安全工具分析系列-Londly01

前言

原创作者：Super403，文章分析主要用于研究教学

本期研究：【Londly01-safety-tool】工具源码

简介：自动化资产探测及漏扫脚本

工具来源：
https://github.com/startagain2016/Londly01-safety-tool

截图展示：【如下图所示】

工具介绍

根据作者的工具简介，“

自动化进行资产探测及漏洞扫描｜红蓝对抗 | 快速打点 | 适用黑客进行赏金活动、SRC活动、大规模攻击使用 | 护网

”可以理解这是一个调用市面上常用的渗透工具，进行自动流程化的脚本工具。首先看一下作者调用的工具，masscan，Fscan，httpx，Finger，observer，xray，nuclei，都是一些常见的渗透工具。脚本工具的核心是调用这些工具，采用人工常规渗透方式，及信息收集+资产测绘+漏洞扫描，将其连贯起来做成自动化流程。

工作流程

工具分析

__
|    cdn.py             # 去除节点ip
|    const.py           # cdn配置文件
|    londly.py			# 主程序
|    README.md          # 说明
|_   requirements.txt   # 需要下载安装的pip的模块

londly.py

首先我们从头开始刨析这个脚本工具源码，这里发现主程序

londly.py

调用os，time，argparse，shutil等模块。

#coding:utf-8
import os           #可以用于操作系统交互，执行命令
import time         #可以用于调用时间相关事件，如演示等等
import argparse     #用于编写用户友好的命令行接口，可以定义程序命令行参数
import shutil       #提供了更高级的文件和文件夹操作，如复制、删除、移动文件和文件夹等

图形化展示字符设计，定义函数biaoti，里面包含一个变量splash1，展示输出。

def biaoti():
    splash1 = """


 __                                __  __           
|  \                              |  \|  \          
| $$      ______   _______    ____| $$| $$ __    __ 
| $$     /      \ |       \  /      $$| $$|  \  |  \
| $$    |  $$$$$$\| $$$$$$$\|  $$$$$$$| $$| $$  | $$
| $$    | $$  | $$| $$  | $$| $$  | $$| $$| $$  | $$
| $$____| $$__/ $$| $$  | $$| $$__| $$| $$| $$__/ $$
| $$     $$    $$| $$  | $$ $$    $$| $$ $$    $$
 $$$$$$$$$$$$$$  $$   $$  $$$$$$$ $$ _$$$$$$$
                                          |  \__| $$
                                           $$    $$
                                            $$$$$$ 

                                                                 
    """
    print(splash1)

下面主要涉及到argparse模块的知识，看不懂的可以去百度了解，不过多讲述。

下面代码，定义一个函数args函数，设置解析命令行参数，我看这段代码主要是调用masscan端口扫描工具，执行masscan命令的自定义参数，设置三个参数分别是 -i 从文件中读取要扫描的目标列表，-p 扫描端口，-rate扫描速率。最后将解析命令行参数保存至变量args。

**description=’Masscan2Httpx2Nuclei’ ** 设置提示描述，会在界面展示。


add_argument

用于向ArgumentParser对象，添加命令行参数。

**required=True ** 是设置命令参数为必选项。


help=”

是设置帮助信息，提示作用。

**args = parser.parse_args() **用于解析命令行参数

def args():
    parser = argparse.ArgumentParser(description='Masscan2Httpx2Nuclei')
    #help换行
    parser.add_argument('-i', '--input', help='参考masscan -iL', required=True)
    parser.add_argument('-p', '--port',help='参考masscan -p', required=True)
    parser.add_argument('-rate','--rate', help='参考masscan速率rate', required=True)
    args = parser.parse_args()
    return args

这段代码定义一个更新模块update函数，设置提示变量展示，可以看到在当前目录下使用os模块执行系统命令来更新nuclei工具和xray工具，更新完成后输出提示。

def update():
    splash00 = """
        +----------------------------------+
        | 正在更新nuclei&xray       
        +----------------------------------+
    """
    print(splash00)
    os.system('./nuclei -update')
    os.system('./xray_linux_amd64 upgrade')
    splash03 = """
        +----------------------------------+
        | 检查完毕,解放双手!!
        +----------------------------------+
    """
    print(splash03)

设置check_args函数，读取上面所说的args变量存储命令解析参数命令，这里做了三个逻辑判断.

第一 检查 -i ，input 参数指定的IP文件是否存在，不存在退出程序.

第二 检查 -p，port 的端口参数是否存在，不存在退出程序.

第三 检查-rate 的扫描速率参数是否存在，不存在退出程序.

