Python黑客工具入门教程（续）<\/h1>

前言<\/h2>
本教程面向Python安全新手，介绍如何使用Python开发实用的黑客工具。环境要求：<\/p>
Windows系统<\/li>
Python 3.7<\/li>
所需库：requests、bs4、optparse<\/li> <\/ul>
基础库介绍<\/h2>

Requests库<\/h3>
相比urllib等模块，Requests使用更加简便。官方中文文档：
http:\/\/docs.python-requests.org\/zh_CN\/latest\/user\/quickstart.html<\/p>

BeautifulSoup4 (bs4)<\/h3>
bs4是一个爬虫框架，我们主要使用其解析HTML的功能。中文文档：
http:\/\/beautifulsoup.readthedocs.io\/zh_CN\/v4.4.0\/<\/p>

实战工具开发<\/h2>

1. 代理IP爬取工具（西刺代理）<\/h3>
import<\/span> requests
<\/span><\/span>import<\/span> re
<\/span><\/span>from<\/span> bs4 import<\/span> BeautifulSoup
<\/span><\/span>
<\/span><\/span>def<\/span> daili<\/span>():
<\/span><\/span>    print('[+]极速爬取代理IP，默认为99页'<\/span>)
<\/span><\/span>    for<\/span> b in<\/span> range(1<\/span>,99<\/span>):
<\/span><\/span>        url=<\/span>"http:\/\/www.xicidaili.com\/nt\/<\/span>{}<\/span>"<\/span>.<\/span>format(b)
<\/span><\/span>        header=<\/span>{'User-Agent'<\/span>: 'Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:58.0) Gecko\/20100101 Firefox\/48.0'<\/span>}
<\/span><\/span>        r=<\/span>requests.<\/span>get(url,headers=<\/span>header)
<\/span><\/span>        gsx=<\/span>BeautifulSoup(r.<\/span>content,'html.parser'<\/span>)
<\/span><\/span>        for<\/span> line in<\/span> gsx.<\/span>find_all('td'<\/span>):
<\/span><\/span>            sf=<\/span>line.<\/span>get_text()
<\/span><\/span>            dailix=<\/span>re.<\/span>findall('(25[0-5]|2[0-4]\d|[0-1]\d<\/span>{2}<\/span>|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d<\/span>{2}<\/span>|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d<\/span>{2}<\/span>|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d<\/span>{2}<\/span>|[1-9]?\d)'<\/span>,str(sf))
<\/span><\/span>            for<\/span> g in<\/span> dailix:
<\/span><\/span>                po=<\/span>"."<\/span>.<\/span>join(g)
<\/span><\/span>                print(po)
<\/span><\/span>                with<\/span> open('采集到的IP.txt'<\/span>,'a'<\/span>) as<\/span> l:
<\/span><\/span>                    l.<\/span>write(po+<\/span>'<\/span>\n<\/span>'<\/span>)
<\/span><\/span><\/code><\/pre>功能特点：<\/p>

