引言
给大家放几个Python3的简单小demo , 是19期分享的延续 , 其他基础的诸如requests请求 , 字符串分割等操作百度就可以了 , 希望有用. 有更好的实现方式或者替代方案欢迎留言讨论
Demo1:
Python简单实现多线程
from multiprocessing.dummy import Pool
# 定义任意一个函数
def scan(url: str):
# some code...
print("url is %s" % url)
return
# 多线程传入的参数的列表
urls = ["https://1.huoxian.com", "https://2.huoxian.com", "https://3.huoxian.com", "https://4.huoxian.com",
"https://5.huoxian.com"]
# 2行代码实现多线程,5为线程数
with Pool(5) as p:
p.map(scan, urls)
运行效果:
url is https://1.huoxian.com
url is https://2.huoxian.com
url is https://3.huoxian.com
url is https://4.huoxian.com
url is https://5.huoxian.com
Process finished with exit code 0
Demo2:
读取yaml文件为dict
import yaml
yaml_file = """
version: 1.0
threads: 100
scan_ids: [2]
pocs:
p-1:
id: 1
name: "SpringBoot Actuator Logview Directory Traversal write-up"
type: unauth
query: "/manage/log/view?filename=/etc/passwd&base=../../../../../"
headers: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
location: path
data:
method: GET
response: "root:"
cve: "CVE-2021-21234"
desc: "Prior to spring-boot-actuator-logview 0.2.13, the securityCheck() method exists in LogViewEndpoint, but the securityCheck() method only filter the .. in fileName, ignoring the security check of basePath, so the attacker can construct payload with the evasion of check in basePath."
link:
verify:
p-2:
id: 2
name: "vuln2"
query: "/"
response: "vuln2 response"
"""
def read_yaml(filename: str) -> dict:
with open(filename) as f:
yaml_data = yaml.load(f.read(), Loader=yaml.FullLoader)
return yaml_data
print(read_yaml("config.yaml"))
运行效果:
{'version': 1.0, 'threads': 100, 'scan_ids': [2], 'pocs': {'p-1': {'id': 1, 'name': 'SpringBoot Actuator Logview Directory Traversal write-up', 'type': 'unauth', 'query': '/manage/log/view?filename=/etc/passwd&base=../../../../../', 'headers': 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36', 'location': 'path', 'data': None, 'method': 'GET', 'response': 'root:', 'cve': 'CVE-2021-21234', 'desc': 'Prior to spring-boot-actuator-logview 0.2.13, the securityCheck() method exists in LogViewEndpoint, but the securityCheck() method only filter the .. in fileName, ignoring the security check of basePath, so the attacker can construct payload with the evasion of check in basePath.', 'link': None, 'verify': None}, 'p-2': {'id': 2, 'name': 'vuln:S3-unauth', 'query': '/', 'response': 'ListBucketResult'}, 'p-3': {'id': 3, 'name': 'spring-boot v1 env', 'query': '/env', 'response': ''}}}
Process finished with exit code 0
Demo3
通过dns获取子域名对应的ip
from dns import resolver
def get_ip_use_dns(domain: str = "huoxian.cn") -> dict:
ip = []
try:
r = resolver.resolve(domain, "A")
for i in r.response.answer:
for j in i:
ip.append(str(j))
except:
pass
ip = [i for i in ip if not i.endswith(".")]
return {"domain": domain, "ip": ip, "tool": "dns"}
print(get_ip_use_dns("huoxian.cn"))
运行效果:
{'domain': 'huoxian.cn', 'ip': ['104.21.89.195', '172.67.164.144'], 'tool': 'dns'}
Process finished with exit code 0
