# encoding: utf-8 # python3.7 import os,socket,sys,requests from multiprocessing.pool import ThreadPool from fake_useragent import UserAgent from bs4 import BeautifulSoup # 设置延迟 socket.setdefaulttimeout(3) # 指纹特征 class Finger(object): def __init__(self): super(Finger,self).__init__() # 指纹文本 self.fingerText = "" # 剩余数量 self.NowCount = 0 self.allCount = 255 * 255 * 255 # 头部信息 self.headers = { ‘User-Agent‘: UserAgent(use_cache_server=False).random,} # 旁站获取 def panSearch(self,host): panList = [] res = requests.get("http://s.tool.chinaz.com/same?s=" + host,headers=self.headers,timeout=10) if "不知道这样的主机" in res.text: return None soup = BeautifulSoup(res.text,"lxml") i = soup.select("p.col-gray > i") page = int(int(i[0].string) / 20) + 1 while page > 0: try: res = requests.get("http://s.tool.chinaz.com/same?s=" + host + "&page=" + str(page),headers=self.headers,timeout=10) soup = BeautifulSoup(res.text,"lxml") links = soup.select("div.overhid > a") for link in links: panList.append(link.string) except: continue finally: page -= 1 return panList # 指纹扫描 def fingerAlive(self,host): self.NowCount += 1 sys.stdout.write("process:{0}/{1}".format(self.NowCount,self.allCount)) sys.stdout.write("\r") output = os.popen(‘ping -%s 1 %s‘ % ("n",host)).readlines() for w in output: if str(w).upper().find(‘TTL‘) >= 0: urlList = self.panSearch(host) if urlList: for url in urlList: url = "http://" + url + "/" print(url) try: res = requests.get(url,timeout=3) if self.fingerText in res.text: print(url) output = open("output.txt","a") output.write(url + "\n") output.close() except: continue break # 主机扫描 def fingerScan(self,host,text): ipList = [] self.fingerText = text h1,h2,h3,h4 = host.split(r".") for i in range(int(h3),255): for j in range(int(h4),255): ipList.append(h1 + "." + h2 + str(i) + "." + str(j)) pool = ThreadPool(processes=50) pool.map(self.fingerAlive,ipList) pool.close() pool.join() # 程序启动 if __name__ == ‘__main__‘: host = input("host:") text = input("keyword:") fin = Finger() fin.fingerScan(host,text)