kow

kow's blog

Welcome to kow's blog

Hack 4 fun

fofa google search shodan url 搜索引擎

利用搜索引擎批量抓取url

有的时候爆出0day,我们需要抓取大量的url进行测试,这个时候需要用到搜索引擎,常用的有:google,fofa,shodan

下面是整理的利用js对对不同搜索引擎进行批量抓取的代码:

fofa: (如何使用:StartReq(搜索语法,开始页码,结束页码) )

  1. <span class="typ">StartReq</span><span class="pun">(</span><span class="str">'body=wooyun'</span><span class="pun">,</span><span class="lit">1</span><span class="pun">,</span><span class="lit">10</span><span class="pun">)</span>
  2. <span class="kwd">function</span> <span class="typ">StartReq</span><span class="pun">(</span><span class="pln">q</span><span class="pun">,</span><span class="pln">startpage</span><span class="pun">,</span><span class="pln">endpage</span><span class="pun">){</span>
  3. <span class="kwd">for</span><span class="pun">(</span><span class="kwd">var</span><span class="pln"> i</span><span class="pun">=</span><span class="pln">startpage</span><span class="pun">;</span><span class="pln">i</span><span class="pun"><=</span><span class="pln">endpage</span><span class="pun">;</span><span class="pln">i</span><span class="pun">++){</span>
  4. <span class="typ">Req</span><span class="pun">(</span><span class="pln">i</span><span class="pun">+</span><span class="str">"q="</span><span class="pun">+</span><span class="pln">encodeURIComponent</span><span class="pun">(</span><span class="pln">q</span><span class="pun">)+</span><span class="str">"&qbase64="</span><span class="pun">+</span><span class="pln">btoa</span><span class="pun">(</span><span class="pln">q</span><span class="pun">));</span>
  5. <span class="pun">}</span>
  6. <span class="pun">}</span>
  7. <span class="kwd">function</span> <span class="typ">Connection</span><span class="pun">(</span><span class="typ">Sendtype</span><span class="pun">,</span><span class="pln">url</span><span class="pun">,</span><span class="pln">content</span><span class="pun">,</span><span class="pln">callback</span><span class="pun">){</span>
  8. <span class="kwd">if</span> <span class="pun">(</span><span class="pln">window</span><span class="pun">.</span><span class="typ">XMLHttpRequest</span><span class="pun">){</span>
  9. <span class="kwd">var</span><span class="pln"> xmlhttp</span><span class="pun">=</span><span class="kwd">new</span> <span class="typ">XMLHttpRequest</span><span class="pun">();</span>
  10. <span class="pun">}</span>
  11. <span class="kwd">else</span><span class="pun">{</span>
  12. <span class="kwd">var</span><span class="pln"> xmlhttp</span><span class="pun">=</span><span class="kwd">new</span> <span class="typ">ActiveXObject</span><span class="pun">(</span><span class="str">"Microsoft.XMLHTTP"</span><span class="pun">);</span>
  13. <span class="pun">}</span>
  14. <span class="pln"> xmlhttp</span><span class="pun">.</span><span class="pln">onreadystatechange</span><span class="pun">=</span><span class="kwd">function</span><span class="pun">(){</span>
  15. <span class="kwd">if</span><span class="pun">(</span><span class="pln">xmlhttp</span><span class="pun">.</span><span class="pln">readyState</span><span class="pun">==</span><span class="lit">4</span><span class="pun">&&</span><span class="pln">xmlhttp</span><span class="pun">.</span><span class="pln">status</span><span class="pun">==</span><span class="lit">200</span><span class="pun">)</span>
  16. <span class="pun">{</span>
  17. <span class="pln"> callback</span><span class="pun">(</span><span class="pln">xmlhttp</span><span class="pun">.</span><span class="pln">responseText</span><span class="pun">);</span>
