前言:
现在大家对“pythonurl域名”大致比较讲究,我们都需要学习一些“pythonurl域名”的相关文章。那么小编也在网摘上搜集了一些对于“pythonurl域名””的相关知识,希望朋友们能喜欢,大家快快来了解一下吧!该工具第一是查询执行参数-a Search xxx.com第二是爆破-a Blast domain wordlist,工具同样可以使用DNS域名的枚举,和上面的区别就在于该方法使用了DNS迭代查询.
Web子域名查询: 该工具第一是查询执行参数-a Search xxx.com第二是爆破-a Blast domain wordlist
import requestsimport re,linecache,argparsehead={'user-agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36'}def Banner(): print(" _ ____ _ _ ") print(" | | _ _/ ___|| |__ __ _ _ __| | __") print(" | | | | | \___ \| '_ \ / _` | '__| |/ /") print(" | |__| |_| |___) | | | | (_| | | | < ") print(" |_____\__, |____/|_| |_|\__,_|_| |_|\_\\") print(" |___/ \n") print("E-Mail: me@lyshark.com")# 查询子域名def SearchDomain(domain): url = "; + domain try: req = requests.get(url=url,headers=head,timeout=10) result = re.findall('<TD>(.*?)</TD>\n <TD><A',req.text,re.S) for item in result: print(item) except Exception: passdef VisitWeb(prefix,domain): try: url = "https://{}.{}".format(prefix,domain) ret = requests.get(url=url, headers=head, timeout=1) if(ret.status_code == 200): return 1 else: return 0 except: return 0# 爆破子域名def BlastWeb(domain,wordlist): forlen = len(linecache.getlines(wordlist)) fp = open(wordlist,"r+") for i in range(0,forlen): main = str(fp.readline().split()[0]) if VisitWeb(main, domain) != 0: print("旁站: {}.{} 存在".format(main,domain))if __name__ == "__main__": Banner() def RunCMD(argc, args): if (argc == "Search"): SearchDomain(args[0]) elif (argc == "Blast"): SubDomain = args[0] WordList = args[1] BlastWeb(SubDomain,WordList) Usage = "[*] Usage : main.py -a [Search | Blast] xxx.com" parser = argparse.ArgumentParser(usage=Usage) parser.add_argument("-a",dest="RunCMD",help="查询子域名命令") args = parser.parse_args() if args.RunCMD: argc = args.RunCMD RunCMD(argc,args) else: parser.print_help()通过DNS爆破子域名: 该工具同样可以使用DNS域名的枚举,和上面的区别就在于该方法使用了DNS迭代查询.
import threadingimport argparsefrom queue import Queueimport dns.resolverclass BlastDNSDomain(threading.Thread): def __init__(self,queue,result): threading.Thread.__init__(self) self._queue = queue self.result = result def run(self): while not self._queue.empty(): SubDomain = self._queue.get_nowait() try: result =dns.resolver.query(SubDomain,'A') if result.response.answer: self.result.append(SubDomain) print("[+] {}".format(SubDomain)) except Exception: passdef Banner(): print(" _ ____ _ _ ") print(" | | _ _/ ___|| |__ __ _ _ __| | __") print(" | | | | | \___ \| '_ \ / _` | '__| |/ /") print(" | |__| |_| |___) | | | | (_| | | | < ") print(" |_____\__, |____/|_| |_|\__,_|_| |_|\_\\") print(" |___/ \n") print("E-Mail: me@lyshark.com")if __name__ == "__main__": Banner() Usage = "main.py -d xxx.com -w dict.log -t 5" parser = OptionParser(usage=Usage) parser.add_argument("-d", "--domain", dest="Domain", help="Specify subdomain format") parser.add_argument("-w", "--wordlist", dest="WordList", help="Specify a dictionary file") parser.add_argument("-t", "--ThreadCount", dest="ThreadCount", help="Specify the number of execution threads") args = parser.parse_args() if args.Domain and args.WordList and args.ThreadCount: queue = Queue() result = [] with open(args.WordList) as fp: for item in fp: queue.put(item.rstrip() + '.' + args.Domain) threads = [] for item in range(int(args.ThreadCount)): threads.append(BlastDNSDomain(queue, result)) for t in threads: t.start() for t in threads: t.join() print("所有DNS域名: {}".format(set(result))) else: parser.print_help() 版权声明:
本站文章均来自互联网搜集,如有侵犯您的权益,请联系我们删除,谢谢。
标签: #pythonurl域名
