黑客笔记100:tencentcloud dev敏感信息泄露自动化监控

xiaozhupeiqi嘀嘀嘀
125 阅读5分钟

image.png

请求包,如果没有搜索到结果,返回包会包含"未能检索到相关内容",如果有搜索结果,就不会包含"未能检索到相关内容"。

GET /search/weixianrensheng/14_1 HTTP/2
Host: cloud.tencent.com
Cookie: qcloud_uid=YPaa3xfcHQIK; language=zh; qcloud_from=qcloud.directEnter.developer-1732875491636; sensorsdata2015jssdkcross=%7B%22distinct_id%22%3A%22193776d99421c9-0336803eedcf422-f575722-1327104-193776d994364b%22%2C%22first_id%22%3A%22%22%2C%22props%22%3A%7B%22%24latest_traffic_source_type%22%3A%22%E7%9B%B4%E6%8E%A5%E6%B5%81%E9%87%8F%22%7D%2C%22identities%22%3A%22eyIkaWRlbnRpdHlfY29va2llX2lkIjoiMTkzNzc2ZDk5NDIxYzktMDMzNjgwM2VlZGNmNDIyLWY1NzU3MjItMTMyNzEwNC0xOTM3NzZkOTk0MzY0YiJ9%22%2C%22history_login_id%22%3A%7B%22name%22%3A%22%22%2C%22value%22%3A%22%22%7D%2C%22%24device_id%22%3A%22193776d99421c9-0336803eedcf422-f575722-1327104-193776d994364b%22%7D; _ga=GA1.2.721792733.1732875492; qcstats_seo_keywords=%E5%93%81%E7%89%8C%E8%AF%8D-%E5%93%81%E7%89%8C%E8%AF%8D-%E8%85%BE%E8%AE%AF%E4%BA%91; trafficParams=***%24%3Btimestamp%3D1732875493231%3Bfrom_type%3Dserver%3Btrack%3Dcd68b3d5-db3e-4a43-a26d-5018ae35a12c%3B%24***; _gcl_au=1.1.1004183509.1732875493; qcloud_visitId=ac6a6ba0e085bf2f5d71cd26b7af65ae; qcmainCSRFToken=ByrEQYRiS1l; intl=; _gat=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
If-None-Match: W/"48e1-Ggf0RTvo7+st6e3WMp0oe7OZY8c"
Priority: u=0, i
Te: trailers

python tengxun.py baidu

关键词 'baidu' 出现代码泄露

python tengxun.py weixianrensheng

关键词 'weixianrensheng' 未出现代码泄露

import requests
import random
import sys

# 1. 定义 1-10 个 User-Agent
USER_AGENTS = [
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0",
    "Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1",
    "Mozilla/5.0 (Linux; Android 10; SM-G975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.120 Mobile Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.59",
    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
    "Mozilla/5.0 (iPad; CPU OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
]

# 2. 定义请求 URL 模板
URL_TEMPLATE = "https://cloud.tencent.com/search/{keyword}/14_1"

# 3. 定义请求头
HEADERS = {
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
    "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
    "Accept-Encoding": "gzip, deflate, br",
    "Upgrade-Insecure-Requests": "1",
    "Sec-Fetch-Dest": "document",
    "Sec-Fetch-Mode": "navigate",
    "Sec-Fetch-Site": "none",
    "Sec-Fetch-User": "?1",
    "Priority": "u=0, i",
    "Te": "trailers"
}

# 4. 定义 Cookie
COOKIES = {
    "qcloud_uid": "YPaa3xfcHQIK",
    "language": "zh",
    "qcloud_from": "qcloud.directEnter.developer-1732875491636",
    "sensorsdata2015jssdkcross": "%7B%22distinct_id%22%3A%22193776d99421c9-0336803eedcf422-f575722-1327104-193776d994364b%22%2C%22first_id%22%3A%22%22%2C%22props%22%3A%7B%22%24latest_traffic_source_type%22%3A%22%E7%9B%B4%E6%8E%A5%E6%B5%81%E9%87%8F%22%7D%2C%22identities%22%3A%22eyIkaWRlbnRpdHlfY29va2llX2lkIjoiMTkzNzc2ZDk5NDIxYzktMDMzNjgwM2VlZGNmNDIyLWY1NzU3MjItMTMyNzEwNC0xOTM3NzZkOTk0MzY0YiJ9%22%2C%22history_login_id%22%3A%7B%22name%22%3A%22%22%2C%22value%22%3A%22%22%7D%2C%22%24device_id%22%3A%22193776d99421c9-0336803eedcf422-f575722-1327104-193776d994364b%22%7D",
    "_ga": "GA1.2.721792733.1732875492",
    "qcstats_seo_keywords": "%E5%93%81%E7%89%8C%E8%AF%8D-%E5%93%81%E7%89%8C%E8%AF%8D-%E8%85%BE%E8%AE%AF%E4%BA%91",
    "trafficParams": "***%24%3Btimestamp%3D1732875493231%3Bfrom_type%3Dserver%3Btrack%3Dcd68b3d5-db3e-4a43-a26d-5018ae35a12c%3B%24***",
    "_gcl_au": "1.1.1004183509.1732875493",
    "qcloud_visitId": "ac6a6ba0e085bf2f5d71cd26b7af65ae",
    "qcmainCSRFToken": "ByrEQYRiS1l",
    "intl": "",
    "_gat": "1"
}

# 5. 定义超时时间(秒)
TIMEOUT = 5

# 6. 发送请求并检查响应
def check_code_leak(keyword):
    try:
        # 动态替换 URL 中的关键词
        url = URL_TEMPLATE.format(keyword=keyword)

        # 随机选择一个 User-Agent
        headers = HEADERS.copy()
        headers["User-Agent"] = random.choice(USER_AGENTS)

        # 发送 GET 请求
        response = requests.get(
            url,
            headers=headers,
            cookies=COOKIES,
            timeout=TIMEOUT
        )

        # 检查响应状态码
        if response.status_code == 200:
            # 检查返回包是否包含 "未能检索到相关内容"
            if "未能检索到相关内容" in response.text:
                print(f"关键词 '{keyword}' 未出现代码泄露")
            else:
                print(f"关键词 '{keyword}' 出现代码泄露")
        else:
            print(f"请求失败,状态码: {response.status_code}")

    except requests.exceptions.RequestException as e:
        print(f"请求异常: {e}")

# 7. 主程序
if __name__ == "__main__":
    # 检查命令行参数
    if len(sys.argv) != 2:
        print("使用方法: python tengxun.py <关键词>")
        sys.exit(1)

    # 获取关键词参数
    keyword = sys.argv[1]

    # 执行检查
    check_code_leak(keyword)
avatar
文章
阅读
粉丝