  18. <span class="pun">}</span>
  19. <span class="pun">}</span>
  20. <span class="pln"> xmlhttp</span><span class="pun">.</span><span class="pln">open</span><span class="pun">(</span><span class="typ">Sendtype</span><span class="pun">,</span><span class="pln">url</span><span class="pun">,</span><span class="kwd">true</span><span class="pun">);</span>
  21. <span class="pln"> xmlhttp</span><span class="pun">.</span><span class="pln">setRequestHeader</span><span class="pun">(</span><span class="str">"Content-Type"</span><span class="pun">,</span><span class="str">"application/x-www-form-urlencoded"</span><span class="pun">);</span>
  22. <span class="pln"> xmlhttp</span><span class="pun">.</span><span class="pln">send</span><span class="pun">(</span><span class="pln">content</span><span class="pun">);</span>
  23. <span class="pun">}</span>
  24. <span class="kwd">function</span> <span class="typ">Req</span><span class="pun">(</span><span class="pln">searchString</span><span class="pun">){</span>
  25. <span class="kwd">var</span><span class="pln"> searchurl </span><span class="pun">=</span> <span class="str">"http://fofa.so/search/result?page="</span><span class="pun">+</span><span class="pln">searchString</span><span class="pun">;</span>
  26. <span class="typ">Connection</span><span class="pun">(</span><span class="str">"GET"</span><span class="pun">,</span><span class="pln">searchurl</span><span class="pun">,</span><span class="str">""</span><span class="pun">,</span><span class="kwd">function</span><span class="pun">(</span><span class="pln">callback</span><span class="pun">){</span>
  27. <span class="kwd">var</span><span class="pln"> result </span><span class="pun">=</span><span class="pln"> $</span><span class="pun">(</span><span class="pln">callback</span><span class="pun">);</span>
  28. <span class="pln"> result</span><span class="pun">.</span><span class="pln">find</span><span class="pun">(</span><span class="str">'div.col-lg-4 a'</span><span class="pun">).</span><span class="pln">each</span><span class="pun">(</span><span class="kwd">function</span><span class="pun">(</span><span class="pln">i</span><span class="pun">,</span><span class="pln">o</span><span class="pun">){</span>
  29. <span class="kwd">var</span><span class="pln"> o </span><span class="pun">=</span><span class="pln"> $</span><span class="pun">(</span><span class="pln">o</span><span class="pun">);</span>
  30. <span class="kwd">if</span><span class="pun">(</span><span class="pln">o</span><span class="pun">.</span><span class="pln">attr</span><span class="pun">(</span><span class="str">'target'</span><span class="pun">)==</span><span class="str">"_blank"</span><span class="pun">){</span>
  31. <span class="kwd">if</span><span class="pun">(</span><span class="pln">o</span><span class="pun">.</span><span class="pln">attr</span><span class="pun">(</span><span class="str">'href'</span><span class="pun">).</span><span class="pln">indexOf</span><span class="pun">(</span><span class="str">'/search/checkapp?all=true&host='</span><span class="pun">)){</span>
  32. <span class="pln"> console</span><span class="pun">.</span><span class="pln">log</span><span class="pun">(</span><span class="pln">o</span><span class="pun">.</span><span class="pln">attr</span><span class="pun">(</span><span class="str">'href'</span><span class="pun">));</span>
  33. <span class="pun">}</span>
  34. <span class="pun">}</span>
  35. <span class="pun">})</span>
  36. <span class="pun">})</span>
  37. <span class="pun">}</span>

