union-cmd commented 7 months ago

零零信安平台和fofa，是一个网络空间资产搜索引擎平台

代码如下： `import time

from config import settings from common.search import Search

class ZeroZoneQuery(Search): def init(self, domain): Search.init(self) self.domain = domain self.module = 'Search' self.source = 'ZeroZoneQuery' self.addr = 'https://0.zone/api/data/' self.delay = 2

需要高级会员

    self.key = settings.zero_zone_key

def search(self):
    """
    发送搜索请求并做子域匹配
    """
    self.pagesize = 40 # 每页条数，最大40
    self.page = 1
    while True:
        time.sleep(self.delay)
        self.header = self.get_header()
        self.proxy = self.get_proxy(self.source)
        params = {
                "query": f"(domain={self.domain})",
                "query_type": "domain",
                "page": self.page,
                "pagesize": self.pagesize,
                "zone_key_id": self.key
            }
        resp = self.post(self.addr, json=params)
        if not resp:
            return
        resp_json = resp.json()
        if resp_json['code'] != 0 or resp_json['message'] != 'success':
            break
        subdomains = self.match_subdomains(resp)
        if not subdomains:  # 搜索没有发现子域名则停止搜索
            break
        self.subdomains.update(subdomains)
        self.page += 1

def run(self):
    """
    类执行入口
    """
    if not self.have_api(self.key):
        return
    self.begin()
    self.search()
    self.finish()
    self.save_json()
    self.gen_result()
    self.save_db()

def run(domain): """ 类统一调用入口

:param str domain: 域名
"""
search = ZeroZoneQuery(domain)
search.run()

if name == 'main': run('xxx.com') `

我自己跑过了是没有问题的

它的接口是按照它给出的模版写的 https://github.com/00sec-Ltd/zone-api-demo/blob/master/request.py

它这里是提供查询子域名的api，只需要将query_type改为domain，query为你要查询的子域名，但是格式要像这样(domain={baidu.com})

然后要调用这个子域名的api的话需要你充值高级会员，98元/年

union-cmd commented 7 months ago

上面展示的代码有点问题，看下面这里

import time

from config import settings
from common.search import Search

class ZeroZoneQuery(Search):
    def __init__(self, domain):
        Search.__init__(self)
        self.domain = domain
        self.module = 'Search'
        self.source = 'ZeroZoneQuery'
        self.addr = 'https://0.zone/api/data/'
        self.delay = 2
        # 需要高级会员
        self.key = settings.zero_zone_key

    def search(self):
        """
        发送搜索请求并做子域匹配
        """
        self.pagesize = 40 # 每页条数，最大40
        self.page = 1
        while True:
            time.sleep(self.delay)
            self.header = self.get_header()
            self.proxy = self.get_proxy(self.source)
            params = {
                    "query": f"(domain={self.domain})",
                    "query_type": "domain",
                    "page": self.page,
                    "pagesize": self.pagesize,
                    "zone_key_id": self.key
                }
            resp = self.post(self.addr, json=params)
            if not resp:
                return
            resp_json = resp.json()
            if resp_json['code'] != 0 or resp_json['message'] != 'success':
                break
            subdomains = self.match_subdomains(resp)
            if not subdomains:  # 搜索没有发现子域名则停止搜索
                break
            self.subdomains.update(subdomains)
            self.page += 1

    def run(self):
        """
        类执行入口
        """
        if not self.have_api(self.key):
            return
        self.begin()
        self.search()
        self.finish()
        self.save_json()
        self.gen_result()
        self.save_db()

def run(domain):
    """
    类统一调用入口

    :param str domain: 域名
    """
    search = ZeroZoneQuery(domain)
    search.run()

if __name__ == '__main__':
    run('xxx.com')

nikKrian commented 1 month ago

好用

shmilylty / OneForAll

提供零零信安平台调用子域名api接口脚本 #360

需要高级会员