其他
【PyHacker编写指南】网站Cms识别工具
这节课是巡安似海PyHacker编写指南的《打造网站Cms识别工具》
喜欢用Python写脚本的小伙伴可以跟着一起写一写呀。
编写环境:Python2.x
00x1:
需要用到的模块如下:
import hashlibimport requests00x2:
首先利用hashlib.md5().hexdigest()进行获取md5
r = hashlib.md5('cms.txt').hexdigest()print r获取文件md5:
f = open('favicon.png','rb').read()filemd5 = hashlib.md5(f).hexdigest()print filemd500x3:
获取网站文件的md5:
req=requests.get('http://www.hackxc.cc/content/templates/Adams/images/favicon.ico').contentfilemd5 = hashlib.md5(req).hexdigest()print filemd500x4:
下面开始整理一下cms.txt
Cms字典处理:
data=[]def cmslist(): file = open("cms.txt") for line in file: str = line.strip().split("|") ls_data={} if len(str)==3:#判断是否为正确cms格式 ls_data['url']=str[0] ls_data['name'] = str[1] ls_data['md5'] = str[2] data.append(ls_data) file.close( )
因为本身是一个字典形式的列表
看下面这个图大家就懂了
00x5:
接着进行遍历cms列表
def cms(): for cms in data: try: req = requests.get('http://127.0.0.1%s'%cms['url']) print req.url except: pass if req.status_code == 200: filemd5 = hashlib.md5(req.content).hexdigest() if filemd5 == cms['md5']: print cms['name'] break简单调试:执行成功自动跳出循环
00x6:
完整代码:
#!/usr/bin/python#-*- coding:utf-8 -*-import requestsimport hashlib
data=[]def cmslist(): file = open(r"cms.txt") for line in file: str = line.strip().split("|") ls_data={} if len(str)==3:#判断是否为正确cms格式 ls_data['url']=str[0] ls_data['name'] = str[1] ls_data['md5'] = str[2] data.append(ls_data) file.close( )
def cms(url): headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0'} for cms in data: urlx = url+cms['url'] try: req = requests.get(urlx,headers=headers,timeout=2) print urlx except: pass try: if req.status_code == 200: filemd5 = hashlib.md5(req.content).hexdigest() if filemd5 == cms['md5']: print '\n[*]cms:',cms['name'] break except: pass
def main(): cmslist() url =raw_input("\nurl:") if url == "": sys.exit(1) print "" if 'http' not in url: url = 'http://'+url cms(url)
if __name__ == '__main__': main()
00x7:
如果想对文件内多个url进行cms检测
def main(): cmslist() f = open('url.txt','r') for url in f: url = url.strip() if 'http' not in url: url = 'http://'+url cms(url)喜欢的关注一下叭~