diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ba74660
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,57 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+# Usually these files are written by a python script from a template
+# before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
diff --git a/brodomain.py b/brodomain.py
index de5dd8b..5425ab8 100644
--- a/brodomain.py
+++ b/brodomain.py
@@ -1,214 +1,229 @@
-#coding=utf-8
-#author=cond0r
+#!/usr/bin/env python
+# coding=utf-8
+# author=cond0r
+
import urllib2
import re
+import sys
+
from urllib import unquote
from urllib import quote
-from binascii import b2a_base64 as base64_encode
-from binascii import a2b_base64 as base64_decode
from sys import argv
-from Queue import Queue
-import sys
+
import lib.mthread
+
+
class aizhan:
- def __init__(self,domain='',mail='',name=''):
- self.domain=domain
- self.domain_beian=domain
- self.mail=mail
- self.name=name
- self.GetMailByDomain_regx=''
- self.GetSameDomainByEmailCode_mail='onClick="DisplayAllSitesBox\(\);" value="(.*)" />'
- self.GetSameDomainByEmailCode_domain=''
- self.GetRegname_regx=''
- self.GetRegname_List=''
- self.SameDomain=[]
- self.RegEmail=''
- self.RegName=''
- self.RegName_List=[]
- self.BroDomain=[]
-
- def AppendDomain(self,Dlist):
- for D in Dlist:
- self.SameDomain.append(D)
- def AppendBro(self,Dlist):
- for D in Dlist:
- if D not in self.BroDomain:
- #print D
- self.BroDomain.append(D)
- def AppendRegName(self,Rlist):
- for R in Rlist:
- if R not in self.RegName_List:
- self.RegName_List.append(R)
-
- def GetDomainFromReglist(self):
- Domain=[]
- i=1;
- for N in self.RegName_List:
- print i,
- i+=1
- dom=self.GetSameDomainByEmailCode(N,3,True)
- self.AppendBro(dom)
-
- #return Domain
- def GetDomainBybeian(self,domain='',backquery=False):
- if domain:
- self.domain_beian=domain
- url='http://codescan.cn/beian.php?query=%s'%self.domain_beian
- data=urllib2.urlopen(url).read()
- r=re.findall('| ([\s\S]*?) | ',data)
- #print r
- dlist=[]
- for i in r:
-
- i=i.replace(' ','').replace('\n','').replace('\r','')
- if 'ICP' in i and backquery==False:
- beian=i
- if '-' in beian:
- beian=beian.split('-')[0]
- self.GetDomainBybeian(beian,True)
- break
- if '.' in i :
- dlist.append(i)
- #print i
- self.AppendBro(dlist)
-
-
- def GetSameDomainByEmailCode(self,emailcode,code=1,appends=False):
- if code==1:
- url="http://whois.aizhan.com/reverse-whois?q=%s&t=emailCode"%quote(emailcode)
- elif code==2:
- url="http://whois.aizhan.com/reverse-whois?q=%s&t=email"%quote(emailcode)
- elif code==3:
- url="http://whois.aizhan.com/reverse-whois?q=%s&t=registrant"%quote(emailcode)
- #print url
- data=urllib2.urlopen(url).read()
- email=re.findall(self.GetSameDomainByEmailCode_mail,data)
- if len(email)==1:
- email=email[0]
- else:
- email=''
- domain=re.findall(self.GetSameDomainByEmailCode_domain,data)
- if len(domain)==0:
- domain=''
- if appends:
- return domain
- self.AppendDomain(domain)
- if code==2 or code==1:
- self.RegEmail=email
- regname_list=re.findall(self.GetRegname_List,data)
- self.AppendRegName(regname_list)
-
- def GetMailByDomain(self):
- url="http://whois.aizhan.com/reverse-whois?q=%s&t=domain"%self.domain
- #print url
- data=urllib2.urlopen(url).read()
- reg=re.findall(self.GetMailByDomain_regx,data)
- if len(reg)==1:
- reg=unquote(reg[0])
- self.GetSameDomainByEmailCode(reg)
- reg_name=re.findall(self.GetRegname_regx,data)
- if len(reg_name)==1:
- self.RegName=reg_name[0]
- self.GetSameDomainByEmailCode(self.RegName,3)
-result=[]
-def stdout( name):
- global result
- scanow ='[*] Find %s of %d'%(name,len(result))
- sys.stdout.write(str(scanow)+" "*20+"\b\b\r")