如果所有逻辑判断正常， 函数会返回原始的 args 对象

def check_args(args):
    if not os.path.exists(args.input):
        print('ip文件不存在')
        exit()
    if not args.port:
        print('请输入端口参数')
        exit()
    if not args.rate:
        print('请输入扫描速率(例：-rate 2000)')
        exit()
    return args

这段代码的流程是调用check_args函数做个逻辑判断，验证参数无误后，设置三个变量，分别对于命令行中的三个参数，使用os模块执行系统命令，运行masscan，将结果保存到当前目录下的masscan.txt。

def masscan2httpx2nuclei(args):
    args = check_args(args)
    input_file = args.input
    port = args.port
    rate = args.rate
    os.system('masscan -iL ' + input_file + ' -p' + port + ' -oL masscan.txt --rate ' + rate)

这段代码更好理解了，使用python3命令调用cdn.py ,具体我们看下面的cdn.py代码分析，最后会处理好IP

def cdn():
    os.system('python3 cdn.py list.txt')

接下来我们分析

masscan2httpx2nuclei_main函数：

看函数名我们就知道，这个是工具处理函数，首先循环检查masscan.txt是否存在，不存在延时1秒继续检查，然后继续检查，当masscan.txt的大小为0，说明没有扫描到任何开放的端口，因此打印提示信息并退出程序 ，如果不为空则打开masscan.txt 文件并逐行读取。跳过以 # 开头的行（通常是注释或标题）。对于以 open 开头的行（表示扫描到的开放端口），提取端口号和相应的IP地址，并写入到 masscanconvert.txt 文件中 ，如果这个txt存在， 使用 httpx扫描masscanconvert.txt的结果，保存httpxresult.txt中，然后删除文件。

def masscan2httpx2nuclei_main():
    while True:
        if os.path.exists("masscan.txt"):
            break
        else:
            time.sleep(1)
    if os.path.getsize("masscan.txt") == 0:
        splash3 = """
            +----------------------------------+
            | 无端口开放，程序已退出!          
            +----------------------------------+
        """
        print(splash3)
        exit()
    else :
        splash4 = """
            +----------------------------------------+
            | Masscan扫描结果解析并调用httpx   
            +----------------------------------------+
        """
        print(splash4)
        masscanfile = open("masscan.txt", "r")
        masscanfile.seek(0)
        for line in masscanfile:
            if line.startswith("#"):
                continue
            if line.startswith("open"):
                line = line.split(" ")
                with open("masscanconvert.txt", "a") as f:
                    f.write(line[3]+":"+line[2]+"\n")
                    f.close()
        masscanfile.close()
    if os.path.exists("masscan.txt"):
        os.system('./httpx -l masscanconvert.txt -nc -o httpxresult.txt')
        os.remove("masscan.txt")
        splash2 = """
            +----------------------------------+
            | Httpx is done !                  
            +----------------------------------+
        """
        print(splash2)
    else:
        splash5 = """
            +----------------------------------+
            | 未发现解析后的masscan端口结果    
            +----------------------------------+
        """
        print(splash5)
        exit()

使用observer工具处理masscanconvert.txt的IP端口结果，另存至observer.txt

def observer():
    os.system('./observer -f masscanconvert.txt -c observer.txt')

使用Finger 指纹识别工具扫描，并处理其输出，将输出文件移动到当前工作目录

def Finger():
    path=os.getcwd()
    os.system('python3 Finger/Finger.py -f ' + path + r"/masscanconvert.txt")
    files = path + r"/Finger/output/"
    b = os.listdir(files)
    new = path
    for f in b:
        shutil.move(files + f, new)

使用fscan工具扫描ip.txt 保存

def fscan():
    os.system('./fscan64 -hf ip.txt -o fscan.txt')

nu函数，是检查httpxresult.txt文件存在，然后调用nuclei，xray扫描漏洞并输出，其中nuclei扫描中高危，并输出，如果没有http协议，也就是httpxresult是空文件，发出提示，然后查看nuclei扫描结果是否存在，存在输出提示，不存在输出未发现漏洞提示，然后检查xray扫描结果是否存在，存在输出结果提示，不存在输出未发现提示。

def nu():
    if os.path.exists("httpxresult.txt"):
        os.system('./nuclei -l httpxresult.txt -s medium,high,critical -o nucleiresult.txt')
        os.system('./xray_linux_amd64 webscan -url-file httpxresult.txt --html-output xray.html')
        os.remove("httpxresult.txt")
        os.remove("masscanconvert.txt")
    else:
        print("扫描结果未发现http协议")
        exit()
    if os.path.exists("nucleiresult.txt"):
        splash6 = """
            +----------------------------------+
            | 扫描完成,请查看nucleiresult.txt 
            +----------------------------------+
        """
        print(splash6)
    else:
        splash7 = """
            +----------------------------------+
            | nuclei未发现中高危漏洞                
            +----------------------------------+
        """
        print(splash7)
    if os.path.exists("xray.html"):
        splash8 = """
            +----------------------------------+
            | 扫描完成,请查看xray.html        
            +----------------------------------+
        """
        print(splash8)
    else:
        splash9 = """
            +----------------------------------+
            | xray未发现漏洞                    
            +----------------------------------+
        """
        print(splash9)
    exit()

