从零开始编写信息收集器 - 详细教学文档<\/h1>

0x00 引言<\/h2>
信息收集是渗透测试中不可或缺的一环，手动收集各类信息耗时耗力。本教学将指导如何从零开始编写一个Python信息收集工具，重点讲解开发思路和实现方法。<\/p>

0x01 需求分析<\/h2>

明确工具需要实现的功能：<\/p>

whois信息查询<\/li>
DNS记录查询<\/li>
端口状态扫描<\/li>
子域名枚举<\/li>
主机系统信息收集<\/li>
Robots.txt检查<\/li>
服务信息识别<\/li>

指纹识别(CMS识别)<\/li> <\/ol>

0x02 平台选择<\/h2>

主要平台：Linux<\/li>
兼容平台：Windows（后续扩展）<\/li>

依赖工具：Nmap（需添加到环境变量）<\/li> <\/ul>

0x03 功能模块设计<\/h2>

1. 工具启动阶段<\/h3>

参数解析<\/li>
环境检查<\/li>

欢迎界面<\/li> <\/ul>

2. 工具运行阶段<\/h3>

信息收集模块<\/li>
数据处理模块<\/li>

结果输出模块<\/li> <\/ul>

3. 工具结束阶段<\/h3>

结果保存<\/li>
清理临时文件<\/li>

退出处理<\/li> <\/ul>

0x04 代码结构<\/h2>

Stealth.py                # 主程序
├── config\/               # 配置文件目录
│   ├── cms.txt           # CMS识别规则
│   └── config.py         # 参数配置
├── output\/               # 输出目录
├── static\/               # 静态资源
└── util\/                 # 功能模块
    ├── welcome.py        # 欢迎界面
    ├── help.py           # 帮助信息
    └── is_select.py      # 功能选择
<\/code><\/pre>
0x05 核心代码实现<\/h2>
主程序框架<\/h3>
#!\/usr\/bin\/env python<\/span>
<\/span><\/span># -*- encoding: utf-8 -*-<\/span>
<\/span><\/span>
<\/span><\/span>import<\/span> os
<\/span><\/span>from<\/span> util.welcome import<\/span> Welcome
<\/span><\/span>from<\/span> util.help import<\/span> Help
<\/span><\/span>from<\/span> util.is_select import<\/span> select
<\/span><\/span>
<\/span><\/span>if<\/span> __name__ ==<\/span> '__main__'<\/span>:
<\/span><\/span>    # 创建输出目录<\/span>
<\/span><\/span>    script_path =<\/span> os.<\/span>path.<\/span>dirname(os.<\/span>path.<\/span>abspath(__file__))
<\/span><\/span>    _cache_path =<\/span> os.<\/span>path.<\/span>join(script_path, 'output\/'<\/span>)
<\/span><\/span>    if<\/span> not<\/span> os.<\/span>path.<\/span>exists(_cache_path):
<\/span><\/span>        os.<\/span>makedirs(_cache_path, 777<\/span>)
<\/span><\/span>    
<\/span><\/span>    # 解析参数<\/span>
<\/span><\/span>    (arg, domain) =<\/span> Help.<\/span>parse_args()
<\/span><\/span>    if<\/span> domain ==<\/span> ''<\/span>:
<\/span><\/span>        Welcome().<\/span>headline()
<\/span><\/span>        Help.<\/span>help_info()
<\/span><\/span>    else<\/span>:
<\/span><\/span>        select(arg, domain)
<\/span><\/span><\/code><\/pre>配置模块 (config\/config.py)<\/h3>
#!\/usr\/bin\/env python<\/span>
<\/span><\/span># -*- encoding: utf-8 -*-<\/span>
<\/span><\/span>
<\/span><\/span>import<\/span> sys
<\/span><\/span>import<\/span> random
<\/span><\/span>
<\/span><\/span># SSL证书验证<\/span>
<\/span><\/span>allow_ssl_verify =<\/span> True<\/span>
<\/span><\/span>
<\/span><\/span># requests配置<\/span>
<\/span><\/span>timeout =<\/span> 60<\/span>                  # 超时时间<\/span>
<\/span><\/span>allow_redirects =<\/span> True<\/span>        # 允许URL重定向<\/span>
<\/span><\/span>allow_http_session =<\/span> True<\/span>     # 使用session<\/span>
<\/span><\/span>allow_random_user_agent =<\/span> False<\/span>  # 随机User-Agent<\/span>
<\/span><\/span>
<\/span><\/span># 代理配置<\/span>
<\/span><\/span>allow_proxies =<\/span> {}
<\/span><\/span>
<\/span><\/span># User-Agent列表<\/span>
<\/span><\/span>USER_AGENTS =<\/span> [
<\/span><\/span>    "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_7_3)..."<\/span>,
<\/span><\/span>    "Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1...)"<\/span>,
<\/span><\/span>    # 更多User-Agent...<\/span>
<\/span><\/span>]
<\/span><\/span>
<\/span><\/span>def<\/span> random_user_agent<\/span>(condition=<\/span>False<\/span>):
<\/span><\/span>    if<\/span> condition:
<\/span><\/span>        return<\/span> random.<\/span>choice(USER_AGENTS)
<\/span><\/span>    else<\/span>:
<\/span><\/span>        return<\/span> USER_AGENTS[0<\/span>]
<\/span><\/span>
<\/span><\/span># 请求头设置<\/span>
<\/span><\/span>headers =<\/span> {
<\/span><\/span>    'User-Agent'<\/span>: random_user_agent(allow_random_user_agent)
<\/span><\/span>}
<\/span><\/span>
<\/span><\/span># nmap命令设置<\/span>
<\/span><\/span>nmap_cmd_line =<\/span> ""<\/span>
<\/span><\/span><\/code><\/pre>0x06 功能实现细节<\/h2>
1. Whois信息收集<\/h3>

