美文网首页
python调用ZoomEyeAPI收集Hikvision网络摄

python调用ZoomEyeAPI收集Hikvision网络摄

作者: Bugl0v3r | 来源:发表于2017-02-15 16:16 被阅读3199次

    0b01: ZoomEye 网络空间搜索引擎:

    国内互联网安全厂商知道创宇开放了他们的海量数据库,对之前沉淀的数据进行了整合、整理,打造了一个名符其实的网络空间搜索引擎ZoomEye,该搜索引擎的后端数据计划包括两部分

    • 1,网站组件指纹:包括操作系统,Web服务,服务端语言,Web开发框架,Web应用,前端库及第三方组件等等。
    • 2,主机设备指纹:结合NMAP大规模扫描结果进行整合。

    0b10:面向注册用户的ZoomAPI 使用文档

    • 获取access_token的方法1 (需使用linux环境的curl):
      curl -X POST https://api.zoomeye.org/user/login -d '{ "username": "foo@bar.com", "password": "foobar" }'

    0b11:python调用ZoomAPI的实例

    • 代码的主要功能:获取access_token,查询Hikvision 摄像头 (你懂的)
    • 测试环境:Anaconda2 (python2.7 64bit) win10
     # -*- coding:utf-8 -*-
    import os
    import requests
    import json
    import sys
    
    reload(sys)
    sys.setdefaultencoding('utf-8')
    ''' >上两行解决如下错误
        python在安装时,默认的编码是ascii,当程序中出现非ascii编码时,     
        python的处理常常会报这样的错''ascii' codec can't encode character',  
        python没办法处理非ascii编码的,     
        此时需要自己设置将python的默认编码,一般设置为utf8的编码格式。
    '''
    
    access_token = ''
    ip_list = []
    
    
    def login():
        user = raw_input('[username]:')     # 用户名为登陆时的邮箱
        passwd = raw_input('[password]:')
        data = {
            'username': user,
            'password': passwd,
        }
        data_encoded = json.dumps(data) # dumps是将dict转化成str格式,loads是将str转化成dict格式。
        try:
            r = requests.post(url='https://api.zoomeye.org/user/login', data=data_encoded)
            r_decoded = json.loads(r.text)
            global access_token
            access_token = r_decoded['access_token']
        except Exception:
            print '[info]:username or password is wrong'
            exit()
    
    
    def savaStrToFile(file, str):
        # 保存access_token字符串
        with open(file, 'w') as output:
            output.write(str)
    
    
    def saveListToFile(file, list):
        # 保存结果ip地址
        s = '\n'.join(list)
        with open(file, 'w') as output:
            output.write(s)
    
    
    def apiTest():
        page = 1
        global access_token
        with open('access_token.txt', 'r') as input:
            access_token = input.read()
        headers = {'Authorization': 'JWT ' + access_token, } # 请求头以此来说明你有调用api的权限
        while True:
            try:
                r = requests.get(
                    url='https://api.zoomeye.org/host/search?query=app:"Hikvision IP camera httpd" country:"China"&page=' +
                        str(page),
                    headers=headers)    #query参数详解见官方文档
                r_decoded = json.loads(r.text)
                for x in r_decoded['matches']:
                    resStr =  x['ip'] + ':' + str(x['portinfo']['port']) + '\t' + '[geoinfo]:' +\
                    x['geoinfo']['city']['names']['en'] + ' ' +x['geoinfo']['country']['names']['en'] + '\t' +\
                    '[lat-lon]:' + str(x['geoinfo']['location']['lat']) + ' ' + str(x['geoinfo']['location']['lon'])        
                    # 我在此保存的信息有点多,仅供参考,注意字典中键值的类型,json格式参考下图
                    print resStr
                    ip_list.append(resStr)
                print '[info]count:' + str(page * 10)   # 每页有10个ip结果
            except Exception, e:
                if str(e.message) == 'matches':
                    print '[info]:' + 'account was break, excceeding the max limitations'   # 有请求次数限制
                    break
                else:
                    print '[info]:' + str(e.message)
            else:
                if page == 100:     # 这里页数好像可以很多,我最大只试到100
                    break
                page += 1
    
    
    def main():
        if not os.path.isfile('access_token.txt'):
            print '[info]:access_token file is not exit, please login'
            login()
            savaStrToFile('access_token.txt', access_token)
        apiTest()
        saveListToFile('ip_list.txt', ip_list)
    
    
    if __name__ == '__main__':
        main()
    
    0b100: 请求的返回结果为json数据,参考如下
    {"matches": [{
            "geoinfo": {
                 "city": {
                        "geoname_id": 1790630,
                            "names": {
                                "zh-CN": "\u897f\u5b89", 
                                "en": "Xi'an"
                                    }
                        },
                        "country":{
                            "geoname_id": 1814991,
                                "code": "CN", 
                                    "names":{
                                        "zh-CN": "\u4e2d\u56fd", 
                                            "en": "China"
                                            }
                                }, 
                        "isp": "China Telecom SHAANXI", 
                        "asn": 4134, 
                        "subdivisions": {
                            "geoname_id": 1796480, 
                            "code": "61", 
                            "names":{
                                "zh-CN": "\u9655\u897f", 
                                "en": "Shaanxi"
                                    }
                                        }, 
                        "location":{
                            "lat": 34.2583,
                            "lon": 108.9286
                                    },
                        "organization": "China Telecom", 
                        "aso": "Chinanet", 
                        "continent":{
                            "geoname_id": 6255147, 
                            "code": "AS", 
                            "names": {
                                "zh-CN": "\u4e9a\u6d32", 
                                "en": "Asia"
                                    }
                                    }
                        }, 
            "ip": "36.44.58.207", 
            "portinfo":{
                "hostname": "", 
                "service": "http", 
                "os": "", 
                "app": "Hikvision IP camera httpd",
                "extrainfo": "", 
                "version": "", 
                "device": "webcam", 
                "banner": "HTTP/1.0 200 此处省略若干", 
                "port": 80
                    },
            "timestamp": "2017-02-13T13:42:26"
        }]
    }
    

    待续--如何利用Hikvision的弱口令

    相关文章

      网友评论

          本文标题:python调用ZoomEyeAPI收集Hikvision网络摄

          本文链接:https://www.haomeiwen.com/subject/srmqwttx.html