📌  相关文章
📜  如何在Python制作子域扫描仪?

📅  最后修改于: 2022-05-13 01:54:55.305000             🧑  作者: Mango

如何在Python制作子域扫描仪?

在本文中,我们将使用Python的requests 模块扫描子域,这使我们能够轻松地发出 HTTPS 请求以从网站获取信息。要安装请求模块,请在命令提示符中编写以下命令。 

pip install requests

URL(Uniform Resource Locator)主要由四部分组成:

  • 协议
  • 子域
  • 域名或二级域 (SLD)
  • 顶级域 (TLD)

下图展示了 URL 的所有四个部分。

子域被定义为域中位于域名和域扩展名之前的部分,即顶级域 (TLD)。子域用于将 Web 内容组织或划分为不同的部分。子域帮助我们将我们的网站分成几个部分,子域被视为不同的网站。



使用的子域文件: 

mail
mail2
www
ns2
ns1
blog
localhost
m
ftp
mobile
ns3
smtp
search
api
dev
secure
webmail
admin
img
news
sms
marketing
test
video
www2
media
static
ads
mail2
beta
wap
blogs
download
dns1
www3
origin
shop
forum
chat
www1
image
new
tv
dns
services
music
images
pay
ddrint
conc

方法:

  • 首先,我们在文本文件中有一个子域名列表,可以通过输入 URL 来扫描这些子域,您可以从 google 获取此子域列表。
  • 现在我们必须通过连接或使用 f字符串与协议、子域和域名来创建 URL。
  • 我们必须使用 for 循环将子域一一放入 URL 中进行扫描。
  • 为了避免当子域与域名无效时程序崩溃,我们必须使用 try-catch 块跳过无效的子域,并在 catch 块的帮助下传递它,并在帮助下扫描即将到来的子域catch 块,扫描应该借助请求模块来完成,对于特定的 URL 获取请求应该根据服务器响应发送到服务器的 URL 将被打印。
  • 一旦子域被扫描并有效,就会打印 URL。

需要的步骤

  • 导入请求模块
  • 创建一个用于扫描子域的函数,并将域名和子域列表作为参数传递。
  • 为列表中存在的每个子域运行 for 循环,并将子域与 URL 序列中的协议和域名连接起来,并将其存储在名为“URL”的变量 let 中。
  • 现在我们使用 requests.get()函数,在该传递中,URL 使用给定的 URL 从给定的服务器检索信息,如果我们能够从服务器检索信息,则意味着子域对该域名有效,否则我们将传递它,因为我们曾经在 try 块中尝试和捕获块,我们将传递 request.get()函数,扫描后,我们将打印该 URL,否则我们将在 catch 块中捕获并通过。
  • 然后创建main函数,在获取用户输入的域名。
  • 然后以读取模式从存储中打开子域文本文件列表以扫描每个子域。
  • 在读取模式下打开文件后,我们使用 splitlines()函数将拆分的字符串存储在名为“sub_dom”的变量 let 中。
  • 现在调用我们创建的函数来绕过域名和 sub_dom 来扫描子域。

显示文本文件中存在的子域名并创建该子域列表。

Python
# opening the subdomain text file in the read mode
with open('subdomain_names.txt','r') as file:
    
    # reading the file
    name = file.read()
      
    # using spilitlines() function storing the list
    # of spitted strings
    sub_dom = name.splitlines()
      
    # printing number of subdomain names present in
    # the list
    print(f"Number of subdomain names present in the file are: {len(sub_dom)}\n")
      
    # printing list of subdomain names present in the 
    # text file
    print("List of subdomain names present in the file\n")
    print(sub_dom)

Python
# importing module
import requests
  
# function for scanning subdomains
def domain_scanner(domain_name,sub_domnames):
    print('----URL after scanning subdomains----')
      
    # loop for getting URL's
    for subdomain in sub_domnames:
        
        # making url by putting subdomain one by one
        url = f"https://{subdomain}.{domain_name}"
          
        # using try catch block to avoid crash of the
        # program
        try:
            # sending get request to the url
            requests.get(url)
              
            # if after putting subdomain one by one url 
            # is valid then printing the url
            print(f'[+] {url}')
              
            # if url is invalid then pass it
        except requests.ConnectionError:
            pass
  
# main function
if __name__ == '__main__':
    
    # inputting the domain name
    dom_name = input("Enter the Domain Name:")
  
    # openning the subdomain text file
    with open('subdomain_names1.txt','r') as file:
        
        # reading the file
        name = file.read()
          
        # using spilitlines() function storing the list
        # of splitted strings
        sub_dom = name.splitlines()
          
    # calling the function for scanning the subdomains
    # and getting the url
    domain_scanner(dom_name,sub_dom)

Python
# importing library
import requests
  
# function for scanning subdomains
def domain_scanner(domain_name,sub_domnames):
    print('-----------Scanner Started-----------')
    print('----URL after scanning subdomains----')
      