接下来是main主程序，梳理一下工作流程

首先调用logo函数，检查更新，然后使用cdn模块梳理cdn节点，使用masscan2httpx2nuclei函数调用masscan扫描ip端口，httpx函数解析端口站点，调用observer和Finger和fscan扫描端口站点，ip，最后调用nuclei和xray扫描漏洞并输出

def main(): 
    biaoti()   # logo函数
    update()   # 检查更新
    cdn()      # 使用cdn函数
    masscan2httpx2nuclei(args()) # masscan函数扫描指定的文件
    masscan2httpx2nuclei_main()  # httpx处理解析
    observer()
    Finger()
    fscan()
    nu()


if __name__ == '__main__':
    main()
    exit()

cdn.py

关于cdn.py 简单描述一些自己的看法，通读了代码后，发现逻辑不清晰，这倒可以理解，但是我不理解为什么会有涉及到域名方面的相关的code，而且在调试cdn.py 代码发现真的不好用，cdn.py 有很大几率是作者调用他人的脚本工具，不像是作者独自开发的，为什么说这个逻辑不清晰是有理由的，代码主体顺序还得靠猜，可读性较差。下面是全文代码，可以看一下。

# -*- coding: utf-8 -*-
import dns.resolver
import requests
import ipaddress
import geoip2.database
import socket
import sys
import re
from concurrent.futures import ThreadPoolExecutor,wait, ALL_COMPLETED
from const import all_CNAME,cdns,ASNS

def matched(obj,list):
	#print(obj)
	for i in list:
		if i in obj:
			return True
	return False


def getCNAMES(domain):
	cnames = []
	cname = getCNAME(domain)
	if cname is not None:
		cnames.append(cname)
	while(cname != None):
		cname = getCNAME(cname)
		if cname is not None:
			cnames.append(cname)
	return cnames

def getCNAME(domain):
	try:
		answer = dns.resolver.resolve(domain,'CNAME')
	except:
		return None
	cname = [_.to_text() for _ in answer][0]
	return cname


def checkIP(ip):
	try:
		for cdn in cdns:
			if ipaddress.ip_address(ip) in ipaddress.ip_network(cdn):
				return True
		return False
	except:
		return False

def getIP(domain):
	try:
		addr = socket.getaddrinfo(domain,None)
	except:
		return None
	return str(addr[0][4][0])


def checkASN(ip):
	try:
		with geoip2.database.Reader('GeoLite2-ASN.mmdb') as reader:
			response = reader.asn(ip)
			for i in ASNS:
				if response.autonomous_system_number == int(i):
					return True
	except:
		return False
	return False



def wFile(file,str):
	try:
		f = open(file,'a')
		f.write(str)
		f.write('\n')
	finally:
		f.close()

def check(data):
	if not re.search(r'\d+\.\d+\.\d+\.\d+', data):
		ip = getIP(data)
	else:
		ip = data
	if ip is None:
		return

	cdnip = checkIP(ip)

	if cdnip == True:
		print(data+": CDN")
		wFile('cdn.txt',data)
		return

	cdnasn = checkASN(ip)
	if cdnasn == True:
		print(data+": CDN")
		wFile('cdn.txt',data)
		return

	if not re.search(r'\d+\.\d+\.\d+\.\d+', data):
		cnames = getCNAMES(data)
		match = False
		for i in cnames:
			match = matched(i,all_CNAME)
			if match == True:
				break
		if match == True:
			print(data+": CDN")
			wFile('cdn.txt',data)
			return
	print(data+": notCDN")
	wFile('ip.txt',data)
	#wFile('../ip.txt',ip)
	return



if __name__ == '__main__':
	if len(sys.argv) != 2:
		print("error command -h for help")
		exit()
	if sys.argv[1] == '-h':
		print("")
		print("checkCDN.py list.txt")
		print("")
		exit()
	dataList = []
	try:
		f = open(sys.argv[1])
		for text in f.readlines():
			data = text.strip('\n')
			dataList.append(data)
	finally:
		f.close()
	with ThreadPoolExecutor(max_workers=100) as pool:
		all_task = [pool.submit(check,data) for data in dataList]
		wait(all_task, return_when=ALL_COMPLETED)

简单梳理一下逻辑，下面代码是作者调用的cdn.py的代码

# -*- coding: utf-8 -*-
import dns.resolver    # Dns 查询模块
import requests        
import ipaddress       # IP处理模块
import geoip2.database # MaxMind的GeoIP2库的一部分，用于基于IP地址进行地理位置查询
import socket          
import sys
import re              # 正则模块
from concurrent.futures import ThreadPoolExecutor,wait, ALL_COMPLETED  # 并发
from const import all_CNAME,cdns,ASNS  # 从const.py 中调用 all_CNAME,cdns,ASNS

首先这部分是做个逻辑判断，调用argv函数判断，-h输出 工具使用然后退出程序

if __name__ == '__main__':
	if len(sys.argv) != 2:
		print("error command -h for help")
		exit()
	if sys.argv[1] == '-h':
		print("")
		print("checkCDN.py list.txt")
		print("")
		exit()

