MENU

信息收集工具之cdn识别篇

March 10, 2016 • Security

最近在弄一个基于windows和linux下的信息收集工具。由于不同的扫描工具,所运行的环境有所不同,导致我们的扫描系统有必要兼容不同的系统。比如hydra, openvas等工具,它们是比较适合运行在Linux上,而WVS,appscan等工具是运行在Windows上,所以我们有必要同时兼容这两大类系统。如果再深入一点,Linux也分为很多种不同的系统,比如CentOS, Ubuntu,Redhat等,而且即便相同的系统,内核版本不同的话,运行环境也是有很大的区别。

使用python来实现跨平台的兼容

cdn识别在网上找到个接口 http://www.ipip.net/cdn.php

原理:通过调用接口,得到子域名,进行CDN的识别

Required software:

python2.7
nmap
dig
nslookup
Required python plugins:

sys
urlparse
json
requests
beautifulsoup4
libnmap
httplib2

大致完成的demo:

#!/usr/bin/python
# encoding: utf-8
import re
import sys
import json
import requests
from pprint import pprint 
from bs4 import BeautifulSoup
class cdn(object):
        def __init__(self,host=None):
                self.host=host
                self.result=None
                self.url="http://www.ipip.net/cdn.php"
                self.payload=dict(node="2",host=self.host) 
        def getCdn(self):
                try:
                        r=requests.post(self.url,data=self.payload)
                        get_result=BeautifulSoup(r.text).find_all('table', {'class' : "table table-striped table-bordered"})
                        #获得 标题
                        #print "1"
                        m_a=re.findall(r'<th>(.*?)</th>',str(get_result[0]))
                        #m_a  可能为 域名 IP CHAME 服务商
                        #print m_a
                        m_b=re.findall(r'(?isu)<td[^>]*>(.*?)</td>',str(get_result[0]),re.I|re.M)
                        m_c=[]
                        #print "3"
                        for i in range(len(m_b)):
                                info=m_b[i].strip().split("<br/>")
                                for k in range(len(info)):
                                        test=info[k].strip()
                                        if re.findall(r'target="_blank">(.+?)</a>',test):
                                                m_c.append(re.findall(r'target="_blank">(.+?)</a>',test))
                                        else:
                                                m_c.append(test)
                        services={}
                        services[self.host]=m_c
                        print json.dumps(services,encoding="UTF-8",ensure_ascii=False)
                except:
                        pass
                        print "something wrong"
if __name__=="__main__":
        listnum=['outside.xxx.com', 'acs.xxx.com', 'o.xxx.com', 'mapi.xxx.com', 'weixin-api.xxx.com', 'pay.xxx.com', 'sh-api.tms.xxx.com', 'category.xxx.com', 'qq.xxx.com', 'crm.xxx.com', 'www.ubb.xxx.com', 'client.xxx.com', 'n.myopen.xxx.com', 'sc.xxx.com', 'union.xxx.com', 'pay-static.xxx.com', 'img4.xxx.com', 'tuan.xxx.com', 'sapi.xxx.com', 'ap.xxx.com', 'weixin-static.xxx.com', '400queue.xxx.com', 'u.xxx.com', 'fashion.xxx.com', 's1.xxx.com', 'img3.xxx.com', 'wap.xxx.com', 'img2.xxx.com', 'ota.xxx.com', 'clicks.emkt.xxx.com', 'ir.xxx.com', 'www.kkk.xxx.com']        
        num=['www.xxx.com.cn', 'www.wap.xxx.com.cn', 'chitong1.xxx.com.cn', 'wap.xxx.com.cn', 'order.xxx.com.cn', 'zhaji.xxx.com.cn']
        num_test=["xxx.com","pay.xxx.com","www.xxx.com","bbs.xxx.com"]
        for host in num_test:

                h=cdn(host)
                h.getCdn()

python xxx.py -t 要识别的网站.txt

举个栗子:

python info.py -h vip.com  #通过调用接口,得到子域名,进行CDN的识别 
{"outside.vip.com": ["outside.vip.com", "183.61.89.133", "", "未知", "未知"]}
{"acs.vip.com": ["acs.vip.com", "221.228.213.148", "", "未知", "未知"]}
{"o.vip.com": ["o.vip.com", "14.17.85.10", "14.17.91.10", "", "未知", "未知"]}
{"mapi.vip.com": ["mapi.vip.com", "mapi.vip.com.wscdns.com", ["网宿科技"], "vipshop.xdwscache.glb0.lxdns.com", ["网宿科技"]]}
{"www.vip.com": ["www.vip.com", "www.vip.com.wscdns.com", ["网宿科技"], "vipshop.xdwscache.glb0.lxdns.com", ["网宿科技"]]}
{"pay.vip.com": ["pay.vip.com", "", "未知", "未知"]}

后期还会加入:C段扫描、IP反查和AS号查询、域传送漏洞检查、采集子域名、C,B段探测Title+Server等功能

Archives QR Code
QR Code for this page
Tipping QR Code