python网站后台_Python 网站后台扫描脚本
Python 網站后臺掃描腳本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/usr/bin/python
#coding=utf-8
import sys
import urllib
import time
url= "http://123.207.123.228/"
txt= open(r"C:\Users\ww\Desktop\houtaiphp.txt","r")
open_url= []
all_url= []
def search_url(url,txt):
withopen(r"C:\Users\ww\Desktop\houtaiphp.txt","r") as f :
for eachin f:
each= each.replace('\n','')
urllist= url+each
all_url.append(urllist)
print("查找:"+urllist+'\n')
try:
req= urllib.urlopen(urllist)
if req.getcode()== 200:
open_url.append(urllist)
if req.getcode()== 301:
open_url.append(urllist)
except:
pass
def main():
search_url(url,txt)
if open_url:
print("后臺地址:")
for eachin open_url:
print("[+]"+each)
else:
print("沒有找到網站后臺")
if __name__== "__main__":
main()
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/usr/bin/python
#coding=utf-8
import sys
import urllib
import time
url= "http://123.207.123.228/"
txt= open(r"C:\Users\ww\Desktop\houtaiphp.txt","r")
open_url= []
all_url= []
def search_url(url,txt):
withopen(r"C:\Users\ww\Desktop\houtaiphp.txt","r") as f :
for eachin f:
each= each.replace('\n','')
urllist= url+each
all_url.append(urllist)
handle_url(urllist)
def handle_url(urllist):
print("查找:"+urllist+'\n')
try:
req= urllib.urlopen(urllist)
if req.getcode()== 200:
open_url.append(urllist)
if req.getcode()== 301:
open_url.append(urllist)
except:
pass
def main():
search_url(url,txt)
if open_url:
print("后臺地址:")
for eachin open_url:
print("[+]"+each)
else:
print("沒有找到網站后臺")
if __name__== "__main__":
main()
師傅讓我多看看-->多線程
這里就加個多線程吧。
#!/usr/bin/python
#coding=utf-8
import sys
import urllib
import time
import threading
url = "http://123.207.123.228/"
txt = open(r"C:\Users\ww\Desktop\houtaiphp.txt","r")
open_url = []
all_url = []
threads = []
def search_url(url,txt):
with open(r"C:\Users\ww\Desktop\houtaiphp.txt","r") as f :
for each in f:
each = each.replace('\n','')
urllist = url+each
all_url.append(urllist)
def handle_url(urllist):
print("查找:"+urllist+'\n')
try:
req = urllib.urlopen(urllist)
if req.getcode() == 200:
open_url.append(urllist)
if req.getcode() == 301:
open_url.append(urllist)
except:
pass
def main():
search_url(url,txt)
for each in all_url:
t = threading.Thread(target = handle_url,args=(each,))
threads.append(t)
t.start()
for t in threads:
t.join()
if open_url:
print("后臺地址:")
for each in open_url:
print("[+]"+each)
else:
print("沒有找到網站后臺")
if __name__ == "__main__":
start = time.clock()
main()
end = time.clock()
print("spend time is:%.3f seconds" %(end-start))
多線程和沒加線程的時間對比
--------------------------------------------------------------------------------------------------------------------------------------------------
利用zoomeye搜索
調用ZoomEye API獲取信息
主要涉及模塊urllib,json,os模塊。
# coding: utf-8
import os
import requests
import json
access_token = ''
ip_list = []
def login():
"""
輸入用戶米密碼 進行登錄操作
:return: 訪問口令 access_token
"""
user = raw_input('[-] input : username :')
passwd = raw_input('[-] input : password :')
data = {
'username' : user,
'password' : passwd
}
data_encoded = json.dumps(data) # dumps 將 python 對象轉換成 json 字符串
try:
r = requests.post(url = 'https://api.zoomeye.org/user/login',data = data_encoded)
r_decoded = json.loads(r.text) # loads() 將 json 字符串轉換成 python 對象
global access_token
access_token = r_decoded['access_token']
except Exception,e:
print '[-] info : username or password is wrong, please try again '