- sys.stdout.flush()
+ def __init__(self, domain='', mail='', name=''):
+ self.domain = domain
+ self.domain_beian = domain
+ self.mail = mail
+ self.name = name
+ self.GetMailByDomain_regx = ''
+ self.GetSameDomainByEmailCode_mail = 'onClick="DisplayAllSitesBox\(\);" value="(.*)" />'
+ self.GetSameDomainByEmailCode_domain = ''
+ self.GetRegname_regx = ''
+ self.GetRegname_List = ''
+ self.SameDomain = []
+ self.RegEmail = ''
+ self.RegName = ''
+ self.RegName_List = []
+ self.BroDomain = []
+
+ def AppendDomain(self, Dlist):
+ for D in Dlist:
+ self.SameDomain.append(D)
+
+ def AppendBro(self, Dlist):
+ for D in Dlist:
+ if D not in self.BroDomain:
+ # print D
+ self.BroDomain.append(D)
+
+ def AppendRegName(self, Rlist):
+ for R in Rlist:
+ if R not in self.RegName_List:
+ self.RegName_List.append(R)
+
+ def GetDomainFromReglist(self):
+ Domain = []
+ i = 1
+ for N in self.RegName_List:
+ print i,
+ i += 1
+ dom = self.GetSameDomainByEmailCode(N, 3, True)
+ self.AppendBro(dom)
+
+ # return Domain
+
+ def GetDomainBybeian(self, domain='', backquery=False):
+ if domain:
+ self.domain_beian = domain
+ url = 'http://codescan.cn/beian.php?query=%s' % self.domain_beian
+ data = urllib2.urlopen(url).read()
+ r = re.findall('([\s\S]*?) | ', data)
+ # print r
+ dlist = []
+ for i in r:
+
+ i = i.replace(' ', '').replace('\n', '').replace('\r', '')
+ if 'ICP' in i and backquery:
+ beian = i
+ if '-' in beian:
+ beian = beian.split('-')[0]
+ self.GetDomainBybeian(beian, True)
+ break
+ if '.' in i:
+ dlist.append(i)
+ # print i
+ self.AppendBro(dlist)
+
+ def GetSameDomainByEmailCode(self, emailcode, code=1, appends=False):
+ if code == 1:
+ url = "http://whois.aizhan.com/reverse-whois?q=%s&t=emailCode" % quote(emailcode)
+ elif code == 2:
+ url = "http://whois.aizhan.com/reverse-whois?q=%s&t=email" % quote(emailcode)
+ elif code == 3:
+ url = "http://whois.aizhan.com/reverse-whois?q=%s&t=registrant" % quote(emailcode)
+ # print url
+ data = urllib2.urlopen(url).read()
+ email = re.findall(self.GetSameDomainByEmailCode_mail, data)
+ if len(email) == 1:
+ email = email[0]
+ else:
+ email = ''
+ domain = re.findall(self.GetSameDomainByEmailCode_domain, data)
+ if len(domain) == 0:
+ domain = ''
+ if appends:
+ return domain
+ self.AppendDomain(domain)
+ if code == 2 or code == 1:
+ self.RegEmail = email
+ regname_list = re.findall(self.GetRegname_List, data)
+ self.AppendRegName(regname_list)
+
+ def GetMailByDomain(self):
+ url = "http://whois.aizhan.com/reverse-whois?q=%s&t=domain" % self.domain
+ # print url
+ data = urllib2.urlopen(url).read()
+ reg = re.findall(self.GetMailByDomain_regx, data)
+ if len(reg) == 1:
+ reg = unquote(reg[0])
+ self.GetSameDomainByEmailCode(reg)
+ reg_name = re.findall(self.GetRegname_regx, data)
+ if len(reg_name) == 1:
+ self.RegName = reg_name[0]
+ self.GetSameDomainByEmailCode(self.RegName, 3)
+result = []
+
+
+def stdout(name):
+ global result
+ scanow = '[*] Find %s of %d' % (name, len(result))
+ sys.stdout.write(str(scanow)+" "*20+"\b\b\r")
+ sys.stdout.flush()
+
+
def prints(d):
- global result,data,over
- if d=='Ennnnnnd':
- if over==1:
- return 0
- over=1
- data+="SubDomain\n"
- for p in result:
- if p:
- p=p.replace("http://","").replace("https://","").replace("/","")
- data+=p+"\n"
- print "[*] Query Over,Result is in %s.log" %argv[1]
- open('./log/%s.log'%argv[1],'w').write(data)
- return 1
- for i in d:
- stdout(i)
- result.append(i)
-result_ip=[]
+ global result, data, over
+ if d == 'Ennnnnnd':
+ if over == 1:
+ return 0
+ over = 1
+ data += "SubDomain\n"
+ for p in result:
+ if p:
+ p = p.replace("http://", "").replace("https://", "").replace("/", "")