爬取西刺代理网站的普通代理IP<\/li>
自动翻页（默认99页）<\/li>
结果保存到"采集到的IP.txt"文件<\/li>
使用正则表达式精确匹配IP格式<\/li>
<\/ul>
2. 信息搜集工具（站长之家）<\/h3>
import<\/span> optparse
<\/span><\/span>import<\/span> requests
<\/span><\/span>import<\/span> re
<\/span><\/span>import<\/span> sys
<\/span><\/span>from<\/span> bs4 import<\/span> BeautifulSoup
<\/span><\/span>
<\/span><\/span>def<\/span> main<\/span>():
<\/span><\/span>    usage=<\/span>"[-z Subdomain mining] [-p Side of the station inquiries] [-x http status query]"<\/span>
<\/span><\/span>    parser=<\/span>optparse.<\/span>OptionParser(usage)
<\/span><\/span>    parser.<\/span>add_option('-z'<\/span>,dest=<\/span>"Subdomain"<\/span>,help=<\/span>"Subdomain mining"<\/span>)
<\/span><\/span>    parser.<\/span>add_option('-p'<\/span>,dest=<\/span>'Side'<\/span>,help=<\/span>'Side of the station inquiries'<\/span>)
<\/span><\/span>    parser.<\/span>add_option('-x'<\/span>,dest=<\/span>'http'<\/span>,help=<\/span>'http status query'<\/span>)
<\/span><\/span>    (options,args)=<\/span>parser.<\/span>parse_args()
<\/span><\/span>    
<\/span><\/span>    if<\/span> options.<\/span>Subdomain:
<\/span><\/span>        subdomain=<\/span>options.<\/span>Subdomain
<\/span><\/span>        Subdomain(subdomain)
<\/span><\/span>    elif<\/span> options.<\/span>Side:
<\/span><\/span>        side=<\/span>options.<\/span>Side
<\/span><\/span>        Side(side)
<\/span><\/span>    elif<\/span> options.<\/span>http:
<\/span><\/span>        http=<\/span>options.<\/span>http
<\/span><\/span>        Http(http)
<\/span><\/span>    else<\/span>:
<\/span><\/span>        parser.<\/span>print_help()
<\/span><\/span>        sys.<\/span>exit()
<\/span><\/span>
<\/span><\/span>def<\/span> Subdomain<\/span>(subdomain):
<\/span><\/span>    print('-----------Subdomains quickly tap-----------'<\/span>)
<\/span><\/span>    url=<\/span>"http:\/\/m.tool.chinaz.com\/subdomain\/?domain=<\/span>{}<\/span>"<\/span>.<\/span>format(subdomain)
<\/span><\/span>    header=<\/span>{'User-Agent'<\/span>:'Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.132 Safari\/537.36'<\/span>}
<\/span><\/span>    r=<\/span>requests.<\/span>get(url,headers=<\/span>header).<\/span>content
<\/span><\/span>    g =<\/span> re.<\/span>finditer('<td>\D[a-zA-Z0-9][-a-zA-Z0-9]{0,62}\D(\.[a-zA-Z0-9]\D[-a-zA-Z0-9]{0,62})+\.?<\/td>'<\/span>, str(r))
<\/span><\/span>    for<\/span> x in<\/span> g:
<\/span><\/span>        lik=<\/span>""<\/span>.<\/span>join(str(x))
<\/span><\/span>        opg=<\/span>BeautifulSoup(lik,'html.parser'<\/span>)
<\/span><\/span>        for<\/span> link in<\/span> opg.<\/span>find_all('td'<\/span>):
<\/span><\/span>            lops=<\/span>link.<\/span>get_text()
<\/span><\/span>            print(lops)
<\/span><\/span><\/code><\/pre>功能特点：<\/p>

支持三种查询模式：

-z<\/code> 子域名挖掘<\/li>
-p<\/code> 旁站查询<\/li>
-x<\/code> HTTP状态查询<\/li>
<\/ul>
<\/li>
使用正则表达式精确匹配目标信息<\/li>
友好的命令行界面<\/li>
<\/ul>
3. API调用工具<\/h3>
import<\/span> requests
<\/span><\/span>import<\/span> optparse
<\/span><\/span>import<\/span> json
<\/span><\/span>
<\/span><\/span>def<\/span> main<\/span>():
<\/span><\/span>    usage=<\/span>'usage:[-i IP query] [-m National wifi lat] [-l National wifi lon] [-x Daily News] [-t Info querry]'<\/span>
<\/span><\/span>    parser=<\/span>optparse.<\/span>OptionParser(usage)
<\/span><\/span>    parser.<\/span>add_option('-i'<\/span>,dest=<\/span>'ip'<\/span>,help=<\/span>'ip to query'<\/span>)
<\/span><\/span>    parser.<\/span>add_option('-m'<\/span>,dest=<\/span>'wifi'<\/span>,help=<\/span>'National wifi lat'<\/span>)
<\/span><\/span>    parser.<\/span>add_option('-l'<\/span>,dest=<\/span>'wifilon'<\/span>,help=<\/span>'National wifi lon'<\/span>)
<\/span><\/span>    parser.<\/span>add_option('-x'<\/span>,action=<\/span>'store_true'<\/span>,dest=<\/span>'Daily'<\/span>,help=<\/span>'Daily News'<\/span>)
<\/span><\/span>    parser.<\/span>add_option('-t'<\/span>,dest=<\/span>'info'<\/span>,help=<\/span>'info to query'<\/span>)
<\/span><\/span>    (options,args)=<\/span>parser.<\/span>parse_args()
<\/span><\/span>    
<\/span><\/span>    if<\/span> options.<\/span>ip:
<\/span><\/span>        ipquery=<\/span>options.<\/span>ip
<\/span><\/span>        Ipquery(ipquery)
<\/span><\/span>    elif<\/span> options.<\/span>wifi and<\/span> options.<\/span>wifilon:
<\/span><\/span>        wifi=<\/span>options.<\/span>wifi
<\/span><\/span>        wifilon=<\/span>options.<\/span>wifilon
<\/span><\/span>        Wifi(wifi,wifilon)
<\/span><\/span>    elif<\/span> options.<\/span>Daily:
<\/span><\/span>        Daily()
<\/span><\/span>    elif<\/span> options.<\/span>info:
<\/span><\/span>        info=<\/span>options.<\/span>info
<\/span><\/span>        Info(info)
<\/span><\/span>    else<\/span>:
<\/span><\/span>        parser.<\/span>print_help()
<\/span><\/span>        exit()
<\/span><\/span>
<\/span><\/span>def<\/span> Ipquery<\/span>(ipquery):
<\/span><\/span>    url=<\/span>"http:\/\/api.avatardata.cn\/IpLookUp\/LookUp?key=6a4c1df4ba10453da7ee1d50165bfd08&ip=<\/span>{}<\/span>"<\/span>.<\/span>format(ipquery)
<\/span><\/span>    header=<\/span>{'User-Agent'<\/span>:'Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.132 Safari\/537.36'<\/span>}
<\/span><\/span>    r=<\/span>requests.<\/span>get(url,headers=<\/span>header)
<\/span><\/span>    sdw=<\/span>r.<\/span>content.<\/span>decode('utf-8'<\/span>)
<\/span><\/span>    lks=<\/span>json.<\/span>loads(sdw)
<\/span><\/span>    print('[*]ip'<\/span>,ipquery)
<\/span><\/span>    print('[*]area:'<\/span>,lks['result'<\/span>]['area'<\/span>])
<\/span><\/span>    print('[*]location:'<\/span>,lks['result'<\/span>]['location'<\/span>])
<\/span><\/span><\/code><\/pre>功能特点：<\/p>