    # loop for getting URL's
    for subdomain in sub_domnames:
        
        # making url by putting subdomain one by one
        url = f"https://{subdomain}.{domain_name}"
          
        # using try catch block to avoid crash of
        # the program
        try:
            
            # sending get request to the url
            requests.get(url)
              
            # if after putting subdomain one by one url 
            # is valid then printing the url
            print(f'[+] {url}')
              
        # if url is invalid then pass it
        except requests.ConnectionError:
            pass
    print('\n')
    print('----Scanning Finished----')
    print('-----Scanner Stopped-----')
  
# main function
if __name__ == '__main__':
    
    # inputting the domain name
    dom_name = input("Enter the Domain Name:")
    print('\n')
  
    # openning the subdomain text file
    with open('subdomain_names1.txt','r') as file:
        
        # reading the file
        name = file.read()
          
        # using spilitlines() function storing the 
        # list of splitted strings
        sub_dom = name.splitlines()
          
    # calling the function for scanning the subdomains
    # and getting the url
    domain_scanner(dom_name,sub_dom)

输出:

在上面的代码中,我们从我们必须扫描的子域名所在的存储中打开文本文件,并且在以读取模式从存储中打开文件后,我们正在制作该文件中存在的内容列表和打印文件中存在的子域名数量并打印子域名列表。



文本文件仅包含 50 个用于演示的子域,您可以根据需要扫描任意数量的子域。因此,在上面的输出图像列表中打印了子域,我们将在接下来的示例中对其进行扫描。

我们将使用这段代码扫描子域。

示例 1:使用Python 的子域扫描程序。

Python 

# importing module
import requests
  
# function for scanning subdomains
def domain_scanner(domain_name,sub_domnames):
    print('----URL after scanning subdomains----')
      
    # loop for getting URL's
    for subdomain in sub_domnames:
        
        # making url by putting subdomain one by one
        url = f"https://{subdomain}.{domain_name}"
          
        # using try catch block to avoid crash of the
        # program
        try:
            # sending get request to the url
            requests.get(url)
              
            # if after putting subdomain one by one url 
            # is valid then printing the url
            print(f'[+] {url}')
              
            # if url is invalid then pass it
        except requests.ConnectionError:
            pass
  
# main function
if __name__ == '__main__':
    
    # inputting the domain name
    dom_name = input("Enter the Domain Name:")
  
    # openning the subdomain text file
    with open('subdomain_names1.txt','r') as file:
        
        # reading the file
        name = file.read()
          
        # using spilitlines() function storing the list
        # of splitted strings
        sub_dom = name.splitlines()
          
    # calling the function for scanning the subdomains
    # and getting the url
    domain_scanner(dom_name,sub_dom)
     

输出:

扫描时间将取决于您扫描的子域的数量,为了演示,我在文本文件中有一些子域的名称,您可以添加任意多个要扫描的子域。

示例 2:使用Python 的维基百科子域扫描程序。

Python 

# importing library
import requests
  
# function for scanning subdomains
def domain_scanner(domain_name,sub_domnames):
    print('-----------Scanner Started-----------')
    print('----URL after scanning subdomains----')
      
    # loop for getting URL's
    for subdomain in sub_domnames:
        
        # making url by putting subdomain one by one
        url = f"https://{subdomain}.{domain_name}"
          
        # using try catch block to avoid crash of
        # the program
        try:
            
            # sending get request to the url
            requests.get(url)
              
            # if after putting subdomain one by one url 
            # is valid then printing the url
            print(f'[+] {url}')
              
        # if url is invalid then pass it
        except requests.ConnectionError:
            pass
    print('\n')
    print('----Scanning Finished----')
    print('-----Scanner Stopped-----')
  
# main function
if __name__ == '__main__':
    
    # inputting the domain name
    dom_name = input("Enter the Domain Name:")
    print('\n')
  
    # openning the subdomain text file
    with open('subdomain_names1.txt','r') as file:
        
        # reading the file
        name = file.read()
          
        # using spilitlines() function storing the 
        # list of splitted strings
        sub_dom = name.splitlines()
          
    # calling the function for scanning the subdomains
    # and getting the url
    domain_scanner(dom_name,sub_dom)

输出: