网站首页 技术学习 教程分享 正文
网站渗透常用Python小脚本same_host旁站查询
旁站查询来源:
http://dns.aizhan.com
http://s.tool.chinaz.com/same
http://i.links.cn/sameip/
http://www.ip2hosts.com/
效果图如下:
以百度网站和小残博客为例:
以百度网站为例:
PS:直接调用以上4个旁注接口查询同服服务器域名信息包含服务器类型 比如小残博客使用的是Tengine
#!/usr/bin/env python
#encoding: utf-8
import re
import sys
import json
import time
import requests
import urllib
import requests.packages.urllib3
from multiprocessing import Pool
from BeautifulSoup import BeautifulSoup
requests.packages.urllib3.disable_warnings()
headers = {'User-Agent' : 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20'}
def links_ip(host):
'''
查询同IP网站
'''
ip2hosts = []
ip2hosts.append("http://"+host)
try:
source = requests.get('http://i.links.cn/sameip/' + host + '.html', headers=headers,verify=False)
soup = BeautifulSoup(source.text)
divs = soup.findAll(style="word-break:break-all")
if divs == []: #抓取结果为空
print 'Sorry! Not found!'
return ip2hosts
for div in divs:
#print div.a.string
ip2hosts.append(div.a.string)
except Exception, e:
print str(e)
return ip2hosts
return ip2hosts
def ip2host_get(host):
ip2hosts = []
ip2hosts.append("http://"+host)
try:
req=requests.get('http://www.ip2hosts.com/search.php?ip='+str(host), headers=headers,verify=False)
src=req.content
if src.find('result') != -1:
result = json.loads(src)['result']
ip = json.loads(src)['ip']
if len(result)>0:
for item in result:
if len(item)>0:
#log(scan_type,host,port,str(item))
ip2hosts.append(item)
except Exception, e:
print str(e)
return ip2hosts
return ip2hosts
def filter(host):
'''
打不开的网站...
'''
try:
response = requests.get(host, headers=headers ,verify=False)
server = response.headers['Server']
title = re.findall(r'<title>(.*?)</title>',response.content)[0]
except Exception,e:
#print "%s" % str(e)
#print host
pass
else:
print host,server
def aizhan(host):
ip2hosts = []
ip2hosts.append("http://"+host)
regexp = r'''<a href="[^']+?([^']+?)/" rel="nofollow" target="_blank">\1</a>'''
regexp_next = r'''<a href="http://dns.aizhan.com/[^/]+?/%d/">%d</a>'''
url = 'http://dns.aizhan.com/%s/%d/'
page = 1
while True:
if page > 2:
time.sleep(1) #防止拒绝访问
req = requests.get(url % (host , page) ,headers=headers ,verify=False)
try:
html = req.content.decode('utf-8') #取得页面
if req.status_code == 400:
break
except Exception as e:
print str(e)
pass
for site in re.findall(regexp , html):
ip2hosts.append("http://"+site)
if re.search(regexp_next % (page+1 , page+1) , html) is None:
return ip2hosts
break
page += 1
return ip2hosts
def chinaz(host):
ip2hosts = []
ip2hosts.append("http://"+host)
regexp = r'''<a href='[^']+?([^']+?)' target=_blank>\1</a>'''
regexp_next = r'''<a href="javascript:" val="%d" class="item[^"]*?">%d</a>'''
url = 'http://s.tool.chinaz.com/same?s=%s&page=%d'
page = 1
while True:
if page > 1:
time.sleep(1) #防止拒绝访问
req = requests.get(url % (host , page) , headers=headers ,verify=False)
html = req.content.decode('utf-8') #取得页面
for site in re.findall(regexp , html):
ip2hosts.append("http://"+site)
if re.search(regexp_next % (page+1 , page+1) , html) is None:
return ip2hosts
break
page += 1
return ip2hosts
def same_ip(host):
mydomains = []
mydomains.extend(ip2host_get(host))
mydomains.extend(links_ip(host))
mydomains.extend(aizhan(host))
mydomains.extend(chinaz(host))
mydomains = list(set(mydomains))
p = Pool()
for host in mydomains:
p.apply_async(filter, args=(host,))
p.close()
p.join()
if __name__=="__main__":
if len(sys.argv) == 2:
same_ip(sys.argv[1])
else:
print ("usage: %s host" % sys.argv[0])
sys.exit(-1)
#!/usr/bin/env python
#encoding: utf-8
import re
import sys
import json
import time
import requests
import urllib
import requests.packages.urllib3
from multiprocessing import Pool
from BeautifulSoup import BeautifulSoup
requests.packages.urllib3.disable_warnings()
headers = {'User-Agent' : 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20'}
def links_ip(host):
'''
查询同IP网站
'''
ip2hosts = []
ip2hosts.append("http://"+host)
try:
source = requests.get('http://i.links.cn/sameip/' + host + '.html', headers=headers,verify=False)
soup = BeautifulSoup(source.text)
divs = soup.findAll(style="word-break:break-all")
if divs == []: #抓取结果为空
print 'Sorry! Not found!'
return ip2hosts
for div in divs:
#print div.a.string
ip2hosts.append(div.a.string)
except Exception, e:
print str(e)
return ip2hosts
return ip2hosts
def ip2host_get(host):
ip2hosts = []
ip2hosts.append("http://"+host)
try:
req=requests.get('http://www.ip2hosts.com/search.php?ip='+str(host), headers=headers,verify=False)
src=req.content
if src.find('result') != -1:
result = json.loads(src)['result']
ip = json.loads(src)['ip']
if len(result)>0:
for item in result:
if len(item)>0:
#log(scan_type,host,port,str(item))
ip2hosts.append(item)
except Exception, e:
print str(e)
return ip2hosts
return ip2hosts
def filter(host):
'''
打不开的网站...
