python调用ZoomEyeAPI收集Hikvision网络摄

0b01: ZoomEye 网络空间搜索引擎：

国内互联网安全厂商知道创宇开放了他们的海量数据库，对之前沉淀的数据进行了整合、整理，打造了一个名符其实的网络空间搜索引擎ZoomEye，该搜索引擎的后端数据计划包括两部分

• 1，网站组件指纹：包括操作系统，Web服务，服务端语言，Web开发框架，Web应用，前端库及第三方组件等等。
• 2，主机设备指纹：结合NMAP大规模扫描结果进行整合。

0b10：面向注册用户的ZoomAPI 使用文档

• 获取access_token的方法1 (需使用linux环境的curl):
  curl -X POST https://api.zoomeye.org/user/login -d '{ "username": "foo@bar.com", "password": "foobar" }'

0b11：python调用ZoomAPI的实例

• 代码的主要功能：获取access_token,查询Hikvision 摄像头 (你懂的)
• 测试环境：Anaconda2 (python2.7 64bit) win10

 # -*- coding:utf-8 -*-
import os
import requests
import json
import sys

reload(sys)
sys.setdefaultencoding('utf-8')
''' >上两行解决如下错误
    python在安装时，默认的编码是ascii，当程序中出现非ascii编码时，     
    python的处理常常会报这样的错''ascii' codec can't encode character'，  
    python没办法处理非ascii编码的，     
    此时需要自己设置将python的默认编码，一般设置为utf8的编码格式。
'''

access_token = ''
ip_list = []


def login():
    user = raw_input('[username]:')     # 用户名为登陆时的邮箱
    passwd = raw_input('[password]:')
    data = {
        'username': user,
        'password': passwd,
    }
    data_encoded = json.dumps(data) # dumps是将dict转化成str格式，loads是将str转化成dict格式。
    try:
        r = requests.post(url='https://api.zoomeye.org/user/login', data=data_encoded)
        r_decoded = json.loads(r.text)
        global access_token
        access_token = r_decoded['access_token']
    except Exception:
        print '[info]:username or password is wrong'
        exit()


def savaStrToFile(file, str):
    # 保存access_token字符串
    with open(file, 'w') as output:
        output.write(str)


def saveListToFile(file, list):
    # 保存结果ip地址
    s = '\n'.join(list)
    with open(file, 'w') as output:
        output.write(s)


def apiTest():
    page = 1
    global access_token
    with open('access_token.txt', 'r') as input:
        access_token = input.read()
    headers = {'Authorization': 'JWT ' + access_token, } # 请求头以此来说明你有调用api的权限
    while True:
        try:
            r = requests.get(
                url='https://api.zoomeye.org/host/search?query=app:"Hikvision IP camera httpd" country:"China"&page=' +
                    str(page),
                headers=headers)    #query参数详解见官方文档
            r_decoded = json.loads(r.text)
            for x in r_decoded['matches']:
                resStr =  x['ip'] + ':' + str(x['portinfo']['port']) + '\t' + '[geoinfo]:' +\
                x['geoinfo']['city']['names']['en'] + ' ' +x['geoinfo']['country']['names']['en'] + '\t' +\
                '[lat-lon]:' + str(x['geoinfo']['location']['lat']) + ' ' + str(x['geoinfo']['location']['lon'])        
                # 我在此保存的信息有点多，仅供参考,注意字典中键值的类型，json格式参考下图
                print resStr
                ip_list.append(resStr)
            print '[info]count:' + str(page * 10)   # 每页有10个ip结果
        except Exception, e:
            if str(e.message) == 'matches':
                print '[info]:' + 'account was break, excceeding the max limitations'   # 有请求次数限制
                break
            else:
                print '[info]:' + str(e.message)
        else:
            if page == 100:     # 这里页数好像可以很多，我最大只试到100
                break
            page += 1


def main():
    if not os.path.isfile('access_token.txt'):
        print '[info]:access_token file is not exit, please login'
        login()
        savaStrToFile('access_token.txt', access_token)
    apiTest()
    saveListToFile('ip_list.txt', ip_list)


if __name__ == '__main__':
    main()

0b100: 请求的返回结果为json数据,参考如下

{"matches": [{
        "geoinfo": {
             "city": {
                    "geoname_id": 1790630,
                        "names": {
                            "zh-CN": "\u897f\u5b89", 
                            "en": "Xi'an"
                                }
                    },
                    "country":{
                        "geoname_id": 1814991,
                            "code": "CN", 
                                "names":{
                                    "zh-CN": "\u4e2d\u56fd", 
                                        "en": "China"
                                        }
                            }, 
                    "isp": "China Telecom SHAANXI", 
                    "asn": 4134, 
                    "subdivisions": {
                        "geoname_id": 1796480, 
                        "code": "61", 
                        "names":{
                            "zh-CN": "\u9655\u897f", 
                            "en": "Shaanxi"
                                }
                                    }, 
                    "location":{
                        "lat": 34.2583,
                        "lon": 108.9286
                                },
                    "organization": "China Telecom", 
                    "aso": "Chinanet", 
                    "continent":{
                        "geoname_id": 6255147, 
                        "code": "AS", 
                        "names": {
                            "zh-CN": "\u4e9a\u6d32", 
                            "en": "Asia"
                                }
                                }
                    }, 
        "ip": "36.44.58.207", 
        "portinfo":{
            "hostname": "", 
            "service": "http", 
            "os": "", 
            "app": "Hikvision IP camera httpd",
            "extrainfo": "", 
            "version": "", 
            "device": "webcam", 
            "banner": "HTTP/1.0 200 此处省略若干", 
            "port": 80
                },
        "timestamp": "2017-02-13T13:42:26"
    }]
}

待续--如何利用Hikvision的弱口令