渗透测试利器 IP 段 端口扫描
突然某一天,你接到上级指示,要在一天之内完成10万ip的常用端口扫描,及弱口令探测,
是不是非常苦逼了,因为这么短的时间几乎不可能,不过现在成为可能了,我有利器。
利器一:
把IP段用以下格式放到url里
https://censys.io/ipv4?q=ip:[221.133.11.0 TO 221.166.47.255]
打开后,发现开放的全是常用的端口
如何导出到本地电脑呢?
使用如下python代码导出结果
导出之前要查看上面网页返回的页码数,并更改python的代码PAGETS 参数
- # -*- coding: UTF-8 -*-
- #https://www.censys.io/api/v1/search/ipv4
- #post:{"query": "keyword", "page": 1, "fields": ["ip", "protocols", "location.country"]}
- #query 这个参数是你要查询的IP段 nvhack.com 不要忘记修改。
- import sys
- import json
- import requests
- import time
- API_URL = "https://www.censys.io/api/v1"
- UID = "85e64536-7534-4177-8c72-9a383bf01f12"
- SECRET = "9hCyul4KXJKXieyXeGIFT0lr04rbN9yQ"
- page=1
- PAGES=100
-
- def getIp(page):
- iplist=[]
- data = {
- "query":"ip:[221.179.1.0 TO 221.179.2.255]",
- "page":page,
- "fields":["ip","protocols","location.country"]
- }
- try:
- res = requests.post(API_URL + "/search/ipv4", data=json.dumps(data), auth=(UID, SECRET))
- except:
- pass
- try:
- results = res.json()
- except:
- pass
- if res.status_code != 200:
- print "error occurred: %s" % results["error"]
- sys.exit(1)
- #print "Total_count:%s" % (results["metadata"]["count"])
- iplist.append("Total_count:%s" % (results["metadata"]["count"]))
- for result in results["results"]:
- #print "%s in %s" % (result["ip"],result["location.country"][0])
- #iplist.append((result["ip"]+':'+i+' in '+result["location.country"][0]))
- for i in result["protocols"]:
- iplist.append(result["ip"]+':'+i+' in '+result["location.country"][0])
- return iplist
-
- if __name__ == '__main__':
- print "start..."
- with open('censys.txt','a') as f:
- while page <= PAGES:
- iplist=(getIp(page))
- print 'page is£º'+str(page)
- page += 1
- time.sleep(1)
- for i in iplist:
- f.write(i+'\n')
复制代码
利器二:
这个需要你登录才可以使用
https://www.shodan.io/search?que ... 11.136.33.0%2F24%22
不过导出花钱,自己研究吧
|