初始化一个空列表dataList，用于存储从文件中读取的数据。尝试打开文件读取文件内容，并且去除末尾换行符之后将数据保存至datalist中，接下来是使用并发线程100来处理主函数设置的任务

	dataList = []
	try:
		f = open(sys.argv[1])
		for text in f.readlines():
			data = text.strip('\n')
			dataList.append(data)
	finally:
		f.close()
	with ThreadPoolExecutor(max_workers=100) as pool:
		all_task = [pool.submit(check,data) for data in dataList]
		wait(all_task, return_when=ALL_COMPLETED)

matched函数：

是检查判断文件的一个处理逻辑。


getCNAME 函数

：接收domain文件参数，并尝试获取该域名的 CNAME 记录。


getCNAMES函数

：是获取给定域名的所有 CNAME 记录。与之前的 getCNAME 函数不同，getCNAMES 函数会递归地查询每个 CNAME 记录。


checkIP函数

：检查给定的IP地址是否属于const.py里面自定义的cdns列表。尝试将ip和cdns中的每个CDN网络进行比较，如果ip位于cdns网络中，则返回True，否则返回False。


getIP函数：

尝试获取给定域名domain的IP地址。使用socket.getaddrinfo函数来解析域名IP，将解析的IP地址的字符串形式。如果解析失败，则函数返回None。


checkASN函数

：检查IP地址是否属于const.py中预定义的自治系统号ASNS列表。使用geoip2库来查询IP地址的ASN，然后比较查询到的ASN是否与ASNS列表中ASN是否匹配。如果匹配，则继续，如果查询失败或没有匹配项退出。


wFile函数：

将字符串追加指定文件中，用于处理文件操作，当文件不存在则创建一个，写入字符串，并后续添加字符，做个异常处理，无论写入操作是否成功，都会关闭文件

def matched(obj,list):
	#print(obj)
	for i in list:
		if i in obj:
			return True
	return False


def getCNAMES(domain):
	cnames = []
	cname = getCNAME(domain)
	if cname is not None:
		cnames.append(cname)
	while(cname != None):
		cname = getCNAME(cname)
		if cname is not None:
			cnames.append(cname)
	return cnames

def getCNAME(domain):
	try:
		answer = dns.resolver.resolve(domain,'CNAME')
	except:
		return None
	cname = [_.to_text() for _ in answer][0]
	return cname


def checkIP(ip):
	try:
		for cdn in cdns:
			if ipaddress.ip_address(ip) in ipaddress.ip_network(cdn):
				return True
		return False
	except:
		return False

def getIP(domain):
	try:
		addr = socket.getaddrinfo(domain,None)
	except:
		return None
	return str(addr[0][4][0])


def checkASN(ip):
	try:
		with geoip2.database.Reader('GeoLite2-ASN.mmdb') as reader:
			response = reader.asn(ip)
			for i in ASNS:
				if response.autonomous_system_number == int(i):
					return True
	except:
		return False
	return False


def wFile(file,str):
	try:
		f = open(file,'a')
		f.write(str)
		f.write('\n')
	finally:
		f.close()

check函数：是主函数

，首先使用正则处理接收的数据，它接收一个字符串（可能是域名或IP地址）作为输入，然后调用

checkIP函数

处理IP检查这个字符串是否属于CDN。如果属于CDN，它将打印出这个字符串，并将其写入cdn.txt文件，然后将输出页面print(data+”: notCDN”) 展示的data变量保存的IP保存至ip.txt

def check(data):
	if not re.search(r'\d+\.\d+\.\d+\.\d+', data):
		ip = getIP(data)
	else:
		ip = data
	if ip is None:
		return

	cdnip = checkIP(ip)

	if cdnip == True:
		print(data+": CDN")
		wFile('cdn.txt',data)
		return

	cdnasn = checkASN(ip)
	if cdnasn == True:
		print(data+": CDN")
		wFile('cdn.txt',data)
		return

	if not re.search(r'\d+\.\d+\.\d+\.\d+', data):
		cnames = getCNAMES(data)
		match = False
		for i in cnames:
			match = matched(i,all_CNAME)
			if match == True:
				break
		if match == True:
			print(data+": CDN")
			wFile('cdn.txt',data)
			return
	print(data+": notCDN")
	wFile('ip.txt',data)
	#wFile('../ip.txt',ip)
	return

这里有个问题：它不会判断domain，私下尝试将子域名放入ip列表，然后会将子域名和ip放入ip.txt，实验尝试masscan扫描ip.txt ,会发生报错导致程序运行失败

