FofaAPI
import requests
import typing
class Get_FOFA():
def __init__(self,email,key):
self.email = email
self.key = key
self.auth_url = "https://fofa.so/api/v1/info/my?email={email}&key={key}"
self.query_url = "https://fofa.so/api/v1/search/all?email={email}&key={key}&qbase64={qbase64}&size={size}"
self.error = False
# 如果认证出错,后面的函数都返回空
if requests.get(self.auth_url.format(email=self.email,key=self.key)).json().get("error") == True:
self.error = True
#print(response.text)
def query(self,query:str,size:int = 9999) -> dict:
if self.error == True:
return {}
import base64
query_base64 = base64.b64encode(query.encode()).decode()
query_data = requests.get(self.query_url.format(email=self.email,key=self.key,qbase64=query_base64,size=size)).json()
return query_data
#a = Get_FOFA(email="",key="")
#print(a.query("app=solr"))</code></code></pre>
ICP备案查询API(站长之家)
# -*- coding: utf-8 -*-
# @Time : 2021/3/23 11:27
# @Author : ki9mu
# @File : Get_ICP.py
# @Software: PyCharm
import requests
class Get_ICP():
def __init__(self, target):
self.get_companyinfo_url = "http://icp.chinaz.com/Home/QiYeData"
self.get_otherwebsite_url = "http://icp.chinaz.com/Home/PageData"
self.target = target
# target格式整理
# 如果是http开头
if self.target[0:4] == "http":
self.target = self.target.split("//")[1]
# 如果是www.开头
if self.target[0:4] == "www.":
self.target = self.target.split("www.")[1]
# print(self.target)
self.get_companyinfo()
self.get_otherwebsite()
# 获取域名所在相关公司信息
def get_companyinfo(self):
"""
POST /Home/QiYeData HTTP/1.1
Host: icp.chinaz.com
Content-Length: 12
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://icp.chinaz.com
Referer: http://icp.chinaz.com/bilibili.com
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Kw=baidu.com
"""
get_companyinfo_headers = {
"Accept": "application/json, text/javascript, */*; q=0.01",
"X-Requested-With": "XMLHttpRequest",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"Origin": "http://icp.chinaz.com",
"Referer": "http://icp.chinaz.com/{}".format(self.target),
"Accept-Encoding": "gzip, deflate",
"Accept-Language": "zh-CN,zh;q=0.9",
"Connection": "close"
}
get_companyinfo_data = {
"Kw": self.target
}
response = requests.post(url=self.get_companyinfo_url, headers=get_companyinfo_headers,
data=get_companyinfo_data).json()
# print(response)
self.data = response.get("data")
# 获取该公司下所有网站
def get_otherwebsite(self):
"""
POST /Home/PageData HTTP/1.1
Host: icp.chinaz.com
Content-Length: 133
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
pageNo=1&pageSize=100&Kw=%E4%B8%8A%E6%B5%B7%E5%AE%BD%E5%A8%B1%E6%95%B0%E7%A0%81%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
"""
get_otherwebsite_header = {
"Accept": "application/json, text/javascript, */*; q=0.01",
"X-Requested-With": "XMLHttpRequest",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"Accept-Encoding": "gzip, deflate",
"Accept-Language": "zh-CN,zh;q=0.9",
"Connection": "close"
}
get_otherwebsite_data = {
"pageNo": "1",
"pageSize": "100",
"Kw": self.data.get('companyName')
}
response = requests.post(url=self.get_otherwebsite_url, headers=get_otherwebsite_header,
data=get_otherwebsite_data).json()
self.website_data = response.get("data")
# a = Get_ICP("https://bigfun.cn")
# print(a.data)
# print(a.website_data)</code></pre>
RISKIQ的API
# -*- coding: utf-8 -*-
# @Time : 2021/1/21 11:18
# @Author : ki9mu
# @File : riskiq.py
# @Software: PyCharm
import requests
import typing
import base64
class Get_RISKIQ():
def __init__(self,email:str,key:str):
self.email = email
self.key = key
self.subdomain_api = "https://api.passivetotal.org/v2/enrichment/subdomains"
self.quota_api = "https://api.passivetotal.org/v2/account/quota"
self.Auth = {
"Authorization": "Basic " + base64.b64encode((self.email + ":" + self.key).encode()).decode()
}
#获取当前riskiq账号余量
def quota(self) -> typing.Union[int,int]:
response = requests.get(self.quota_api,headers= self.Auth).json()
# print(type(response.json()['user']["counts"]["search_api"]))
# print(response.json()["user"]["limits"]["search_api"])
# 返回使用量,总用量
return response['user']["counts"]["search_api"],response["user"]["limits"]["search_api"]
def get_subdomains(self,query) -> list:
"""
如要查询baidu.com的子域名
:param query: baidu.com
:return: ['wenkaifan.baijia', 'idol']
"""
response = requests.get("https://api.passivetotal.org/v2/enrichment/subdomains?query={query}".format(query=query),headers= self.Auth).json()
if response['success'] != True:
return []
# 提取子域名列表
return response['subdomains']
# a = Get_RISKIQ("email","key")
# print(a.get_subdomains("baidu.com"))
子域名爆破
# -*- coding: utf-8 -*-
# @Time : 2021/3/26 14:56
# @Author : ki9mu
# @File : domain_buster.py
# @Software: PyCharm
from dns import resolver
def dns_list_resolver_A(dns_list:list) -> list:
"""
输入域名列表,返回域名对应的ip列表
若域名A记录解析不存在,不返回
:param dns_list:
:return:
"""
result = []
for domain in dns_list:
try:
A = resolver.resolve(domain, "A")
ip_list = []
for ip in A:
ip_list.append(ip.address)
result.append({domain:ip_list})
except:
continue
return result
result = dns_list_resolver_A(['www.baidu.com','www.bilibili.com'])
print(result)
叨叨几句... NOTHING