google:

  1. <span class="typ">StartReq</span><span class="pun">(</span><span class="str">"site:xss1.com"</span><span class="pun">,</span><span class="lit">1</span><span class="pun">,</span><span class="lit">1</span><span class="pun">);</span>
  2. <span class="kwd">var</span><span class="pln"> tmp </span><span class="pun">=</span> <span class="pun">[];</span>
  3. <span class="kwd">var</span> <span class="typ">HerfRegExp</span> <span class="pun">=</span> <span class="str">/http:\/\/\w.*\/|https:\/\/\w.*\//</span><span class="pun">;</span>
  4. <span class="pln">document</span><span class="pun">.</span><span class="pln">body</span><span class="pun">.</span><span class="pln">appendChild</span><span class="pun">(</span><span class="pln">document</span><span class="pun">.</span><span class="pln">createElement</span><span class="pun">(</span><span class="str">'script'</span><span class="pun">)).</span><span class="pln">src</span><span class="pun">=</span><span class="str">'//code.jquery.com/jquery-1.9.1.min.js'</span><span class="pun">;</span>
  5. <span class="kwd">function</span> <span class="typ">StartReq</span><span class="pun">(</span><span class="pln">q</span><span class="pun">,</span><span class="pln">startpage</span><span class="pun">,</span><span class="pln">endpage</span><span class="pun">){</span>
  6. <span class="kwd">for</span><span class="pun">(</span><span class="kwd">var</span><span class="pln"> i</span><span class="pun">=</span><span class="pln">startpage</span><span class="pun">;</span><span class="pln">i</span><span class="pun"><=</span><span class="pln">endpage</span><span class="pun">;</span><span class="pln">i</span><span class="pun">++){</span>
  7. <span class="kwd">if</span><span class="pun">(</span><span class="pln">i</span><span class="pun">==</span><span class="lit">1</span><span class="pun">){</span>
  8. <span class="typ">Req</span><span class="pun">(</span><span class="str">"q="</span><span class="pun">+</span><span class="pln">encodeURIComponent</span><span class="pun">(</span><span class="pln">q</span><span class="pun">)+</span><span class="str">"&start=100&num=100&newwindow="</span><span class="pun">+</span><span class="pln">i</span><span class="pun">);</span>
  9. <span class="pun">}</span>
  10. <span class="kwd">else</span><span class="pun">{</span>
  11. <span class="typ">Req</span><span class="pun">(</span><span class="str">"q="</span><span class="pun">+</span><span class="pln">encodeURIComponent</span><span class="pun">(</span><span class="pln">q</span><span class="pun">)+</span><span class="str">"&start="</span><span class="pun">+(</span><span class="pln">i</span><span class="pun">*</span><span class="lit">100</span><span class="pun">)+</span><span class="str">"&num=100&newwindow="</span><span class="pun">+</span><span class="pln">i</span><span class="pun">);</span>
  12. <span class="pun">}</span>
  13. <span class="pun">}</span>
  14. <span class="pun">}</span>
  15. <span class="kwd">function</span> <span class="typ">Connection</span><span class="pun">(</span><span class="typ">Sendtype</span><span class="pun">,</span><span class="pln">url</span><span class="pun">,</span><span class="pln">content</span><span class="pun">,</span><span class="pln">callback</span><span class="pun">){</span>
  16. <span class="kwd">if</span> <span class="pun">(</span><span class="pln">window</span><span class="pun">.</span><span class="typ">XMLHttpRequest</span><span class="pun">){</span>
  17. <span class="kwd">var</span><span class="pln"> xmlhttp</span><span class="pun">=</span><span class="kwd">new</span> <span class="typ">XMLHttpRequest</span><span class="pun">();</span>
  18. <span class="pun">}</span>
  19. <span class="kwd">else</span><span class="pun">{</span>
  20. <span class="kwd">var</span><span class="pln"> xmlhttp</span><span class="pun">=</span><span class="kwd">new</span> <span class="typ">ActiveXObject</span><span class="pun">(</span><span class="str">"Microsoft.XMLHTTP"</span><span class="pun">);</span>
