Python arbitrary network Segment web port information Detection Tool

This article about multithreading tools, is very suitable for novice learning, tool efficiency is also very high, the code is relatively perfect, title.

This article I spring signed writer--aedoo

0x00 Preface

I published the original article some time ago, "[Python hacker] python hand-taught you to build your own multi-threaded batch Tool", received a lot of heat assessment, Portal:

Https://bbs.ichunqiu.com/thread-31814-1-1.html

0X01 involves knowledge points

Multithreaded templates: Threading multithreaded module, queue module, timeout processing, exception handling.

IP Address Block conversion: Scan is a larger network segment of the IP of the Web port, we do not manually one of the input IP address, so requires IP address block and IP conversion.

HTTP Network Request library: Requests module.

Regular expression: We need to get the banner information we want in the response after request.

So we have a general idea:

First, the input IP segment is converted to IP into the queue, followed by multi-threading, the queue into the multithreaded class, the core functions in the multithreaded class to perform the steps:

1. Take out an IP and stitch the format of the URL to http://x.x.x.x

2. Use the Requests module to obtain page status information, title information, banner information (server banner information, which is the Web container and its version information)

3.title information needs to be obtained in the page source code, and the RE module is used to match the contents of the title tag.

4.banner information needs to get the server in header information in response.

After that, a complete tool is completed by adding our tool documentation and custom logo information.

After the completion of the release:

Cool!

0x02 Core Code Explanation

Because the IP address block conversion, multi-threaded template in the author's previous article has been described in detail, this article is no longer explained, directly to the core code area, that is, after each IP to remove the work.

While not Self._queue.empty ():     ip = Self._queue.get (timeout=0.5)     url = ' http://' + Ip    try:        r = requests. Session (). Get (Url=url, Headers=header, timeout=5)         content = R.text         status = r.status_code         title = Re.search (R ' <title> (. *) </title> ', content)          if title:            title = Title.group (1). Strip (). Strip ("\ R"). Strip ("\ n") [:30]        else:             title = "None"           banner = ' Not Found '         try:      &nbsP;      banner = r.headers[' Server '][:20]         except:            pass          sys.stdout.write ("|%-16s%-6s%-26s%-30s\n"% (IP, status, banner, title)) & Nbsp;    except:        pass

Status is the state code of the HTTP page, the simple understanding of the HTTP protocol child shoes should know it.

Title is the header information of the requested page and needs to be matched with regular expressions.

Banner is the server field in the response header information.

Here is a request for a response package, you can see visually, the red box is what we want to get.

The output uses Sys.write to solve the multi-threaded output asymmetry problem, and uses formatted output to align the obtained data.

0x03 Adding tool modules

The logo is made using the tools Figlet under Linux, and the help document uses Python's built-in module Argparse.

Two tools detailed Portal:https://bbs.ichunqiu.com/thread-31231-1-1.html

Logo code and help document code:

Logo_code = ' If8gicbfif8gicbficagicagicagx19fxyagicagicagicagicagicagicagicagicagicagif9fx18gicagicagicagicagicagicakfcb8ihwgfcb8x3wgf F8gxybfxyb8if9fickgif9fif8gxybfxyagxybfxyagif9fxybfif9flybfx198icbfx18gx18gxybfif9ficakfcb8x3wgfcbfx3wgx198icdfifx8icbfif Wglybfycb8icdfifx8icdfifwglybfifwgj19fxf9fxybcic8gx18vif9gihwgj18gxcakfcagxyagfcb8x3wgff98ihxfksb8ihxfksb8ichffcb8ihwgfcb 8ihwgfcb8icbfxy8gfcagif9fxykgfcaox3wgkf98ihwgfcb8ihwkff98ihxfffxfx3xcx198ic5fxy98x19fxy8gxf9flf98x3wgff98x3wgff98xf9fx3xf fcagff9fx18vifxfx19cx18sx3xffcb8x3wgicagicagicagicagicagicagicagicagicagicagicagicagicagcg== '      logo = Base64.b64decode (logo_code)     print Logo    parser = Argumentparser ()     parser.add_argument ("-I", dest= "Cidr_ip", default= "192.168.1.1/16", help= "The CIDR IP like 192.168.1.1/24")     parser.add_argument ("-T", dest= "Thread_count", Type=int, default=100, help= "the Thread number")    &Nbsp;args = Parser.parse_args ()     parser.print_help ()     print '      print ' The Mission Started successfully:: '     print '

Output Demo:

_   _ _   _         ____                              ____| | | | |_| |_ _ __ |  __ )  __ _ _ __  _ __   ___ _ __/ ___| ___ __ _ _ __| |_| | __| __|  ' _ \| _ \ / _` | ' _ \| ' _ \/_ \ ' __\___ \/__/_ ' |  ' _ | _  | |_| |_| |_) | |_) |  (_| | | | | | | |   __/ | ___) | (_| (_| | | | ||  _| |_|\__|\__| .__/|____/ \__,_|_| |_|_| |_|\___|_| |____/ \___\__,_|_| |_| usage:httpbannerscan.py [-h] [-I cidr_ip] [-t thread_count] Optional arguments:-H,--help show this help message and Exit-i cidr_ip the CIDR IP like 192.168.1.1/24-t thread_count the THREAD number

Complete.

Script Run Example:

Python httpbannerscan.py-t 100-i 192.168.1.1/24

0x04 Follow-up improvements

As is known to all, Web ports can be not limited to 80 ports, and some other web ports may be far less secure than 80 ports.

So, when we use the Requests module to request requests, we can put some common web ports in a list, first of all the port open detection (port open detection details see the first part of this article, the portal article), and then crawl response information, This is the fastest method of detection.

Common web ports:

80-90,8080-8090

0x05 Source Sharing

Attachment Download >>>>> stamp i download

>>>>>> hack starter skills to get you into the pit and tease your cousins to talk about hackers. They say sophisticated technology is more fun than pesticides.

Python arbitrary network Segment web port information Detection Tool