支持多种API查询：

IP查询<\/li>
全国免费WiFi查询（需经纬度）<\/li>
每日新闻<\/li>
天气信息查询<\/li>
<\/ul>
<\/li>
使用JSON解析API返回数据<\/li>
需要自行申请API key<\/li>
<\/ul>
4. MD5解密工具<\/h3>
import<\/span> requests
<\/span><\/span>from<\/span> bs4 import<\/span> BeautifulSoup
<\/span><\/span>import<\/span> optparse
<\/span><\/span>
<\/span><\/span>def<\/span> main<\/span>():
<\/span><\/span>    usage=<\/span>"[-m md5 decryption]"<\/span>
<\/span><\/span>    parser=<\/span>optparse.<\/span>OptionParser(usage)
<\/span><\/span>    parser.<\/span>add_option('-m'<\/span>,dest=<\/span>'md5'<\/span>,help=<\/span>'md5 decryption'<\/span>)
<\/span><\/span>    (options,args)=<\/span>parser.<\/span>parse_args()
<\/span><\/span>    
<\/span><\/span>    if<\/span> options.<\/span>md5:
<\/span><\/span>        md5=<\/span>options.<\/span>md5
<\/span><\/span>        Md5(md5)
<\/span><\/span>    else<\/span>:
<\/span><\/span>        parser.<\/span>print_help()
<\/span><\/span>        exit()
<\/span><\/span>
<\/span><\/span>def<\/span> Md5<\/span>(md5):
<\/span><\/span>    header =<\/span> {
<\/span><\/span>        'User-Agent'<\/span>: 'Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.132 Safari\/537.36'<\/span>}
<\/span><\/span>    data =<\/span> {
<\/span><\/span>        '__VIEWSTATE'<\/span>: '\/wEPDwUKMTM4NTE3OTkzOWRkP4hmXYtPPhcBjbupZdLOLfmeTK4='<\/span>,
<\/span><\/span>        '__VIEWSTATEGENERATOR'<\/span>: 'CA0B0334'<\/span>,
<\/span><\/span>        '__EVENTVALIDATION'<\/span>: '\/wEWAwK75ZuyDwLigPTXCQKU9f3vAheUenitfEuJ6eGUVe2GyFzb7HKC'<\/span>,
<\/span><\/span>        'key'<\/span>: '<\/span>{}<\/span>'<\/span>.<\/span>format(md5),
<\/span><\/span>        'jiemi'<\/span>: 'MD5解密'<\/span>
<\/span><\/span>    }
<\/span><\/span>    url =<\/span> "http:\/\/pmd5.com\/"<\/span>
<\/span><\/span>    r =<\/span> requests.<\/span>post(url, headers=<\/span>header, data=<\/span>data)
<\/span><\/span>    sd =<\/span> r.<\/span>content.<\/span>decode('utf-8'<\/span>)
<\/span><\/span>    esdf =<\/span> BeautifulSoup(sd, 'html.parser'<\/span>)
<\/span><\/span>    for<\/span> l in<\/span> esdf.<\/span>find_all('em'<\/span>):
<\/span><\/span>        g =<\/span> l.<\/span>get_text()
<\/span><\/span>        print('--------[*]PMD5接口--------'<\/span>)
<\/span><\/span>        print(g)
<\/span><\/span><\/code><\/pre>实现原理：<\/p>