使用whois库或查询在线whois服务<\/li>
结果保存为HTML格式<\/li>
<\/ul>
2. DNS记录查询<\/h3>

使用dnspython库<\/li>
查询A、MX、NS、TXT等记录<\/li>
结果保存为HTML格式<\/li>
<\/ul>
3. 端口扫描<\/h3>

调用Nmap进行扫描<\/li>
识别开放端口和服务<\/li>
结果保存为文本文件<\/li>
<\/ul>
4. 子域名枚举<\/h3>

使用字典爆破方法<\/li>
结合搜索引擎查询<\/li>
结果保存为Excel和HTML格式<\/li>
<\/ul>
5. Robots.txt检查<\/h3>

直接请求目标网站的robots.txt<\/li>
分析禁止访问的目录<\/li>
结果保存为文本文件<\/li>
<\/ul>
6. 指纹识别<\/h3>

基于cms.txt规则文件<\/li>
匹配特定CMS的特征<\/li>
包括HTTP头、特定文件、HTML特征等<\/li>
<\/ul>
0x07 使用说明<\/h2>
安装指南<\/h3>
git clone https:\/\/github.com\/ANyedt\/Stealth.git
<\/span><\/span>cd Stealth
<\/span><\/span>pip install -r requirements.txt
<\/span><\/span><\/code><\/pre>使用方法<\/h3>

全扫描模式（收集所有信息）：<\/li>
<\/ol>
python Stealth.py -a example.com
<\/span><\/span><\/code><\/pre>
选择性扫描（收集部分信息）：<\/li>
<\/ol>
python Stealth.py -s -c -D example.com
<\/span><\/span><\/code><\/pre>参数说明<\/h3>
optional arguments:
  -h, --help       显示帮助信息
  -a, --all        执行所有操作
  -D, --domain     目标域名
  -d, --dns        DNS信息
  -s, --subdomain  子域名信息
  -R, --robots     查询Robots.txt
  -I, --info       服务信息、端口信息和系统信息
  -c, --cms        CMS信息
  -w, --whois      Whois信息
  -q, --quit       退出
<\/code><\/pre>
0x08 项目部署与维护<\/h2>
GitHub管理<\/h3>

初始化本地仓库<\/li>
添加文件：git add .<\/code><\/li>
提交更改：git commit -m "注释"<\/code><\/li>
推送到远程：git push -u origin master<\/code><\/li>
<\/ol>
语言设置<\/h3>
创建.gitattributes文件：<\/p>
*.js linguist-language=python
*.css linguist-language=python
*.html linguist-language=python
<\/code><\/pre>
0x09 总结与扩展<\/h2>
项目特点<\/h3>

模块化设计，便于扩展<\/li>
支持多种信息收集方式<\/li>
跨平台支持（Linux\/Windows）<\/li>
<\/ul>
改进方向<\/h3>

增加多线程支持<\/li>
集成更多信息源<\/li>
优化输出格式<\/li>
添加API接口支持<\/li>
增强错误处理和日志记录<\/li>
<\/ol>
注意事项<\/h3>

使用Nmap可能需要root权限<\/li>
大量查询可能触发目标防护机制<\/li>
遵守当地法律法规，仅用于授权测试<\/li>
<\/ul>
0x0A 参考资源<\/h2>

Nmap官方文档：http:\/\/nmap.org<\/li>
wydomain项目：https:\/\/github.com\/ring04h\/wydomain<\/li>
Python requests文档：http:\/\/docs.python-requests.org<\/li>
<\/ul>
通过本教学，您应该掌握了从零开始开发一个信息收集工具的全过程，包括需求分析、设计、实现和部署。实际开发中可根据需要调整和扩展功能模块。<\/p>

从零开始编写信息收集器 - 详细教学文档<\/h1>

0x00 引言<\/h2> 信息收集是渗透测试中不可或缺的一环，手动收集各类信息耗时耗力。本教学将指导如何从零开始编写一个Python信息收集工具，重点讲解开发思路和实现方法。<\/p>

0x03 功能模块设计<\/h2>

0x05 核心代码实现<\/h2>

0x06 功能实现细节<\/h2>

0x07 使用说明<\/h2>

0x08 项目部署与维护<\/h2>

0x09 总结与扩展<\/h2>

0x00 引言<\/h2>
信息收集是渗透测试中不可或缺的一环，手动收集各类信息耗时耗力。本教学将指导如何从零开始编写一个Python信息收集工具，重点讲解开发思路和实现方法。<\/p>