互联网资产搜集思路<更新中...>

给定域名、部分IP：

整理成C段IP，

[] [centos_shell]

#!/usr/bin/python
# -*- coding:utf-8 -*-
#exp:192.168.1.1  >>>  192.168.1.0/24
import re
 
# def cleanCLRFspace(content):
# 	noCLContext = content.replace('\n','')
# 	noSpaceCLRFcontext = noCLContext.strip()
# 	return noSpaceCLRFcontext
 
def readFile():
	ipf = open('./content.txt','r')
	return ipf
 
def getLineIP(ipf):
	ipList = set()
	texts = ipf.readlines()
	for text in texts:
		ips = re.findall(r'\d+\.\d+?\.\d+?\.\d+?',text)
		for ip in ips:
			ipList.add(ip)
	return ipList
 
 
def ip2c(ipNoDup):
	ipset = set()
	for ip in ipNoDup:
		ipset.add(re.findall(r'\d+?\.\d+?\.\d+?\.',ip)[0] + '0/24')
	iplist = list(ipset)
	iplist.sort()
	return iplist
 
 
 
def saveContext(s):
	wfile = open('./result.txt','w')
	for i in s:
		wfile.write(i+'\n')
	wfile.close()
 
if __name__ == '__main__':
	ipf = readFile()
	ipList = getLineIP(ipf)
	iplist = ip2c(ipList)
	saveContext(iplist)

[] [centos_shell]

#!/bin/bash
#使用方法：./*.sh Cip.txt
#备注：192.168.1.0/24  >>> 192.168.1.0-192.168.1.254  范围IP
while read IPRANGE
do
    IP_FILE_NAME=$(echo $IPRANGE | cut -d/ -f1)
    IP_1="$(echo $IPRANGE | cut -d"." -f1-2)."
    IP_3="$(echo $IPRANGE | cut -d"." -f3)"
    MAX_IP_3="$(sipcalc $IPRANGE | awk -F. '/Usable range/{print $6}')"
    for i in $(seq $IP_3 $MAX_IP_3)
    do
        for j in $(seq 1 254)
            do
                echo "${IP_1}${i}.${j}" >>results.txt
            done
    done
done < $1

一步到位：

[] [centos_shell]

#!/bin/bash
#Desc:根据起始IP和结束IP输出IP信息
#Usage:./iprange.sh IP.txt
#notepad++去重：  ^(.*?)$\s+?^(?=.*^\1$)   操作方法如下，快捷键Ctrl+H，在弹出的界面输入表达式，并勾选匹配新行。
#换行处理否则报错    /r/n     /r   全部替换为 /n

while read line0
do
	#echo $line1
	awk -F $line1  "-" '{print $1,$2}' | while read IPA IPB
	do
 
		IPA1=`echo $IPA | awk -F '.' '{print $1}'`          
		IPA2=`echo $IPA | awk -F '.' '{print $2}'`          
		IPA3=`echo $IPA | awk -F '.' '{print $3}'`          
		IPA4=`echo $IPA | awk -F '.' '{print $4}'`          
														  
		IPB1=`echo $IPB | awk -F '.' '{print $1}'`          
		IPB2=`echo $IPB | awk -F '.' '{print $2}'`          
		IPB3=`echo $IPB | awk -F '.' '{print $3}'`          
		IPB4=`echo $IPB | awk -F '.' '{print $4}'`          

		IP4_not_equal(){
			for i in `eval echo {$IPA4..$IPB4}`
			do
				echo $IPA1.$IPA2.$IPA3.$i
			done
		}
		 
		 
		 
		IP3_not_equal () {
			for i in  `eval echo {$IPA3..$IPB3}`
			do
				if [[ $i = $IPA3 ]]
				then
					eval echo   "192.168.$i.{$IPA4..255}" |xargs -n 1
				elif [[ $i = $IPB3 ]]
				then
					eval echo   "192.168.$i.{1..$IPB4}" |xargs -n 1
				else
					eval echo  "192.168.$i.{1..255}" | xargs -n 1
				fi
		done
		}
		 
		 
		IP2_not_equal(){
			#第二段的变化范围
			for n in `eval echo {$IPA2..$IPB2}`
			do
				#如果第二段与IPA的第二段相同
				if [ $n = $IPA2 ] 
				then  
					#第三段的变化范围为IPA3到255 
					for m in `eval echo {$IPA3..255}`
					do
						#如果第三段与IPA的第三段相同
						if [[ $m = $IPA3 ]]
						then
							eval echo "$IPA1.$IPA2.$IPA3.{$IPA4..255}" | xargs -n 1
						else
							eval echo "$IPA1.$IPA2.$m.{1..255}" | xargs -n 1
						fi
					done
				#如果第三段与IPB的第三段相同
				elif [ $n = $IPB2 ]
				then
					#第三段变化范围为0到IPB3
					for x in `eval echo {0..$IPB3}` 
					do
						#如果第三段与IPB的第三段相同
						if [ $x = $IPB3  ]
						then
							eval echo "$IPB1.$IPB2.$IPB3.{0..$IPB4}" |xargs -n 1
						else
							eval echo "$IPB1.$IPB2.$x.{0..255}" |xargs -n 1
						fi
					done
				#如果第二段与IPA和IPB的均不相同
				else  
					#第三段变化范围
					for y in {0..255}
					do 
						echo $IPA1.$n.$y.{0..255} |xargs -n 1
					done
				fi
			done 
		}
		 
