1. Introduction
Since I learned to write POC batch validation scripts based on exploit (python3). More and more, I understand the importance of code. Are you kown, my English is pool and so is my code. Especially after 2021HW, I found myself going back to the original, going back to the code. So, this little project — ZBG, like TIG written by Wgpsec team members, is trying to write its own gadget. There are plenty of scripts based on ZoomEye’s asset collection available on Github, though. But if you don’t write, you may never write. Github scripts are basically all in one file, including TIG scripts. There really is no mind for object programming. Anyone who has taken a programming course in college knows that there are three characteristics of object programming: encapsulation, inheritance, and polymorphism. If you’re not a developer, you might never understand!
2. ZBG is introduced
Zoomeye Batch Gather (ZBG) : Zoomeye collects scripts (tools) in batches. The script was written by afei00123(myself) and is based on python3.
Github address: github.com/ltfafei/ZBG
Small project structure:
│ ├─ Anti-Flag # Check whether tokens exist │ ├─ ├─ getToken. Py # ├─ getTokenCopy the codeImplementation logic: first login to obtain the token, if the token file exists, use the token to query directly; If the token is invalid, delete the file and log in to obtain the token again. Then query the token using the new token. Actually the function is very simple.
3. Learn from other people’s projects
When I was writing this tool, I didn’t understand zoomeye’s API documentation. It was the first time I wrote this tool. As the saying goes: All things are difficult before they are easy. You can learn from other people’s projects, but not copy them.
Zoomeye Github github.com/knownsec/Zo…
Zoomeye API documentation: www.zoomeye.org/doc
Reference items: github.com/starnightcy…
4. The API to learn
Python and API are among the top five skills to learn in 2021. Learn how to get the data you want from an API. With the study of this project, I have a better understanding of API penetration. Have you ever encountered an API during penetration testing? Is there nothing you can do? Nothing you can do. Looking at blogs like Freebuf, you still don’t know why.
4.1 Zoomeye API Parameters
Query parameters:
Based on the response results in the API documentation, understand what data needs to be fetched.
4.2 Zoomeyequery.py main code
def query(self, query, page, num, facet, file) :
gettoken = check_Token()
random_ua = get_token()
headers = {
'Authorization': "JWT " +gettoken.check_token(),
"User-Agent": random_ua.random_useragent()
}
api = "https://api.zoomeye.org/host/search"
index = 0
while True:
try:
# If index= the maximum number of pages set, the loop is broken
if index == num:
break
print(F "\033[31m[+] getting the th{page}Page result:")
page += 1
index += 1
query_res = requests.get(api, headers=headers, params={"query": query, "page": page, "facets": facet}).text
# convert to JSON for easy extraction of fields
json_res = json.loads(query_res)["matches"]
count = 1
for i in json_res:
print(f"[{count}]. "" + i['ip'] + ":" + str(i['portinfo'] ['port']))
res = i['ip'] + ":" + str(i['portinfo'] ['port'])
with open(file, "a") as fw:
fw.writelines(res + "\n")
count += 1
except Exception as e:
print("[-] Please confirm whether the maximum number of queries has been reached!")
Copy the code5. Disadvantages and future optimization
Zoomeye’s API query gets the first port by default, so it’s best to add statistics parameters when querying. Zhong Kui’s eye can be queried in two ways: based on login token and APIkey. Further optimization:
(1) Add queries based on APIkey;
(2) Add python based crawler to get assets and export them to Excel.