python实现的Bing查询

发布时间:May 15, 2015 // 分类:运维工作,工作日志,代码学习,python // No Comments

import re
import requests


r = requests.get('http://www.bing.com/search?q=ip:'+ip+'&count=50')
responseHtml = r.content
match = re.findall(r'<li class=\"b_algo\"><h2><a href=\"(.*?)\"', responseHtml)
#print match
for val in match:
    print val

继续进行批量查询

#-*- coding: utf-8 -*-
import socket
import sys
import json
import requests
import re
import time
import thread
  
def scan(ip_str):
    '''
    检测扫描端口是否开启
    然后利用bing旁站进行遍历
    '''
    port = '80'
    cs=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    address=(str(ip_str),int(port))
    status = cs.connect_ex((address))
    #若返回的结果为0表示端口开启
    if(status == 0):
        print ip_str
        res = requests.get('http://www.bing.com/search?q=ip:'+ip_str+'&count=50')
        match = re.findall(r'<li class=\"b_algo\"><h2><a href=\"(.*?)\"', res.content)
        for val in match:
            print val
    cs.close()
       
def find_ip(ip_prefix):
    '''
    给出当前的192.168.1 ,然后扫描整个段所有地址
    '''
    for i in range(1,256):
        ip = '%s.%s'%(ip_prefix,i)
        thread.start_new_thread(scan, (ip,))
        time.sleep(0.3)
        
if __name__ == "__main__":
    commandargs = sys.argv[1:]
    args = "".join(commandargs)    
      
    ip_prefix = '.'.join(args.split('.')[:-1])
    find_ip(ip_prefix)

附加上另外一个验证的脚本

Uses Bing search engine to identify (and validate) websites hosted on the same web server

#!/usr/bin/python

import socket, sys, re, urllib2, StringIO, gzip, zlib
from bs4 import BeautifulSoup
import tldextract

if len(sys.argv) <> 2:
    print '\n[!] Two arguments required.'
    print 'Example: python neighbs.py www.website.com'
    print 'Example: python neighbs.py 1.2.3.4'
    sys.exit()
else:
    sharedHost = sys.argv[1]
    duplicateCheckList = []

def validateHostIP(target):
    isIP = re.match("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", target)
    isHostName = re.match("^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$", target)
    if isIP:
        return 'IP'
    elif isHostName:
        return 'HOSTNAME'
    else:
        return False

def resolve(target):
    if hasattr(socket, 'setdefaulttimeout'):
        socket.setdefaulttimeout(3)
    try:
        peos = socket.gethostbyaddr(target)
        return peos[2][0]
    except:
        return False

def make_requests(sharedTarget):
    response = [None]
    responseText = None

    for requests in range (1, 101):
        if(request_www_bing_com(response, requests, sharedTarget)):
            responseText = read_response(response[0])
            soup = BeautifulSoup(responseText)
            for A in soup.find_all('a', href=True):
                domain = str('.'.join(list(tldextract.extract(A['href']))[:10]))
                if not domain.startswith('.') and not len(domain) < 4:
                    if domain not in duplicateCheckList:
                        if resolve(sharedHost) == resolve(domain):
                            duplicateCheckList.append(domain)
                            print '[+] '+domain
                domain = ''
            
            response[0].close()

def read_response(response):
    if response.info().get('Content-Encoding') == 'gzip':
        buf = StringIO.StringIO(response.read())
        return gzip.GzipFile(fileobj=buf).read()

    elif response.info().get('Content-Encoding') == 'deflate':
        decompress = zlib.decompressobj(-zlib.MAX_WBITS)
        inflated = decompress.decompress(response.read())
        inflated += decompress.flush()
        return inflated

    return response.read()

def request_www_bing_com(response, requests, sharedTarget):
    response[0] = None
    try:
        req = urllib2.Request("http://www.bing.com/search?q=ip%3A"+str(sharedTarget)+"&first="+str(requests))

