在实际渗透过程中,对目标信息收集越完整,成功率往往越高。但是在对出口段探测的时候,很多主机所属资产不容易准确识别。这里我们用Bing查询IP来作为辅助参考往往会有意想不到的效果。
测试如图:
代码:
#-*- coding: utf-8 -*- import sys import requests import re from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings() def scan(ip = ''): print ('[*]:{}'.format(ip)) try: global res res = requests.get('http://www.bing.com/search?q=ip:{}&count=50'.format(ip),timeout=10) except Exception as e: print (str(e)) regex = re.compile(r'<li class="b_algo"><h2><a href="(.*?)"') matchs = [] try: matchs = regex.findall(res.content.decode()) except UnicodeDecodeError: matchs = regex.findall(res.content) for val in matchs: print (val) def getips(host = ''): ips = [] ip_pre = "" for pre in host.split('.')[0:3]: ip_pre = ip_pre + pre +'.' for i in range(1,255): ips.append(ip_pre + str(i)) return ips def usage(): print ("[*] python bing.py 192.168.1.1 ") sys.exit(1) def main(host = ''): ips = list() ips = getips(host) for ip in ips: scan(ip) return if __name__ == "__main__": if len(sys.argv) != 2: usage() host = sys.argv[1] try: main(host) except KeyboardInterrupt as e: sys.exit(-1)