自动扫描域名+c段扫描脚本

没事儿干写个自动扫描二级域名和c段的小东西。
url收集使用的是

1
theharvester

端口扫描调用的是

1
nmap

脚本如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php

print_r(" _ _ _
| | | | |
___ ___ | | | ___ ___| |_ _ __ ___ ___ ___ ___ __ _ __ _ ___
/ __/ _ \| | |/ _ \/ __| __| | '_ ` _ \ / _ \/ __/ __|/ _` |/ _` |/ _ \
| (_| (_) | | | __/ (__| |_ | | | | | | __/\__ \__ \ (_| | (_| | __/
\___\___/|_|_|\___|\___|\__| |_| |_| |_|\___||___/___/\__,_|\__, |\___|
__/ |
|___/
-----------------------------------------------------------------------------
使用方式
进行企业url收集,自动进行端口扫描,并进行C段自动扫描
php collect_message.php 企业域名
example
php collect_message.php baidu.com
yangge
-----------------------------------------------------------------------------
");

if(isset($argv[1]))
{
#把url找出来
$yuming = $argv[1];
exec("python theHarvester.py -d " . $yuming . " -b all -l 500 -s 300 > " . $yuming);
$fp = fopen($yuming,"r");
$fr = fread($fp,filesize($yuming));
$find_url = explode("[-] Resolving hostnames IPs...", $fr);
$find_url_get = $find_url[1];
$find_url_get_1 = explode("[+] Virtual hosts:", $find_url_get);
$findurl = $find_url_get_1[0];
$ss = explode("\n",$findurl);
$add_array = array();
for($i=1;$i<count($ss)-1;$i++)
{
$dd = $ss[$i];
$gg = explode(":", $dd);
$c_ip = explode(".",$gg[0]);
$c_ip1 = $c_ip[0].".".$c_ip[1].".".$c_ip[2];
array_push($add_array,$c_ip1);
}
$unique_array = array_unique($add_array);
$get_c = fopen("c_ip.txt", "w");
for($i=0;$i<count($unique_array);$i++)
{
if(isset($unique_array[$i]))
{
$t = $unique_array[$i];
fwrite($get_c, $t."/24");
}
}

#nmap进行扫描
$f_open = fopen("iplist.txt","w");
for($i=1;$i<count($ss);$i++)
{
$tt = $ss[$i];
$aa = explode(":", $tt);
fwrite($f_open,$aa[0]."\r\n");
}
exec("sudo nmap -sS -T4 -sV -Pn -p23,22,80,443,445,873,3128,3306,1433,4848,4440,6082,6379,7001,7021,7080,7474,7755,7766,7888,8060,8880,8000,8881,8008,8080,8081,8087,8443,8090,8099,8088,8882,8883,8884,8885,8886,8887,8888,9043,9080,9090,9200,10000,18080,11211,27017,50000 -iL iplist.txt -oN iplist_port.txt");
exec("sudo nmap -sS -T4 -sV -Pn -p23,22,80,443,445,873,3128,3306,1433,4848,4440,6082,6379,7001,7021,7080,7474,7755,7766,7888,8060,8880,8000,8881,8008,8080,8081,8087,8443,8090,8099,8088,8882,8883,8884,8885,8886,8887,8888,9043,9080,9090,9200,10000,18080,11211,27017,50000 -iL c_ip.txt -oN c_ip.txt");
}
else{
echo "\r\n\r\n\r\n\r\n请输入域名!!!";
}

?>

脚本直接放到theharvester的根目录下就可以运行。