1.socket
端到端的交互
socket协议--套接字:(ip:port);//socket模块可以用来模拟客户端服务端之间端到端的交互反查域名->ip;端口爆破;子域名查询;
1.反查域名
def function1(url,port):ip=socket.getaddrinfo(url,port)print(ip)url=input("请输入url:")port1=int(input("端口:"))function1(url,port1)#getaddinfo把url转换成IP地址def function2(url):ip=socket.gethostbyname(url)#不需要端口print(ip)url=input("域名:")function2(url)
2.端口爆破
ip=input("ip:")ports={21,22,135,443,445,80,1443}server=socket.socket(socket.AF_INET,socket.SOCK_STREAM)#初始化对象;建立tcp连接#socket.AF_INET//使用ipv4 socket.SOCK_STREAM使用tcpfor x in ports:try:port=server.connect_ex((ip,x))#connext_ex模块连接成功返回0if port==False:print(ip+":"+str(x)+"|open")else:print (ip + ":" + str (x) + "|close")except Exception as err:print(err)
3.子域名查询
def zym_check(url):url=url.replace('www','')for zym in open('dic.txt'):zym=zym.replace('\n','')zym_url=zym+urltry:ip=socket.gethostbyname(zym_url)print(+"->"+ip)except Exception as e:print(zym_url+"->error")zym_check('www.baidu.com')
2.sys模块
sys模块—>获得用户的输入模块;获取用户的输入参数
def Dns_Check(url):return os.system('nslookup '+url)def Port_Fuzz(url):ip = socket.gethostbyname (url)#print(ip)ports = [21, 22, 135, 443, 445, 80, 1443]server = socket.socket (socket.AF_INET, socket.SOCK_STREAM)for x in ports:try:port = server.connect_ex ((ip, x))if port==False:print(ip+":"+str(x)+"-->open")else:continueexcept Exception as err:print (err)def Zym_Check(url,dic=''):print(dic)if dic=='':dic='fuzz.txt'url=url.replace('www','')for zym in open(dic):zym=zym.replace('\n','')zym_list=zym+urltry:ip=socket.gethostbyname(zym_list)print(zym_list+"->"+ip)except Exception as e:passif __name__ == '__main__':if (sys.argv[1]).lower() == '-all':Dns_Check(sys.argv[2])Zym_Check(sys.argv[2])elif (sys.argv[1]).lower() == '-sdn':Dns_Check(sys.argv[2])elif (sys.argv[1]).lower() == '-url':Zym_Check(sys.argv[2])
![Z12O~%TVQLF%BFZUG1XW3K.png
3.requests模块
平台网站:https://xie1997.blog.csdn.net/article/details/82951408
链接
import requestsurl='http://www.baidu.com/'proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}"""1get-->请求数据-->发起请求,获取完整的数据,速度慢-->获取网页的内容,爬虫,poc编写2psot-->发送数据-->主动服务器提交数据,返回获取完整的数据-->提交数据,获取网页返回的结果,爬虫,poc编写3head-->头请求-->很少网络流量获得概要信息,获取请求头,状态码,速度极快-->敏感目录扫描"""requests_url=requests.get(url=url,proxies=proxies,verify=False)print(requests_url.text)'''proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}requests_url=requests.get(url=url,proxies=proxies,verify=False)print(requests_url.text)GET / HTTP/1.1Host: www.baidu.comUser-Agent: python-requests/2.24.0Accept-Encoding: gzip, deflateAccept: */*Connection: close构造的请求数据包;'''#修改数据包特征header={'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36'}#重新请求数据包requests_url=requests.get(url=url,proxies=proxies,verify=False,headers=header)print(requests_url.status_code)"""GET / HTTP/1.1Host: www.baidu.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Accept-Encoding: gzip, deflateAccept: */*Connection: close"""
![Z32O6{HMMFQ]HX)6BPZ369N.png](/uploads/projects/u12001300@oruz3w/a5cd01bc53074a542bb458c838c88293.png)
