渗透测试中常见信息收集(python实现子域名与ip收集)

Posted by sp4rk on January 4, 2017

渗透测试中子域名和ip收集(我这里子域名用的网上找的接口,还是挺全的:二级域名查询

import urllib
import re
import sys
import socket 

def get_html(url):
	r = urllib.urlopen(url)
	res = r.read()
	return res

def scan_sub(html):
	resu = re.compile(r'<a href="http://(.*?)" rel=nofollow target=_blank>')
	a = resu.findall(html)
	return a

def get_ip():
	target_file = '%s.txt' % (sys.argv[1].split('.')[0] + '_ip')
	with open(target_file, 'w') as f:
		for i in file((sys.argv[1].split('.')[0]+".txt"),'rb'):
		    i = i.strip()
		    try:
		        ip = socket.getaddrinfo(i, 'http')
		        #print ip[0][4][0]       
		    	a = ip[0][4][0] + "\n"
		    	f.write(a)
		    except:
		        pass

api = 'http://i.links.cn/subdomain/'
target = sys.argv[1]
url = api + target + '.html'
html = get_html(url)

if __name__ == '__main__':
	
	result = scan_sub(html)
	b = '\n'.join(result)
	resfile = '%s.txt' % sys.argv[1].split('.')[0]
	print 'the result saved in ' + resfile + "\n"
	with open(resfile, 'w') as F:
		F.write(b)
	get_ip() 	
	print 'the result_ip is saved in: %s.txt' % (sys.argv[1].split('.')[0] + '_ip')
	

贴一下效果图

python菜鸟,练手中……