const.py

我们来分析const.py文件什么意思。

all_CNAME 列表 定义CDN节点域名

all_CNAME = [
	"cdn-cdn.net", "fwdns.net", "bitgravity.com", "21okglb.cn", "kxcdn", "fastwebcdn.com", "cachefly.net", "simplecdn.net", "tbcache.com", "footprint.net", "cloudflare.net", "51cdn.com", "google.", "bluehatnetwork.com", "hadns.net", "incapdns", "skyparkcdn", "akamai", "hwcdn", "cdn77.org", "aicdn.com", "akamaitechnologies.com", "fastly", "fpbns", "cdn77.net", "zenedge.net", "akadns.net", "customcdn.com", "fastly.net", "lswcdn", "googleusercontent.com", "mncdn.com", "21speedcdn.com", "hiberniacdn.com", "mirror-image.net", "anankecdn.com.br", "cncssr.chinacache.net", "hichina.net", "insnw.net", "jiashule.com", "llnwd", "cdn.dnsv1.com", "bitgravity", "mwcloudcdn.com", "amazonaws.com", "systemcdn.net", "wscdns.com", "cdnvideo", "ccgslb", "fpbns.net", "dnsv1", "360wzb.com", "inscname.net", "ytcdn.net", "21vokglb.cn", "aliyuncs.com", "cdntip", "netdna-ssl.com", "att-dsa.net", "tcdn.qq.com", "netdna", "ccgslb.com.cn", "netdna.com", "l.doubleclick.net", "chinaidns.net", "turbobytes-cdn.com", "instacontent.net", "speedcdns", "clients.turbobytes.net", "akamai-staging.net", "fastcdn.cn", "wscloudcdn", "gslb.taobao.com", "hichina.com", "fastcache.com", "cachecn.com", "verygslb.com", "cdnzz.net", "fwcdn.com", "kunlunca.com", "cdn.cloudflare.net", "customcdn.cn", "vo.llnwd.net", "swiftserve.com", "lldns.net", "afxcdn.net", "ourwebpic.com", "edgekey", "ucloud.cn", "cdn20.com", "swiftcdn1.com", "cdn77", "azioncdn.net", "akamaized.net", "cdnvideo.ru", "incapdns.net", "tlgslb.com", "kunlun.com", "cloudflare.com", "anankecdn", "cdnudns.com", "footprint", "txnetworks.cn", "akamai.com", "cdnsun.net", "wpc.", "qiniudns.com", "okglb.com", "cloudflare", "ngenix", "cloudfront", "belugacdn.com", "edgecast", "cdnsun.net.", "alicdn.com", "cdn.telefonica.com", "lxdns.com", "internapcdn.net", "ewcache.com", "llnwd.net", "c3cdn.net", "chinacache.net", "21vianet.com.cn", "qingcdn.com", "yunjiasu-cdn", "cdn.ngenix.net", "skyparkcdn.net", "ccgslb.com", "adn.", "presscdn", "panthercdn.com", "edgecastcdn.net", "ay1.b.yahoo.com", "alicloudsec.com", "cachefly", "kunlunar.com", "bdydns.com", "cloudfront.net", "acadn.com", "cap-mii.net", "gslb.tbcache.com", "awsdns", "cdn.bitgravity.com", "cdnify.io", "kxcdn.com", "00cdn.com", "cdnetworks.net", "fastweb.com", "googlesyndication.", "akamaitech.net", "presscdn.com", "cdnetworks", "cdntip.com", "cdnify", "hacdn.net", "azureedge.net", "alicloudlayer.com", "internapcdn", "speedcdns.com", "cdnsun", "cdngc.net", "gccdn.net", "fastlylb.net", "cdnnetworks.com", "mwcloudcdn", "21cvcdn.com", "ccgslb.net", "azioncdn", "wac.", "unicache.com", "vo.msecnd.net", "stackpathdns.com", "lswcdn.net", "dnspao.com", "akamai.net", "azureedge", "aodianyun.com", "dnion.com", "wscloudcdn.com", "ourwebcdn.net", "netdna-cdn.com", "chinacache", "c3cache.net", "aliyun-inc.com", "sprycdn.com", "hwcdn.net", "yimg.", "telefonica", "aqb.so", "alikunlun.com", "chinanetcenter.com", "cloudcdn.net", "xgslb.net", "gccdn.cn", "globalcdn.cn", "lxcdn.com", "rncdn1.com", "youtube.", "txcdn.cn", "edgesuite.net", "okcdn.com", "akamaiedge.net"
]

