbyname(host): # real signature unknown; restored from __doc__"""gethostbyname(host) -> addressReturn the IP address (a string of the form '255.255.255.255') for a host."""pass
參數host為目標的URL,返回對應的ip地址。
示例代碼輸出:
125.39.47.211Process finished with exit code 0
二、Whois查詢
原理:用來查詢域名是否已經被注冊,以及注冊域名的詳細信息。
所需庫:whois
安裝whois模塊:
pip install python-whois
記錄
執行上述命令后,導入會報錯(找不到Whois模塊)(在PyCharm中,IDLE則未出現此問題),需要在報錯處再次執行安裝命令。另一個方法是在終端中直接執行安裝命令,并在IDLE中運行代碼:
Python代碼示例:
from whois import whois
data = whois("www.163.com")print(data)
示例代碼輸出(含注釋說明):
{"domain_name": [ # 域名:163.com"163.COM","163.com"],"registrar": "MarkMonitor Information Technology (Shanghai) Co., Ltd.", # 注冊公司"whois_server": "whois.markmonitor.com", # whois服務器地址"referral_url": null,"updated_date": [ # 更新日期和時間"2023-09-22 06:35:34","2024-04-29 01:59:31+00:00"],"creation_date": [ # 創建日期和時間"1997-09-15 04:00:00","1997-09-15 04:00:00+00:00"],"expiration_date": [ # 過期日期和時間"2027-09-14 04:00:00","2027-09-14 04:00:00+00:00"],"name_servers": [ # DNS解析服務器地址"NS1.NEASE.NET","NS2.166.COM","NS3.NEASE.NET","NS4.NEASE.NET","NS5.NEASE.NET","NS6.NEASE.NET","NS8.166.COM","ns4.nease.net","ns2.166.com","ns1.nease.net","ns6.nease.net","ns5.nease.net","ns8.166.com","ns3.nease.net"],"status": [ # 服務器狀態"clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited","clientTransferProhibited https://icann.org/epp#clientTransferProhibited","clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited","serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited","serverTransferProhibited https://icann.org/epp#serverTransferProhibited","serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited","clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)","clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)","clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)"],"emails": [ # 聯絡郵箱"abusecomplaints@markmonitor.com","whoisrequest@markmonitor.com"],"dnssec": "unsigned","name": null,"org": "\u5e7f\u5dde\u7f51\u6613\u8ba1\u7b97\u673a\u7cfb\u7edf\u6709\u9650\u516c\u53f8","address": null,"city": null,"state": "Guang Dong", # 城市(對應美國的“州”):廣東"registrant_postal_code": null, # 注冊者郵編(無)"country": "CN" # 國家碼
}
三、子域名挖掘
通過必應(必應搜索引擎)進行子域名搜集:
首先確保安裝有requests庫、bs4庫、urllib庫,安裝這些庫的命令和過程如下:
Python代碼示例:
import requests
from bs4 import BeautifulSoup
from urllib.parse import urlparse
import sysdef bing_search(site, pages):Subdomain = []headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","Accept": "text/html,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8","Referer": "https://cn.bing.com"}for i in range(1, int(pages)+1):url = "https://cn.bing.com/search?q=site%3a"+site+"&go=Search&qs=ds&first="+ str((int(i)-1) * 10) + "&FROM=PERE"html = requests.get(url, headers=headers)soup = BeautifulSoup(html.content, 'html.parser')job_bt = soup.findAll('h2')for i in job_bt:link = i.a.get('href')domain = str(urlparse(link).scheme + "://" + urlparse(link).netloc)if domain in Subdomain:passelse:Subdomain.append(domain)print(domain)if __name__ == '__main__':if len(sys.argv) == 3:site = sys.argv[1] # 參數1:網址page = sys.argv[2] # 參數2:獲取搜索引擎頁數else:print("usage: %s baidu.com 10" % sys.argv[0])sys.exit(-1)Subdomain = bing_search(site,page)
對域名baidu.com進行子域名收集,獲取50頁搜索結果:
參考書目
《Python安全攻防——滲透測試實戰指南》,MS08067安全實驗室 編著,北京,機械工業出版社,2021年10月第1版。
)
)
)
![【學習筆記】C++每日一記[20240520]](http://pic.xiahunao.cn/【學習筆記】C++每日一記[20240520])
