弄了个fofa账户于是写了个小工具吧
先上钟馗之眼的
#!/usr/bin/python python3
import requests
import json
import sys
class bcolors:
red = '\033[1;31;40m'
green = '\033[1;42;40m'
pink = '\033[1;46;40m'
def search_host():
print("\n"+bcolors.red)
port = str(input('请输入端口,默认为80端口 >>>>>Enter' ))
if port == '':
port = '80'
country = str(input('请输入国家,默认china example:china >>>>>Enter' ))
if country == '':
country = 'china'
other = str(input('请输入其他参数,默认为空 >>>>>Enter' ))
if other =='':
url = 'https://api.zoomeye.org/host/search?query=' + port + '%20' + 'country:' + country
else:
url = 'https://api.zoomeye.org/host/search?query='+port+'%20'+'country:'+country+other
print(url)
return url
def search_web():
print("\n" + bcolors.red)
print('搜索提示 example: app:DedeCMS ')
date = str(input('请输要搜索内容 默认为app:DedeCMS >>>>>Enter' ))
if date == '':
url = 'https://api.zoomeye.org/web/search?query=app:DedeCMS'
else:
url = 'https://api.zoomeye.org/web/search?query='+date
return url
def get_token():
loginurl = 'https://api.zoomeye.org/user/login'
postdata = '{"username":"***********","password":"**********"}' #这里账号密码
response = requests.post(url=loginurl,data=postdata)
print("\n" + bcolors.red)
token = json.loads(response.text)
token = token['access_token']
return(token)
def search(url):
#testoken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZGVudGl0eSI6IjIwNzQyNjcxOUBxcS5jb20iLCJpYXQiOjE0ODYxOTg5MjksIm5iZiI6MTQ4NjE5ODkyOSwiZXhwIjoxNDg2MjQyMTI5fQ.GM1P_ctTkWUnp17MCTtkMQ-XTp0Eyp5Pp8IDTQ4gn_o" #test
testoken = str(get_token())
authData = {'Authorization':'JWT '+testoken}
req = requests.get(url,headers=authData)
return req.text
def loadreq():
pass
def main():
print("\n"+bcolors.green)
answer = input('请输入要搜索主机设备还是web设备(1 主机设备,2 web设备)')
answer = int(answer)
if answer == 1:
url = search_host()
if answer == 2:
url = search_web()
results = search(url)
results = json.loads(results)
if 'matches' in results.keys():
len(results['matches'])
print("\n"+bcolors.pink)
for x in results['matches']:
print(x)
if 'title' in x.keys():
print("IP: %s\nSite: %s\nTitle: %s\nHeaders: %s\nLocation: %s\n" % (x['ip'], x['site'], x['title'], x['headers'].replace("\n\n", ""), x['geoinfo']))