  21. <span class="pun">}</span>
  22. <span class="pln"> xmlhttp</span><span class="pun">.</span><span class="pln">onreadystatechange</span><span class="pun">=</span><span class="kwd">function</span><span class="pun">(){</span>
  23. <span class="kwd">if</span><span class="pun">(</span><span class="pln">xmlhttp</span><span class="pun">.</span><span class="pln">readyState</span><span class="pun">==</span><span class="lit">4</span><span class="pun">&&</span><span class="pln">xmlhttp</span><span class="pun">.</span><span class="pln">status</span><span class="pun">==</span><span class="lit">200</span><span class="pun">)</span>
  24. <span class="pun">{</span>
  25. <span class="pln"> callback</span><span class="pun">(</span><span class="pln">xmlhttp</span><span class="pun">.</span><span class="pln">responseText</span><span class="pun">);</span>
  26. <span class="pun">}</span>
  27. <span class="pun">}</span>
  28. <span class="pln"> xmlhttp</span><span class="pun">.</span><span class="pln">open</span><span class="pun">(</span><span class="typ">Sendtype</span><span class="pun">,</span><span class="pln">url</span><span class="pun">,</span><span class="kwd">true</span><span class="pun">);</span>
  29. <span class="pln"> xmlhttp</span><span class="pun">.</span><span class="pln">setRequestHeader</span><span class="pun">(</span><span class="str">"Content-Type"</span><span class="pun">,</span><span class="str">"application/x-www-form-urlencoded"</span><span class="pun">);</span>
  30. <span class="pln"> xmlhttp</span><span class="pun">.</span><span class="pln">send</span><span class="pun">(</span><span class="pln">content</span><span class="pun">);</span>
  31. <span class="pun">}</span>
  32. <span class="kwd">function</span> <span class="typ">Req</span><span class="pun">(</span><span class="pln">searchString</span><span class="pun">){</span>
  33. <span class="kwd">var</span><span class="pln"> searchurl </span><span class="pun">=</span> <span class="str">"https://www.google.com.hk/search?"</span><span class="pun">+</span><span class="pln">searchString</span><span class="pun">;</span>
  34. <span class="typ">Connection</span><span class="pun">(</span><span class="str">"GET"</span><span class="pun">,</span><span class="pln">searchurl</span><span class="pun">,</span><span class="str">""</span><span class="pun">,</span><span class="kwd">function</span><span class="pun">(</span><span class="pln">callback</span><span class="pun">){</span>
  35. <span class="kwd">var</span><span class="pln"> result </span><span class="pun">=</span><span class="pln"> $</span><span class="pun">(</span><span class="pln">callback</span><span class="pun">);</span>
  36. <span class="pln"> result</span><span class="pun">.</span><span class="pln">find</span><span class="pun">(</span><span class="str">'div.rc h3.r a'</span><span class="pun">).</span><span class="pln">each</span><span class="pun">(</span><span class="kwd">function</span><span class="pun">(</span><span class="pln">i</span><span class="pun">,</span><span class="pln">o</span><span class="pun">){</span>
  37. <span class="kwd">var</span><span class="pln"> o </span><span class="pun">=</span><span class="pln"> $</span><span class="pun">(</span><span class="pln">o</span><span class="pun">);</span>
  38. <span class="pln"> tmp</span><span class="pun">.</span><span class="pln">push</span><span class="pun">(</span><span class="typ">String</span><span class="pun">(</span><span class="typ">HerfRegExp</span><span class="pun">.</span><span class="kwd">exec</span><span class="pun">(</span><span class="pln">o</span><span class="pun">.</span><span class="pln">attr</span><span class="pun">(</span><span class="str">'href'</span><span class="pun">))));</span>
  39. <span class="pun">})</span>
  40. <span class="pun">})</span>
  41. <span class="pun">}</span>

