渗透测试中子域名和ip收集(我这里子域名用的网上找的接口,还是挺全的:二级域名查询)
import urllib
import re
import sys
import socket
def get_html(url):
r = urllib.urlopen(url)
res = r.read()
return res
def scan_sub(html):
resu = re.compile(r'<a href="http://(.*?)" rel=nofollow target=_blank>')
a = resu.findall(html)
return a
def get_ip():
target_file = '%s.txt' % (sys.argv[1].split('.')[0] + '_ip')
with open(target_file, 'w') as f:
for i in file((sys.argv[1].split('.')[0]+".txt"),'rb'):
i = i.strip()
try:
ip = socket.getaddrinfo(i, 'http')
#print ip[0][4][0]
a = ip[0][4][0] + "\n"
f.write(a)
except:
pass
api = 'http://i.links.cn/subdomain/'
target = sys.argv[1]
url = api + target + '.html'
html = get_html(url)
if __name__ == '__main__':
result = scan_sub(html)
b = '\n'.join(result)
resfile = '%s.txt' % sys.argv[1].split('.')[0]
print 'the result saved in ' + resfile + "\n"
with open(resfile, 'w') as F:
F.write(b)
get_ip()
print 'the result_ip is saved in: %s.txt' % (sys.argv[1].split('.')[0] + '_ip')
贴一下效果图
python菜鸟,练手中……
