利用Zoomeye来进行批量漏洞的挖掘(一)
今天有空玩了下Zoomeye,了解后深深感觉知道创宇的牛逼,和shodan有点像,是基于网络空间的扫描,按理论来说,只要是连上网的电子设备都可以扫得到。。。。在网上看到有人用python来调用Zoomeye的Api,我也玩了一下,加了点自己的东西进去。。。可以自己根据需求来改,看你想搜索什么,我的代码是搜索了dedecms(你也可以搜索其他一些漏洞),把搜到的所有IP主机和可以正常访问的IP主机分别保存在ip_list.txt和real.txt中(之后就可以批量嘿嘿嘿)。看代码。。。
#coding:utf-8
import os
import requests
import json
access_token = ''
ip_list = []
def login():
"""
输入用户名和密码 进行登录操作
:return: 访问口令 access_token
"""
user = raw_input('[-] input : username :')
passwd = raw_input('[-] input : password :')
data = {
'username' : user,
'password' : passwd
}
data_encoded = json.dumps(data) # dumps 将 python 对象转换成 json 字符串
try:
r = requests.post(url = 'https://api.zoomeye.org/user/login',data = data_encoded,verify=False)
r_decoded = json.loads(r.text) # loads() 将 json 字符串转换成 python 对象
global access_token
access_token = r_decoded['access_token']
except Exception,e:
print '[-] info : username or password is wrong, please try again '
exit()
def saveStrToFile(file,str):
"""
将字符串写如文件中
:return:
"""
with open(file,'w') as output:
output.write(str)
def saveListToFile(file,list):
"""
将列表逐行写如文件中
:return:
"""
s = '\n'.join(list)
with open(file,'w') as output:
output.write(s)
def apiTest():
"""
进行 api 使用测试
:return:
"""
page = 1
global access_token
with open('access_token.txt','r') as input:
access_token = input.read()
# 将 token 格式化并添加到 HTTP Header 中
headers = {
'Authorization' : 'JWT ' + access_token,
}
# print headers
while(True):
try:
r = requests.get(url = 'https://api.zoomeye.org/host/search?query="dedecms"&facet=app,os&page=' + str(page),
headers = headers,verify=False)
r_decoded = json.loads(r.text)
#print r_decoded
#print r_decoded['total']
for x in r_decoded['matches']:
#print x['ip']
ip_list.append(x['ip'])
#print '[-] info : count ' + str(page * 10)
except Exception,e:
# 若搜索请求超过 API 允许的最大条目限制 或者 全部搜索结束,则终止请求
if str(e.message) == 'matches':
print '[-] info : account was break, excceeding the max limitations'
break
else:
print '[-] info : ' + str(e.message)
else:
if page == 10:
break
page += 1
def ceshi():
ip_list2=''
f=open('ip_list.txt','r')
ip_list2=f.read()
f.close()
ip_list2=ip_list2.strip().split('\n')
real_ip=[]
f1=open('real.txt','w+')
headers={'Accept-Language':'zh-CN,zh;q=0.8',
'User-Agent':'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36'}
for each in ip_list2:
try:
res=requests.get('https://'+each,headers=headers)
if(res.status_code==200):
print each
with open('real.txt','a+') as f1:
f1.write(each+'\n')
except:
pass
def main():
# 访问口令文件不存在则进行登录操作
if not os.path.isfile('access_token.txt'):
print '[-] info : access_token file is not exist, please login'
login()
saveStrToFile('access_token.txt',access_token)
apiTest()
saveListToFile('ip_list.txt',ip_list)
ceshi()
if __name__ == '__main__':
main()