-
Notifications
You must be signed in to change notification settings - Fork 124
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #87 from knownsec/dev
update():remove username and password authenticate method
- Loading branch information
Showing
8 changed files
with
53 additions
and
162 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -57,12 +57,7 @@ After successfully installing ``ZoomEye-python``, you can use the | |
|
||
Before using the ``ZoomEye-python cli``, the user ``token`` needs to be | ||
initialized. The credential is used to verify the user’s identity to | ||
query data from ``ZoomEye``; we provide two authentication methods: | ||
|
||
:: | ||
|
||
1.username/password | ||
2.APIKEY (recommend) | ||
query data from ``ZoomEye``; only support API-KEY authentication methods. | ||
|
||
You can view the help through ``zoomeye init -h``, and use ``APIKEY`` to | ||
demonstrate below: | ||
|
@@ -79,10 +74,6 @@ information (https://www.zoomeye.org/profile); ``APIKEY`` will not | |
expire, users can reset in personal information according to their | ||
needs. | ||
|
||
in addition, we also provide the initialization method of | ||
``username/password``. After authentication in this way, the | ||
``JWT-token`` will be returned, which has certain timeliness and | ||
requires the user to login again after failure. | ||
|
||
2.query quota | ||
^^^^^^^^^^^^^ | ||
|
@@ -623,18 +614,10 @@ The ``-dot`` parameter will generate a picture in ``png`` format and save the or | |
1.initialize token | ||
^^^^^^^^^^^^^^^^^^ | ||
|
||
Similarly, the SDK also supports two authentication methods, | ||
``username/password`` and ``APIKEY``, as follows: | ||
|
||
**1.user/pass** | ||
|
||
.. code:: python | ||
from zoomeye.sdk import ZoomEye | ||
zm = ZoomEye(username="username", password="password") | ||
Similarly, the SDK also supports API-KEY authentication methods, | ||
``APIKEY``, as follows: | ||
|
||
**2.APIKEY** | ||
**APIKEY** | ||
|
||
.. code:: python | ||
|
@@ -649,27 +632,25 @@ The following are the interfaces and instructions provided by the SDK: | |
|
||
:: | ||
|
||
1.login() | ||
use username/password or APIKEY for authentication | ||
2.dork_search(dork, page=0, resource="host", facets=None) | ||
1.dork_search(dork, page=0, resource="host", facets=None) | ||
search the data of the specified page according to dork | ||
3.multi_page_search(dork, page=1, resource="host", facets=None) | ||
2.multi_page_search(dork, page=1, resource="host", facets=None) | ||
search multiple pages of data according to dork | ||
4.resources_info() | ||
3.resources_info() | ||
get current user information | ||
5.show_count() | ||
4.show_count() | ||
get the number of all matching results under the current dork | ||
6.dork_filter(keys) | ||
5.dork_filter(keys) | ||
extract the data of the specified field from the search results | ||
7.get_facet() | ||
6.get_facet() | ||
get statistical results of all data from search results | ||
8.history_ip(ip) | ||
7.history_ip(ip) | ||
query historical data information of an ip | ||
9.show_site_ip(data) | ||
8.show_site_ip(data) | ||
traverse the web-search result set, and output the domain name and ip address | ||
10.show_ip_port(data) | ||
9.show_ip_port(data) | ||
traverse the host-search result set and output the ip address and port | ||
11.generate_dot(self, q, source=0, page=1) | ||
10.generate_dot(self, q, source=0, page=1) | ||
Generate graphviz files and pictures written in the domain center | ||
|
||
3.SDK example | ||
|
@@ -684,12 +665,8 @@ The following are the interfaces and instructions provided by the SDK: | |
