简单的流程化信息收集脚本

import osimport fnmatchimport socketimport shutildef checkcdn(host):    ip_list=[]    try:        addrs = socket.getaddrinfo(host, None)        for item in addrs:            if item[4][0] not in ip_list:                ip_list.append(item[4][0])        count_ip = len(ip_list)        if count_ip > 1:            return False        elif count_ip == 1:            return ip_list[0]        else:            return False    except Exception as e:        return False# 打印错误print("by k1115h0t")print("根域名放置在domians.txt中")print("当前文件夹下放置httpx")os.system('subfinder/subfinder -dL domains.txt -all -o subfinder_subdomains.txt')os.system('python3 oneforall/oneforall.py --targets domains.txt run')oneforall_result=''for f_name in os.listdir('oneforall/results'):        if fnmatch.fnmatch(f_name, 'all*.txt'):            oneforall_result='oneforall/results/'+f_name# 读取第一个文本文件with open(oneforall_result, 'r') as file1:    content1 = file1.readlines()# 读取第二个文本文件with open('subfinder_subdomains.txt', 'r') as file2:    content2 = file2.readlines()# 合并两个文本文件merged_content = content1 + content2# 去重unique_content = list(set(merged_content))# 将去重后的内容写入新的文本文件with open('subdomains.txt', 'w') as merged_file:    merged_file.writelines(unique_content)print("================================================")print("================================================")print("================================================")print("子域名已经全部扫描完成,子域名结果存储在 subdomains.txt")print("开始识别CDN")print("================================================")print("================================================")print("================================================")if os.path.exists('oneforall/results'):    shutil.rmtree(r'oneforall/results')os.remove('subfinder_subdomains.txt')f1=open(file='subdomains.txt',mode='r',encoding='utf-8')f2=open(file='cdn.txt',mode='a',encoding='utf-8')f3=open(file='nocdn.txt',mode='a',encoding='utf-8')f4=open(file='nocdn_ip.txt',mode='a',encoding='utf-8')l1=[]num=1for i in f1.readlines():    newi=i.strip('\n')    result=checkcdn(newi)    # print(num)    num=num+1    if result!=False:        f3.write(i)        if result not in l1:            l1.append(result)    else:        f2.write(i)for j in l1:    f4.write(j+'\n')f1.close()f2.close()f3.close()f4.close()print("================================================")print("================================================")print("================================================")print("cdn识别完成,结果存储在 cdn.txt nocdn.txt nocdn_ip.txt")print("开始调用httpx")print("================================================")print("================================================")print("================================================")os.system('./httpx -l cdn.txt -sc -cl -title -o cdn_httpx.txt')os.system('./httpx -l nocdn.txt -sc -cl -title -o nocdn_httpx.txt')print("================================================")print("================================================")print("================================================")print("httpx识别完成,结果存储在 cdn_httpx.txt nocdn_httpx.txt")print("开始调用rustscan")print("================================================")print("================================================")print("================================================")os.system("rustscan -a nocdn_ip.txt -r 1-65535 -- -sC -Pn -n -sV >> rustscan_nocdn.txt")

使用时需要新建一个domains.txt用于存放根域名(baidu.com)脚本的流程

  1. 调用 subfinder 和 oneforall进行子域名扫描
    生成 subdomains.txt 存储所有的子域名
  2. 对子域名结果进行分析去重,并识别cdn
    生成 cdn.txt nocdn.txt nocdn_ip.txt
  3. 使用httpx进行扫描

    生成 cdn_httpx.txt nocdn_httpx.txt
  4. 使用rustscan对无cdn的ip进行端口扫描

    生成 rustscan_nocdn.txt

目录下面工具的放置在第二次使用的时候,需要先手动删除所有txt文件

rm *.txt

目录结构:

├── cdn_httpx.txt  有cdn的域名的httpx 结果├── cdn.txt  没有cdn的域名├── domains.txt 要进行信息收集的根域名├── httpxhttpx二进制文件├── nocdn_httpx.txt 无cdn的域名的httpx 结果├── nocdn_ip.txt无cdn域名解析出的ip├── nocdn.txt├── oneforall├── rustscan_nocdn.txt├── start.py├── subdomains.txt└── subfinder

工具链接

工具链接:https://github.com/shmilylty/OneForAllhttps://github.com/projectdiscovery/subfinderhttps://github.com/projectdiscovery/httpxhttps://github.com/RustScan/RustScan