import socket,os,time
import sys
from whois import whois #需要安装python-whois模块
#IP查询:域名反查IP功能
def ip_check(url):
ip=socket.gethostbyname(url)
print(ip)
#whois查询
#第三方库进行whois查询,也可以利用网上接口查询
def whois_check(url):
whois_data=whois(url)
print(whois_data)
#CDN判断-利用返回IP条数进行判断
#识别目标是否存在CDN
def cdn_check(url):
# 采用nslookup执行结果进行返回IP解析数目判断:如果非权威应答地址只有一个,那么这个网站无cnd,否则有cdn
# 利用python去调用执行系统命令
ns="nslookup "+url
# 方法1:缺点是结果无法读取操作
# cdn_data=os.system(ns)
# print(data)
# 方法2:
cdn_data = os.popen(ns,'r').read()
count=cdn_data.count('.')
if count>8:
print("CDN 存在")
else:
print("CDN不存在")
#端口扫描
#1.自写socket协议tcp,udp扫描
#2.调用第三方模块masscan,nmap等扫描
#3.调用系统工具脚本执行
def port_check(url):
ip = socket.gethostbyname(url)
ports={21,22,135,443,445,80,1433,3306,3389,1521,8000,8080,7002,7001,9090,8089,4848}
server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
for port in ports:
result = server.connect_ex((ip,port))
if result == 0:
print(str(port)+'|open')
else:
print(str(port)+'|close')
#子域名查询
#1.利用字典加载爆破进行查询
#2.利用bing或第三方接口进行查询
def zym_check(url):
urls=url.replace('www','')
for zym_data in open('dic.txt'):
zym_data = zym_data.replace('\n','')
url = zym_data + urls
try:
ip = socket.gethostbyname(url)
print(url + '->' + ip)
time.sleep(0.1)
except Exception as e:
pass
if __name__ == '__main__':
check=sys.argv[1] # sys.argv[0]为D:/python2/project1/nihao.py
url =sys.argv[2]
if check =='all':
ip_check(url)
whois_check(url)
cdn_check(url)
port_check(url)
zym_check(url)
在dict.txt目录下运行:
这里是运行结果中的一部分