10、信息收集-资产监控拓展

#Github监控
便与收集整理最新exp或poc
便于发现相关厕所目标的资产

#各种子域名查询
#DNS,备案,证书
#全球节点请求cdn
枚举爆破或解析子域名对应
便于发现管理员相关的注册信息

#黑暗引擎相关搜索
fofa,shodan,zoomeye

#微信公众号接口获取

#内部群内部应用内部接口
ip查真实IP securitytrails查历史DNS记录 dnsdb.io查询 crt.sh查询证书

image-20210211220811407

image-20210211220934847

演示案例

监控最新的EXP发布及其他

# Title: wechat push CVE-2020
# Date: 2020-5-9
# Exploit Author: weixiao9188
# Version: 4.0
# Tested on: Linux,windows
# coding:UTF-8
import requests
import json
import time
import os
import pandas as pd
time_sleep = 20 #每隔20秒爬取一次
while(True):
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3741.400 QQBrowser/10.5.3863.400"}
    #判断文件是否存在
    datas = []
    response1=None
    response2=None
    if os.path.exists("olddata.csv"):
        #如果文件存在则每次爬取10个
        df = pd.read_csv("olddata.csv", header=None)
        datas = df.where(df.notnull(),None).values.tolist()#将提取出来的数据中的nan转化为None
        response1 = requests.get(url="https://api.github.com/search/repositories?q=CVE-2020&sort=updated&per_page=10",
                                 headers=headers)
        response2 = requests.get(url="https://api.github.com/search/repositories?q=phpcms&ssort=updated&per_page=10",
                                 headers=headers)

    else:
        #不存在爬取全部
        datas = []
        response1 = requests.get(url="https://api.github.com/search/repositories?q=CVE-2020&sort=updated&order=desc",headers=headers)
        response2 = requests.get(url="https://api.github.com/search/repositories?q=RCE&ssort=updated&order=desc",headers=headers)

    data1 = json.loads(response1.text)
    data2 = json.loads(response2.text)
    for j in [data1["items"],data2["items"]]:
        for i in j:
            s = {"name":i['name'],"html":i['html_url'],"description":i['description']}
            s1 =[i['name'],i['html_url'],i['description']]
            if s1 not in datas:
                #print(s1)
                #print(datas)
                params = {
                     "text":s["name"],
                    "desp":" 链接:"+str(s["html"])+"\n简介"+str(s["description"])
                }
                print("当前推送为"+str(s)+"\n")
                print(params)
                requests.get("https://sc.ftqq.com/xxxxx.send",params=params,timeout=10)
                #time.sleep(1)#以防推送太猛#,verify=False
                print("推送完成!")
                datas.append(s1)
            else:
                pass
                #print("数据已处在!")
    pd.DataFrame(datas).to_csv("olddata.csv",header=None,index=None)
    time.sleep(time_sleep)

sc.ftqq.com

替换53行sckey

微信推送

黑暗引擎实现域名端口等收集

image-20210225200844864

全自动域名收集枚举优秀脚本使用

以xxxx为例,从标题,域名等收集
以xxxx为例,全自动脚本使用收集

teemo

pip.exe install requirements.txt

image-20210225201536491

SRC目标中的信息收集全覆盖

补天上专属SRC上简易测试

利用其他第三方接口获取更多信息

涉及资源

查证书:https://crt.sh

https://dnsdb.io

https://sc.ftqq.com/3.version

超级ping:https://tools.ipip.net/cdn.php

https://github.com/bit4woo/teemo

https://securitytrails.com/domain/www.baidu.com/history/a

最后修改:2021 年 07 月 15 日 05 : 09 PM
如果觉得我的文章对你有用,请随意赞赏