cdns列表 定义节点IP的区间

cdns = [
'223.99.255.0/24', '71.152.0.0/17', '219.153.73.0/24', '125.39.46.0/24', '190.93.240.0/20', '14.0.113.0/24', '14.0.47.0/24', '113.20.148.0/22', '103.75.201.0/24', '1.32.239.0/24', '101.79.239.0/24', '52.46.0.0/18', '125.88.189.0/24', '150.138.248.0/24', '180.153.235.0/24', '205.251.252.0/23', '103.1.65.0/24', '115.127.227.0/24', '14.0.42.0/24', '109.199.58.0/24', '116.211.155.0/24', '112.253.3.0/24', '14.0.58.0/24', '223.112.227.0/24', '113.20.150.0/23', '61.182.141.0/24', '34.216.51.0/25', '124.95.188.0/24', '42.51.25.0/24', '183.136.133.0/24', '52.220.191.0/26', '119.84.93.0/24', '182.118.38.0/24', '13.59.250.0/26', '54.178.75.0/24', '119.84.92.0/24', '183.131.62.0/24', '111.32.136.0/24', '13.124.199.0/24', '111.47.227.0/24', '104.37.177.0/24', '14.0.50.0/24', '183.230.70.0/24', '114.111.59.0/24', '220.181.135.0/24', '112.140.32.0/19', '101.79.230.0/24', '14.0.115.0/24', '103.28.248.0/22', '117.34.72.0/24', '109.199.57.0/24', '101.79.149.0/24', '116.128.128.0/24', '115.231.186.0/24', '103.22.200.0/22', '61.155.165.0/24', '113.20.148.0/23', '185.254.242.0/24', '59.36.120.0/24', '70.132.0.0/18', '116.31.126.0/24', '119.147.134.0/24', '115.127.246.0/24', '52.47.139.0/24', '118.107.175.0/24', '52.78.247.128/26', '110.93.176.0/20', '54.240.128.0/18', '46.51.216.0/21', '119.31.251.0/24', '125.39.18.0/24', '108.175.33.0/24', '1.31.128.0/24', '61.151.163.0/24', '103.95.132.0/24', '58.215.118.0/24', '54.233.255.128/26', '120.52.113.0/24', '118.107.174.0/24', '1.32.242.0/24', '221.195.34.0/24', '101.79.228.0/24', '205.251.249.0/24', '113.200.91.0/24', '101.79.146.0/24', '221.238.22.0/24', '134.19.183.0/24', '110.93.160.0/20', '180.97.158.0/24', '115.127.251.0/24', '119.167.147.0/24', '115.127.238.0/24', '115.127.240.0/22', '14.0.48.0/24', '115.127.240.0/24', '113.7.183.0/24', '112.140.128.0/20', '115.127.255.0/24', '114.31.36.0/22', '101.79.232.0/24', '218.98.44.0/24', '106.119.182.0/24', '101.79.167.0/24', '125.39.5.0/24', '58.49.105.0/24', '124.202.164.0/24', '111.177.6.0/24', '61.133.127.0/24', '185.11.124.0/22', '150.138.150.0/24', '115.127.248.0/24', '103.74.80.0/22', '101.79.166.0/24', '101.71.55.0/24', '198.41.128.0/17', '117.21.219.0/24', '103.231.170.0/24', '221.204.202.0/24', '101.79.224.0/24', '112.25.16.0/24', '111.177.3.0/24', '204.246.168.0/22', '103.40.7.0/24', '134.226.0.0/16', '52.15.127.128/26', '122.190.2.0/24', '101.203.192.0/18', '1.32.238.0/24', '101.79.144.0/24', '176.34.28.0/24', '119.84.15.0/24', '18.216.170.128/25', '222.88.94.0/24', '101.79.150.0/24', '114.111.48.0/21', '124.95.168.0/24', '114.111.48.0/20', '110.93.176.0/21', '223.111.127.0/24', '117.23.61.0/24', '140.207.120.0/24', '157.255.26.0/24', '221.204.14.0/24', '183.222.96.0/24', '104.37.180.0/24', '42.236.93.0/24', '111.63.51.0/24', '114.31.32.0/20', '118.180.50.0/24', '222.240.184.0/24', '205.251.192.0/19', '101.79.225.0/24', '115.127.228.0/24', '113.20.148.0/24', '61.213.176.0/24', '112.65.75.0/24', '111.13.147.0/24', '113.20.145.0/24', '103.253.132.0/24', '52.222.128.0/17', '183.203.7.0/24', '27.221.27.0/24', '103.79.134.0/24', '123.150.187.0/24', '103.15.194.0/24', '162.158.0.0/15', '61.163.30.0/24', '182.140.227.0/24', '112.25.60.0/24', '117.148.161.0/24', '61.182.136.0/24', '114.31.56.0/22', '64.252.128.0/18', '183.61.185.0/24', '115.127.250.0/24', '150.138.138.0/24', '13.210.67.128/26', '211.162.64.0/24', '61.174.9.0/24', '14.0.112.0/24', '52.52.191.128/26', '27.221.124.0/24', '103.4.203.0/24', '103.14.10.0/24', '34.232.163.208/29', '114.31.48.0/20', '59.51.81.0/24', '183.60.235.0/24', '101.227.206.0/24', '125.39.174.0/24', '119.167.246.0/24', '118.107.160.0/21', '223.166.151.0/24', '110.93.160.0/19', '204.246.172.0/23', '119.31.253.0/24', '143.204.0.0/16', '14.0.60.0/24', '123.151.76.0/24', '116.193.80.0/24', '120.241.102.0/24', '180.96.20.0/24', '216.137.32.0/19', '223.94.95.0/24', '103.4.201.0/24', '14.0.56.0/24', '115.127.234.0/24', '113.20.144.0/23', '103.248.104.0/24', '122.143.15.0/24', '101.79.229.0/24', '101.79.163.0/24', '104.37.112.0/22', '115.127.253.0/24', '141.101.64.0/18', '113.20.144.0/22', '101.79.155.0/24', '117.148.160.0/24', '124.193.166.0/24', '109.94.168.0/24', '203.90.247.0/24', '101.79.208.0/21', '182.118.12.0/24', '114.31.58.0/23', '202.162.109.0/24', '101.79.164.0/24', '58.216.2.0/24', '222.216.190.0/24', '101.79.165.0/24', '111.6.191.0/24', '1.255.100.0/24', '52.84.0.0/15', '112.65.74.0/24', '183.250.179.0/24', '101.79.236.0/24', '119.31.252.0/24', '113.20.150.0/24', '60.12.166.0/24', '101.79.234.0/24', '113.17.174.0/24', '101.79.237.0/24', '61.54.46.0/24', '118.212.233.0/24', '183.110.242.0/24', '150.138.149.0/24', '117.34.13.0/24', '115.127.245.0/24', '14.0.102.0/24', '14.0.109.0/24', '61.130.28.0/24', '113.20.151.0/24', '219.159.84.0/24', '114.111.62.0/24', '172.64.0.0/13', '61.155.222.0/24', '120.52.29.0/24', '115.127.231.0/24', '14.0.49.0/24', '113.202.0.0/16', '103.248.104.0/22', '205.251.250.0/23', '103.216.136.0/22', '118.107.160.0/20', '109.87.0.0/21', '54.239.128.0/18', '115.127.224.0/19', '111.202.98.0/24', '109.94.169.0/24', '59.38.112.0/24', '204.246.176.0/20