【信息收集】用python获取的目标网站的部分信息(七)

Resin_Wu

关注

阅读 60

2022-04-16

文章目录


前言

本文通过构造HTTP请求与目标Web服务器(http://192.168.137.129/)交互,获取该请求的响应数据信息,对返回头与返回体进行分析。得目标网站的网页名称、所使用的服务器、以及安全规则三项信息。


一、代码

def test(url):
    headers = {
        'user-agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36'
    }

    try:
        res = requests.get(url, headers=headers, timeout=4)
        codetype = chardet.detect(res.content).get('encoding')
        res.encoding = codetype

        # title
        soup = BeautifulSoup(res.text, "html.parser")
        title = soup.title.string if soup.title else 'None'
        print('title:', title)

        header = res.headers
        # server
        Server = header.get('Server')
        print('Server:', Server)

        # security
        security = []
        if header.get('Content-Security-Policy'):
            security.append('Content-Security-Policy')
        if header.get('X-Webkit-CSP'):
            security.append('X-Webkit-CSP')
        if header.get('X-XSS-Protection'):
            security.append('X-XSS-Protection')
        if header.get('Strict-Transport-Security'):
            security.append('Strict-Transport-Security')
        print('security:', security)
    except Exception as e:
        print(e)


if __name__ == '__main__':
    test('http://192.168.137.129/')

返回结果:

title: Metasploitable2 - Linux
Server: Apache/2.2.8 (Ubuntu) DAV/2
security: []

二、设计思想

2.1 返回体分析——从soup中提取网站title

2.1.1 代码

headers = {
        'user-agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36'
}

res = requests.get(url, headers=headers, timeout=4)  # 构造请求
codetype = chardet.detect(res.content).get('encoding')
res.encoding = codetype

soup = BeautifulSoup(res.text, "html.parser") # 构造soup
print(soup)
title = soup.title.string if soup.title else 'None'
print(title)

2.1.2 返回

<html><head><title>Metasploitable2 - Linux</title></head><body>
<pre>

                _                  _       _ _        _     _      ____  
 _ __ ___   ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \ 
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) |
| | | | | |  __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | |  __// __/ 
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
                            |_|                                          


Warning: Never expose this VM to an untrusted network!

Contact: msfdev[at]metasploit.com

Login with msfadmin/msfadmin to get started


</pre>
<ul>
<li><a href="/twiki/">TWiki</a></li>
<li><a href="/phpMyAdmin/">phpMyAdmin</a></li>
<li><a href="/mutillidae/">Mutillidae</a></li>
<li><a href="/dvwa/">DVWA</a></li>
<li><a href="/dav/">WebDAV</a></li>
</ul>
</body>
</html>


Metasploitable2 - Linux

2.1.3 分析

从soup的输出结果可知,存在标题,且标题在 title 标签中
print(soup)

<html><head><title>Metasploitable2 - Linux</title></head><body>
......

print(soup.title)

<title>Metasploitable2 - Linux</title>

print(soup.title.string)

Metasploitable2 - Linux

2.2 返回头分析——从header中获取server

思想:输出返回头,提取头部中Server中的信息。
代码:

print(res.headers)
print(res.headers.get('Server'))

返回结果:

{
    "Date": "Mon, 04 Apr 2022 10:57:41 GMT", 
    "Server": "Apache/2.2.8 (Ubuntu) DAV/2", 
    "X-Powered-By": "PHP/5.2.4-2ubuntu5.10", 
    "Content-Length": "891", 
    "Keep-Alive": "timeout=15, max=100", 
    "Connection": "Keep-Alive", 
    "Content-Type": "text/html"
}

Apache/2.2.8 (Ubuntu) DAV/2

2.3 返回头分析——从header中获取security信息

思想:通过将几种安全规则与响应头部进行匹配,返回匹配成功的安全规则
代码:

security = []
if header.get('Content-Security-Policy'):
       security.append('Content-Security-Policy')
if header.get('X-Webkit-CSP'):
       security.append('X-Webkit-CSP')
if header.get('X-XSS-Protection'):
       security.append('X-XSS-Protection')
if header.get('Strict-Transport-Security'):
       security.append('Strict-Transport-Security')

精彩评论(0)

0 0 举报