python开发（1）-信息资产收集脚本

sys包半开端口扫描：

from scapy.layers.inet import IP, TCP
from scapy.sendrecv import sr


def tcp_scan(target_ip, start_port, end_sport):
    temp = sr(IP(dst=target_ip) /
              TCP(dport=(int(start_port), int(end_sport)), flags='S'),
              timeout=3, verbose=False
              )  # flag='S' 发送一个sys包，3秒，不打印版本信息
    result = temp[0].res  #结果封装在这个对象里面
    #print(result)
    for i in range(len(result)):  #结果取出来
        if result[i][1].haslayer(TCP):
            tcp_pack = result[i][1].getlayer(TCP).fields
            if tcp_pack['flags']==18:
                print(target_ip+' '+str(tcp_pack['sport'])+' '+'Open')
            print(tcp_pack)

if __name__ == '__main__':
    tcp_scan('47.96.38.46','1','65535')
#nmap -sS ip 端口  半开扫描用nmap的命令

python信息收集-域名反查ip-识别cdn-端口扫描-子域名扫描

#域名反查ip
'''
import  socket,os,time,sys
ip = socket.gethostbyname('www.baidu.com')
print(ip)
'''


#识别cdn 利用nslookup
#用py执行系统命令
'''
import os
#cdn_date=os.system('nslookup www.xiaodi8.com')
cdn_date = os.popen('nslookup www.baidu.com')
cdn_dates=cdn_date.read()
x=cdn_dates.count('.')
print(cdn_dates)
print(x)
if x> 10:
    print("CDN存在")

else:
    print("CND不存在")
'''

'''
#whois查询-模块库获取
def whois_check(url):
    data=whois(url)
    print(data)
'''
'''
#端口扫描
#1自己写socket协议tcp,udp扫描
#2调用系统工具，调用第三方模块
import  socket
def port_check(url):
    ip = socket.gethostbyname(url)
    #ip="192.168.76.155"
    #ports={'21','22','135','443','445','80','1433','3306',"3389",'1521','8000','7002','7001','8080',"9090",'8089',"4848}
    server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    #for port in ports:
    try:
        data=server.connect_ex((ip, 80))
        if data==0:
            print(ip+":"+str(80)+"|open")
        else:
            print(ip+":"+str(80)+"|close")
            pass
    except Exception as err:
            print("error")

if __name__ == '__main__':
    port_check('www.xiaodi8.com')

'''
#子域名查询
#1.利用字典记载爆破进行查询
#2.利用bing或第三方接口进行查询
'''
def zym_list_check(url):
    url=url.replace("www.","")
    for zym_list in open("dic.txt"):
        zym_list=zym_list.replace("
","")
        zym_list_url=zym_list+"."+url
        try:
            ip=socket.gethostbyname(zym_list_url)
            print(zym_list_url+"->"+ip)
            time.sleep(0.1)
        except Exception as e:
            print(zym_list_url+"->"+"error")
            time.sleep(0.1)

'''
import nmap

def nmapscan():
    nm = nmap.PortScanner()
    try:
        data=nm.scan(hosts='192.168.8.0/24', arguments='-T4 -F')
        print(nm.all_hosts())
        print(nm.csv())
        print(data)
    except Exception as err:
        print("error")

if __name__ == '__main__':
    nmapscan()

 上面是我写的

下面是完整的项目参考：

import socket,os,time,sys
from whois import whois

#ip查询
def ip_check(url):
    ip=socket.gethostbyname(url)
    print(ip)

#whois查询
def whois_check(url):
    data=whois(url)
    print(data)

#CDN判断-利用返回IP条数进行判断
def cdn_check(url):
    ns="nslookup "+url
    #data=os.system(ns)
    #print(data) #结果无法读取操作
    data=os.popen(ns,"r").read()
    if data.count(".")>8:
        print("存在CDN")
    else:
        print("不存在CDN")

#子域名查询-
#1.利用字典记载爆破进行查询
#2.利用bing或第三方接口进行查询
def zym_list_check(url):
    url=url.replace("www.","")
    for zym_list in open("dic.txt"):
        zym_list=zym_list.replace("
","")
        zym_list_url=zym_list+"."+url
        try:
            ip=socket.gethostbyname(zym_list_url)
            print(zym_list_url+"->"+ip)
            time.sleep(0.1)
        except Exception as e:
            print(zym_list_url+"->"+"error")
            time.sleep(0.1)

def zym_api_check(url):
    url=url.replace("www.", "")


#端口扫描
#1.自写socket协议tcp,udp扫描
#2.调用第三方masscan,nmap等扫描
def port_check(url):
    ip = socket.gethostbyname(url)
    #ip="192.168.76.155"
    #ports={'21','22','135','443','445','80','1433','3306',"3389",'1521','8000','7002','7001','8080',"9090",'8089',"4848}
    server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    #for port in ports:
    try:
        data=server.connect_ex((ip, 80))
        if data==0:
            print(ip+":"+str(80)+"|open")
        else:
            print(ip+":"+str(80)+"|close")
            pass
    except Exception as err:
            print("error")

#系统判断-
#1.基于TTL值进行判断
#2.基于第三方脚本进行判断
def os_check(url):
    data = os.popen("nmap\nmap -O "+url, "r").read()
    print(data)


if __name__ == '__main__':
    print("Test：python test.py www.xiaodi8.com all")
    url = sys.argv[1]
    check = sys.argv[2]
    #print(url +"
"+ check)
    if check=="all":
        ip_check(url)
        whois_check(url)
        cdn_check(url)
        os_check(url)
        #port_check(url)
        zym_list_check(url)

    #zym_list_check("www.xueersi.com")
    #port_check("www.xiaodi8.com")
    #os_check("www.xiaodi8.com")