'__file__', '__loader__', '__name__', '__package__', '__spec__', | ||
'fields_tables_host', 'fields_tables_web', 'getpass', 'requests', | ||
'show_ip_port', 'show_site_ip', 'zoomeye_api_test'] | ||
>>> # Use username and password to login | ||
>>> zm = zoomeye.ZoomEye() | ||
>>> zm.username = '[email protected]' | ||
>>> zm.password = 'password' | ||
>>> print(zm.login()) | ||
....JIUzI1NiIsInR5cCI6IkpXVCJ9..... | ||
>>> # Use API-KEY search | ||
>>> zm = zoomeye.ZoomEye(api_key="01234567-acbd-00000-1111-22222222222") | ||
>>> data = zm.dork_search('apache country:cn') | ||
>>> zoomeye.show_site_ip(data) | ||
213.***.***.46.rev.vo***one.pt ['46.***.***.213'] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -39,10 +39,7 @@ optional arguments: | |
``` | ||
|
||
#### 1.初始化token | ||
在使用 `ZoomEye-python cli` 前需要先初始化用户 `token`,该凭证用于验证用户身份以便从 `ZoomEye` 查询数据;我们提供了两种认证方式: | ||
|
||
1.username/password | ||
2.APIKEY (推荐) | ||
在使用 `ZoomEye-python cli` 前需要先初始化用户 `token`,该凭证用于验证用户身份以便从 `ZoomEye` 查询数据;仅支持 API-KEY 认证。 | ||
|
||
可以通过 `zoomeye init -h` 查看帮助,下面通过 `APIKEY` 来进行演示: | ||
|
||
|
@@ -55,7 +52,6 @@ Quota: 10000 | |
|
||
用户可以通过登陆 `ZoomEye` 在个人信息中(<https://www.zoomeye.org/profile>) 获取 `APIKEY`;`APIKEY` 不会过期,用户可根据需求在个人信息中进行重置。 | ||
|
||
除此之外,我们还提供了 `username/password` 的初始化方式,通过这种方式认证后会返回 `JWT-token`,具有一定的时效性,失效后需要用户重新登陆。 | ||
|
||
#### 2.查询配额 | ||
用户可以通过 `info` 命令查询个人信息以及数据配额,如下: | ||
|
@@ -495,17 +491,9 @@ total: 90/79882 | |
|
||
### 0x04 使用SDK | ||
#### 1.初始化token | ||
同样,在 SDK 中也支持 `username/password` 和 `APIKEY` 两种认证方式,如下: | ||
|
||
**1.user/pass** | ||
|
||
```python | ||
from zoomeye.sdk import ZoomEye | ||
|
||
zm = ZoomEye(username="username", password="password") | ||
``` | ||
同样,在 SDK 中仅支持通过 `APIKEY` 认证,如下: | ||
|
||
**2.APIKEY** | ||
**APIKEY** | ||
|
||
```python | ||
from zoomeye.sdk import ZoomEye | ||
|
@@ -516,27 +504,25 @@ zm = ZoomEye(api_key="01234567-acbd-00000-1111-22222222222") | |
#### 2.SDK API | ||
以下是 SDK 提供的接口以及说明: | ||
|
||
1.login() | ||
使用 username/password 或者 APIKEY 进行认证 | ||
2.dork_search(dork, page=0, resource="host", facets=None) | ||
1.dork_search(dork, page=0, resource="host", facets=None) | ||
根据 dork 搜索指定页的数据 | ||
3.multi_page_search(dork, page=1, resource="host", facets=None) | ||
2.multi_page_search(dork, page=1, resource="host", facets=None) | ||
根据 dork 搜索多页数据 | ||
4.resources_info() | ||
3.resources_info() | ||
获取当前用户的信息 | ||
5.show_count() | ||
4.show_count() | ||
获取当前 dork 下全部匹配结果的数量 | ||
6.dork_filter(keys) | ||
5.dork_filter(keys) | ||
从搜索结果中提取指定字段的数据 | ||
7.get_facet() | ||
6.get_facet() | ||
从搜索结果中获取全量数据的聚合结果 | ||
8.history_ip(ip) | ||
7.history_ip(ip) | ||
查询某个 ip 的历史数据信息 | ||
9.show_site_ip(data) | ||
8.show_site_ip(data) | ||
遍历 web-search 结果集,并输出域名和ip地址 | ||
10.show_ip_port(data) | ||
9.show_ip_port(data) | ||
遍历 host-search 结果集,并输出ip地址和端口 | ||
11.generate_dot(self, q, source=0, page=1) | ||
10.generate_dot(self, q, source=0, page=1) | ||
生成以域名中心写出graphviz文件和图片 | ||
|
||
#### 3.使用示例 | ||
|
@@ -549,12 +535,8 @@ $ python3 | |
'__file__', '__loader__', '__name__', '__package__', '__spec__', | ||
'fields_tables_host', 'fields_tables_web', 'getpass', 'requests', | ||
'show_ip_port', 'show_site_ip', 'zoomeye_api_test'] | ||
>>> # Use username and password to login | ||
>>> # Use API-KEY search dork | ||
>>> zm = zoomeye.ZoomEye() | ||
>>> zm.username = '[email protected]' | ||
>>> zm.password = 'password' | ||
>>> print(zm.login()) | ||
....JIUzI1NiIsInR5cCI6IkpXVCJ9..... | ||
>>> data = zm.dork_search('apache country:cn') | ||
>>> zoomeye.show_site_ip(data) | ||
213.***.***.46.rev.vo***one.pt ['46.***.***.213'] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.