这是一个很简单的小工具
用来识别历史cms的程序
cms指纹库格式为JSON如下图所示
该脚本的原理就是批量拼接url+字典里的"staticurl"进行get请求,然后进行MD5加密比对
匹配上了就将cms信息保存在当前目录的jg,json文件里
代码如下所示,非常简单
(由于cms指纹库太老了,所以说不太推荐使用)
import json
import requests
import hashlib
import sys
jg = []
cmd = sys.argv
url = cmd[1]
print(url)
f = open("cmsprint.json","r",encoding="utf-8")
cms_dirt = json.load(f)
data = cms_dirt["RECORDS"]
for i in range(len(data)):
if data[i]["staticurl"] != "":
respon = requests.get(url+data[i]["staticurl"])
#print(type(respon))
if str(respon) == "<Response [200]>":
#print()
f = open("qwe.txt","wb")
f.write(respon.content)
f.close()
f = open("qwe.txt","rb")
md5_1 = hashlib.md5()
md5_1.update(f.read())
f.close()
hash = md5_1.hexdigest()
if hash == data[i]["checksum"]:
#print(data[i])
jg.append(data[i])
with open("jg.json","w") as file:
file.write(json.dumps(jg,indent=4,ensure_ascii=False,))
print("over")
指纹库奉上: