imqq:关联域名挖掘 2024-04-30 01:31:29 0 0 说明 渗透测试过程中,如何根据一个域名挖掘更多的东西? 除了IP,域名管理员,其实很多人还忽略了关联域名。 比如腾讯的域名,我们大部分知道qq.com, tencent.com几个常见的,其实,腾讯还有很多其他的域名。 如何查找所有的关联域名? 分享几个技巧:域名注册管理员反查爬虫其他站点: 如:nosec其他: 如:crossdomain.xml 实现 实现了最简单最常用的一种方式,域名注册管理员邮件反查。 流程:获取dns管理员邮箱借助chinaz的邮箱反查 http://whois.chinaz.com/reverse?host=nsadmin@corp.netease.com&ddlSearchMode=1 依赖: whois, requests, xlrd 实现效果 emails: [‘dns@tencent.com’] chinaz reverse lookup result: 456 1700.cn 1700.com.cn 1700.net.cn 1700.org.cn 17ai.cn 17look.com 17roco.com 21mmo.cn 21mmo.com 3-5.biz 365gonghui.cn 365gonghui.com 5382.cm 5382.com 5d6d.cn 5d6d.com 5d6d.net 5d6d.org 7888.com 9777.com.cn 9777.net.cn 9777.org.cn accessibilityunion.cn accessibility-union.cn accessibilityunion.com accessibility-union.com accessibilityunion.com.cn accessibility-union.com.cn accessibilityunion.net accessibility-union.net accessibilityunion.net.cn accessibility-union.net.cn accessibilityunion.org accessibility-union.org accessibilityunion.org.cn accessibility-union.org.cn aq-qq.org behaviac.com bjssm.cn bkapps.com bqq.cn bqq.com.cn bqq.net.cn bqq.org.cn bqqpx.com caomushen.com cdntip.com cftres.com chinatechie.cn chinatechie.com.cn cocdn.cn cog.com.tw comsenz.cn comsenz.com comsenz.info comsenz.net comsenz.org crystalskeleton.com cs.game ctgia.com daoke.cn dc.game dezhou.game discuz.net dnf.game duanyou.hk duanyou.mobi duanyou.net duanyou.org duanyou.tv emark.cn emark.com.cn exmailgz.com fast.game feiche.cn flipen.com flipped.cn flzhan.cn foxmail.biz foxmail.net.cn fsllq.cn fsllq.com.cn gcloudcs.com gongyi.net goto-game.mobi goto-game.net.cn goto-game.org govnizhenmei-gt8ty.pw gtimg.cn gtimg.com gtimg.com.cn gtimg.net gtimg.net.cn guangbo.com haina.com haina.net heyyo.com hfyyhhb.com himoral.com himoral.com.cn html5mark.com huaxia2.com hx2004.com hxfree.com idqqimg.com igcdn.cn imcq.cn imcq.com imlianpu.com imok.cm imqq.cn imqq.com imqq.com.cn imqq.net imqq.net.cn imqq.org.cn imtmp.com imtmp.net ipick.com iqq.cn iqq.com.cn iqq.in iqq.net.cn iqq.org.cn jiejing.cn joox.com kids.cn ledao.com lexiangla.com lightalk.com lol.game magicansoft.cn magicansoft.com magicansoft.com.cn majiang.game manyou.com mdig.cn meitusiyu.com mingde.cn molo.cn mqq.cn mqq.com.cn mqq.net.cn mqq.org.cn mqqurl.com myapp.com myqcloud.cn myqcloud.com myqcloud.com.cn nokialumia.com.cn nz2.com.cn oi.cn oi.com.cn oi.net.cn oic.cn oic.com.cn oic.net.cn oic.org.cn oicq.cn oicq.com.cn oicq.net.cn oicq.org.cn opendatacenter.cn paylife.cn pbxm.com.cn pcmgr-global.com pcmgr-global.net pengyou.com pengyou.net pfif.com.cn portpay.cn portpay.com portpay.com.cn poweron.cc prayaya.com prayaya.net prayaya.org protectingpeople.org ptmpk.ac.cn qbview.cn qbview.com qcloud.com qcloudcdn.cn qcloudcdn.com qcloudcos.cn qcloudcos.com qcloudcos.com.cn qjia.com qlogo.cn qpic.cn qpimg.cn qplus.com qplusstatic.com qq.asia qq.auto qq.car qq.chat qq.club qq.com qq.com.cn qq.cq.cn qq.email qq.fj.cn qq.game qq.gs.cn qq.gx.cn qq.gz.cn qq.ha.cn qq.hi.cn qq.hk.cn qq.hn.cn qq.jx.cn qq.live qq.ln.cn qq.mo.cn qq.net.cn qq.news qq.org.cn qq.sc.cn qq.sd.cn qq.sn.cn qq.sx.cn qq.travel qq.vip qq.wang qq.xj.cn qq.xn–fiqs8s qq.xz.cn qq.zone qq.中国 qq2000.cn qqbrowser.mobi qqclass.com qqclock.com qqdr.com qqgame.cn qqgame.com.cn qqgame.us qqgame.vip qqgameapp.com qqgamemall.com qqgames.com qqhaoma.com qqhaoma.net qqim.org qqimage.cn qqimage.com.cn qqimage.net.cn qqjapan.com qqmail.com qqmatch.cn qqmatch.com.cn qqopenapp.com qqqq.in qq-robot.com qqservice.mobi qqtv123.com qqun.cm qqun.com qqvoice.com qqvoice.org qqwanggou.com.cn qqwanggou.net.cn qqwebapp.com qqx.net.cn qqx.org.cn qqxiadao.com qqxuanfeng.cn qqzone.in qrobot.com qrobot.org qstatic.com quanmin.game qutevoice.com qyunapp.com qyuner.com qzone.com qzone.in qzone.me qzoneapp.co qzoneapp.com rdgz.org renren.game robot-q.com