'''
try:
response = requests.get(host, headers=headers ,verify=False)
server = response.headers['Server']
title = re.findall(r'<title>(.*?)</title>',response.content)[0]
except Exception,e:
#print "%s" % str(e)
#print host
pass
else:
print host,server
def aizhan(host):
ip2hosts = []
ip2hosts.append("http://"+host)
regexp = r'''<a href="[^']+?([^']+?)/" rel="nofollow" target="_blank">\1</a>'''
regexp_next = r'''<a href="http://dns.aizhan.com/[^/]+?/%d/">%d</a>'''
url = 'http://dns.aizhan.com/%s/%d/'
page = 1
while True:
if page > 2:
time.sleep(1) #防止拒绝访问
req = requests.get(url % (host , page) ,headers=headers ,verify=False)
try:
html = req.content.decode('utf-8') #取得页面
if req.status_code == 400:
break
except Exception as e:
print str(e)
pass
for site in re.findall(regexp , html):
ip2hosts.append("http://"+site)
if re.search(regexp_next % (page+1 , page+1) , html) is None:
return ip2hosts
break
page += 1
return ip2hosts
def chinaz(host):
ip2hosts = []
ip2hosts.append("http://"+host)
regexp = r'''<a href='[^']+?([^']+?)' target=_blank>\1</a>'''
regexp_next = r'''<a href="javascript:" val="%d" class="item[^"]*?">%d</a>'''
url = 'http://s.tool.chinaz.com/same?s=%s&page=%d'
page = 1
while True:
if page > 1:
time.sleep(1) #防止拒绝访问
req = requests.get(url % (host , page) , headers=headers ,verify=False)
html = req.content.decode('utf-8') #取得页面
for site in re.findall(regexp , html):
ip2hosts.append("http://"+site)
if re.search(regexp_next % (page+1 , page+1) , html) is None:
return ip2hosts
break
page += 1
return ip2hosts
def same_ip(host):
mydomains = []
mydomains.extend(ip2host_get(host))
mydomains.extend(links_ip(host))
mydomains.extend(aizhan(host))
mydomains.extend(chinaz(host))
mydomains = list(set(mydomains))
p = Pool()
for host in mydomains:
p.apply_async(filter, args=(host,))
p.close()
p.join()
if __name__=="__main__":
if len(sys.argv) == 2:
same_ip(sys.argv[1])
else:
print ("usage: %s host" % sys.argv[0])
sys.exit(-1)
大家可以发挥添加或者修改任意查询接口。
网站渗透常用Python小脚本same_host旁站查询
猜你喜欢
- 2021-08-19 抖音上正规的“怀旧赚钱”项目分享
- 2021-02-01 mirror去兔子补丁怎么用
- 2021-02-01 怎么在线使用美图秀秀,美图秀秀在线使用
- 2021-01-31 电脑c盘满了该如何清理干净
- 2021-01-31 快剪辑剪切视频的详细教程
- 2021-01-31 深圳小汽车摇号申请流程,深圳摇号操作步骤
- 2021-01-31 怎样使用VLOOKUP函数,vlookup函数的使用方法
- 2021-01-29 微信红包封面怎么设置
- 2021-01-27 微信8.0状态设置背景音乐方法分享
- 2021-01-27 如何用求字体网查找字体
- 51375℃拼多多官方回复100元无门槛BUG优惠券 称已向法院报案
- 38377℃设计你的专属签名 一笔签名设计安卓版
- 35051℃CF国庆神枪节活动 开启宝箱领取永久和期限道具 还有高倍经验
- 33462℃下载百度袋鼠即可100%领取1天-1年爱奇艺VIP会员奖励
- 35119℃快手获腾讯等3.5亿美元融资 马化腾表示它有温度
- 32964℃热血传奇新服开启手游app抽奖送3~100元微信红包奖励
- 31512℃王者荣耀s7亚瑟玩法详解 王者荣耀亚瑟怎么玩
- 29719℃梦幻诛仙新年新惊喜登录送1元微信红包 每日限量
- 04-184月18日每天60秒新闻资讯读懂世界
- 04-174月17日每天60秒新闻资讯读懂世界
- 04-164月16日每天60秒新闻资讯读懂世界
- 04-154月15日每天60秒新闻资讯读懂世界
- 04-144月14日每天60秒新闻资讯读懂世界
- 04-134月13日每天60秒新闻资讯读懂世界
- 04-124月12日每天60秒新闻资讯读懂世界
- 04-114月11日每天60秒新闻资讯读懂世界
- 51375℃拼多多官方回复100元无门槛BUG优惠券 称已向法院报案
- 38377℃设计你的专属签名 一笔签名设计安卓版
- 35051℃CF国庆神枪节活动 开启宝箱领取永久和期限道具 还有高倍经验
- 33462℃下载百度袋鼠即可100%领取1天-1年爱奇艺VIP会员奖励
- 35119℃快手获腾讯等3.5亿美元融资 马化腾表示它有温度
- 32964℃热血传奇新服开启手游app抽奖送3~100元微信红包奖励
- 31512℃王者荣耀s7亚瑟玩法详解 王者荣耀亚瑟怎么玩
- 29719℃梦幻诛仙新年新惊喜登录送1元微信红包 每日限量
- 大家都在看
- 热门文章
- 最新文章
