with open(urls, 'r') as f: for i in f.readlines(): url = i.strip('\n') print(url)
a = '''curl -s "https://crt.sh/?q={0}&output=json" | jq -r '.[].name_value'| sed 's/\*\.//g' | sort -u | tee -a {1}_crt.txt'''.format(url,url) os.system(a)
#对域名的二次处理,subdomain 子域名列表(getsubdomain 函数的输出结果) defhttp_s(target,subdomain): #subdomain = getsubdomain(target) hp = 'cat {0} | httprobe > {1}_http.txt'.format(subdomain,target) os.system(hp) http = "{}_http.txt".format(target) #b 一个空的列表,用来去重的设置 b = [] # 获取http://www.abc.com 跑敏感目录 qchttp = "{}_qchttp.txt".format(target) qcsdomain = "{}_qcsdomain.txt".format(target) with open(http, 'r') as f: for i in f: domain = (i.strip('\n').split('//')[1]) b.append(domain) # 向列表b中添加域名,然后判断出现一次的时候,直接把 http(s)://www.abc.com输出。即使有重复的,只输出一次 if b.count(domain) == 1: http_domain = i.strip()
with open(qchttp, 'a+') as d: d.writelines(http_domain + '\n') # 获取 domain www.abc.com nmap 跑端口 with open(qcsdomain, 'a+') as d: d.writelines(http_domain.split('//')[1] + '\n')
return qchttp
#对获取的域名进行处理,防止扫描到其他未授权的域名 从http_s获取到的结果,和之前输入的域名进行做对比。 #domains 获取到的子域名,dm列表域名 defright_domain(qchttp,domain,dm): try: qqchttp = "{0}_qqchttp.txt".format(domain) with open(dm,'r') as f: for i in f: dms = i.strip('\n')
with open(qchttp, 'r') as g: for d in g: domains = d.strip('\n') #print(domains)
if dms in domains: with open(qqchttp, 'a+') as d: d.writelines(domains + '\n') file = "python BBScan.py -f {0}".format(qqchttp) os.system(file) except: pass return qqchttp
#扫描的是获取http_s函数输出的结果,作为参数进行调用 defxray(domains): #domains = http_s(domain) try: with open(domains, 'r') as f: dms = set(f) for i in dms: print(i) url = i.strip('\n\t') dm = url.split('//')[1]
try: g = "/root/tools/xary/xray_linux_amd64 webscan --basic-crawler {0} --html-output {1}_.html".format(url,dm) os.system(g) except: pass return"" except: pass if __name__ == '__main__': if len(sys.argv) == 1: msg = """ src_info.py Usage: src_info.py target """ print(msg) sys.exit(0) domains = sys.argv[1] with open(domains,'r') as f: for i in f: domain = i.strip('\n') #subdomain = getsubdomain(domain) http_domain = right_domain(http_s(domain,getsubdomain(domain)),domain,sys.argv[1]) #http_s(domain,getsubdomain(domain)) xray(http_domain)