fofa爬虫（刷漏洞平台好方法）

宣紫科技

已于 2022-09-21 16:50:07 修改

阅读量598

点赞数

分类专栏： Web漏洞文章标签： python 爬虫开发语言

于 2022-09-20 16:37:12 首次发布

原文链接：https://blog.csdn.net/wuguojiuai/article/details/116314932?spm=1001.2014.3001.5502

版权

Web漏洞专栏收录该内容

16 篇文章 2 订阅

订阅专栏

说明：

代码

配置

web安全学习了解： web渗透测试
官网：宣紫科技

说明：

支持多关键词爬虫，适合于rad+xray联动。

关键词一行一个，fofa.txt文本内容为关键词，target内容为结果，直接与Xray_Rad_Fusion放在同一个目录下执行即可联动。

代码

import requests,os,sys,base64,json,re
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

def fofa_work():
    config= os.path.abspath(os.path.dirname(__file__)) + '/config.ini'
    login= open(config,'r').readlines()
    email = str(login[2][6::]).encode('UTF-8').decode('UTF-8').replace("\n","")
    key = str(login[4][4::]).encode('UTF-8').decode('UTF-8').replace("\n","")
    fofa_txt = "./fofa.txt"
    fofa_dir = []
    with open(fofa_txt,encoding="UTF-8") as infile:
        while True:
            dirdic = infile.readline().strip()
            if(len(dirdic)==0):break
            fofa_dir.append(dirdic)
        for line in fofa_dir:
            cha_base64 = base64.b64encode(line.encode('UTF-8')).decode('UTF-8')
            size = 10000
            fofa_page= 1
            headers = {
                'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36'
            }
            url = "https://fofa.so/api/v1/search/all?email={}&key={}&qbase64={}&size={}&page={}&fields=ip,host,port,domain,title,country,province,city,country_name,server,protocol,banner,lastupdatetime".format(email,key,str(cha_base64),size,int(fofa_page))

            rs = requests.get(url,stream=True,allow_redirects=False,verify=False,headers=headers)
            rs_text = rs.text
            res = json.loads(rs_text)
            error = res['error']
            size = res['size']
            if error:
                errmsg = res['errmsg']
                if '401 Unauthorized' in errmsg:
                    print('警告','用户名或API 无效！或者是该账户未充值升级vip会员')
            ips = []
            hosts = []
            ports = []
            domains = []
            titles = []
            codes = []
            for i in res['results']:
                ip = i[0]
                ips.append(ip)
                host = i[1]
                if "http://" in host or "https://" in host:
                    pass
                else:
                    host = "http://"+host
                hosts.append(host)
                port = i[2]
                ports.append(port)
                domain = i[3]
                domains.append(domain)
                title = i[4]
                titles.append(title)
                code = i[11]
                zc = re.findall(r'<hr><center>(.*?)</center>',code,re.S)
                zc = str(zc).replace("[","").replace("]","").replace("'","").replace("'","")
                codes.append(zc)
                print(host)
            print(len(hosts))

            filename = 'target.txt'
            with open(filename, 'a') as file_object:
                file_object.write("\n".join(hosts))

if __name__ == "__main__":
    fofa_work()

需要在目录下创建config.ini,格式内容：

配置

[fofa]
//email username
email=
// key
key=

创建两个文本，文本名：fofa.txt+target.txt

可挂在服务器上刷漏洞。

宣紫科技

关注

0
点赞
踩
3

收藏

觉得还不错? 一键收藏
0
评论
fofa爬虫（刷漏洞平台好方法）

关键词一行一个，fofa.txt文本内容为关键词，target内容为结果，直接与Xray_Rad_Fusion放在同一个目录下执行即可联动。创建两个文本，文本名：fofa.txt+target.txt。支持多关键词爬虫，适合于rad+xray联动。可挂在服务器上刷漏洞。
复制链接

扫一扫