else:
for val in x.keys():
print("%s: %s" % (val, x[val]))
if __name__=='__main__':
rule = 1
while rule != 'q':
main()
rule = input('输入 q退出其他继续\n')
sys.exit()
下面是fofa的
fofa要账号和key 300大洋好贵的说
import requests
import json
import sys
import base64
class bcolors:
red = '\033[91m'
green = '\033[92m'
pink = '\033[95m'
sql = {'mysql':'cG9ydD0zMzA2','postgresql':'cHJvdG9jb2w9cG9zdGdyZXM%3D','MongoDB':'cHJvdG9jb2w9bW9uZ29kYg%3D%3D','Riak':'cHJvdG9jb2w9cmlhaw%3D%3D','Elastic':'KChwb3J0PTkyMDAgJiYgcHJvdG9jb2w9aHR0cCAmJiBiYW5uZXI9anNvbikg%0AfHwgKGhlYWRlcj1qc29uICYmIGJvZHk9ImNsdXN0ZXJfbmFtZSIpKQ%3D%3D','Redis':'cHJvdG9jb2w9cmVkaXM%3D','Memcached':'cHJvdG9jb2w9bWVtY2FjaGU%3D','Cassandra':'cHJvdG9jb2w9Y2Fzc2FuZHJh','CouchDB':'aGVhZGVyPWNvdWNoZGIgJiYgKGJvZHk9IlwiZXJyb3JcIjpcInVuYXV0aG9y%0AaXplZFwiIiB8fCBib2R5PSJcImNvdWNoZGJcIjpcIndlbGNvbWVcIiIp','ORACLE':'cHJvdG9jb2w9b3JhY2xl','SQL Server':'cHJvdG9jb2w9bXNzcWw%3D','SYBASE':'KGhlYWRlcj1BZGFwdGl2ZVNlcnZlckFueXdoZXJlIHx8IGhlYWRlcj1TUUxB%0Abnl3aGVyZSB8fCBiYW5uZXI9QWRhcHRpdmVTZXJ2ZXJBbnl3aGVyZSB8fCBi%0AYW5uZXI9U1FMQW55d2hlcmUp','db2':'cHJvdG9jb2w9ZGIy'}
gzmod_t = {'CoDeSys':'cG9ydD0xMjAwfHxwb3J0PTEyMDF8fHBvcnQ9MjQ1NQ%3D%3D','GE-SRTP':'cHJvdG9jb2w9Z2VzcnRw','SIEMENS':'cHJvdG9jb2w9czc%3D','omron':'cG9ydD05NjAw','redlion':'cHJvdG9jb2w9cmVkbGlvbg%3D%3D','Modbus':'cHJvdG9jb2w9bW9kYnVz','fox':'cHJvdG9jb2w9Zm94','EtherNet/IP':'cHJvdG9jb2w9ZXRoZXJuZXRpcA%3D%3D','dnp':'cHJvdG9jb2w9ZG5wMw%3D%3D','BACnet':'cHJvdG9jb2w9YmFjbmV0','MELSEC-Q':'cG9ydD01MDA3','HART-IP':'cG9ydD01MDk0','PCWorx':'cHJvdG9jb2w9cGN3b3J4'}
cms = {'phpshe':'Ym9keT0iUG93ZXJlZCBieSBwaHBzaGUiIHx8IGJvZHk9ImNvbnRlbnQ9XCJw%0AaHBzaGUi','ThinkSAAS':'Ym9keT0iL2FwcC9ob21lL3NraW5zL2RlZmF1bHQvc3R5bGUuY3NzIg%3D%3D','E-Tiller':'Ym9keT0icmVhZGVyL3ZpZXdfYWJzdHJhY3QuYXNweCI%3D','ThinkPHP':'aGVhZGVyPSJ0aGlua3BocCIgfHwgaGVhZGVyPSJ0aGlua190ZW1wbGF0ZSI%3D','DouPHP':'Ym9keT0iUG93ZXJlZCBieSBEb3VQSFAiIHx8IChib2R5PSJjb250cm9sQmFz%0AZSIgJiYgYm9keT0iaW5kZXhMZWZ0IiAmJiBib2R5PSJyZWNvbW1lbmRQcm9k%0AdWN0Iik%3D','TWCMS':'Ym9keT0iL3R3Y21zL3RoZW1lLyIgJiYgYm9keT0iL2Nzcy9nbG9iYWwuY3Nz%0AIg%3D%3D',
'SiteServer':'KGJvZHk9IlBvd2VyZWQgYnkiICYmIGJvZHk9Imh0dHA6Ly93d3cuc2l0ZXNl%0AcnZlci5jbiIgJiYgYm9keT0iU2l0ZVNlcnZlciBDTVMiKSB8fCB0aXRsZT0i%0AUG93ZXJlZCBieSBTaXRlU2VydmVyIENNUyIgfHwgYm9keT0iVF%2Fns7vnu5%2Fp%0AppbpobXmqKHmnb8iIHx8IChib2R5PSJzaXRlc2VydmVyIiAmJiBib2R5PSJz%0AaXRlZmlsZXMiKQ%3D%3D','Joomla':'Ym9keT0iY29udGVudD1cIkpvb21sYSIgfHwgKGJvZHk9Ii9tZWRpYS9zeXN0%0AZW0vanMvY29yZS5qcyIgJiYgYm9keT0iL21lZGlhL3N5c3RlbS9qcy9tb290%0Ab29scy1jb3JlLmpzIik%3D',
'KesionCMS':'Ym9keT0iL2tzX2luYy9jb21tb24uanMiIHx8IGJvZHk9InB1Ymxpc2ggYnkg%0AS2VzaW9uQ01TIg%3D%3D','CMSTop':'Ym9keT0iL2Nzcy9jbXN0b3AtY29tbW9uLmNzcyIgfHwgYm9keT0iL2pzL2Nt%0Ac3RvcC1jb21tb24uanMiIHx8IGJvZHk9ImNtc3RvcC1saXN0LXRleHQuY3Nz%0AIiB8fCBib2R5PSI8YSBjbGFzcz1cInBvd2VyZWRieVwiIGhyZWY9XCJodHRw%0AOi8vd3d3LmNtc3RvcC5jb21cIiI%3D','ESPCMS':'dGl0bGU9IlBvd2VyZWQgYnkgRVNQQ01TIiB8fCBib2R5PSJQb3dlcmVkIGJ5%0AIEVTUENNUyIgfHwgKGJvZHk9ImluZm9saXN0X2ZmZiIgJiYgYm9keT0iL3Rl%0AbXBsYXRlcy9kZWZhdWx0L3N0eWxlL3RlbXBhdGVzX2Rpdi5jc3MiKQ%3D%3D','74CMS':'KGJvZHk9ImNvbnRlbnQ9XCI3NGNtcy5jb20iIHx8IGJvZHk9ImNvbnRlbnQ9%0AXCLpqpHlo6tDTVMiIHx8IGJvZHk9IlBvd2VyZWQgYnkgPGEgaHJlZj1cImh0%0AdHA6Ly93d3cuNzRjbXMuY29tL1wiIiB8fCAoYm9keT0iL3RlbXBsYXRlcy9k%0AZWZhdWx0L2Nzcy9jb21tb24uY3NzIiAmJiBib2R5PSJzZWxlY3Rqb2JzY2F0%0AZWdvcnkiKSk%3D',
'Foosun':'Ym9keT0iQ3JlYXRlZCBieSBEb3ROZXRDTVMiIHx8IGJvZHk9IkZvciBGb29z%0AdW4iIHx8IGJvZHk9IlBvd2VyZWQgYnkgd3d3LkZvb3N1bi5uZXQsUHJvZHVj%0AdHM6Rm9vc3VuIENvbnRlbnQgTWFuYWdlIHN5c3RlbSI%3D','PhpCMS':'KGJvZHk9IlBvd2VyZWQgYnkiICYmIGJvZHk9Imh0dHA6Ly93d3cucGhwY21z%0ALmNuIikgfHwgYm9keT0iY29udGVudD1cIlBocGNtcyIgfHwgYm9keT0iUG93%0AZXJlZCBieSBQaHBjbXMiIHx8IGJvZHk9ImRhdGEvY29uZmlnLmpzIg%3D%3D','大汉系统(Hanweb)':'Ym9keT0iUHJvZHVjZWQgQnkg5aSn5rGJ572R57ucIiB8fCBib2R5PSI8YSBo%0AcmVmPSdodHRwOi8vd3d3LmhhbndlYi5jb20nIHN0eWxlPSdkaXNwbGF5Om5v%0AbmUnPiIgfHwgYm9keT0iPG1ldGEgbmFtZT0nR2VuZXJhdG9yJyBjb250ZW50%0APSflpKfmsYnniYjpgJonPiIgfHwgYm9keT0iPG1ldGEgbmFtZT0nQXV0aG9y%0AJyBjb250ZW50PSflpKfmsYnnvZHnu5wnPiIgfHwgYm9keT0iL2pjbXNfZmls%0AZXMvamNtcyI%3D',