', '123.133.84.0/24', '103.4.200.0/24', '111.161.109.0/24', '112.84.34.0/24', '103.82.129.0/24', '183.3.254.0/24', '112.137.184.0/21', '122.227.237.0/24', '36.42.75.0/24', '13.35.0.0/16', '101.226.4.0/24', '116.140.35.0/24', '58.250.143.0/24', '13.54.63.128/26', '205.251.254.0/24', '173.245.48.0/20', '183.61.177.0/24', '113.20.144.0/24', '104.37.183.0/24', '35.158.136.0/24', '116.211.121.0/24', '42.236.94.0/24', '117.34.91.0/24', '123.6.13.0/24', '13.224.0.0/14', '113.20.146.0/24', '58.58.81.0/24', '52.124.128.0/17', '122.228.198.0/24', '197.234.240.0/22', '99.86.0.0/16', '144.220.0.0/16', '119.188.97.0/24', '36.27.212.0/24', '104.37.178.0/24', '114.31.52.0/22', '218.65.212.0/24', '1.255.41.0/24', '14.0.45.0/24', '1.32.243.0/24', '220.170.185.0/24', '122.190.3.0/24', '103.79.133.0/24', '220.181.55.0/24', '125.39.191.0/24', '115.127.226.0/24', '125.39.32.0/24', '61.120.154.0/24', '103.4.202.0/24', '103.79.134.0/23', '115.127.224.0/24', '113.20.147.0/24', '61.156.149.0/24', '210.209.122.0/24', '115.127.249.0/24', '104.37.179.0/24', '120.52.18.0/24', '54.192.0.0/16', '14.0.55.0/24', '61.160.224.0/24', '113.207.101.0/24', '101.79.157.0/24', '110.93.128.0/20', '58.251.121.0/24', '61.240.149.0/24', '130.176.0.0/16', '113.107.238.0/24', '112.65.73.0/24', '103.75.200.0/23', '199.83.128.0/21', '123.129.220.0/24', '54.230.0.0/16', '114.111.60.0/24', '199.27.128.0/21', '14.0.118.0/24', '101.79.158.0/24', '119.31.248.0/21', '54.182.0.0/16', '113.31.27.0/24', '14.17.69.0/24', '101.79.145.0/24', '113.20.144.0/21', '180.163.22.0/24', '104.37.176.0/21', '117.25.156.0/24', '115.127.252.0/24', '115.127.244.0/23', '14.0.46.0/24', '113.207.102.0/24', '52.199.127.192/26', '13.113.203.0/24', '64.252.64.0/18', '1.32.240.0/24', '123.129.232.0/24', '1.32.241.0/24', '180.163.189.0/24', '157.255.25.0/24', '1.32.244.0/24', '103.248.106.0/24', '121.48.95.0/24', '54.239.192.0/19', '113.20.146.0/23', '61.136.173.0/24', '35.162.63.192/26', '117.34.14.0/24', '183.232.29.0/24', '42.81.93.0/24', '122.228.238.0/24', '183.61.190.0/24', '125.39.239.0/24', '115.127.230.0/24', '103.140.200.0/23', '202.102.85.0/24', '14.0.32.0/21', '14.0.57.0/24', '112.25.90.0/24', '58.211.137.0/24', '210.22.63.0/24', '34.226.14.0/24', '13.32.0.0/15', '101.79.156.0/24', '103.89.176.0/24', '14.0.116.0/24', '106.42.25.0/24', '101.79.233.0/24', '101.79.231.0/24', '103.75.200.0/24', '119.188.9.0/24', '183.232.51.0/24', '149.126.72.0/21', '103.21.244.0/22', '115.127.233.0/24', '27.221.20.0/24', '198.143.32.0/19', '103.248.107.0/24', '101.79.227.0/24', '115.127.242.0/24', '119.31.250.0/24', '103.82.130.0/24', '99.84.0.0/16', '222.73.144.0/24', '103.79.132.0/22', '101.79.208.0/20', '104.37.182.0/24', '101.79.152.0/24', '36.99.18.0/24', '101.71.56.0/24', '36.250.5.0/24', '61.158.240.0/24', '119.188.14.0/24', '13.249.0.0/16', '183.214.156.0/24', '60.221.236.0/24', '58.30.212.0/24', '115.127.254.0/24', '188.114.96.0/20', '115.127.241.0/24', '103.4.200.0/22', '115.127.239.0/24', '115.127.243.0/24', '111.32.135.0/24', '120.221.29.0/24', '115.127.232.0/24', '14.0.43.0/24', '14.0.59.0/24', '183.61.236.0/24', '34.223.12.224/27', '103.24.120.0/24', '52.57.254.0/24', '113.207.100.0/24', '222.186.19.0/24', '113.20.149.0/24', '150.138.151.0/24', '115.231.110.0/24', '52.56.127.0/25', '104.37.176.0/24', '163.177.8.0/24', '163.53.89.0/24', '52.82.128.0/19', '114.111.63.0/24', '108.162.192.0/18', '14.136.130.0/24', '115.127.229.0/24', '14.17.71.0/24', '52.212.248.0/26', '180.163.188.0/24', '61.182.137.0/24', '119.161.224.0/21', '14.0.41.0/24', '202.162.108.0/24', '106.122.248.0/24', '52.66.194.128/26', '115.127.237.0/24', '220.170.186.0/24', '14.0.32.0/19', '14.0.114.0/24', '112.90.216.0/24', '115.127.236.0/24', '116.193.84.0/24', '113.207.76.0/24', '101.79.235.0/24', '101.79.224.0/20', '61.155.149.0/24', '101.79.148.0/24', '180.163.224.0/24', '204.246.174.0/23', '183.60.136.0/24', '101.227.207.0/24', '103.248.105.0/24', '119.188.35.0/24', '42.236.7.0/24', '116.193.88.0/21', '116.193.83.0/24', '120.199.69.0/24', '122.226.182.0/24', '58.20.204.0/24', '110.93.128.0/21', '115.231.187.0/24', '69.28.58.0/24', '114.31.32.0/19', '112.25.91.0/24', '59.52.28.0/24', '117.27.149.0/24', '61.147.92.0/24', '14.0.117.0/24', '14.0.40.0/24', '119.97.151.0/24', '103.199.228.0/22', '122.70.134.0/24', '115.127.244.0/24', '223.112.198.0/24', '115.127.225.0/24', '104.16.0.0/12', '121.12.98.0/24', '103.31.4.0/22', '204.246.164.0/22', '223.94.66.0/24', '35.167.191.128/26', '116.31.127.0/24', '101.79.226.0/24', '34.195.252.0/24', '115.127.247.0/24', '61.240.144.0/24', '108.175.32.0/20', '120.197.85.0/24', '183.232.53.0/24', '111.161.66.0/24', '117.34.28.0/24', '45.64.64.0/22', '14.0.44.0/24', '109.86.0.0/15', '182.23.211.0/24', '58.211.2.0/24', '119.36.164.0/24', '116.55.250.0/24', '101.227.163.0/24', '13.228.69.0/24', '131.0.72.0/22', '120.221.136.0/24', '119.188.132.0/24', '115.127.235.0/24', '42.236.6.0/24', '125.88.190.0/24', '61.54.47.0/24', '103.27.12.0/22', '116.193.80.0/21', '101.79.159.0/24', '123.155.158.0/24', '111.47.226.0/24', '192.230.64.0/18', '107.154.0.0/16', '45.223.0.0/16', '45.60.0.0/16'
]

