1、利用fofa API收集目标
需要安装python2
# -*- coding: utf-8 -*-
import time
import urllib2
import fofa
import json
def write_url(urls):
with open('xxx.txt','a+') as f:
f.write(urls+'\n')
if __name__ == "__main__":
email, key = ('[email protected]','key') #输入email和key
client = fofa.Client(email, key) #将email和key传入fofa.Client类进行初始化和验证,并得到一个fofa client对象
if client.get_userinfo():
print "认证成功!!!"
query_str = '"edu.cn" && country="CN"'
for page in range(2,10): # 爬取页数
try:
time.sleep(2)
print "正在爬取第{}页".format(page)
dict_url = json.loads(client.get_json_data(query_str, page=page))['results']
for i in dict_url:
if "https://" not in i: # 这里过滤掉了https开头的
write_url(i)
print i
except urllib2.HTTPError:
print "HTTP Error 502: Bad Gateway"
2、使用xray批量验证
以管理员身份运行
# 单个url检测
./xray_windows_amd64 webscan --url https://xxx.edu.cn --html-output edu.html
# 批量检测
./xray_windows_amd64 webscan --url-file edu.txt --html-output edu.html
以html方式输出
xray更多使用方式:https://www.anquanke.com/post/id/184204