第十天资产收集 - 图1

  1. # Github监控
  2.   便于收集整理最新exppoc
  3.   便于发现相关测试目标的资产
  5. # 各种子域名查询
  6. # DNS,备案,证书
  7. # 全球节点请求cdn
  8.   枚举爆破或解析子域名对应
  9.   便于发现管理员相关的注册信息
  11. #黑暗引擎相关搜索
  12.     fofa, shodan, zoomeye
  14. #微信公众号接口获取
  16. # 内部群内部资源

一、GitHub项目监控

server酱:http://sc.ftqq.com/3.version
GitHub项目监控地址:https://github.com/weixiao9188/wechat_push

  1. # Title: wechat push CVE-2020
  2. # Date: 2020-5-9
  3. # Exploit Author: weixiao9188
  4. # Version: 4.0
  5. # Tested on: Linux,windows
  6. # coding:UTF-8
  7. import requests
  8. import json
  9. import time
  10. import os
  11. import pandas as pd
  12. time_sleep = 20 #每隔20秒爬取一次
  13. while(True):
  14.     headers = {
  15.         "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3741.400 QQBrowser/10.5.3863.400"}
  16.     #判断文件是否存在
  17.     datas = []
  18.     response1=None
  19.     response2=None
  20.     if os.path.exists("olddata.csv"):
  21.         #如果文件存在则每次爬取10个
  22.         df = pd.read_csv("olddata.csv", header=None)
  23.         datas = df.where(df.notnull(),None).values.tolist()#将提取出来的数据中的nan转化为None
  24.         response1 = requests.get(url="https://api.github.com/search/repositories?q=CVE-2020&sort=updated&per_page=10",
  25.                                  headers=headers)
  26.         response2 = requests.get(url="https://api.github.com/search/repositories?q=RCE&ssort=updated&per_page=10",
  27.                                  headers=headers)
  29.     else:
  30.         #不存在爬取全部
  31.         datas = []
  32.         response1 = requests.get(url="https://api.github.com/search/repositories?q=CVE-2020&sort=updated&order=desc",headers=headers)
  33.         response2 = requests.get(url="https://api.github.com/search/repositories?q=RCE&ssort=updated&order=desc",headers=headers)
  35.     data1 = json.loads(response1.text)
  36.     data2 = json.loads(response2.text)
  37.     for j in [data1["items"],data2["items"]]:
  38.         for i in j:
  39.             s = {"name":i['name'],"html":i['html_url'],"description":i['description']}
  40.             s1 =[i['name'],i['html_url'],i['description']]
  41.             if s1 not in datas:
  42.                 #print(s1)
  43.                 #print(datas)
  44.                 params = {
  45.                      "text":s["name"],
  46.                     "desp":" 链接:"+str(s["html"])+"\n简介"+str(s["description"])
  47.                 }
  48.                 print("当前推送为"+str(s)+"\n")
  49.                 print(params)
  50.                 requests.get("https://sc.ftqq.com/XXXX.send",params=params,timeout=10)
  51.                 #time.sleep(1)#以防推送太猛
  52.                 print("推送完成!")
  53.                 datas.append(s1)
  54.             else:
  55.                 pass
  56.                 #print("数据已处在!")
  57.     pd.DataFrame(datas).to_csv("olddata.csv",header=None,index=None)
  58.     time.sleep(time_sleep)

常见的子域名收集方法
image.png

二、黑暗引擎使用

fofa:https://fofa.so/
image.png
zoomeye:https://www.zoomeye.org/
image.png
shaodan: