一个用于踩点获取信息的python脚本

哎，总算是可以满足要求了。

实例化对象之后，直接就可以获得对象的 ip whois信息  dns whois信息。主机头信息等等。

#coding='utf8'

import httplib2,socket,sys,re
import urllib.parse as up
from pprint import pprint



#for com,net后缀的域名
#s.connect((“whois.internic.net”, 43))
#for .org 后缀的域名
#s.connect((“whois.publicinterestregistry.net”, 43))
#for .cn 后缀的域名
#s.connect((“whois.cnnic.net.cn”, 43))

socket.setdefaulttimeout=1
nsserver='whois.internic.net'
ipserver='whois.arin.net'
httpheader={'User-Agent':'ser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Useragent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.co) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152)'}


class target(object):
    def __init__(self,url):
        self.url=url
        self.domain=self.__getdomain(url)
        self.tdomain=self.__gettdomain()
        self.ip=self.__getipadd(url)
        self.whoiscon=self.__getnscon(self.__getdomain(url))
        self.whoisserver=self.__getwhoisserver()
        self.whoiscon2=self.__getnscon2()
        self.ipinfo=self.__getipinfo()
        self.http=self.__gethead(url)
        

        

    def getwhois(self,server,ip,port=43):
        s=socket.socket()
        s.connect((server,port))
        s.send(ip.encode()+b'\n')
        data=s.recv(4096)
        data=data+s.recv(4096)
        s.close()
        data=data.decode()
        return data
    
    def __getdomain(self,url):
        return up.urlparse(url)[1]
    
    def __gettdomain(self):
        if self.domain.count('.')>1:
            n=self.domain.find(".")+1
            domain=self.domain[n:].lower()
            return domain
        else:
            return self.domain
    
    def __getipadd(self,url):
        return socket.gethostbyname_ex(self.domain)[2]



    def __getnscon(self,domain):
        if domain.count('.')>1:
            n=domain.find(".")+1
            domain=domain[n:]
        domain=domain.encode()
        s=socket.socket()
        s.connect((nsserver,43))
        s.send(domain+b'\n')
        s.recv(1024)
        d=s.recv(1024)
        s.close()
        data=d.decode()
        data=data[:data.find('>')]
        return data

    def __getwhoisserver(self):
        data=self.whoiscon
        server=data[data.find('Whois Server:')+13:data.find('Referral URL:')].strip()
        if len(server)>40:return None
        server=server.lower()
        if server.find(self.tdomain)>1:return None
        return server
    
    def __getnscon2(self):
        if self.whoisserver==None:
            if self.tdomain[-3:]=='org':
                data=self.getwhois('whois.publicinterestregistry.net',self.tdomain)
                return data
            if self.tdomain[-3:]=='.cn':
                data=self.getwhois('whois.cnnic.net.cn',self.tdomain)
                return data
            return self.whoiscon
            
        else:
            data=self.getwhois(self.whoisserver,self.tdomain)
            data=data[:data.find('>>')]
            return data
            



    def __getipinfo(self):
        ip=self.ip[0]
        s=socket.socket()
        s.connect((ipserver,43))
        s.send(ip.encode()+b'\n')
        s.recv(1024)
        d=s.recv(3000)
        s.close()
        data=d.decode()
        if data.find('ReferralServer:')>1:
            ipwser=re.findall('ReferralServer:(.*?)\n',data,re.IGNORECASE)[0].strip()[8:]
            ipwser=ipwser.replace('/','')
            if ipwser.find(':')>1:
                ipwser,port=ipwser.split(':')
                print (ipwser,port)
                data=self.getwhois(ipwser,ip,int(port))
                return data
            data=self.getwhois(ipwser,ip)
            return data
        else:
            return data
        
    def __gethead(self,url):
        h=httplib2.Http()
        res,con=h.request(url,headers=httpheader)
        l=[]
        for i in res:
            l.append(i+' : '+str(res[i]))
        return l

url=sys.argv[1]

yk=target(url)
print (yk.ipinfo,yk.whoiscon,yk.whoiscon2)
pprint(yk.http)