一种渗透测试工具,用于解析域和选择性地过滤inscope结果。

resolvr的Python项目详细描述


分辨率

解析域并选择性地筛选范围内结果。在

示例

文件

root@kali:~/.../personal/resolvr$ ./resolvr.py -h
usage: resolvr [-h] [-v] [-q] [-i [INPUT]] [-o [OUTPUT]] [-s [SCOPE]]
               [-O [OUT_OF_SCOPE]] [-n [NO_RESOLVE]]

Resolves domains and optionally filters on in-scope results

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -q, --quiet           surpress extra output
  -i [INPUT], --input [INPUT]
                        input list of domains to test (default stdin)
  -o [OUTPUT], --output [OUTPUT]
                        output filename
  -s [SCOPE], --scope [SCOPE]
                        input list of in-scope address ranges (default *)
  -O [OUT_OF_SCOPE], --out-of-scope [OUT_OF_SCOPE]
                        out of scope hosts output filename
  -n [NO_RESOLVE], --no-resolve [NO_RESOLVE]
                        non-resolved hosts output filename

基本用法

首先,您需要一个可能是目标的域和子域的列表,这些域和子域通常是通过许多子域枚举技术发现的:

^{pr2}$

一般情况下,您需要将此列表输入resolvr,如下所示:

root@kali:~$ resolvr.py -i discovered_subdomains_company.com.txt -o resolvr_results_company.com.txt
                           ___                      
                          /\_ \                     
 _ __    __    ____    ___\//\ \    __  __   _ __   
/\`'__\/'__`\ /',__\  / __`\\ \ \  /\ \/\ \ /\`'__\ 
\ \ \//\  __//\__, `\/\ \L\ \\_\ \_\ \ \_/ |\ \ \/  
 \ \_\\ \____\/\____/\ \____//\____\\ \___/  \ \_\  
  \/_/ \/____/\/___/  \/___/ \/____/ \/__/    \/_/  

                                             v1.0
info: Host company.com resolves to 255.255.255.254
error: Failed to resolve the host dev.company.com
error: Failed to resolve the host wiki.company.com
info: Host host2.company.com resolves to 255.255.255.255
...omitted for brevity...

目标滤波

此外,如果您知道哪些主机在作用域内的确切CIDR范围,您也可以将其输入,这将被考虑在内:

root@kali:~$ cat target_ranges.txt 
255.255.255.255/32

root@kali:~$ resolvr.py -i discovered_subdomains_company.com.txt -o resolvr_results_company.com.txt -s target_ranges.txt 
                           ___                      
                          /\_ \                     
 _ __    __    ____    ___\//\ \    __  __   _ __   
/\`'__\/'__`\ /',__\  / __`\\ \ \  /\ \/\ \ /\`'__\ 
\ \ \//\  __//\__, `\/\ \L\ \\_\ \_\ \ \_/ |\ \ \/  
 \ \_\\ \____\/\____/\ \____//\____\\ \___/  \ \_\  
  \/_/ \/____/\/___/  \/___/ \/____/ \/__/    \/_/  

                                             v1.0
info: Host company.com resolves to 255.255.255.254 but is *not* in scope
error: Failed to resolve the host dev.company.com
error: Failed to resolve the host wiki.company.com
info: Host host2.company.com resolves to 255.255.255.255 and is in scope
...omitted for brevity...

安装

标准

pip3 install resolvr

出血边缘

仅当中心软件包已过期,并且需要安装具有最新功能的最新软件包时,才使用此选项。在

python3 setup.py install

开发

欢迎加入QQ群-->: 979659372 Python中文网_新手群

推荐PyPI第三方库


热门话题
java如何使用bouncycastle从pkcs7文件获取证书?   java是向字符串数字添加零的有效方法吗?   Android在外部播放器中播放视频url   如何在Java代码中调用Wildfly事务管理器?   java为什么在使用键盘完成选择时不触发选择事件?   java xpath错误:jaxb外部绑定文件上为null   java如何避免在活动之间切换时出现白屏   Hadoop安装程序中的java“unknown.prolexic.com:未知错误”   要用作out参数的java自定义数字类   java如何向spring控制器的http请求添加属性?   for循环中的java静态值   java为图像编辑器快速、可靠地保存/加载文档状态   java数组越界和空指针异常   java如何在列表<Object>对象包含对象的对象上检查null?   java从URL下载文件到tomcat服务器   GlassFish“ogs3.1.2.2windows.exe”和“ogs3.1.2.2windowsml.exe”文件之间的java差异   无MathLab的Java Gabor图像处理   包含CSV中不存在的其他字段的java mongoimport