我的想法是在命令行上将IP地址列表提供给以下代码以检查HTTP方法。问题是Python抱怨它无法使用此错误将IP地址解析为主机名:
requests.exceptions.ConnectionError: ('Connection aborted.', gaierror(8, 'nodename nor servname provided, or not known'))
如何关闭DNS IP - >主机名解析?
#!/usr/bin/python
#Usage: ./name-of-this-script.py list-of-IPs
import sys
import requests
requests.packages.urllib3.disable_warnings()
## Variables
f = open(sys.argv[1], 'r')
verbs = ['GET','HEAD','POST','PUT','DELETE','OPTIONS','TRACE','PROPFIND','CONNECT','TEST', 'LOCK','MKCOL','ACL','BASELINE-CONTROL','BIND','CHECKIN','CHECKOUT','COPY','LABEL','LINK','MERGE','MKACTIVITY','MKCALENDAR','MKCOL','MKDIRECTREF','MKWORKPSACE','MOVE','ORDERPATCH','PATCH','PROPATCH','REBIND','REPORT','SEARCH','UNBIND','UNCHECKOUT','UNLINK','UPDATE','UPATEDDIRECTREF','VERSION-CONTROL','LONGPHONYHTTPMETHOD']
print "----------------------------"
print "Permitted HTTP methods indicated below by 200 OK."
print """
To control which HTTP methods are permitted on Apache
consult:
https://httpd.apache.org/docs/trunk/mod/mod_allowmethods.html
"""
print "----------------------------"
for line in f:
for verb in verbs:
print line
#req = requests.request(verb, sys.argv[1], verify=False)
host = 'https://'+ line
req = requests.request(verb, host, verify=False)
print verb, req.status_code, req.reason
if verb == 'TRACE' and 'TRACE / HTTP/1.1' in req.text:
print 'Possible Cross Site Tracing Vulnerability found!'
答案 0 :(得分:1)
使用像requests这样的高级库进行这种低级别的HTTP请求处理对我来说似乎有点过头了。
我建议您使用httplib(或http.client,如果您想使用Python 3):
import httplib
import ssl
# Since the IP addresses will likely not match the SSL cert hostnames
ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ip = "104.16.34.249" # SO
verb = "TRACE"
conn = httplib.HTTPSConnection(ip, context=ssl_context)
conn.request(verb, "/")
r = conn.getresponse()
print r.read(), r.status, r.reason