        req.add_header("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0")
        req.add_header("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
        req.add_header("Accept-Language", "en-US,en;q=0.5")
        req.add_header("Accept-Encoding", "gzip, deflate")
        req.add_header("Referer", "http://www.bing.com/")
        req.add_header("Cookie", "_EDGE_V=1; MUID=1A8733283AE36E853EB935873BA66FEF; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=DF63C8A66FB64714818DCF4DFC12DEE1; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20140908; MUIDB=1A8733283AE36E853EB935873BA66FEF; SRCHHPGUSR=CW=1280&CH=887; _RwBf=s=70&o=16; _HOP=; _SS=SID=BCC8BCA1D49C412281A16C56834A77B5&bIm=819187; SCRHDN=ASD=0&DURL=#; WLS=TS=63547515929")
        req.add_header("Connection", "keep-alive")

        response[0] = urllib2.urlopen(req)

    except urllib2.URLError, e:
        if not hasattr(e, "code"):
            return False
        response[0] = e
    except:
        return False

    return True

print '\n[*] Scanning for shared hosts. Please wait...'
print '------------------------------------------------'
if validateHostIP(sharedHost) == 'IP':
    make_requests(sharedHost)
elif validateHostIP(sharedHost) == 'HOSTNAME':
    make_requests(resolve(sharedHost))
else:
    print 'Something went wrong. Try again.'
print '------------------------------------------------'
print '[*] '+str(len(duplicateCheckList))+' unique domains found and verified to be on the same server.'

This script is OS agnostic. Takes one param, HOSTNAME or IP of the target. For example...

python neighbs.py www.green-apple.gr

or

python neighbs.py 176.9.145.29

For any libs that are missing, use pip to install.

C:\tools\Projects\PYTHON>python neighbs.py www.green-apple.gr

[*] Scanning for shared hosts. Please wait...
------------------------------------------------
[+] www.restozorba.be
[+] www.hotelmelissa.gr
[+] www.epiplotexan.gr
[+] www.n-everalone.com
[+] www.proedriki-froura.gr
[+] www.zpalace.gr
[+] www.green-apple.gr
[+] www.ktelxanthis.gr
[+] www.foititisweb.gr
[+] www.hotelnessos.gr
[+] www.tosteki.gr
[+] www.gashome.gr
[+] www.raptopoulos-stores.gr
[+] www.ksxanthi.gr
[+] www.olang.gr
[+] www.promoaction.gr
[+] www.kokkalas.co.gr
[+] www.inside.com.gr
[+] www.makka.gr
[+] www.christospoulios.gr
[+] www.outsis.gr
[+] www.velkopoulosgas.gr
[+] www.carnivalxanthi.gr
[+] www.serrespress.gr
[+] www.mpatsakis.gr
[+] www.moumtzaki.gr
[+] www.kopsidas.com.gr
[+] pse.co.gr
[+] www.krista.gr
[+] www.findgas.gr
[+] www.ippokratiskamaridis.gr
[+] www.vion.gr
------------------------------------------------
[*] 32 unique domains found and verified to be on the same server.

C:\tools\Projects\PYTHON>

Penetrating in to target machines by using shared hosts' vulnerabilities is not always legal even if you have a signed contract with the target. Make sure the shared hosts you're attacking belong to the same person/company before doing anything stupid.

标签:python, bing

添加新评论 »

分类
最新文章
最近回复
  • 没穿底裤: 最近发现的新版本可以装在LINUX了。但是API有点变化
  • 没穿底裤: 暂时好像没有看到这个功能.
  • 没穿底裤: 这个只是一个分析,并不是使用方法哟
  • 没穿底裤: 抱歉,很久没有打理了。会不会你使用的是12版本。目前还没有遇到过这种情况
  • bao song: http://0cx.cc/php_decode_shell.jspx 这个怎么用,代码提示...