最后的结果不会输出,会存入到tmp 数组,方便去重,如果需要输出可以自行加个循环tmp 把值打印出来

如何使用:StartReq(搜索语法,开始页码,结束页码)

shodan:

  1. <span class="kwd">var</span><span class="pln"> url </span><span class="pun">=</span> <span class="str">"http://www.shodanhq.com/search?q=关键字&page="</span><span class="pun">;</span>
  2. <span class="kwd">for</span><span class="pun">(</span><span class="kwd">var</span><span class="pln"> i</span><span class="pun">=</span><span class="lit">1</span><span class="pun">;</span><span class="pln">i</span><span class="pun"><</span><span class="lit">101</span><span class="pun">;</span><span class="pln">i</span><span class="pun">++){</span>
  3. <span class="kwd">var</span><span class="pln"> request </span><span class="pun">=</span> <span class="kwd">null</span><span class="pun">;</span>
  4. <span class="kwd">if</span> <span class="pun">(</span><span class="pln">window</span><span class="pun">.</span><span class="typ">ActiveXObject</span><span class="pun">)</span> <span class="pun">{</span>
  5. <span class="pln"> request </span><span class="pun">=</span> <span class="kwd">new</span> <span class="typ">ActiveXObject</span><span class="pun">(</span><span class="str">"Microsoft.XMLHTTP"</span><span class="pun">);</span>
  6. <span class="pun">}</span><span class="kwd">else</span> <span class="pun">{</span>
  7. <span class="pln"> request </span><span class="pun">=</span> <span class="kwd">new</span> <span class="typ">XMLHttpRequest</span><span class="pun">();</span>
  8. <span class="pun">}</span>
  9. <span class="pln"> request</span><span class="pun">.</span><span class="pln">open</span><span class="pun">(</span><span class="str">"GET"</span><span class="pun">,</span><span class="pln">url</span><span class="pun">+</span><span class="pln">i</span><span class="pun">,</span> <span class="kwd">false</span><span class="pun">);</span>
  10. <span class="pln"> request</span><span class="pun">.</span><span class="pln">setRequestHeader</span><span class="pun">(</span><span class="str">'If-Modified-Since'</span><span class="pun">,</span> <span class="str">'0'</span><span class="pun">);</span>
  11. <span class="pln"> request</span><span class="pun">.</span><span class="pln">send</span><span class="pun">(</span><span class="kwd">null</span><span class="pun">);</span>
  12. <span class="kwd">var</span><span class="pln"> str </span><span class="pun">=</span><span class="pln"> request</span><span class="pun">.</span><span class="pln">responseText</span><span class="pun">;</span>
  13. <span class="pln"> str </span><span class="pun">=</span><span class="pln"> str</span><span class="pun">.</span><span class="pln">replace</span><span class="pun">(</span><span class="str">/\r/</span><span class="pln">g</span><span class="pun">,</span><span class="str">""</span><span class="pun">);</span>
  14. <span class="pln"> str </span><span class="pun">=</span><span class="pln"> str</span><span class="pun">.</span><span class="pln">replace</span><span class="pun">(</span><span class="str">/\n/</span><span class="pln">g</span><span class="pun">,</span><span class="str">""</span><span class="pun">);</span>
  15. <span class="kwd">var</span><span class="pln"> urls </span><span class="pun">=</span> <span class="pun">[];</span>
  16. <span class="pln"> str</span><span class="pun">.</span><span class="pln">replace</span><span class="pun">(</span><span class="str">/\<div class=\'ip\'>.*?<a href=\".*?\">(.*?)<\/a>.*?<\/div>/</span><span class="pln">ig</span><span class="pun">,</span> <span class="kwd">function</span><span class="pun">(</span><span class="pln">a</span><span class="pun">,</span><span class="pln">b</span><span class="pun">)</span> <span class="pun">{</span>
  17. <span class="pln"> urls</span><span class="pun">.</span><span class="pln">push</span><span class="pun">(</span><span class="pln">b</span><span class="pun">);</span>
  18. <span class="pun">});</span>
  19. <span class="pln"> console</span><span class="pun">.</span><span class="pln">info</span><span class="pun">(</span><span class="pln">urls</span><span class="pun">.</span><span class="pln">join</span><span class="pun">(</span><span class="str">'\n'</span><span class="pun">));</span>
  20. <span class="pun">}</span>

新版的shodan:

