Subdomain-blasting
前言
今天撸了一个子域名爆破脚本,感觉学到了不少。由于刚刚这个傻逼电脑蓝屏,真是操了你的妈。所以截图可能较少
正文
先从github上撸了一发字典:
字典传送链:https://paste.ubuntu.com/p/GYT9gBr5XT/
思路如下:
1.生成1-5级子域名,边生成边测试
2.存活的子域名写入txt
代码:
#author:九世
#time:2019/2/1
import requests
import threading
import os
import time
dict=[]
class Rkst:
def __init__(self,headers):
self.headers=headers
def shenc(self,file):
for k in file.readlines():
qc="".join(k.split('\n'))
yield qc
def one_domain(self,ssl,url):
for q in dict:
urls='{}'.format(ssl)+q+'.'+url
yield urls
def two_domain(self,ssl,url):
for v in dict:
for v2 in dict:
urls='{}'.format(ssl)+v+'.'+v2+'.'+url
yield urls
def san_domain(self,ssl,url):
for u in dict:
for u1 in dict:
for u2 in dict:
urls='{}'.format(ssl)+u+'.'+u1+'.'+u2+'.'+url
yield urls
def si_domain(self,ssl,url):
for s in dict:
for s1 in dict:
for s2 in dict:
for s3 in dict:
urls='{}'.format(ssl)+s+'.'+s1+'.'+s2+'.'+s3+'.'+url
yield urls
def wu_domain(self,ssl,url):
for b in dict:
for b1 in dict:
for b2 in dict:
for b3 in dict:
for b4 in dict:
urls='{}'.format(ssl)+b+'.'+b1+'.'+b2+'.'+b3+'.'+b4+'.'+url
yield urls
def bao(self,url):
try:
reqt=requests.get(url=url,headers=self.headers,timeout=3)
if reqt:
print('[+] Found domain:{}'.format(url))
print(url,file=('save.txt','a'))
except:
pass
lock.release() #Unlock the thread
if __name__ == '__main__':
headers={'user-agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36'}
if os.path.exists('file/one.txt'):
print('[+] Found dict.txt')
else:
print('[-] Not Found dict.txt...')
exit()
dk=open('file/one.txt','r')
user=input('domain>:')
ssl=input('http/https>:')
obj=Rkst(headers=headers)
if ssl=='http':
ht='http://'
elif ssl=='https':
ht='https://'
print('[!] Test the first level domain name')
for o in obj.shenc(dk):
dict.append(o)
lock=threading.BoundedSemaphore(100) #Set the thread to 100
print('[!] Write the generated first-level domain name to the list')
for y in obj.one_domain(ht,user):
lock.acquire() #Lock the thread
t = threading.Thread(target=obj.bao, args=(y,))
t.start()
print('[!] Write the generated second-level domain name to the list')
for y2 in obj.two_domain(ht,user):
lock.acquire()
t = threading.Thread(target=obj.bao, args=(y2,))
t.start()
print('[!] Write the generated third-level domain name to the list')
for y3 in obj.san_domain(ht,user):
lock.acquire()
t = threading.Thread(target=obj.bao, args=(y3,))
t.start()
print('[!] Write the generated four-level domain name to the list')
for y4 in obj.si_domain(ht,user):
lock.acquire()
t = threading.Thread(target=obj.bao, args=(y4,))
t.start()
print('[!] Write the generated five-level domain name to the list')
for y5 in obj.wu_domain(ht,user):
lock.acquire()
t = threading.Thread(target=obj.bao, args=(y5,))
t.start()
我在这里加了线锁和指定线程,当然你可以自己更改。这里的默认线程为100
如果不加线锁和指定线程的话会出现以下情况:
测试如下:
内存情况如下:
学到的:
解决方法:
设置好线程,然后在每个多线程执行之前加个线锁。在运行完指定函数后释放线锁。
设置指定线程数量的文章:https://blog.csdn.net/xkou/article/details/131051
设置指定线程数量用到的函数:lock=threading.BoundedSemaphore(指定线程)
线锁:lock.acquire()
解锁:lock.release()
转载请声明:转自422926799.github.io
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。
文章标题:Subdomain-blasting
本文作者:九世
发布时间:2019-02-03, 00:00:02
最后更新:2019-04-19, 20:36:16
原始链接:http://jiushill.github.io/posts/60937edf.html版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。