'Drupal':'aGVhZGVyPSJYLUdlbmVyYXRvcjogRHJ1cGFsIiB8fCBib2R5PSJjb250ZW50%0APVwiRHJ1cGFsIiB8fCBib2R5PSJqUXVlcnkuZXh0ZW5kKERydXBhbC5zZXR0%0AaW5ncyIgfHwgKGJvZHk9Ii9zaXRlcy9kZWZhdWx0L2ZpbGVzLyIgJiYgYm9k%0AeT0iL3NpdGVzL2FsbC9tb2R1bGVzLyIgJiYgYm9keT0iL3NpdGVzL2FsbC90%0AaGVtZXMvIikgfHwgaGVhZGVyPSJhY2UtZHJ1cGFsN3Byb2Qi','CmsEasy':'dGl0bGU9IlBvd2VyZWQgYnkgQ21zRWFzeSIgfHwgaGVhZGVyPSJodHRwOi8v%0Ad3d3LmNtc2Vhc3kuY24vc2VydmljZV8xLmh0bWwiIHx8IGJvZHk9ImNvbnRl%0AbnQ9XCJDbXNFYXN5Ig%3D%3D',
'WordPress':'KCBib2R5PSJjb250ZW50PVwiV29yZFByZXNzIiB8fCAoaGVhZGVyPSJYLVBp%0AbmdiYWNrIiAmJiBoZWFkZXI9Ii94bWxycGMucGhwIiAmJiBib2R5PSIvd3At%0AaW5jbHVkZXMvIiApICkgfHwgaGVhZGVyPSJ3b3JkcHJlc3NfdGVzdF9jb29r%0AaWUi','DedeCMS':'KGJvZHk9IlBvd2VyIGJ5IERlZGVDbXMiIHx8IChib2R5PSJQb3dlcmVkIGJ5%0AIiAmJiBib2R5PSJodHRwOi8vd3d3LmRlZGVjbXMuY29tLyIgJiYgYm9keT0i%0ARGVkZUNNUyIpIHx8IGJvZHk9Ii90ZW1wbGV0cy9kZWZhdWx0L3N0eWxlL2Rl%0AZGVjbXMuY3NzIik%3D','ASPCMS':'dGl0bGU9IlBvd2VyZWQgYnkgQVNQQ01TIiB8fCBib2R5PSJjb250ZW50PVwi%0AQVNQQ01TIiB8fCBib2R5PSIvaW5jL0FzcENtc19BZHZKcy5hc3Ai','MetInfo':'dGl0bGU9IlBvd2VyZWQgYnkgTWV0SW5mbyIgfHwgYm9keT0iY29udGVudD1c%0AIk1ldEluZm8iIHx8IGJvZHk9InBvd2VyZWRfYnlfbWV0aW5mbyIgfHwgYm9k%0AeT0iL2ltYWdlcy9jc3MvbWV0aW5mby5jc3Mi'}
def get_base(s):
s = s.encode(encoding="utf-8")
s = base64.b64encode(s).decode()
return s
def get_search(s):
url = 'https://fofa.so/api/v1/search/all?email=********&key=***********&qbase64='+s #这里是填账号和key
req = requests.get(url)
req = req.text
req = json.loads(req)['results']
print(bcolors.red)
for i in range(len(req)):
print(req[i-1])
print('over')
return req
def get_s(a):
searchlist = []
for i in a.keys():
searchlist.append(i)
print(bcolors.pink)
print(searchlist)
search = input('请选择要查询的内容 \n')
search = str(search)
s = a[search]
return s
def other_choses():
pass
def main():
print(bcolors.green)
a = input('请输入搜索专题 \n [+]1:数据库专题 \n [+]2:工控专题 \n [+]3:部分cms规则 \n [+]4:自定义规则请输入自定义的内容 \n')
a = str(a)
if a == '1':
s = get_s(sql)
get_search(s)
elif a == '2':
s = get_s(gzmod_t)
get_search(s)
elif a == '3':
s = get_s(cms)
get_search(s)
else:
s = get_base(a)
get_search(s)
if __name__ =='__main__':
rule = 1
while rule != 'q':
main()
rule = input('输入 q退出其他继续\n')
sys.exit()