ASNS 列表 定义

ASNS = [
'10576', '10762', '11748', '131099', '132601', '133496', '134409', '135295', '136764', '137187', '13777', '13890',
'14103', '14520', '17132', '199251', '200013', '200325', '200856', '201263', '202294', '203075', '203139', '204248',
'204286', '204545', '206227', '206734', '206848', '206986', '207158', '208559', '209403', '21030', '21257', '23327',
'23393', '23637', '23794', '24997', '26492', '268843', '28709', '29264', '30282', '30637', '328126', '36408',
'38107', '397192', '40366', '43303', '44907', '46071', '46177', '47542', '49287', '49689', '51286', '55082',
'55254', '56636', '57363', '58127', '59730', '59776', '60068', '60626', '60922', '61107', '61159', '62026', '62229',
'63062', '64232', '8868', '9053', '55770', '49846', '49249', '48163', '45700', '43639', '39836', '393560', '393234',
'36183', '35994', '35993', '35204', '34850', '34164', '33905', '32787', '31377', '31110', '31109', '31108', '31107',
'30675', '24319', '23903', '23455', '23454', '22207', '21399', '21357', '21342', '20940', '20189', '18717', '18680',
'17334', '16702', '16625', '12222', '209101', '201585', '135429', '395747', '394536', '209242', '203898', '202623',
'14789', '133877', '13335', '132892', '21859', '6185', '47823', '30148'
]

总结

该项目开发逻辑较为简单，代码写的较为粗糙，思路还行，适合新手参考。