python安全开发-多线程目录扫描&端口扫描&子域名爆破

python开发
python开发
发布日期:   2022-05-02
更新日期:   2022-05-05
文章字数:   428
阅读时长:   2 分

## 0x00 多线程目录扫描

import sys
import os
import tarfile
import wsgiref.validate

import requests
import threading
import time
import queue



q=queue.Queue()

def scan():
    while not q.empty():
        dir=q.get()
        urls=url+dir
        urls=urls.replace("\n",'')
        code=requests.get(urls).status_code
        if code==200 or code==403:
            f=open("yes.txt","a+")
            f.write(urls)
            f.close
        else:
            print(urls+'|'+str(code))
            time.sleep(1)

def show():
    print("ps:scan.py 目标 字典 线程数字")
    print("\n")

if __name__ == '__main__':
    path=os.path.dirname(os.path.realpath(__file__))
    if len(sys.argv)<4:
        show()
        sys.exit()
    url=sys.argv[1]
    file=sys.argv[2]
    num=sys.argv[3]
    for dir in open(path+'/'+file):
        q.put(dir)
    for i in range(int(num)):
        t=threading.Thread(target=scan)
        t.start()

0x01 tcp端口扫描

import threading
import time
import socket
import queue

q=queue.Queue()

ip='x.x.x.x'
port=1351
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM,0)
rep=s.connect_ex((ip,port))

def portscan():
    while not  q.empty():
        ip ='x.x.x.x'
        port=q.get()
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        rep = s.connect_ex((ip, port))
        if rep==0:
            file=open('open.txt','a+')
            file.write(str(port)+'\n')
            file.close()
        else:
            print(str(port)+'|close'+'\n')
            time.sleep(0.1)
        s.close()

if __name__ == '__main__':
    for port in range(1,65536):
        q.put(port)
    for i in range(20):
        al=threading.Thread(target=portscan)
        al.start()

0x02 子域名爆破

import os
import queue
import sys
import threading
import time
import dns.resolver
import requests

q=queue.Queue()


def domainscan():
    while not q.empty():
        domain=q.get()
        domain=domain+'.'+url
        domain=domain.replace('\n','')
        try:
            A = dns.resolver.query(domain,'A')
            for i in A.response.answer:
                print(i)
        except dns.exception.Timeout:
            print("解析超时")
            time.sleep(0.1)
        except dns.resolver.NoAnswer:
            print("出现异常,重试中")
            time.sleep(0.1)
        except dns.resolver.NXDOMAIN:
            print("异常")
            time.sleep(0.1)

def show():
    print('ps:scan.py kxsy.work dir.txt 10')
    print("\n")
    print("脚本名 域名 字典 线程")

if __name__ == '__main__':
    path=os.path.dirname(os.path.realpath(__file__))
    if len(sys.argv)<4:
        show()
        sys.exit()
    url=sys.argv[1]
    file=sys.argv[2]
    num=sys.argv[3]
    for dir in open(path+'/'+file):
        q.put(dir)
    for i in range(int(num)):
        t=threading.Thread(target=domainscan)
        t.start()
文章作者: 告白
文章链接: http://www.kxsy.work/2022/05/02/python-an-quan-kai-fa-duo-xian-cheng-mu-lu-sao-miao-duan-kou-sao-miao-zi-yu-ming-bao-po/
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 告白 !
python开发
  目录