#设置URLurl=r"http://www.hnyysyz.com/Site_admin/login.aspx"#url支持参数格式化http://www.langzi.fun/ge?key2=value2&key1=value1#print(requests_url.text) #返回Unicode格式的数据(str)#print(requests_url.content)# 打印出网页的内容--bytes格式print(r.content.decode('utf-8'))# 请求的网页的内容--字符串格式,自动转换成中文,不同网站编码不同print(r.url)# 请求的网址,字符串类型print(r.headers)# 请求头,字典类型print(r.status_code)# 状态吗,整数类型print(r.encoding)# 网页的编码,字符串类型print(r.cookies)# 保存的cookie#get1payload = {'key1': 'value1', 'key2': 'value2'}2r = requests.get("http://langzi.fun/ge", params=payload)3# 这里的网址自动转变成了 http://www.langzi.fun/ge?key2=value2&key1=value1#POST1d = {'user':'admin','password':'123456'}2r = requests.post(url='http://www.langzi.fun/admin.php',data=d)还可以上传文件,格式也需要是字典格式1files = {'file': open('report.xls', 'rb')}2r = requests.post(url='http://www.langzi.fun/upload', files=files)
get-post-参数
import requests##设置请求头headers = {'Connection': 'close','Cache-Control': 'max-age=0','Upgrade-Insecure-Requests': '1','Content-Type': 'application/x-www-form-urlencoded','User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9','Sec-Fetch-Mode': 'navigate','Sec-Fetch-Site': 'same-origin','Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',}##设置cookiecookies = {'route': '1af52316d573a0b09a54b621dc835a33','JSESSIONID': '0775F27EA4A55DF9C43471A52A9F7FC4'}##设置提交的数据values = {'name': 'Tom','sex' : 'Man','id' : '10' }##设置代理proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}##请求的urlrequrl="http://www.baidu.com"#使用session保持会话请求sess=requests.session()regu=sess.get("https://www.baidu.com")#GET请求response=requests.get(url=requrl,params=values,headers=headed,proxies=None,timeout=0.1,verify=False,cookies=cookies)url:要访问的链接params:url后面的参数headers:请求头proxies:代理,无的话填 Nonetimeout:超时verify:https的认证,True是启用,False是不启用cookies:请求的cookie#POST请求response=requests.post(url=requrl,data=values,headers=header,timeout=0.1,proxies=proxy,verify=False,cookies=cookies)url:要访问的链接data:POST提交的参数headers:请求头proxies:代理,无的话填 Nonetimeout:超时verify:https的认证,True是启用,False是不启用
响应内容处理
import requestsheaders={'Host': 'www.hnyysyz.com','User-Agent': r'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36','Referer': 'http://www.hnyysyz.com/Site_admin/login.aspx','Accept-Encoding': 'gzip, deflate','Accept-Language': "zh-CN,zh;q=0.9",'Cookie': 'ASP.NET_SessionId=lhuoqi5iu54r1uvjl1t2mjod; Hm_lvt_cf6eaaea0b81e4d87a73486c1305e01c=1632224564; Hm_lpvt_cf6eaaea0b81e4d87a73486c1305e01c=1632224570; CheckCode=6J66N; code=6J66N','Connection': 'close'}#构造请求头headerurl='http://www.hnyysyz.com/Site_admin/checkcode.aspx?rn=1'requests_url=requests.get(url=url,headers=headers)print(requests_url.status_code)print(requests_url.headers)#返回体信息-->字典类型Set_Cookie=requests_url.headers['Set-Cookie']print(Set_Cookie)print(type(Set_Cookie))#字符串切片print(Set_Cookie[10:15])print(requests_url.cookies)""""200{'Cache-Control': 'private', 'Content-Length': '1591', 'Content-Type': 'image/Gif', 'Server': 'Microsoft-IIS/7.5', 'X-AspNet-Version': '4.0.30319', 'Set-Cookie': 'CheckCode=B0226; path=/, code=B0226; path=/', 'Date': 'Tue, 21 Sep 2021 15:04:03 GMT', 'Connection': 'close'}CheckCode=B0226; path=/, code=B0226; path=/<class 'str'>B0226<RequestsCookieJar[<Cookie CheckCode=B0226 for www.hnyysyz.com/>, <Cookie code=B0226 for www.hnyysyz.com/>]>"""//实现对验证码的截取