+ data += p+"\n"
+ print "[*] Query Over,Result is in %s.log" % argv[1]
+ open('./log/%s.log' % argv[1], 'w').write(data)
+ return 1
+ for i in d:
+ stdout(i)
+ result.append(i)
+
+result_ip = []
+
+
def prints_ip(d):
- global result_ip,data,over
- if 'Ennnn' not in d:
- result_ip.append(d)
+ global result_ip, data, over
+ if 'Ennnn' not in d:
+ result_ip.append(d)
def write_html(dicts):
- html=""
- for key,value in dicts.items():
- #print key,value
- if value!='':
- data='''
- {Domain}
-
-
- '''.replace("{Domain}",key)
- li=""
-
- for d in value.split(","):
- if d:
- li+=''+d+''
- data=data.replace("{li}",li)
- html+=data
-
- htmls=open('./log/result.template').read()
- htmls=htmls.replace("{html}",html)
- open('./log/'+argv[1]+".html",'w').write(htmls)
-over=0
-if len(argv)!=2:
- print '''
- 88888888ba
- 88 "8b
- 88 ,8P
- 88aaaaaa8P' 8b,dPPYba, ,adPPYba,
- 88""""""8b, 88P' "Y8 a8" "8a
- 88 `8b 88 8b d8
- 88 a8P 88 "8a, ,a8"
- 88888888P" 88 `"YbbdP"'
- ver 1.0
- By Cond0r
- codescan.cn & pwn.ren
- Usage: python brodomain.py codescan.cn
-
- '''
- exit()
+ html = ""
+ for key, value in dicts.items():
+ # print key,value
+ if value != '':
+ data = '''
+ {Domain}
+
+
+ '''.replace("{Domain}", key)
+ li = ""
+
+ for d in value.split(","):
+ if d:
+ li += '' + d + ''
+ data = data.replace("{li}", li)
+ html += data
+
+ htmls = open('./log/result.template').read()
+ htmls = htmls.replace("{html}", html)
+ open('./log/'+argv[1]+".html", 'w').write(htmls)
+
+over = 0
+
+
+if len(argv) != 2:
+ print '''
+ 88888888ba
+ 88 "8b
+ 88 ,8P
+ 88aaaaaa8P' 8b,dPPYba, ,adPPYba,
+ 88""""""8b, 88P' "Y8 a8" "8a
+ 88 `8b 88 8b d8
+ 88 a8P 88 "8a, ,a8"
+ 88888888P" 88 `"YbbdP"'
+ ver 1.0
+ By Cond0r
+ codescan.cn & pwn.ren
+ Usage: python brodomain.py codescan.cn
+
+ '''
+ exit()
print "[*] Init.."
-query=aizhan(argv[1])
+query = aizhan(argv[1])
print "[*] Query Email.."
query.GetMailByDomain()
print "[*] Query Beian Code.."
query.GetDomainBybeian()
print "[*] Query All Domain Waiting.."
print "[*] Query ",
-#query.GetDomainFromReglist()
-data="Email: %s\nRegistrant: %s\n"%(query.RegEmail,query.RegName)
-data+="BroDmain Count:%d\n"%len(query.BroDomain)
-print "\n[*] BroDmain Count:%d\n"%len(query.BroDomain)
+# query.GetDomainFromReglist()
+data = "Email: %s\nRegistrant: %s\n" % (query.RegEmail, query.RegName)
+data += "BroDmain Count:%d\n" % len(query.BroDomain)
+print "\n[*] BroDmain Count:%d\n" % len(query.BroDomain)
for D in query.BroDomain:
- D=D.replace("http://","").replace("https://","").replace("/","")
- data+=D+"\n"
-m=lib.mthread.run(query.BroDomain,prints)
-m=lib.mthread.runip(result,prints_ip)
-dicts={}
+ D = D.replace("http://", "").replace("https://", "").replace("/", "")
+ data += D+"\n"
+m = lib.mthread.run(query.BroDomain, prints)
+m = lib.mthread.runip(result, prints_ip)
+dicts = {}
for Ds in query.BroDomain:
- Ds=Ds.replace("http://www",'')
- Ds=Ds.replace("/",'')
- #print Ds
- dicts.update({Ds:''})
- for D in result:
- #print D
- if Ds in D:
- #print D
- data=dicts[Ds]
- dicts.update({Ds:data+","+D})
-print "[*] Html Result in "+argv[1]+".html"
+ Ds = Ds.replace("http://www", '')
+ Ds = Ds.replace("/", '')
+ # print Ds
+ dicts.update({Ds: ''})
+ for D in result:
+ # print D
+ if Ds in D:
+ # print D
+ data = dicts[Ds]
+ dicts.update({Ds: data + "," + D})
+print "[*] Html Result in " + argv[1] + ".html"
write_html(dicts)
diff --git a/lib/__init__.pyc b/lib/__init__.pyc
deleted file mode 100644
index bdb471b..0000000
Binary files a/lib/__init__.pyc and /dev/null differ
diff --git a/lib/mthread.pyc b/lib/mthread.pyc
deleted file mode 100644
index ed97af9..0000000
Binary files a/lib/mthread.pyc and /dev/null differ