robotqq.cn rpg.game rtx.com.cn rtxapp.com rtxonline.com safejmp.cn scs.org.cn servicewechat.com shurl.cn sixjoy.cn sixjoy.com.cn sjkx.com sjkx.com.cn sjtygame.com superfix.cn superfix.com superfix.com.cn supesite.com.cn supesite.net supesite.org supesite.org.cn szdomain.com tank.game taotao.com tapd.cn tapd.com.cn tcimage.cn tenbank.com tencent.asia tencent.cloud tencent.cm tencent.cn tencent.com tencent.com.cn tencent.game tencent.info tencent.mobi tencent.net tencent.net.cn tencent.org.cn tencent.sh.cn tencent.travel tencent.tv tencent.tw tencent.us tencent-cloud.cn tencent-cloud.com tencent-cloud.net tencentfoundation.org tencentgames.co tencentgames.us tencentimage.cn tencentimage.net.cn tencentlog.com tencentresearch.com tencentyun.com tencity.com tengxun.cn tengxun.com.cn tengxun.net.cn tenpay.cn tenpay.com tenpay.com.cn tenpay.net thecss.cn theoneapps.org tianxiawuzei.org tisi.org tongpay.cn tongpay.com tongpay.com.cn tos.cn tqapp.com tqapp.net tri.cn trimg.cn ttsim.cn ttsim.com ttsim.net twsapp.cn twsapp.com txbanche.com txresearch.com ugcimg.cn url.cn urlget.cn urlshare.cn vqq.cn vqq.com.cn vqq.net.cn vr.game we.chat we.game weadmin.cn webank.cn webank.com.cn websitekr.com wecash.cn wecash.com wecash.com.cn wechat.cloud wechat.com wechat.game wechat.org wechat.vip wechatapp.com wechatapp.org wechatapp.us wechatmessenger.us wechatos.cn wechatos.net weilefu.com weilefu.net weilefu.org weishi.com weixin.cloud weixin.game weixin.vip weixinbridge.com weixinsxy.com weiyun.com we-pass.com wetest.cn wetest.net wetest.org wgimg.com wnspic.com wnspicbk.com wnsqzone.com wnsqzonebk.com wqstatic.com wrtime.com wxg.work wxgmkt.com xf123.com xinyong.com.cn xinyueclub.com xn–9krt00a6n0agsi.cn xn–bnq813mg4b.biz xn–bnq813mg4b.cn xn–qq-q44fz37a.cn xn–r70as2s.asia xn–r70as2s.cn xn–r70as2s.tv xn–r70as2s.xn–55qx5d xn–r70as2s.xn–fiqs8s xn–r70as2s.xn–io0a7i xn–r70as2s7sd.com xn–ukvr86e.xn–fiqs8s xn–vuqz89a.net yeswan.com yingkebicheng.com yuanchuang.com yzjdq.cn zhengtu.game zhufengboya.com zjump.cn 财付通.cn 拍拍.公司 拍拍购物.中国 拍拍网.公司 世纪凯旋.中国 腾讯.cn 腾讯.公司 腾讯.网络 腾讯.中国 腾讯qq.中国 腾讯通.cn 腾讯网.cn 腾讯网.中国 腾讯微博.中国 騰訊.中国 实现代码#!/usr/bin/env python# -*- coding: utf-8 -*-__author__ = 'leohuang'__date__ = '2016/9/30'__version__ = '0.1-dev'import osimport whoisimport requestsimport xlrdclass get_domains_by_chinaz: ## http://whois.chinaz.com/reverse?host=nsadmin@corp.netease.com&ddlSearchMode=1 TIMEOUT = 30 def __init__(self, raw_domain): self.raw_domain = raw_domain def get_domains(self): domains = [] emails = self.get_emails() for e in emails: domains.extend(self.email_reverse_lookup(e)) return domains def get_emails(self): emails = [] es = whois.whois(self.raw_domain).emails # 每次会多一个莫名其妙的邮箱,需要去掉: abusecomplaints@markmonitor.com,abuse@ename.com, abuse@****** black_email_list = ['abusecomplaints@markmonitor.com','abuse@ename.com'] if es: for e in es: e = e.encode('utf-8') if e not in black_email_list and 'abuse' not in e: emails.append(e) print "emails:", emails return emails def email_reverse_lookup(self, email): domains = [] url = "http://whois.chinaz.com/saveExc.ashx" data = {"_host":email, "_ddlSearchMode":1} try: r = requests.post(url, data=data, timeout=self.TIMEOUT) if r.status_code == 200: excel_file = "tmp.xls" with open(excel_file, 'wb') as xls: xls.write(r.content) data = xlrd.open_workbook(excel_file) table = data.sheet_by_index(0) for i in range(2, table.nrows): domains.append(table.row_values(i)[1].encode('utf-8')) #print table.row_values(i)[1] os.remove(excel_file) except Exception,e: print "Email reverse lookup Error.", str(e) return domainsif __name__ == "__main__": query_domain = 'qq.com' chinaz_domains = get_domains_by_chinaz(query_domain).get_domains() print "chinaz reverse lookup result: ", len(chinaz_domains) for d in chinaz_domains: print d 收藏(0)