import requestsimport urllibvalue={'username':'admin','password':'123' }res=requests.get("http://www.baidu.com",params=value) //Get形式提交参数data=urllib.parse.urlencode(value)res=requests.get("http://www.baidu.com",data=data) //post形式提交参数res.encoding="utf-8" #设置编码res.status_code #状态码res.url #请求的urlres.request.headers #请求头信息,返回的是一个字典对象,不修改的话,默认是python的请求头res.headers #响应头信息,返回的是一个字典对象res.headers['Content-Type'] #响应头的具体的某个属性的信息res.headers['Content-Length'] #响应包的长度res.cookies #cookie信息,返回的是一个字典对象print(';'.join(['='.join(item)for item in cookies.items()])) #打印出具体的cookies信息res.text #响应内容的字符串形式,即返回的页面内容res.content #响应内容的二进制形式res.apparent_encoding #从内容中分析出的响应内容编码方式(备选编码方式)#响应时间,可用于时间盲注print(res.elapsed)print(res.elapsed.total_seconds())print(res.elapsed.seconds)print(res.elapsed.microseconds)0:00:00.0072820.00728207282#响应时间的比较time=res.elapsed.total_seconds()if time < float(2.000000):print("true")else:print("false")
4.lxml模块
lxml库:获取html标签内的内容
https://www.cnblogs.com/zhangxinqi/p/9210211.html#_label1
from lxml import etreetext='''<div><ul><li class="item-0"><a href="link1.html">第一个</a></li><li class="item-1"><a href="link2.html">second item</a></li><li class="item-0"><a href="link5.html">a属性</a></ul></div>'''html=etree.HTML(text) #初始化生成一个XPath解析对象result=etree.tostring(html,encoding='utf-8')#解析对象输出代码;二进制对象print(type(html))#<class 'lxml.etree._Element'>print(type(result))#<class 'bytes'>print(result)#二进制print(result.decode('utf-8'))"""<class 'lxml.etree._Element'><class 'bytes'>b'<html><body><div>\n <ul>\n <li class="item-0"><a href="link1.html">\xe7\xac\xac\xe4\xb8\x80\xe4\xb8\xaa</a></li>\n <li class="item-1"><a href="link2.html">second item</a></li>\n <li class="item-0"><a href="link5.html">a\xe5\xb1\x9e\xe6\x80\xa7</a>\n </li></ul>\n </div>\n</body></html>'<html><body><div><ul><li class="item-0"><a href="link1.html">第一个</a></li><li class="item-1"><a href="link2.html">second item</a></li><li class="item-0"><a href="link5.html">a属性</a></li></ul></div></body></html>"""from lxml import etreeHtml= etree.parse('1.html',etree.HTMLParser())#加载本地文件result=etree.tostring(Html)from lxml import etreeimport requestsurl='https://fofa.so/result?qbase64=ImdsYXNzZmlzaCIgJiYgcG9ydD0iNDg0OCI%3D'requests_url=requests.get(url=url,verify=None).content.decode('utf-8')html=etree.HTML(requests_url)#初始化生成一个XPath解析对象;解析对象为HTML#result=etree.tostring(html)#解析对象输出代码;'''print(type(html))#<class 'lxml.etree._Element'>print(type(result))#<class 'bytes'>print(type(resultlist))#<class 'list'>'''#print(result.decode())#f=open("xml.txt","w",encoding='utf-8')result=result.decode('utf-8')#把这句话注释掉之后写进文件的是bytes字节;二进制数字;print(type(result))for i in result:f.write(i)f.close()#byte->str->decode()函数,如果没有对byte类型解码,写进文件的是二进制
Xpath