  1. <span class="kwd">var</span><span class="pln"> url </span><span class="pun">=</span> <span class="str">"https://www.shodan.io/search?query=port%3A27017&page="</span><span class="pun">;</span>
  2. <span class="kwd">for</span><span class="pun">(</span><span class="kwd">var</span><span class="pln"> i</span><span class="pun">=</span><span class="lit">1</span><span class="pun">;</span><span class="pln">i</span><span class="pun"><</span><span class="lit">101</span><span class="pun">;</span><span class="pln">i</span><span class="pun">++){</span>
  3. <span class="kwd">var</span><span class="pln"> request </span><span class="pun">=</span> <span class="kwd">null</span><span class="pun">;</span>
  4. <span class="kwd">if</span> <span class="pun">(</span><span class="pln">window</span><span class="pun">.</span><span class="typ">ActiveXObject</span><span class="pun">)</span> <span class="pun">{</span>
  5. <span class="pln"> request </span><span class="pun">=</span> <span class="kwd">new</span> <span class="typ">ActiveXObject</span><span class="pun">(</span><span class="str">"Microsoft.XMLHTTP"</span><span class="pun">);</span>
  6. <span class="pun">}</span><span class="kwd">else</span> <span class="pun">{</span>
  7. <span class="pln"> request </span><span class="pun">=</span> <span class="kwd">new</span> <span class="typ">XMLHttpRequest</span><span class="pun">();</span>
  8. <span class="pun">}</span>
  9. <span class="pln"> request</span><span class="pun">.</span><span class="pln">open</span><span class="pun">(</span><span class="str">"GET"</span><span class="pun">,</span><span class="pln">url</span><span class="pun">+</span><span class="pln">i</span><span class="pun">,</span> <span class="kwd">false</span><span class="pun">);</span>
  10. <span class="pln"> request</span><span class="pun">.</span><span class="pln">setRequestHeader</span><span class="pun">(</span><span class="str">'If-Modified-Since'</span><span class="pun">,</span> <span class="str">'0'</span><span class="pun">);</span>
  11. <span class="pln"> request</span><span class="pun">.</span><span class="pln">send</span><span class="pun">(</span><span class="kwd">null</span><span class="pun">);</span>
  12. <span class="kwd">var</span><span class="pln"> str </span><span class="pun">=</span><span class="pln"> request</span><span class="pun">.</span><span class="pln">responseText</span><span class="pun">;</span>
  13. <span class="pln"> str </span><span class="pun">=</span><span class="pln"> str</span><span class="pun">.</span><span class="pln">replace</span><span class="pun">(</span><span class="str">/\r/</span><span class="pln">g</span><span class="pun">,</span><span class="str">""</span><span class="pun">);</span>
  14. <span class="pln"> str </span><span class="pun">=</span><span class="pln"> str</span><span class="pun">.</span><span class="pln">replace</span><span class="pun">(</span><span class="str">/\n/</span><span class="pln">g</span><span class="pun">,</span><span class="str">""</span><span class="pun">);</span>
  15. <span class="kwd">var</span><span class="pln"> urls </span><span class="pun">=</span> <span class="pun">[];</span>
  16. <span class="pln"> str</span><span class="pun">.</span><span class="pln">replace</span><span class="pun">(</span><span class="str">/\<div class=\"ip\">.*?<a href=\".*?\">(.*?)<\/a>.*?<\/div>/</span><span class="pln">ig</span><span class="pun">,</span> <span class="kwd">function</span><span class="pun">(</span><span class="pln">a</span><span class="pun">,</span><span class="pln">b</span><span class="pun">)</span> <span class="pun">{</span>
  17. <span class="pln"> urls</span><span class="pun">.</span><span class="pln">push</span><span class="pun">(</span><span class="pln">b</span><span class="pun">);</span>
  18. <span class="pun">});</span>
  19. <span class="pln"> console</span><span class="pun">.</span><span class="pln">info</span><span class="pun">(</span><span class="pln">urls</span><span class="pun">.</span><span class="pln">join</span><span class="pun">(</span><span class="str">'\n'</span><span class="pun">));</span>
  20. <span class="pun">}</span>

以上内容整理自:http://zone.wooyun.org/content/16840

最近的文章

centos在线安装git的方法

在安装Git之前,需要先安装一些依赖包,安装依赖包之前可以先检查下是否已经安装。shell命令如下: # rpm -qa grep zlib-devel 如果没有安装,我们先要安装这些依赖包:# yum -y install zlib-devel openssl-devel perl cpio expat-devel gettext-devel# yum install curl-devel# yum install autoconf# wget ...…

centos git继续阅读
更早的文章

CSCAMP 2014CTF|writeup web-7amama Book

We can see the description first:Description:7amamaBook is a social media website where people can sign up and share with each other. It has a bug bounty program and you found a bug and reported it but they refuse to pay you so you want to give th...…

CSCAMPctf CTF writeup继续阅读