问题描述
sys.path
import socket
from IPy import IP
#multiple targets
targets = input('Enter target/s use comma to split target: ') #type in ip address
#use nslookup to find ip address of website and use www. nslookup (www.gb.facebook.com/)
def scan(target):
converted_ip = check_ip(target)
print('\n' + 'Scanning Targer' + ' ' +str(target) )
for port in range(75,81):
scan_port(converted_ip,port)
def check_ip(ip):
try:
IP(ip) #converts to ip address
return ip
except ValueError:
return socket.gethostbyname(ip) #converts website name to ip address
def get_banner(s):
return s.recv(2048)
def scan_port(ip_address,port):
try:
sock = socket.socket()
sock.settimeout(10)#this is how long to look for the port however the accuracy of the port will be low
sock.connect((ip_address,port)) #connect to ip address
try:
banner = get_banner(sock)
print('port'+ str(port) +'is open and banner is open' + str(banner.decode().strip('\n')))
except:
print('port'+ str(port) +'is open')
except:
pass
#converted_ip = check_ip(ip_address)
if ',' in targets:
for ip_add in targets.spilt(','): #words spilt with comma
scan(ip_add.strip(' ')) #removes empty spaces
else:
scan(targets)
我尝试增加sock.settimeout()来增加找到“横幅”的时间,但这出现了,当我减少了找到“横幅”的时间时,根本找不到它,任何提示都表示赞赏
解决方法
查看返回的错误:Your browser didn't send a complete request in time.
尝试完成您的HTTP请求,如下所示:
def get_banner(s,target):
# target is dns host name,ie "testphp.vulweb.com"
headers = \
"GET / HTTP/1.1\r\n" \
f"Host: {target}\r\n" \
"User-Agent: python-custom-script/2.22.0\r\n" \
"Accept-Encoding: gzip,deflate\r\nAccept: */*\r\n" \
"Connection: keep-alive\r\n\r\n"
print("\n\n" + headers)
s.send(headers.encode()) # send request
resp = s.recv(2048) # receive response
return resp
-请注意您必须将target
作为Host
标头传递
输出为:
Scanning Targer testphp.vulweb.com,ip: 70.32.1.32,port: 80
GET / HTTP/1.1
Host: testphp.vulweb.com
User-Agent: python-custom-script/2.22.0
Accept-Encoding: gzip,deflate
Accept: */*
Connection: keep-alive
port 80 is open and banner is openHTTP/1.1 302 Found
Date: Sun,25 Oct 2020 22:06:45 GMT
Server: Apache/2.4.25 (Debian)
Set-Cookie: __tad=1603663605.4398154; expires=Wed,23-Oct-2030 22:06:45 GMT; Max-Age=315360000
Location: http://ww1.testphp.vulweb.com/?sub1=20201026-0906-4558-946c-192d28ec2089
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
请注意它返回了302(重定向)状态代码,因此(取决于您的目标)您可能需要遵循Location
响应标头中的url