通过分析pmd5.com网站的POST请求<\/li>
使用requests模拟表单提交<\/li>
解析返回的HTML获取解密结果<\/li>
<\/ul>
5. Shodan API工具<\/h3>
import<\/span> optparse
<\/span><\/span>import<\/span> shodan
<\/span><\/span>
<\/span><\/span>def<\/span> main<\/span>():
<\/span><\/span>    usage=<\/span>'[usage: -j Type what you want] [-i IP to search] [-s Todays camera equipment]'<\/span>
<\/span><\/span>    parser=<\/span>optparse.<\/span>OptionParser(usage)
<\/span><\/span>    parser.<\/span>add_option('-j'<\/span>,dest=<\/span>'jost'<\/span>,help=<\/span>'Type what you want'<\/span>)
<\/span><\/span>    parser.<\/span>add_option('-i'<\/span>,dest=<\/span>'host'<\/span>,help=<\/span>'IP to search'<\/span>)
<\/span><\/span>    parser.<\/span>add_option('-s'<\/span>,action=<\/span>'store_true'<\/span>,dest=<\/span>'query'<\/span>,help=<\/span>'Todays camera equipment'<\/span>)
<\/span><\/span>    (options,args)=<\/span>parser.<\/span>parse_args()
<\/span><\/span>    
<\/span><\/span>    if<\/span> options.<\/span>jost:
<\/span><\/span>        jost=<\/span>options.<\/span>jost
<\/span><\/span>        Jost(jost)
<\/span><\/span>    elif<\/span> options.<\/span>host:
<\/span><\/span>        host=<\/span>options.<\/span>host
<\/span><\/span>        Host(host)
<\/span><\/span>    elif<\/span> options.<\/span>query:
<\/span><\/span>        query()
<\/span><\/span>    else<\/span>:
<\/span><\/span>        parser.<\/span>print_help()
<\/span><\/span>        exit()
<\/span><\/span>
<\/span><\/span>def<\/span> Jost<\/span>(jost):
<\/span><\/span>    SHODAN_API_KEY=<\/span>'你的API_KEY'<\/span>
<\/span><\/span>    api=<\/span>shodan.<\/span>Shodan(SHODAN_API_KEY)
<\/span><\/span>    try<\/span>:
<\/span><\/span>        result=<\/span>api.<\/span>search('<\/span>{}<\/span>'<\/span>.<\/span>format(jost))
<\/span><\/span>        print('[*]Results found:<\/span>{}<\/span>'<\/span>.<\/span>format(result['total'<\/span>]))
<\/span><\/span>        for<\/span> x in<\/span> result['matches'<\/span>]:
<\/span><\/span>            print('IP<\/span>{}<\/span>'<\/span>.<\/span>format(x['ip_str'<\/span>]))
<\/span><\/span>            print(x['data'<\/span>])
<\/span><\/span>            with<\/span> open('shodan.txt'<\/span>,'a'<\/span>) as<\/span> p:
<\/span><\/span>                p.<\/span>write(x['ip_str'<\/span>]+<\/span>'<\/span>\n<\/span>'<\/span>)
<\/span><\/span>                p.<\/span>write(x['data'<\/span>]+<\/span>'<\/span>\n<\/span>'<\/span>)
<\/span><\/span>    except<\/span> shodan.<\/span>APIError as<\/span> e:
<\/span><\/span>        print('[-]Error:'<\/span>,e)
<\/span><\/span><\/code><\/pre>功能特点：<\/p>