from lxml import etreetext='''<div><ul><li class="item-0"><a href="link2.html">second item</a></li><li class="item-1"><a href="link2.html">second item</a></li><li class="item-0"><a href="link5.html">a属性</a></ul></div>'''html=etree.HTML(text)result=html.xpath('//div//ul')print(type(result))#<class 'list'>print(result[0].tag)#ulresult2=html.xpath('//li[@class="item-0"]')print(type(result2))#<class 'list'>print(result2)#[<Element li at 0x20a714e4648>, <Element li at 0x20a714e4688>]print(result2[0].tag)#liprint(result[0].attrib)#{}print(result[0].text)#NONEresult3=html.xpath('//a/@href')#选择为该标签的属性print(result3)#['link2.html', 'link2.html', 'link5.html']
import requestsfrom lxml import etree'''f=open(file='edu.txt',mode='w',encoding='utf-8')for x in range(1,3):url='https://src.sjtu.edu.cn/list/'#print(url)params={'page':x}requests_url=requests.get(url=url,verify=None,params=params)html=requests_url.textf.write(html)f.close()'''etree_html=etree.parse('edu.txt',etree.HTMLParser())etree_dom=etree_html.xpath("//tr[@class='row']//td[@class='']//a/text()")f=open('eduR.txt',mode='w',encoding='utf-8')#print(etree_dom)for x in range(len(etree_dom)):etree_dom[x]=str(etree_dom[x])etree_dom[x]=(etree_dom[x].replace("\r\n \r\n ","")).strip()f.write(etree_dom[x]+'\n')print(etree_dom)#etree_dom=etree_html.xpath("//tr[@class='row']//td[@class='']//a/text()")选择的是文本就直接是文本列表#['北京交通大学存在命令执行漏洞', '清华大学存在敏感信息泄露', ...f.close()'''f=open(file='edu.txt',mode='w',encoding='utf-8')for x in range(1,3):url='https://src.sjtu.edu.cn/list/'#print(url)params={'page':x}requests_url=requests.get(url=url,verify=None,params=params)html=requests_url.textf.write(html)f.close()''''''<tr class="row"><td class="am-text-center am-hide-sm-down">2021-09-24</td><td class=""><a href="/post/108615/" >北京交通大学存在命令执行漏洞</a></td><td class="am-text-center am-hide-sm-down"><span class="am-badge am-badge-warning">高危</span></td><td class="am-text-center"><a href="/profile/7786/">全能小赵同学</a></td></tr>''''''etree_dom=etree_html.xpath("//tr[@class='row']//a")print(etree_dom)[<Element a at 0x21a57651e88>, <Element a at 0x21a57651ec8类型为list类型如果选择的是标签会直接显示<Element a at 0x21a57651e88>#对于标签Element类型是'lxml.etree._Element',某种意义来说同时是一个列表列表的需要使用tag\attrib\text三个不同的属性来获取我们需要的东西变量.tag获取到的是标签名是---字符串变量.attrib获取到的是节点标签a的属性---字典变量.text获取到的是标签文本--字符串etree_dom=etree_html.xpath("//tr[@class='row']/a")/从当前节点选取直接子节点;a为子孙节点;无法获得到a标签etree_dom=etree_html.xpath("//tr[@class='row']//a")//选择子孙节点#etree_dom=etree_html.xpath("//tr[@class='row']//td[@class='']//a/text()")选择的是文本就直接是文本列表#['北京交通大学存在命令执行漏洞', '清华大学存在敏感信息泄露', ...定位法:假设是要选择a标签的之间的文本:爷-父-自己;找到自己的父根在找父根的父根;("//tr[@class='row']//td[@class='']//a/text()")#文本列表("//tr[@class='row']//td[@class='']//a/@href")#属性字典'''
tips-使用
from lxml import etreehtml=etree.HTML(text)#HTML对象#etree_html=etree.parse('edu.txt',etree.HTMLParser())#xpathetree_dom=etree_html.xpath("//tr[@class='row']//a")#选节点注意编码方式:二进制转str:encode(),decode()
base64
import base64str1="abc"str1=str1.encode('utf-8')#对于base64加密的必须是二进制数;要先进行str->batystr1=base64.b64encode(str1)print(str1)#二进制数据print(type(str1))str1=str1.decode()#二进制->strprint(str1)