exit()
def saveStrToFile(file,str):
"""
將字符串寫如文件中
:return:
"""
with open(file,'w') as output:
output.write(str)
def saveListToFile(file,list):
"""
將列表逐行寫如文件中
:return:
"""
s = '\n'.join(list)
with open(file,'w') as output:
output.write(s)
def apiTest():
"""
進行 api 使用測試
:return:
"""
page = 1
global access_token
with open('access_token.txt','r') as input:
access_token = input.read()
# 將 token 格式化并添加到 HTTP Header 中
headers = {
'Authorization' : 'JWT ' + access_token,
}
# print headers
while(True):
try:
r = requests.get(url = 'https://api.zoomeye.org/host/search?query="phpmyadmin"&facet=app,os&page=' + str(page),
headers = headers)
r_decoded = json.loads(r.text)
# print r_decoded
# print r_decoded['total']
for x in r_decoded['matches']:
print x['ip']
ip_list.append(x['ip'])
print '[-] info : count ' + str(page * 10)
except Exception,e:
# 若搜索請求超過 API 允許的最大條目限制 或者 全部搜索結束,則終止請求
if str(e.message) == 'matches':
print '[-] info : account was break, excceeding the max limitations'
break
else:
print '[-] info : ' + str(e.message)
else:
if page == 10:
break
page += 1
def main():
# 訪問口令文件不存在則進行登錄操作
if not os.path.isfile('access_token.txt'):
print '[-] info : access_token file is not exist, please login'
login()
saveStrToFile('access_token.txt',access_token)
apiTest()
saveListToFile('ip_list.txt',ip_list)
if __name__ == '__main__':
main()
上面的腳本是搜索 phpmyadmin 的。搜索得到的 IP 會保存在同路徑下的 ip_list.txt 文件。
但是搜索到的 ip 并不是都能夠訪問的,所以這里寫個了識別 phpmyadmin 的腳本,判斷是否存在,是則輸出。
#!/usr/bin/python
#coding=utf-8
import sys
import time
import requests
headers = {'User-Agent':"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"}##瀏覽器請求頭
open_url = []
all_url = []
payloa = 'http://'
payload = '/phpmyadmin/index.php'
def search_url():
with open(r"C:\Users\ww\Desktop\ip_list.txt","r") as f :
for each in f:
each = each.replace('\n','')
urllist = payloa+each+payload
all_url.append(urllist)
handle_url(urllist)
def handle_url(urllist):
#print('\n'+urllist)
#print '----------------------------'
try:
start_htm = requests.get(urllist,headers=headers)
#print start_htm
if start_htm.status_code == 200:
print '*******************************************'
print urllist
except:
pass
if __name__ == "__main__":
search_url()
加個多線程,畢竟工作量很大。
#!/usr/bin/python
#coding=utf-8
import sys
import time
import requests
import threading
headers = {'User-Agent':"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"}##瀏覽器請求頭
open_url = []
all_url = []
threads = []
payloa = 'http://'
payload = '/phpmyadmin/index.php'
def search_url():
with open(r"C:\Users\ww\Desktop\ip_list.txt","r") as f :
for each in f:
each = each.replace('\n','')
urllist = payloa+each+payload
all_url.append(urllist)
#handle_url(urllist)
def handle_url(urllist):
#print('\n'+urllist)
#print '----------------------------'
try:
start_htm = requests.get(urllist,headers=headers)
#print start_htm
if start_htm.status_code == 200:
print '*******************************************'
print urllist
except:
pass
def main():
search_url()
for each in all_url:
t = threading.Thread(target=handle_url,args=(each,))
threads.append(t)
t.start()
for t in threads:
t.join()
if __name__ == "__main__":
start = time.clock()
main()
end = time.clock()
print("spend time is %.3f seconds" %(end-start))
這下就方便了許多。
任重而道遠!
總結
以上是生活随笔為你收集整理的python网站后台_Python 网站后台扫描脚本的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: vs2012旗舰版 有效注册密钥
- 下一篇: python爬虫怎么下载图片到手机_Py