需要注册Shodan获取API key<\/li>
支持三种查询模式：

-j<\/code> 关键词搜索<\/li>
-i<\/code> IP搜索<\/li>
-s<\/code> 弱口令摄像头查询<\/li>
<\/ul>
<\/li>
结果保存到shodan.txt文件<\/li>
<\/ul>
6. DNS查询工具<\/h3>
from<\/span> dnsknife.scanner import<\/span> Scanner
<\/span><\/span>import<\/span> dnsknife
<\/span><\/span>import<\/span> optparse
<\/span><\/span>import<\/span> sys
<\/span><\/span>
<\/span><\/span>def<\/span> main<\/span>():
<\/span><\/span>    usage=<\/span>"[-i Fast query] [-d DNS domain transmission vulnerability detection]"<\/span>
<\/span><\/span>    parser=<\/span>optparse.<\/span>OptionParser(usage)
<\/span><\/span>    parser.<\/span>add_option('-i'<\/span>,dest=<\/span>'Fastquery'<\/span>,help=<\/span>'Quickly check some dns records'<\/span>)
<\/span><\/span>    parser.<\/span>add_option('-d'<\/span>,dest=<\/span>'detection'<\/span>,help=<\/span>'Detects possible DNS transmission vulnerabilities'<\/span>)
<\/span><\/span>    (options,parser)=<\/span>parser.<\/span>parse_args()
<\/span><\/span>    
<\/span><\/span>    if<\/span> options.<\/span>Fastquery:
<\/span><\/span>        Fastquery=<\/span>options.<\/span>Fastquery
<\/span><\/span>        query(Fastquery)
<\/span><\/span>    elif<\/span> options.<\/span>detection:
<\/span><\/span>        detection=<\/span>options.<\/span>detection
<\/span><\/span>        vulnerability(detection)
<\/span><\/span>    else<\/span>:
<\/span><\/span>        sys.<\/span>exit()
<\/span><\/span>
<\/span><\/span>def<\/span> query<\/span>(Fastquery):
<\/span><\/span>    print '--------mx record--------'<\/span>
<\/span><\/span>    try<\/span>:
<\/span><\/span>        dns=<\/span>dnsknife.<\/span>Checker(Fastquery).<\/span>mx()
<\/span><\/span>        for<\/span> x in<\/span> dns:
<\/span><\/span>            print x
<\/span><\/span>    except<\/span> Exception<\/span> , c:
<\/span><\/span>        print '[-]wrong reason:'<\/span>,c
<\/span><\/span>
<\/span><\/span>    print '--------txt record--------'<\/span>
<\/span><\/span>    try<\/span>:
<\/span><\/span>        dnstxt=<\/span>dnsknife.<\/span>Checker(Fastquery).<\/span>txt()
<\/span><\/span>        print dnstxt
<\/span><\/span>    except<\/span> Exception<\/span> , g:
<\/span><\/span>        print '[-]wrong reason:'<\/span>,g
<\/span><\/span><\/code><\/pre>注意事项：<\/p>

需要安装dnsknife模块：pip install dnsknife<\/code><\/li>
Windows下可能报错，建议在Linux环境下运行<\/li>
支持两种查询模式：

快速DNS记录查询<\/li>
DNS域传输漏洞检测<\/li>
<\/ul>
<\/li>
<\/ul>
好书推荐<\/h2>
Python相关：<\/h3>

《Python绝技》<\/li>
《Python黑帽子》<\/li>
《Python网络数据采集》<\/li>
《Python网络编程》<\/li>
<\/ul>
安全相关：<\/h3>

《黑客攻防技术宝典：Web篇》<\/li>
《黑客攻防技术宝典：浏览器实战篇》<\/li>
<\/ul>
网络相关：<\/h3>

《思科网络技术学院教程》（上、下）<\/li>
<\/ul>
总结<\/h2>
本教程介绍了多种实用的Python安全工具开发方法，涵盖了从基础爬虫到专业API调用的多个方面。这些工具可以帮助安全研究人员更高效地进行信息收集和漏洞检测工作。在实际使用时，请注意遵守相关法律法规，仅将这些工具用于合法的安全测试和研究目的。<\/p>
Python黑客工具入门教程（续）<\/h1>

基础库介绍<\/h2>

Requests库<\/h3> 相比urllib等模块，Requests使用更加简便。官方中文文档： http:\/\/docs.python-requests.org\/zh_CN\/latest\/user\/quickstart.html<\/p>

BeautifulSoup4 (bs4)<\/h3> bs4是一个爬虫框架，我们主要使用其解析HTML的功能。中文文档： http:\/\/beautifulsoup.readthedocs.io\/zh_CN\/v4.4.0\/<\/p>

实战工具开发<\/h2>

好书推荐<\/h2>

Requests库<\/h3>
相比urllib等模块，Requests使用更加简便。官方中文文档：
http:\/\/docs.python-requests.org\/zh_CN\/latest\/user\/quickstart.html<\/p>

BeautifulSoup4 (bs4)<\/h3>
bs4是一个爬虫框架，我们主要使用其解析HTML的功能。中文文档：
http:\/\/beautifulsoup.readthedocs.io\/zh_CN\/v4.4.0\/<\/p>