		#定义pass函数，啥事都不做
		pass(){
		echo "">/dev/null
		}
		 
		 
		IP1_not_equal(){
		#IP第一段的范围
		for d1 in `eval echo {$IPA1..$IPB1}`
		do
			#<1>如果第一段与IPA1相同
			if [[ $d1 = $IPA1 ]]
			then
				#第二段IP范围为IPA2到255
				for d2 in `eval echo {$IPA2..255}`
				do
				   #<1.1>如果第二段与IPA2相同
				   if [[ $d2 = $IPA2 ]]
				   then
					   #第三段IP范围为IPA3到255
					   for d3 in `eval echo {$IPA3..255}`
					   do
						   #<1.1.1>如果第三段IP与IPA3相同
						   if [[ $d3 = $IPA3  ]]
						   then
							   for d4 in `eval echo {$IPA4..255}`
							   do
								   echo $d1.$d2.$d3.$d4
							   done
						   #<1.1.2>如果第三段IP与IP3不同
						   else
							   for d4 in {0..255}
							   do
								   echo $d1.$d2.$d3.$d4
							   done
						   fi
					   done
				   #<1.2>如果第二段与IPA2不同
				   else
					   for d3 in {0..255}
					   do
						   for d4 in {0..255}
						   do
							   echo $d1.$d2.$d3.$d4
						   done
					   done
				   fi  
				done
			#<2>如果第一段IP与IPB相同
			elif [[ $d1 = $IPB1 ]]
			then
				#第二段IP的范围为0到IPB2
				for d2 in `eval echo {0..$IPB2}`
				do
					#<2.1>如果第二段IP与IPB相同
					if [[ $d2 = $IPB2 ]]
					then
						#第三段IP范围为0到IPB3
						for d3 in `eval echo {0..$IPB3}`
						do
							#<2.1.1>如果第三段IP与IPB3相同
							if [[ $d3 = $IPB3 ]]
							then
								for d4 in `eval echo {0..$IPB4}`
								do
									echo $d1.$d2.$d3.$d4
								done
							#<2.1.2>如果第三段IP与IPB3不同
							else
								for d4 in {0..255}
								do
									echo $d1.$d2.$d3.$d4
								done
							fi
						done
					#<2.2>如果第二段IP与IPB不相同
					else
					   #第三段IP范围为{0..255}
					   for d3 in {0..255}
					   do
						   #第四段IP范围为{0.255}
						   for d4 in {0.255}
						   do
							   echo $d1.$d2.$d3.$d4
						   done
					   done
					fi
				done     
			#<3>第一段IP与IPA1和IPB1都不相同
			else
				for d2 in {0..255}
				do
					for d3 in {0..255}
					do 
						for d4 in {0..255}
						do
							echo $d1.$d2.$d3.$d4
						done
					done
				done
			fi   
		done    
		}
		 
		 
		print_range_ip(){ 
		#<1>如果两IP第一段不同
		if [ $IPA1 != $IPB1 ]
		then
			IP1_not_equal 
		#<2>如果两IP第一段相同
		else
			#<2.1> 如果第二段IP相同
			if [ $IPA2 = $IPB2 ]
			then
				#<2.1.1>如果第三段IP不相同
				if [[ $IPA3 != $IPB3 ]]
				then
					IP3_not_equal 
				#<2.2.2>如果第三段IP相同
				else
					IP4_not_equal
				fi
				
			#<2.2> 如果第二段IP不相同
			else
				IP2_not_equal
			
			fi
		fi
		}
		print_range_ip >> allssip.txt
	done
done < $1

IP整理完通过工具扫描

爆破子域名
通过已给url确定一级域名列表：

[] [centos_shell]

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#exp:  python *.py  url.txt
#shell去重命令：awk '!a[$0]++' results.txt
import sys
import shutil
import dns.name
from tld import get_tld
from tld.utils import update_tld_names

#def getdomain(url):

#    domain = dns.name.from_text(url).split(3)[1].to_text(omit_final_dot=True)
#    return(domain)

#def getd(url):

#    update_tld_names()
#    return(get_tld(url))

def getdomain(domain):
    DomainSuffix = {'info': None, 'coop': None, 'mil': None, 
		'int': None, 'xxx': None, 'pro': None, 'aero': None, 'idv': None, 
		'biz': None, 'edu': None, 'org': None, 'net': None, 'gov': None, 
		'com': None, 'museum': None, 'name': None}
    Result = []
    domain = domain[0:domain.rfind(':')] #去除端口号// url链接不能加http://
    if domain.count('.') == 1:
    	return domain
    PointSplitResult = domain.split('.')
    if len(filter(lambda x: not x.isdigit(), PointSplitResult)) == 0:
    	return domain 
    if DomainSuffix.has_key(PointSplitResult[-1].lower()):
    	Result = PointSplitResult[-2:]
        return '.'.join(Result)
    else:
        if DomainSuffix.has_key(PointSplitResult[-2].lower()):
            Result = PointSplitResult[-3:]
            return '.'.join(Result)
        else:
            Result = PointSplitResult[-2:]
            return '.'.join(Result)


if __name__ == '__main__':
    file = open(sys.argv[1],'r')
    for line in file.readlines():
        line=line.strip('\n')
#        line = line if '://' in line else 'http://' + line
#        print line
        try:
            print getdomain(line)
        except Exception as e:
            print line+">>>>>>>>>"

[] [centos_shell]

#!/bin/bash
#usage:>.sh domain.txt

while read line1
do
	#echo $line1
	python subDomainsBrute.py -i $line1 --full -o $line1
done < $1

[] [centos_shell]

@echo off&setlocal enabledelayedexpansion
for /f "delims=" %%i in (domain.txt) do set "website=%%i"&call :s !website!
pause
:s
python subDomainsBrute.py -i %1 --full -o %1
goto :eof